210 likes | 577 Views
Conformity Assessment. ANSI-HSSP Workshop Emergency Communications December 2, 2004 Presented by: Gordon Gillerman Conformity Assessment Advisor Homeland Security gordon.gillerman@nist.gov. Conformity Assessment.
E N D
Conformity Assessment ANSI-HSSP Workshop Emergency Communications December 2, 2004 Presented by: Gordon Gillerman Conformity Assessment Advisor Homeland Security gordon.gillerman@nist.gov
Conformity Assessment “any activity concerned with determining directly or indirectly that relevant requirements are fulfilled” ISO/IEC Guide 2
Types of Conformity Assessment • Supplier’s Declaration • Inspection • Testing • Certification • Registration • Accreditation
ISO/IEC Guide 2 Definitions • Accreditation- procedure by which an authoritative body gives formal recognition that a body or person is competent to carry out specific tasks • Certification - procedure by which a third party gives written assurance that a product, process or service conforms to specified requirements • Inspection- conformity evaluation by observation and judgement accompanied as appropriate by measurement, testing or gauging • Registration- procedure by which a body indicates relevant characteristics of a product, process or service, or particulars of a body or person, in an appropriate, publicly available list • Supplier’s Declaration - procedure by which a supplier gives written assurance that a product, process or service conforms to specified requirements • Test - technical operation that consists of the determination of one or more characteristics of a given product, process or service according to a specified procedure • Testing - action of carrying out one or more tests • Type Testing - conformity testing on the basis of one or more specimens of a product representative of the production
Helpful Terminology The parties – who done it? Conformity Assessment can be conducted by: first party– seller or manufacturer second party– purchaser or user third party– an independent entity that has no interest in transactions between the 1st and 2nd parties government– has a unique role in regulation, but is the second party in procurement
Factors in CA System Design? • The risks associated with non-compliance should be proportional to the rigor and independence of the CA system. • System over-design will add too much cost. • System Under-design will result in too little confidence of compliance. • Penalties associated with non-compliance may reduce the needed rigor and independence of the conformity assessment system. • Timely mechanisms that effectively remove non-compliant products from the market may also reduce the needed rigor and independence of the system.
Risk and Conformity Assessment certification 3rd party conformity assessment Supplier’s declaration 1st party conformity assessment Perceived Risk Independence and Rigor of Conformity Assessment
Risk and Conformity Assessment certification 3rd party conformity assessment Supplier’s declaration 1st party conformity assessment Perceived Risk Independence and Rigor of Conformity Assessment
Special Considerations – Homeland Security • Generally, private sector programs should be considered. • Accreditation of conformity assessment organizations is a key tool for utilizing the private sector • However, in some situations where security may be compromised the technical requirements (standard) and/or the CA system may need to be kept secure.
Typical Use – Suppliers Declaration(1st Party CA) Used when the risks associated with non-conformity are low to moderate and market and/or regulatory mechanisms are capable of adequately addressing non-conformities. • Product, personnel and system characteristics
Typical Use –Certification(3rd Party CA) • Used when the risks associated with non-conformity are moderate to high. • Includes evaluation, compliance decision evaluation and some form of surveillance. • Always conducted by a third party. • Products and personnel characteristics
Typical Use – Inspection(1st, 2nd or 3rd Party CA) • Used when the critical characteristics can be evaluated via physical examination or measurement. • May be an element of acertification system. • May be used to ensure that all • Products, Parts of a system have been properly installed (ex. code inspection)
Typical Use – Testing(1st, 2nd or 3rd Party CA) • Used when the critical characteristics can be evaluated via measurement under specified conditions. • Type testis a test carried out on samples that represent production for the purpose of determining conformity. • May be an element of asuppliers’ declarationor certificationsystem.
Typical Use – Surveillance(Gov’t or 3rd Party CA) • Used to ensure/enhance ongoing conformity. • Key part ofcertificationorregistrationsystem. • May be conducted pre-market (at the factory) or post-market (in the marketplace). • Periodic retesting may be required for personnel and product certification systems. • Type and rigor should be balanced with the ability to remove non-compliant products/services/personnel from the market.
Typical Use – Registration(3rd Party or Gov’t CA) • Used to provide an assurance that a process meets requirements. • In the US registration is associated with third party conformity assessment for management systems. • This process includes initial assessment of process and implementation and surveillance audits. • Useful for process critical applications such as software development/deployment, quality (ISO 9000), environmental (ISO 14000) and potentially risk management systems. • Registration or elements of it can be used to supportcertification surveillance
Typical Use - Accreditation • Used to assess and ensure/enhance conformity assessment body and program for competence, management and technical requirements. • Used to attain needed confidence in testing operation and results. • Used to attain needed confidence incertification orregistration system.
Conformity Assessment’s Role Confidence Money Supplier Buyer, User Standards and Contract Standards and Technical Requirements Technical Requirements Product, Service or System Supplier's Regulation Inspection Certification Registration Declaration Testing Calibration Laboratory Laboratory Certification Accreditation Registrar Inspection Accreditation Government Accreditation Accreditation Accreditation
Useful Technical Documents NIST Resources http://ts.nist.gov/ts/htdocs/210/gsig/cainfo.htm International Standards ISO/IEC Guide 7:1994 Guidelines for drafting of standards suitable for use for conformity assessment ISO/IEC Guide 22:1996 General criteria for supplier's declaration of conformity ISO/IEC Guide 23:1982 Methods of indicating conformity with standards for third-party certification systems ISO Guide 27:1983 Guidelines for corrective action to be taken by a certification body in the event of misuse of its mark of conformity ISO/IEC Guide 28:1982 General rules for a model third-party certification system for products ISO/IEC Guide 43-1:1997 Proficiency testing by inter-laboratory comparisons -- Part 1: Development and operation of proficiency testing schemes ISO/IEC Guide 43-2:1997 Proficiency testing by inter-laboratory comparisons -- Part 2: Selection and use of proficiency testing schemes by laboratory accreditation bodies ISO/IEC Guide 53:1988 An approach to the utilization of a supplier's quality system in third party product certification ISO/IEC Guide 58:1993 Calibration and testing laboratory accreditation systems -- General requirements for operation and recognition ISO/IEC Guide 60:1994 ISO/IEC Code of good practice for conformity assessment ISO/IEC Guide 61:1996 General requirements for assessment and accreditation of certification/registration bodies ISO/IEC Guide 62:1996 General requirements for bodies operating assessment and certification/registration of quality systems ISO/IEC Guide 65:1996 General requirements for bodies operating product certification systems ISO/IEC Guide 68:2002 Arrangements for the recognition and acceptance of conformity assessment results ISO/IEC TR 13233:1995 Information technology -- Interpretation of accreditation requirements in ISO/IEC Guide 25 -- Accreditation of Information Technology and Telecommunications testing laboratories for software and protocol testing services ISO/IEC TR 17010:1998 General requirements for bodies providing accreditation of inspection bodies ISO/IEC 17020:1998 General criteria for the operation of various types of bodies performing inspection ISO/IEC 17024:2003 Conformity assessment -- General requirements for bodies operating certification of persons ISO/IEC 17025:1999 General requirements for the competence of testing and calibration laboratories ISO/IEC 17030:2003 Conformity assessment -- General requirements for third-party marks of conformity