Frequently Asked Questions about Certifying to ISO 20252 and 26362

PREPARING FOR CERTIFICATION

Where do I purchase the standards?

Access the link below to purchase a copy of the standard(s) from ANSI

Do I need to purchase both standards if I'm only certifying to ISO 26362 (Access Panel Standard)?

Yes because ISO 26362 refers frequently back to ISO 20252.

What does "scope of certification" mean?

The scope of certification is a description of the service (or product) capabilities provided by your company to the client and reflects the services to which you will be audited against. As ISO 20252 and 26362 are considered product or industry standards, a company cannot exclude part of the services they provide simply because they do not wish to certify the quality controls of that part of their business. For instance, a company cannot exclude the data collection processes if they provide those processes as part of their client services. Equally, a company must declare the geographies of their services but in this instance can exclude some geographic locations. For instance, if a company works primarily in the USA but has a data collection facility in Japan and does not wish to include the Japanese operations in the scope of certification, then the scope needs to indicate this e.g. ABC Company's certification includes all operations within the USA only. So in essence, a scope statement must include:

  • A description of the total services you provide to a client
  • The geographic area of those services
  • Any exclusions that may apply

Scope Statement
You need to write a scope statement [paragraph or few lines only] that reflects the certification you are applying for.

  • Decide what is included, and what is excluded, from the scope of your system. To do this you will need to review the requirements of the standard and balance this with the activities of the organization that are identified in the standard. This will give you the overall scope. You then need to write a scope statement.
  • 80% of normal research activities must be addressed in the scope statement.
  • One off projects for clients that are outside the normal business activities do not need to be included in the scope.
  • Other business services such as strategic or business planning undertaken by the company do not fit into the scope of work.

This statement cannot be a marketing statement. It must be factual. You cannot use words like 'best' 'most advanced' or "value added to the client" unless it can be proven and therefore becomes part of your audit.

Example:
Jones and Partners, established in 1901, is a medium sized market research company with offices in Buenos Aires, New York, and London. Jones and Partners provide full service market research services, both qualitative and quantitative, to clients in private enterprise and government agencies, with a particular focus on the financial services and automotive sectors. Quantitative data collection is conducted primarily in-house using our own in-house CATI telephone technology or via web surveys for which we purchase the use of access panels from a variety of sub-contractors. We specialize in customer satisfaction research.

Do we have to include all of our services in the Scope of Certification?

Basically the answer is YES; however, consider an 80/20% rule. If 80% of your business consists of certain services provided to your client groups, then this is the general scope of your business. Subcontracted work is considered under another part of the standard and not included in the scope of certification. The 20% of your business remaining may include specific project related work for a particular client or clients that are not your normal market research standard operating methodology. These jobs can be left out of the scope of works as long as they do not grow to represent more than approximately 20% of your business. Additionally, some market research companies provide other services such as strategic planning that do not have a direct market research function. This work does not fit within the bounds of ISO 20252 or 26362 and therefore should not be included in the scope of work.

Can the audit Scope of Certification change?

Yes, and it often does. But when it does, CIRQ must be notified and CIRQ shall validate the revised scope of certification. The scope may change when:

  • A company merges with another company
  • New offices are opened (or existing offices closed)
  • New services are provided
  • The business expands overseas
  • Additional expertise is acquired within the business

Note: CIRQ must be informed if you wish to change the scope or if the structure of your organization changes. This may impact your audit process and the audit program may need to be adjusted. It is always in the best interest of a company to keep their scope statement current and to keep it as full a statement as possible. Therefore, always inform CIRQ as soon as you believe the scope of your certification could or should change.

If a company operates in several countries, can they be certified in just one country?

Yes, as long as they cover all of the core processes covered by the scope of business within that country. If for instance the only data collection function you have is in China, you will need to include China in the scope of services. If you have data collection functions in the US, then you could geographically leave out China in your scope statement.

What is the CIRQ Self-assessment tool and how is it used?

The Self-assessment is a unique tool provided by CIRQ to help you do a GAP analysis of your compliance to the standard(s). You simply indicate briefly how your company complies with each clause listed. Your responses will eventually be evaluated by an auditor resulting in a score indicating your company's readiness to go to the onsite audit. Note: If the scope of your system does not include some section of the audit tool, simply write "Not Applicable". However, do not write "Not Applicable" simply because you are not following a process that meets the ISO Standard.

How do I start the self-assessment?

Take a systematic approach to the document:

  • Go through the standard and read it before opening the self-assessment tool
  • Highlight the following words in varying colors (for reference) in the copy of your ISO Standard: "shall", "procedure or "document", "record", "training" or "competence"
  • These words will indicate actions you need to take to comply with the standard. For example, anytime there is a "shall" this is a requirement of the standard.
  • The Self-Assessment tool mirrors the ISO Standard. Now, refer back to the marked up ISO Standard for each clause to explain what is needed in that section.
  • Leave Section 3 of the ISO Standard and equivalent Self-Assessment Section until last as it is the most complex.
  • Complete Section 4 first and then follow with all other sections. Identify what you have in relation to the requirement and type it into the space/box available. Self-assessment comments can be and should be brief.
  • A good approach is to disseminate the appropriate sections to the relevant department and request them to complete the information.

