CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

Transcription

1 CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS Approved By: Executive: Accreditation: Mpho Phaloane Revised By: RBI STC Working Group Members Date of Approval: Date of Implementation: SANAS Page 1 of 10

2 CONTENTS: 0. Background and Introduction Scope Normative References Terms and definitions Principles General Requirements Structural Requirements Resource Requirements Information Requirements Process Requirements Management System Requirements for Certification Bodies... 8 Addendum 1: Amendment Record... 9 SANAS Page 2 of 10

3 0. Background and Introduction TR This document sets down the requirements (accreditation criteria) for bodies seeking accreditation by the South African National Accreditation System (SANAS), to assess and certify Risk Based Inspection (RBI) Management Systems. It is important to understand that these are the requirements that have to be met by Certification Bodies (CB). They are not requirements that have to be met by the organizations that are audited by the CBs. The requirements that must be met by those organizations can be found in the appropriate certification standard. Accreditation in compliance with these general requirements acknowledges that CBs possess the necessary competence and reliability to operate such conformity assessment systems. The authorization and distribution of this document is the culmination of a developmental process that included the drafting of criteria by a SANAS Specialist Technical Committee (STC) that represented interested parties. It is important that certified organizations and stakeholders understand that RBI certification involves the assessment of an organization s RBI Management System but does not imply achievement of specific levels of RBI performance unless it is specifically included within the relevant certification standard. ISO/IEC : 2015 is an International Standard, which sets out the general requirements for bodies operating assessment and certification of management systems. It provides a good benchmark for bodies that audit and certify RBI Management Systems as it addresses their competence and impartiality and has been tested internationally as being appropriate and sufficient to ensure the credibility and reliability of certificates issued by such bodies. The term shall is used throughout this document to indicate those provisions, which, reflecting the requirements of ISO/IEC and the deliberations of the STC, are mandatory. The term should is used to indicate those provisions, which, although they constitute guidance for the application of the requirements, are expected to be adopted by a CB. Any variation from the requirements by a CB shall be an exception. Such variations will only be permitted on a case-bycase basis after the CB has demonstrated to SANAS that the exception meets the requirements and intent of the relevant Clause of this document in some equivalent way. Accredited CBs must appreciate that where their scope of accreditation refers, either directly or indirectly, to requirements laid down by a regulatory authority, the requirements of that regulatory authority, as amended from time to time, may be applied by SANAS in addition to the requirements laid down in this document. In some instances, there may be a memorandum of understanding or other formal agreement between SANAS and a regulatory authority in that regard. Where there is conflict between this document and requirements specified in a formal agreement between SANAS and a regulatory authority as to the requirements that shall be met by an accredited certification body, the terms of that agreement shall take precedence. Where there is a conflict between the requirements of this document and the requirements of a Standard formally recognized as a Standard appropriate for accredited RBI certification, the requirements of that Standard shall take precedence. 1. Scope 1.1 RBI Certification will be assessed and accredited as a Scheme by SANAS. Acceptable standards for RBI Certification are listed in SANS The RBI Certification Scheme is in the Regulatory Domain and is subject to the Approval by the Regulator Department of Labour (DoL) SANAS Page 3 of 10

4 2. Normative References The following references also apply to this document: SANAS A 01 References, Acronyms and Definitions SANAS PM 01 SANAS Policy Manual. SANAS P 05 The Assessment of Certification Bodies Applicable IAF Mandatory (MD) documents available on OHS Act Occupational Health and Safety Act 85 of 1993 as Amended R. 734 Pressure Equipment Regulations ISO/IEC :2015 Conformity assessment - Requirements for bodies providing audit and certification of management systems SANS 347:2012 Categorisation and conformity assessment criteria for pressure equipment R. 763 Pressure Equipment Regulations 3. Terms and definitions Refer to SANAS A01 References, Acronyms and Definitions and ISO/IEC Principles The principles as defined in ISO/IEC are considered Not auditable 5. General Requirements In addition to the requirements of ISO/IEC , the following provisions shall apply: 5.1 Legal and contractual matters Certification Agreement Multi-site certification is not applicable to RBI. 5.2 Liability and financing The requirement for financial stability referred to in Clause 5.3 requires the CB to demonstrate that it has a reasonable expectation of being able to continue to provide the service in accordance with its contractual obligations. CBs are responsible for providing SANAS with sufficient evidence to demonstrate viability; e.g. management reports or minutes, annual reports, financial audit reports, or financial plans. SANAS will not attempt any direct audit of the financial accounts of CBs. 6. Structural Requirements The requirements as defined in ISO/IEC , clause 6 apply. SANAS Page 4 of 10

