ENAO Risk Analysis Process. Contents Page

Transcription

1 Page 1 of 9 Reviewed by: Getnet Tsigemelak Approved by: Araya Fesseha Position: Quality Manager Position:Director General Signature: Signature: Contents Page 1 Purpose scope References Introduction Liability ENAO Related Risk Risk based assessment (ISO/IEC 17011, ) Grading risks Preparation by the customer of a lab for risk- based assessment Preparation of a lab for risk- based assessment Consequences for and reaction of an AB to risk-based assessment...11

2 Page 2 of 9 1 Purpose This document provides risk management process on the points which need to be identified, analysed, evaluate, treat, monitor and record on going bases on the risks to impartiality arising from ENAO activities 2 Scope This document is applicable to all ENAO's assessors, committee members, experts, all individuals and organization working for or on behalf of the ENAO's activity. 3 References The following documents are referenced: ISO/IEC 17011:2017 Conformity assessment - requirements for accreditation bodies accrediting conformity assessment bodies ISO Risk-Management Principles and Guidelines 4. Introduction The concept of risk- based assessment has been introduced to the standard ISO/IEC 17011:2017 as to allow for a more considered and meaningful accreditation and to give CABs an easier access to accreditation. A low risk routine lab may quench or impede its wish to become accredited when burdened with the same obligations as a high- risk lab. Not being accredited may even expel them from the market. Risk based assessment will allow the adaption of the accreditation process and to focus on essentials. Despite the possibility of adaptation of the accreditation process the CAB has still to comply with the relevant standard. Accreditation s target is already to avoid faulty results but still a CAB can produce faulty results and also accreditation may have been granted mistakenly. There are guidance and standards about risk assessment and risk management but the standards ISO/IEC and the applicable ISO/IEC standards contain already a large number of requirements, showing possibilities and methods for management, training and motivation of staff, suitability and calibration of equipment, validation, level of uncertainty, documentation, assessment of stability of methods, etc. as to low risks in their operation. For that reason, additional activities for risk assessment and risk management related to the daily activities beyond the new standard are not necessary for CABs

3 Page 3 of 9 and ENAO (this does not relate to the increased requirements to protect impartiality). The risks requiring special attention in the revised standards address risks stemming from the use of faulty results and/or reports issued by a CAB to the public about human health, safety and the environment. The CAB and ENAO shall be aware of the risks of a specific activity and shall take additional measures to further reduce them. A CAB may use more often a reference material or more often training; ENAO may ask for more participation in PTs, cross check of results etc where the process, decisions are susceptible to high or medium risk. Every activity or idleness implies a risk. The risk assessment as required by the standard does only address the consequences of using a faulty result of conformity assessment by its customer. Maybe, the customer will release of a product or a management system, to do a finance operation, to undertake a planning etc. If such decisions are based on faulty results it may cause severe damages to human's safety and healthy, environment, finances. 5. Definition and Objective of Risk Management Risk is an uncertain event which may occur in the future that may prevent or delay the achievement of an organization's objectives or goals. As risk is not certain, its likelihood can be estimated and based on its likelihood and impact the level of the risk can be estimated as low, medium and high. The Ethiopian National Accreditation Office has responsibility to ensure adequate risk management procedure to safe guard impartiality in the accreditation process. The risk management procedures are designed to ensure ENAO: o deliver consistence accreditation service o effectively governing itself and demonstrates competence and professionalism in the performance in its accreditation service o effectively manages its resources associate with accreditation o builds and strengthens stakeholder support and collaborates with other relative bodies and limit the impact of any unavoidable or residual risk Normally, a CAB will act on demand of a customer. The results may be used by the customer for decisions bearing possibly severe risks for humans, environment or finances. Thus, in a wider sense, the public is also a party involved and their interests have to be taken into account by the 3 directly involved parties. An organization like an AB faces risks stemming from external sources, risks due to internal

4 Page 4 of 9 mismanagement and due to its activities directed to its customers. In order to mitigate these risks and to take preventive actions, ENAO has developed a table of risks which has to be further developed due to growing experience. ENAO has to act within its legal framework and to fulfil the requirements of the standard ISO/IEC and the relevant internationally binding regulations. By its operation it shall consider the risks as given in the table below. All this done with due diligence, ENAO has done whatever it can do in contributing to a professional and trustworthy national quality infrastructure. ENAO is not liable for any false results or the consequences out of it issued by an accredited CAB. According to the standards a CAB has to follow its management system and all the required measures to be taken which are imposed as to minimize the risks by its operation. The role of the accredit or is to ensure at the time of assessment that the requirements are kept 6. Risk Assessment The assessment of risk area for the impartiality risk management is managed by Accreditation Quality Manager, two technical staffs and discuss with the representatives of one from private and one from government stakeholders before presented to the stakeholder forum. The risk assessment will focus on the accreditation process, competence of team leaders, assessors, experts, staff members. The risk assessment and leveling will be conducted as per to the risk matrices form. The metrics enhances risks to:- Accreditation Process: this includes from receiving of application from Conformity assessment body to granting accreditation certificate and the accreditation follow up. Competence: One of the factors to impartiality is incompetency hence, ENAO ensures the competence of all that involves in the accreditation process Operational Management: ENAO effectively manages its resources to perform its functions associated with its accreditation service and run its accreditation service impartially without the involvement of external body on the accreditation process and accreditation decisions. Stakeholder expectation: ENAO works to build stakeholder support and engagement in the accreditation scope expansion; risk assessment, and management to impartiality; customer satisfaction on ENAO accreditation service.