Lastly the Quality Manager should review and fine tune the responses and complete Section 3 - The Research Process Management System.

What is the difference between processes, procedures, documents and records?

A RECORD is either a document or data that cannot be changed, it represents a finite point, and it is permanent and historical. e.g. a training record, a completed questionnaire, a completed and closed off contract, a completed project, a paid invoice, etc.

PROCESSES, PROCEDURES and DOCUMENTS are information that is changing and/or changeable while remaining under a control mechanism that allows for traceability; e.g. A documented process or procedure can be changed and updated as necessary but should have a form of document control such as date or revision status that shows the changes that have occurred. A contract is a live document until the contract is completed. While the contract is ongoing it can be amended as long as the amendments are traceable. Once it is completed and signed it becomes a Record. A blank template is a document and is in effect the master. Once it has information in it, it becomes a document until such time as the form (or template) is completed and then it becomes a record.

How long does a company have to follow the standard prior to audit?

At least the core processes should be proven and available for audit prior to undertaking a certification audit. An auditor requires evidence; a documented process that has not been fully enacted cannot be audited and therefore, you would not be ready for certification. However a process that is only just recently changed but 80% of the process history remains would be considered sufficient to continue to audit. All core processes, such as proposal, report, body of the job, i.e., data collection, coding, analysis, must have a minimum of 3 months history with several projects having worked through the system from proposal to reporting for a system to be ready for audit.

How do I know if my company is ready for the audit?

First your quality system must be completely documented and have been in place for at least 3 months so that you have RECORDS or EVIDENCE to demonstrate your compliance with the ISO standard to which you wish to be certified. At least some of these RECORDS or EVIDENCE must be available for closed projects. Then when you have completed all sections of the self-assessment form you should submit it to CIRQ for a pre-assessment evaluation and report conducted by a CIRQ auditor. Before you submit the self-assessment, go through it and ensure you have or are creating RECORDS or EVIDENCE for every statement you have made in the assessment. This is your true indication of whether you are ready for a certification audit. A CIRQ auditor will conduct a pre-assessment review against your self-assessment and inform you if it is determined that you are not ready for an audit.

What is key to a successful audit in addition to conforming to the standard?

Simple compliance to the Standard against your scope of certification is the answer. However, try this Top 10 Key Success Factor checklist as a good indicator of success:

  1. What evidence do you have of top management support of the quality system? Have they been involved, do they understand the system and do they 'walk the talk' of the system? On the day of audit, a meeting with the CEO or executive management is essential as part of an audit process.
  2. Is the quality system readily accessible to those who need it?
  3. Have all areas of the business that need to use the quality system been part of its development and have they been appropriately trained in the use of the system from their perspective?
  4. Are records easily traceable? Have all the record requirements of the ISO Standard been addressed?
  5. Have legal and regulatory matters been appropriately addressed in the quality system, and relevant staff trained and aware of their obligations?
  6. Have all the applicable 'shalls' in the ISO Standard been addressed?
  7. Have all the 'procedures' and 'documents' identified as required in the ISO Standard been addressed?
  8. How is the integrity of any software or computer system managed considering the level of risk management required to sustain the quality system and integrity of the service delivery to the clients?
  9. Are responsibilities and authorities clearly delegated throughout the company such that the quality of client service delivery will never be compromised by inexperienced project personnel or lack of cross checking the project work of junior or less experienced staff? What evidence is there?
  10. Is the system audited, reviewed or periodically checked internally to ensure it is working as expected and that it meets the needs of the company. What evidence is there?

QUESTIONS ABOUT YOUR AUDIT AND THE AUDITOR

How much will the audit cost?

This will depend of the scope of certification including the number of employees and sites to be audited. Please submit a Request for Quotation to get an estimate of costs involved.

From the time I submit my application, when will I be able to schedule the company's audit?

That really depends on the scope of your certification, how prepared you are for the audit and how you progress the documentation throughout the certification journey. We have seen companies (especially those that have attended the CASRO ISO Implementation Workshop) be audit ready in 6 months.

Can I pick my auditor?

There is no objection to you choosing your own auditor amongst the certified CIRQ auditors, however, there are rules relating to auditors access to companies where there may be a conflict of interest and also auditor availability and experience. Generally Auditors are assigned based on experience and availability factors, location, costs, and conflict of interest, etc. If you would like to discuss this matter please contact CIRQ and your query will be directed to the Managing Director for response.

Can I have the same auditor?

It is CIRQ's policy to try and maintain the same audit team with a client for a period of at least 3 years until re-certification is due and then, where practical, a new audit team is appointed. From time to time this may not be possible and in these circumstances you will be informed of changes in advance and the reasons for those changes.

