Impartiality and Inquiries
The core of Bay Mountain Security Certifications’ impartiality policy is its management commitment to maintaining independence and avoiding threats to impartiality. BMSC defines threats as a relationship that threatens impartiality based on ownership, management, personnel, finances, governance, contracts, marketing, shared resources, and inducements for the referral of new clients.
Impartiality is reviewed and analyzed on an ongoing basis in addition to an annual review of all prospects, clients, and personnel. This will ensure all conflicts of interest and threats to impartiality are identified, analyzed, resolved, and monitored. BMSC uses the review process to ensure impartiality requirements as defined by ISO are maintained.
BMSC leadership ensures adherence to the impartiality policy through periodic management reviews, automated monitoring tools, internal audits, and formal risk assessments of our audit processes.
BMSC operates under and complies with the independence requirements established by the ISO/IEC 17021:2015, ISO/IEC 27006:2015, ISO/IEC 27006-2:2021 and has developed this impartiality policy and supporting procedures to ensure ongoing compliance.
Certificate Decisions
Information on the certification body’s processes for granting, refusing, maintaining, renewing, suspending, restoring, or withdrawing certification or expanding or reducing the scope of certification is defined below.
Recertification
Recertification Every three (3) years BMSC will review the Client’s certification status and, subject to the satisfactory results from the surveillance audits and/or the re-certification audit (including all corrective actions which have been agreed between the Client and the audit team are completed), BMSC will re-issue the Client’s certification.
Granting of certification:
Upon completion of the initial certification, recertification or certification transfer audit process, BMSC certification decision maker will perform a comprehensive review of the audit file and any corrective action plans and supporting evidence. The review will verify that the Organization’s management system is in conformance with the applicable ISO standard and non-conformities have been properly addressed. Upon successful completion of this review, BMSC grants the certification.
Refusing of certification process:
Should BMSC certification decision maker’s comprehensive review of the submitted audit package result in the identification of open issues or non-conformities, BMSC’s certification decision maker shall withhold the granting of certification until such time that the Organization can demonstrate all criteria for certification has been achieved. If the Organization exceeds the allowable remediation period outlined in the applicable standard a new initial certification audit will be required.
Maintaining certification process:
BMSC requires that over the lifecycle of the certification, annual surveillance audits must be completed in years two and three, with a recertification audit to be completed prior to the expiration of the certification. BMSC’s certification decision maker may suspend or withdraw the Organization’s certification if the required audits are not performed or open non-conformities have not been properly addressed.
Suspension of certification process:
BMSC will initiate its suspension process if the Organization does not re establish conformance of its management system standard requirements within the allowable timeline, fails to abide by the contract terms and agreements or fails to perform the required audits.
Restoring of certification process:
BMSC will restore a certification that has been placed on suspension once all outstanding issues have been closed and verified as such through off-site or on-site review.
Withdrawal of certification process:
BMSC will withdraw a certification as a direct result of, but not limited to, non-performance of audits, miss-representation, non-closure of open corrective action, failure of the appeals process to close an open corrective action or at the request of the Organization.
Expansion of certification process:
At the request of the Organization through an application process, BMSC will request and review documentation supporting the additional scope. Upon completion of the review, an on-site audit will be performed to determine conformance of the Organization’s additional scope with the applicable ISO standard. This may require an addendum to the contract and/or additional fees.
Reduction of certification process:
BMSC may require that the Organization’s scope of certification be reduced if it is determined that the scope is no longer valid. BMSC’s certification decision maker will approve a request from the Organization for scope reduction if audit procedures support that the scope is no longer applicable to the Organization’s business. BMSC’s certification decision maker will refuse scope reduction if the reduction is to avoid nonconformities.
BMSC’s Name and Logo
As an accredited certification body, BMSC has developed a logo that demonstrates our certified clients’ conformance with relevant ISO standards. The rules associated with the use of our name and logo regarding ISO certifications are documented in the terms and conditions of our contract and again upon successful certification for our clients. BMSC monitors the use of its name and logo to ensure compliance with our contractual agreement, ISO 17021:2015 and ISO 27006:2015.
Appeals and Complaints
APPEALS
Appeals filed against BMSC are received, handled and resolved in accordance with ISO/IEC 17021-1:2015. BMSC’s audit team strives to clearly communicate the justification for their decisions related to the certification and inspection services. When a situation arises where the client does not agree with the audit team they may appeal the decision to BMSC’s leadership. A point of contact, who is separate from the audit team, is assigned to research the appeal. BMSC’s leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly by the client’s audit team or by emailing [email protected].
COMPLAINTS
Complaints filed against BMSC, or our certified clients, are received, handled and resolved in accordance with ISO/IEC 17021-1:2015. BMSC has developed a process managed by a group independent of our audit team to document and track the complaint. The complaint will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed throughout the process and of the complaint resolution. Complaints may be filed by emailing [email protected].
Information Requests
Inquiries may be submitted directly to BMSC, including areas where we operate, certificate status and information for our certified clients by emailing [email protected].