Certification Rules

Certification Rules


It determines the methods to be applied in the stages of receiving applications to obtain a management system certificate, conducting inspections, and arranging and delivering the documents of the organizations that are entitled to receive the certificate.


Certification Application

  • Applications for certification are received in person or electronically. The information requested by the EUROPASS during the application is given below:
  • Required certification scope,
  • The name of the applicant organization, the address of its physical location, its general characteristics including its important status in its processes and transactions, and related legal obligations,
  • General information about the applicant organization’s activities, human and technical resources, functions and, if any, its relationship with a larger company in relation to the area of ​​certification applied for,
  • Information about all external sources used by the organization that will affect compliance with the requirements,
  • Standards or conditions for which the customer requests certification,
  • Information on obtaining consultancy services regarding the management system.

The application is reviewed and, if appropriate, approved to ensure

  • Information about the applicant organization and its management system is sufficient for the performance of the audit,
  • Resolving differences in understanding between the EUROPASS and the applicant organization,
  • EUROPASS has the competence and capability to provide certification services (such as the EA code of the organization in accredited certification requests, the capacity of the auditor and technical expert within the scope of the EA code applied for),
  • Consideration of the scope of certification required, the location and number of the applicant organization, the time required for audits and other issues affecting certification activities,
  • Keeping records of justification for decisions to undertake audits.

During this review, if there is no auditor, technical expert or personnel to take part in the certification decision in accordance with the EA codes of the organization, these personnel and the competence they must have are specified in the Certification Request Examination Form.

At this stage, the duration of the audit days and the reductions or increases in the audit days -if any, are explained in the Certification Request Review Form. As a result of the review and approval, an offer is submitted to the relevant institution.

Scope Change Application

The EUROPASS conducts a feasibility study to determine whether the extension can be made in answering the application for the extension of the scope of the given certification, and decides on the audit activities required for this. Scope extension audit is planned and carried out at the organization that accepts the proposal for the extension. Scope extension can be performed in conjunction with surveillance audit, where appropriate. If the request is for scope reduction, a new document is issued without any audit.

Address Change Application

In the event that organizations apply for a change of address, if the institution accepting the offer is a production establishment or an activity that has an impact on the service at the relevant address for the service provided, the address change audit is planned.


Preparation of Offer

Upon examining the applications and making the necessary calculations from a technical point of view, and submitting a proposal process is carried out. If the Client Organization requests a (financial) change regarding the offer, the request is examined by the Certification Manager. If deemed appropriate, the Proposal Form is revised and faxed to the Client Institution again.

Making a Contract

After the Client Organization approves the Proposal Form, a "File Number" is given to the client organization and a Certification Agreement is prepared and signed by the client. After the contract is signed and returned by the representative of the customer establishment, it is also signed by the EUROPASS signatory. A copy of the Contract signed by the EUROPASS authorized signatory is sent to the organization and a copy is kept in the file of the organization. If the contract rules are not followed, the contract will be terminated.


Scheduling and Planning the Audits

Immediately following the signing of the contract, a program is prepared to include a complete certification cycle with the Audit Program Form for the client organization. For the organization to be certified a complete certification cycle term;

  • The 1st Phase and 2nd Phase Audit to be held in the first year,
  • The 1st
  • Surveillance Audit that will be carried out not exceeding 12 months from the 2nd phase audit date , The 2nd Surveillance Audit that will be carried out not exceeding 12 months from the date of the surveillance audit,
  • 2. Re-Certification Audit to be carried out not exceeding 12 months from the date of surveillance audit.

After the audit program is sent to the customer, the planning department makes an audit proposal to the customer to finalize the audit information. Upon acceptance of the Audit Offer, the Audit Plan is created by the Lead Auditor and delivered to the customer. During the preparation of the audit program and plan, paying attention to the Planning Procedure, the application made, the risk group, man / day, EA codes, the status of the auditors and technical experts, the demands of the organizations, the audit type and ISO 17021: 2011 ANNEX F- Audit program, scope or plan required matters are taken into consideration.

The dates of recertification audits are determined based on the validity period of the certificate. In order for the next certification to continue for a 3-year period, it is also possible if the certification decision is made up to a maximum of 3 months before the expiry date. Re-certification audits are carried out up to 3 months before the certificate decision date.

If the audit is carried out after the certificate expiry date, the audit is carried out according to the first certification audit. In exceptional cases, the recertification decision can be made within a maximum of 3 months after the expiry date. During this period, the status of the relevant organization is stated as’ not documented. The following certification always starts with the day the certificate is issued, but the expiry date of the following certification is equivalent to the 3-year period until today (the expiry date of the previous certificate + 3 years).

At the end of the certification period, the EUROPASS can reinstate certification for 6 months, provided that outstanding recertification activities have been completed, otherwise it performs at least one Stage 2 audit. The certification date is the recertification date or later and the previous certification decision date is taken as basis for the validity period.

Conducting Audits

Conducting and reporting audits are carried out according to the Audit Procedure.