5 7. Resource Requirements TR Competence of management and personnel In addition to the requirements of ISO/IEC , the following provisions shall apply: Title Education Experience Knowledge and skills Auditor Engineering Degree 4 years or or Engineering 6 years Diploma Audit lead Technical Expert Engineering Degree or Engineering Diploma And At least 2 years in Inspection/Integrity assurance of process equipment Management system auditing for 1 year Management system auditing for 3 years 4 years or 6 years And Annex A of ISO/IEC Local legislation Relevant Health and Safety Standard (e.g. API 580, CWA 1574, PCC-3) Annex A of ISO/IEC Local legislation Relevant Health and Safety Standard (e.g. API 580, CWA 1574, PCC-3) Local legislation Relevant Health and Safety Standard (e.g. API 580, CWA 1574, PCC-3) Reviewing audit reports and making certification decisions At least 2 years in Inspection/Integrity assurance of process equipment Annex A of ISO/IEC Local legislation Relevant Health and Safety Standard (e.g. API 580, CWA 1574, PCC-3). 8. Information Requirements No additional requirements. 9. Process Requirements 9.1 Determining audit time Determination of number of effective personnel i) The effective number of personnel is used as a basis for the calculation of audit duration. SANAS Page 5 of 10

6 ii) The effective of number of personnel (ENP) = Number of customers personnel on site with influence on RBI management system (e.g. Head Office coordination team, operation (process and production), maintenance, engineering (process & mechanical), management, quality assurance (management representatives, internal auditors, document control), in-service inspection & NDT, technical specialist (metallurgist), RBI-specialists, planning, manufacturing AIA. NOTE: Could include non-permanent (e.g. contractors) and part time personnel Minimum audit duration i) The methodology used for the calculation of the minimum audit duration of a certification audit (Stage 1 and 2) is based on the IAF MD5 Quality Management Systems audit time table. The effective number of personnel shall be used to determine audit days. ii) The table however only provides the framework for further audit planning and for making adjustments to the table audit days Additional factors to consider As RBI management system certification is a relative new concept within South Africa, industries governed by the Pressure Equipment Regulations are at various stages with the implementation of RBI. As a result of this, additional factors need to be taken into account when determining audit days and these are outlined in the table below; SANAS Page 6 of 10

7 Factors Maturity Size: Complexity: Factors Maturity Size: Complexity: 1 Unit under RBI Power Stations Variable 2 Units under RBI and 0 or 1 unit risk assessment review 3-4 Units under RBI and 1 or more unit risk assessment review > 4 Units under RBI and 2 or more unit risk assessment review Number of common steam generators and pressure vessels linked to all units under RBI. NOTE: 30 components considered as an estimate for all units Operations include both pressure vessels and steam generators Operations include either pressure vessels or steam generators 1 Process unit under RBI Petrochemical Variable 2-20 Process units under RBI and 0 or up to 50% units risk assessment reviews Process units under RBI and up to 50% units risk assessment reviews > 40 Process units under RBI and up to 50% units risk assessment reviews NOTE: If more than 50% process units were reviewed, an additional 0.5 day could be added. Number of steam generators and pressure vessels linked to units under RBI. Operations include both pressure vessels and steam generators Operations include either pressure vessels or steam generators Additional audit days 0 day 1 days 1.5 days 2 days < 30 = 0.5 > 30 = 1 day 1 day 0.5 day Additional audit days 0.5 day 1 days 1.5 days 2 days = 1 day = 1.5 days > 1000= 2 days 1 day 0.5 day Formula for audit day calculation Audit days = minimum days based on ENP + additional days based on the size, complexity and maturity of the RBI management system Consideration of reductions / increases i) Reasons for a reduction / increases shall be recorded. SANAS Page 7 of 10

8 ii) Any reduction or increase from the audit days determines should not be more than 30% of the times established Surveillance audits The auditor time for surveillance audits will depend on the maturity of the RBI management system during the initial Certification audit. The following rules apply: i) If no new units or process units were added within a year after the last audit, the audit duration will either be a 1/3 of the certification audit time or as a minimum 2 audit days. ii) iii) If only one unit or process unit of a plant was risk assessed after the last audit, the audit duration will be ½ of the certification audit time. If two to three new units or process units were added after the last audit and risk assessed, the audit duration will be ½ of the certification audit time plus ½ a day. iv) If more than three new units or process units were added after the last audit and risk assessed, the audit duration will be ½ of the certification audit time plus an additional day. v) Where any unit post outage risk reviews were performed within a year of the previous audit, a ½ day per unit will be added to any of the above scenarios. vi) If the whole plant was assessed during the Certification audit, the audit duration will be 2/3 of the certification audit time Re-certification audits If no new units were added or reviews performed, the audit duration for recertification audits shall be determined as two thirds of the certification audit values. Otherwise audit days will be the same as per initial certification. 10. Management System Requirements for Certification Bodies No additional requirements. SANAS Page 8 of 10