What are the criteria for an auditor selection?

We have a list of criteria for auditors when scheduling audits that address:

  • Research experience and match to the client's services
  • Completion of formal auditor training based on ISO 19011
  • Contractual commitment to CIRQ according CIRQ procedures
  • Geographical proximity
  • No conflict of interest with the company

How do I dispute or appeal the findings? / What if I have a complaint?

This rarely occurs but when it does the matter is addressed according to a documented process. For a description of the Complaint/Dispute/Appeal process, please access the link for the Standard Certification Agreement. You can also access the CIRQ Quality Manual which details this process.

Can I only be certified to ISO 26362?

Yes but in order to do so you must comply with relevant sections contained in ISO 20252 which are referenced throughout the ISO 26362 Standard.

If I am being audited for ISO 26362 and I'm already certified to ISO 20252 do you have to look at all the 20252 sections again?

Yes for additional standards certification however it will not cover all aspects of the system and is therefore a shorter process.

Can we certify to 9001 with our ISO 20252 system?

No CIRQ is not accredited to certify to this standard. Our systems are not set up and we have not gone through the due diligence required to certify to this standard nor will we in the future.

What Audit facilities are necessary on the day of audit?

On the day of audit, an auditor will need to have sufficient resources to get their job done with as little disruption to the company as possible but also in an efficient and effective manner:

  • Please review the audit schedule and plan as much as possible to have relevant staff available. Where a person cannot be available please nominate a second person where practical. If staff representatives are not available on the day of audit this sometimes extends an audit length as the scope of the audit must be covered in order for the audit to be completed.
  • If there is a spare office or desk, it would be useful to provide this working space to the auditor.
  • If your system has electronically held records and processes are managed electronically, the auditor will need to have access to your electronic systems therefore access, including passwords as necessary, may need to be organized.
  • Please ensure auditors are made aware of the personal facilities such as restrooms and administrative facilities such as photocopier, internet access, etc.

POST-CERTIFICATION MATTERS

What are the guidelines for use of certification mark [CIRQ Logo] and how does it relate to the scope of certification?

There are strict regulatory controls around the terms of use of the Certification Mark [CIRQ Logo] once a company is certified to an ISO Standard. Please access the link for the Standard Certification Agreement which provides full details about these requirements. Briefly, the rules are as follows:

  • Certification approval to use the Logo is limited to the scope of audit validated by CIRQ - that is, only those services and sites certified can show any claim through the use of the Logo regarding ISO certification status. This means that divisions, parents, subsidiaries, sister companies and other affiliated companies are not permitted to use the CIRQ Certification Mark [CIRQ Logo] unless they have individually received certification by CIRQ to one or both of the Standards.
  • Certification and subsequent permission to use the CIRQ certification Logo does NOT mean that companies who are NOT members of CASRO can use the CASRO Logo. CASRO membership and associated rules of use of the CASRO Logo are quite separate from that of CIRQ and the [CIRQ Logo].
  • The CIRQ name and Certification Mark may not be used in any way to suggest product approval, as they apply only to a certification of the certified company's systems.
  • The use of the CIRQ Certification Mark is subject to annual review based on the successful result of the initial certification, subsequent annual surveillance audits, and a re-certification audit.
  • CIRQ reserves the right to suspend or withdraw a company's certification if the rules of use are violated in any way.

If a company is merged/acquired, etc., does the certification still stand?

Yes it will if CIRQ is notified either prior to or at the time the change occurs. CIRQ will request that you submit a management plan, detailing who is now responsible for the quality system, how the scope of certification will change and how the new structure will absorb the quality system sufficiently to maintain certification standards. Refer to Section 3.1 of the 20252 standard called Organization and Responsibilities (this also applies to ISO 26362). Submit to CIRQ the plan for merging the two company's quality systems so that your company and CIRQ can prepare for an interim audit (if necessary) or for the next surveillance audit [depending on timeframes]. The Plan should be submitted early within the timeframe of change and allow a 6 month transition period prior to the next CIRQ audit in order to confirm compliance. The earlier the notification to CIRQ, the more lead time CIRQ can provide you for any changes necessary in your overall audit schedule. Within 6 months of the change having occurred CIRQ will need to audit the change management functions and random processes to ensure certification continues.

What if I am not satisfied with the audit or any other process I have experienced?

The formal process is to lodge a complaint with CIRQ in writing - email is acceptable. This complaint will be logged into the system and the complaints process followed. For a description of the complaints process, please access the link for the Standard Certification Agreement.

What are the Terms and Conditions for the Audit and Certification Process?

Please access the Standard Certification Agreement to view the Terms and Conditions for the Audit and Certification Process.

What happens if the standard is updated or changed?

CIRQ shall give due notice to all certified clients of changes in the ISO 20252 and/or 26362 standards, as well as any changes CIRQ intends to make in its requirements for certification as a result. The client has up to 18 months to make the advised changes in order to maintain certification.

How can our company promote its certification?