Initial Certification Audits: ISO 9001, ISO 14001 and ISO 22000 initial certification audits are performed in two (2) stages as “Stage 1” and “Stage 2”. Details of Stage 1 and Stage 2 audits are available in the Audit Procedure. Stage 1 audit may take place "on site" or "in the office" depending on the client organization’s risk group.

When the audit proposal is made, if the audit information is specified to the client organization as “On Site”, it means that the audit team will perform the 1st stage of the audit at the client’s own site. When it is specified as "at the office", it means that the audit team will gather at the office, not at the customer site, and perform the first stage of the audit by examining the documents of the client organization. However, if the audit team needs it, it may be possible to request additional information / documents by contacting the customer organization officer. In this case, the client is obliged to provide additional information / documents requested by the audit team. In determining the interval between Stage 1 and Stage 2 audits, the time required by the customer to resolve the issues identified during the Stage 1 audit is taken into account. The period between stage 1 and stage 2 inspections cannot be longer than 6 months. If the said period needs to be extended, the stage 1 audit is repeated. It is aware that the consequences of Stage 1 may lead to delay or cancellation of Stage 2. In such a case, the customer will be informed.

Surveillance Audits

Surveillance activities include field audits to determine whether the certified customer’s management system meets certain conditions related to the standard on which the certification is based. The first certification must be made not exceeding 12 months from the date of the 2nd stage audit. Details on conducting Surveillance Audits are available in the Audit Procedure.

Recertification Audits

Re-certification audit is carried out to evaluate the continuation of fulfillment of the requirements of the relevant standard or other effective document. The purpose of the re-certification audit is to confirm that the suitability and effectiveness of the management system as a whole is maintained and the relevance and applicability for the scope of certification. Details on recertification are available in the Audit Procedure.

Short Term Inspections

EUROPASS may need to subject its certified client to audits within a short period of time to investigate complaints or address changes, or to follow suspended customers or for unannounced audits.

  • The client institution informs the customer organization about the conditions under which short-term visits will be made with the Certification Agreement and informs the customer organization in advance for these visits,
  • The client organization is more careful in appointing the audit team, as it will not have the chance to appeal to audit team members.

Details regarding the Short Term Audit are available in the Audit Procedure.

Follow-up Control

In the event that nonconformity (s) that require follow-up are detected during the audits, it is carried out in order to determine whether the detected nonconformities have been eliminated and the relevant corrective action (s) are effective.

Transfer Control

Transfer audits are carried out as surveillance or recertification audit, in line with the information obtained during the transfer application.

Scope Extension Control

Scope extension audit is carried out in line with the new scope requested by the organization, the application is reviewed, according to the agreed situation, a surveillance audit in the relevant organization or an audit of all articles of the reference standard or the deciding document is carried out.

Address Change Control

The address change audit is carried out in such a way that all items of the reference standard or the deciding document that may be affected by the address change are audited.

Audit of Multi-Business Organizations

In multi-enterprise organizations, the scope of certification should be the same in every enterprise (branch) and the organization should use the same quality system for these enterprises. Similar products should be produced or similar services should be provided in all businesses (branches) where the activities of the organization to be audited are carried out. The relevant management system should be established and directed at the center of the organization. Internal audits should be carried out in all businesses (branches). The system of each enterprise within the scope of certification must have been internally audited before the certification body audits. Details on conducting audits in multi-enterprise establishments are available in the Audit Procedure.

Evaluation and Preparation of the Document

After the certification surveillance and recertification audits, an evaluation is made according to the Technical Review Procedure. After the positive decision of the Certification Committee for issuing the certificate, the certificate is issued. The duration of the issuance of the certificate is normally one (1) week.

The audit reports of the audits made due to surveillance, follow-up, transfer, scope or address change and the requests for change of title are reviewed, evaluated, and after the positive decision, the Document is issued. In the documents of the multi-business organizations, the addresses of all businesses that have been deemed appropriate for certification can be specified on or in the document annex.

The issued documents are signed, a photocopy is taken to remain in the EUROPASS and attached to the file of the relevant organization. The certification decision date is written on the documents as the "First Publication Date". In cases where the document needs to be republished due to changes in title, scope and address, the "Publication Date" is written next to the new "Publication Date" in brackets. The validity period of the certificate is based on the "First Issue Date". The certificate of the organization is sent by courier or delivered by hand against signature following the payment of the invoice by the organization. At this stage, the contract signed by the EUROPASS authorized signature is also sent to the relevant institution. Certified organizations are registered in the "Certified Institutions List". Document delivery Cargo, Mail, etc. It can also be done with methods.

Use of the Document

EUROPASS management system documents are valid for three (3) years, provided that surveillance audits are concluded positively. The rules for the use of documents are specified in the Agreement signed between the EUROPASS and the organization. The organization undertakes to comply with the rules specified in this contract with the contract. Organizations can only use the system documents within the framework of the rules specified in the contract. After the issuance of the certificate, the EUROPASS takes the organizations to monitor the use of the certificate. Press, broadcast and media are watched in this context. In addition, when complaints from customers and a situation against the determined rules are detected, corrective action is requested from the relevant institution. If the corrective action is not taken within the specified period, the EUROPASS carries out the following actions:

  • The accreditation body is informed,
  • The withdrawal of the certificate is announced to the public,
  • Legal proceedings are initiated.