5 Page 5 of 9 Operational process of conformity assessment bodies: during on site assessment and witnessing there might be possibility of risks that affects the assessment process that should be considered by the assessment team. On the other hand conformity assessment bodies shall also implement risk based thinking that shall be assessed the effectiveness of their risk management by the assessment team. The risk matrices is found as one checklist of internal audit F09.7/A 7. Risk Analysis and Grading Risks associated with the accreditation processes are identified in terms of the likelihood of the risk occurring and the likely impact on the accreditation to impartiality while it occurs. The risk matrics as below is used for risk leveling from 1 that stands to extreme to level 7 which is negligible risk assessment. Likelihood of happening Likely Impact Very high High Medium Low Very high 1: Extreme ( certain) 2:Very high 3: High 5: Medium High 2:Very high 3: High 4: Significant 6: Low Medium 3: high 4: Significant 5: Medium 7: Negligible Low 4: Significant 5: Medium 6: Low 7: Negligible The risk to impartiality has to be mitigated to a level where the residual risk can be low. If the residual risk to impartiality is still high then ENAO will not proceed the accreditation process. 8. Risk Management: For the identified risk ENAO's different committees internal and external staffs will guard against the risk occurring and manage any adverse impacts when it occurs. Any risk found in the risk assessment will be, rated and managed. ENAO committee members, assessment team members, Director General, Deputy Director General, Quality Manager, Management members, technical and non-technical staff members are responsible for maintaining potential risks to impartiality, ensuring the accreditation procedure is followed, resources are well managed, and notifying the Quality Manager or Deputy Director General or Director General for any susceptible potential or actual risks. Note: ENAO management committed and ensured to allocate adequate resources to implement

6 Page 6 of 9 this risk management processes. 9. Monitoring and reviewing of Risk Quality manger in conjunction with the two stakeholder representatives will review the risk management plan developed by quality Manager annually. The review focuses on how the risks were managed, whether the mitigation mechanisms where effective, whether any new risks developed with recommendations shall be submitted on annual bases and the report shall be submitted to the Director General, management review committee and then after approval to the stakeholder forum. The risk review shall be conducted within the internal audit schedule and the report during management review to be discussed for any additional action if it required 10. Ensuring the implementation of risk based thinking by conformity assessment bodies The risks originating from the product or a technical system due to the use of faulty test results and /or reports shall be managed and ensured the residual risk is on the low level. Customers of the conformity assessment bodies shall have right to ensure whether the conformity assessment body has risk management and shall be discussed during contractual agreement or negotiation Testing and calibration The conformity assessment body shall evaluate the risk assessment of its potential customer during the contract negotiations (ISO/IEC 17025, 7.1.1). The evaluation will include: - Complete description of potentially afflicted entities - Reasonable estimate of occurrence probability and potential losses, also considering the number of produced items - Proper sampling of the specimen to be tested or unambiguous description of a system - Estimate whether the uncertainty of the test result of the lab corresponds to the risk - Validation of the method to be contracted. Possibly, another method is advisable or an additional method should be applied (i.e. integrity testing of a chemical reaction vessel not by x- raying alone but also by ultrasonic means) The mutually agreed risk assessment of the customer of the lab will be part of the contract between the parties. The lab and its customer have the obligation the check test results for their likeliness.

7 Page 7 of The lab shall decide whether it will operate also in high and /or medium risk areas and communicate it to the ENAO before undertaking such tests. Such decisions can be made also for parts of the lab s scope if it can be clearly defined and naturally difficult to reduce. Note: If necessary the risk level can be indicated at the accreditation certificate. Note: risk- based assessment does not contradict ENAO's accreditation for flexible scopes At initial assessment or follow-up activities, the AB shall analyse by document check whether - the lab complies with the requirements set out in of this document - the risk level found jointly by the lab and its customer can be accepted. In case of disagreement between the lab and the ENAO, then ENAO has the right to step up the level of risk acceptance for the CAB and to adapt its activities accordingly ENAO has show some flexibility when planning an initial assessment or a follow-up activity and being still in compliance with ISO/IEC on the document ENAO accreditation process as of - number of assessors and the lab s activities assessed in detail - number of persons to be witnessed - methods of follow up visits according to the list of methods of the AB - frequency of follow up activities - requirement for recalibration intervals - requirements on participating in PTs - depth of required verifications for critical/uncritical tests - requirement for methods of estimation of uncertainty ENAO s follow up assessment plan frequency will considered the risk levels identified Consecutive good performance in PT or inter lab comparisons indicate that the lab is in full control of its processes. Such positive history should be taken into account by ENAO when conducting assessment follow up plan Risk based assessment can also be applied for medical testing, inspection, product, personnel and QM certifications.

8 Page 8 of 9 Revision No. Date approved Revision History 0 New developed procedure based on ISO/IEC 17011, 2017

9 Page 9 of 9