9 ADDENDUM 1: Amendment Record Proposed By: Section Change STC 0 Deleted text: To better relate to RBI, in the text of this standard the words " management system" should be replaced by the words "RBI Management System" and the word "supplier" by "organization". To facilitate the uniform interpretation and application of ISO/IEC 17021, the International Accreditation Forum (IAF) has produced guidance notes, which are included in this document as adapted by the STC. This technical requirements document also includes additional requirements that have been endorsed by the STC. All requirements are included as technical requirements. For convenience, the section of ISO/IEC is first printed in bold; followed by SANAS technical requirements if applicable. 0, Par 5 Version and year of standard included: ISO/IEC : Added reference to R.763 Changed from SANS 17021:2011 to ISO/IEC :2015 ISO/IEC : Added and ISO/IEC Changed from SANS 17021:2011 to ISO/IEC :2015 ISO/IEC : Added In addition to the requirements of ISO/IEC , the following provisions shall apply; Title change from Legal Responsibility to Certification Agreement Added Multi-site certification is not applicable to RBI. Deleted: The entity applying for accreditation will be held legally responsible. To show compliance with this requirement, the applicant can provide the accreditation body (AB) with one or all of the following documents who must be available during the assessment Articles of Incorporation, Partnership Agreements, Tax ID and CIPRO registration Accreditation shall only be granted to a body which is a legal entity as referenced in Clause of SANS 17021, and will be confined to declared scopes, activities and locations. If the certification activities are carried out by a legal entity, which is part of a larger organization, the links with other parts of the larger organization shall be clearly defined and shall demonstrate that no conflict of interest exists as defined in Clauses 5.2 of SANS The CB shall give to SANAS, relevant information on activities performed by the other parts of the larger organization. Demonstration that a CB is a legal entity, as required under Clause of SANS means that if an applicant CB is a division within a larger legal entity, accreditation shall only be granted in the name of the larger legal entity. In such a situation, relevant functions of the legal entity may be subject to assessment by SANAS in order to pursue specific audit trails and/or review records relating to the CB. The part of the legal entity that forms the actual CB may trade under a distinctive name, which shall appear on the accreditation certificate, For the purposes of Clause of ISO/IEC 17021, CBs, which are part of government, or are government departments, will be deemed to be legal entities on the basis of their governmental status. Such bodies status and structure shall be formally documented and the body shall comply with all the requirements of ISO/IEC CB accredited in the field of RBI Management System certification shall only issue accredited certificates in relation to certification standards that are recognised by SANAS and are included within their accredited scopes. 5 Deleted section 5.2 Management of impartiality SANAS Page 9 of 10

10 The management responsible for the various functions described in Clause 5 of ISO/IEC shall provide all the necessary information, including the reasons for all significant decisions and actions, and the selection of persons responsible for particular activities, in respect of certification, to the committee or equivalent referred to in Clause 6.2 of ISO/IEC 17021, to enable it to ensure proper and impartial certification. If the advice of this committee or equivalent is not respected in any matter by the management, the committee or equivalent shall take appropriate measures, which may include informing SANAS. 6 Added The requirements as defined in ISO/IEC , clause 6 apply. Deleted section 6.1 Organizational structure and top management The documented structure of the CB shall built into it provision for the participation of all the significantly concerned parties. This should normally be through some kind of committee. This structure shall be formally established at the highest level within the organization either in the documentation that establishes the CB's legal status or by some other means that prevents it being changed in a manner that compromises the safeguarding of impartiality. Any change in this structure should take into account advice from the committee, or equivalent, referred to in Clause Current clause replaced: In addition to above the CB must have (in-house or access to) the following expertise, specifically for RBI certification: Competent Person with the following Qualifications, knowledge and experience: Degree/Diploma as a qualified Engineer. Degree engineer with minimum 4 years experience, Diploma engineer with minimum 6 years experience At least 2 years experience in Inspection/ Integrity assurance of process equipment Knowledge level competence in Risk and Hazard assessment (QRA/HAZOP or similar, etc) Working Knowledge of industry RBI procedures, standards and recommended practices (e.g. API 580/581, EEUMUA 206, ASME, etc.) 9.1 Deleted: General requirements For RBI, the CB must have a documented procedure defining the audit requirement and minimum criteria independent of any industry standard or software. Minimum Audit criteria for RBI should include RBI assessment methodology and process and extent of process equipment & piping coverage. SANAS Page 10 of 10