Suspension of the

Certificate : Certification is suspended for (6) not exceeding six months, if the following conditions occur:

  • The client’s certified management system, continuously or seriously, fails to meet the certification requirements, including the management system efficiency requirements,
  • The certified client’s supervision does not allow the certification audits to be carried out as often as required,
  • The certified customer requests a temporary suspension voluntarily.
  • Major nonconformities found as a result of the audits performed,
  • Minor nonconformities detected during the audits not being resolved within specified periods,
  • Failure to comply with the certification rules,
  • Not paying the audit fees.

The decision to suspend the certificate is taken by the Certification Committee. The suspension of the certificate is notified to the relevant institution in writing. When the EUROPASS deems necessary, it may extend the suspension period once again and for a maximum of three (3) months, with the decision of the Certification Committee.

In suspension, the customer’s management system certificate is temporarily invalid. It is ensured by the Certification Agreement that EUROPASS’s customers do not promote / advertise their certification in case of suspension. In cases where it is determined that the customer does not comply with this, a written warning is made and legal measures are taken if necessary. The EUROPASS can take any other measures it deems appropriate, including posting the suspension on the web or in the media.

In the event that the customer does not consistently or seriously fulfill the certification requirements for a part of the certification scope, EUROPASS may narrow the customer’s certification scope to exclude the part whose requirements are not met. In such a narrowing, compliance with the requirements of the standard used for certification is taken into account. If the problems causing the suspension cannot be resolved within the time given by the EUROPASS, the certification is withdrawn or the appropriate scope reduction is made.

Suspension of the Document

In the event that the suspended organizations notify the EUROPASS in writing that the reasons for the suspension have been removed, an audit is carried out on the organization to confirm that the reason for suspension has been removed.

The scope and duration of the audit performed to lift the suspension is determined depending on the suspension reason.

At the end of the audit, the suspension state of the certification of the client organization, whose conformity is verified by the audit team, is removed after the certification committee meeting. In case the reasons for the suspension are not eliminated, the document is withdrawn.

The establishment is notified in writing that the certificate is suspended.

Withdrawal of the

Document : The document is withdrawn in the following cases:

  • The request of the organization,
  • The organization’s bankruptcy or termination of its activities within the scope of the document,
  • The change of the legal entity belonging to the organization,
  • The organization does not accept the suspension conditions,
  • The organization does not remove the reasons for suspension
  • , Failure to provide confirmation for follow-up inspection at the end of the suspension period,
  • Failure to close the determined nonconformities during the follow-up inspections carried out for the removal of the suspension,
  • Misleading and unfair use of the document in areas other than the product or service specified in the document , Failure of the organization to be found at the facility address specified in the document ,
  • As a result of the organization falsifying its documents and attachments, As a result of the organization not accepting the surveillance audit.

If the organization has not applied for a follow-up audit within six (6) months after the suspension is suspended, an additional time may be granted or the certificate may be withdrawn. In case of withdrawal of the certificate, the organization must fulfill the obligations stated below and included in the Agreement:

  • Suspension of the use of the EUROPASS document and logo, Waiver of all rights within the scope of the canceled document,
  • Payment of unpaid document or audit fees.

Within one month of the withdrawal of the document, the organization must remove the logo from any correspondence and promotional material. Otherwise, EUROPASS;

  • Announces to the relevant accreditation body and other certification bodies,
  • Announces in various media organs that the organization has used the document illegally by violating the contract rules,
  • Applies to legal remedies to compensate for material and moral damages that may occur due to this. In addition, if the organization does not request renewal of the certificate, the production / service provision within the scope of the certificate is suspended or the establishment is closed, the document is withdrawn and announced to the public.

NOTIFICATION OF CHANGES Notification of Changes Made by EUROPASS to the Client Institution : EUROPASS announces every change in certification requirements to its certified customers on its website. EUROPASS verifies the compliance of each certified customer with the new conditions by getting written information or visiting / audits. All these applications are guaranteed by contracts made with certified customers.

Notification of Changes Made by the Client Organization to the EUROPASS:

Client Institutions are obliged to inform EUROPASS of the following changes formally (in writing) within 7 working days at the latest.

  • Legal, commercial or institutional status or ownership,
  • Organization and management (such as key manager, decision-making and technical staff),
  • Contact address and sites,
  • Scope of transactions under the documented management system,
  • Management system and processes big changes.

Notification of Changes (Suspension / Cancellation) in the accreditation of EUROPASS to the Client

EUROPASS is obliged to announce changes in its accreditation (Suspension / Cancellation) via its website within 3 working days at the latest to its current customers, potential customers and the public.