Welcome

INAB Assessor Forum – 23rd January 2018

Bedford Hall Suite - Dublin Castle

Wifi
Network: Conference
Password: January-2018
 Agenda
• Welcome and Introduction
• CRM – New IT system
12.45 - Lunch
• Breakout groups 15:15 - Tea & Coffee
16:15 – Close of forum
After Lunch
• What's new in INAB?
• Policy on Non Conformity Management / Forms
• Quality
• Data Protection – obligations of assessors
• Q&A
INAB Customer Relationship
Management System (CRM)

Orla Ivers / Padraig Keane

 What can you expect?
• Overview of the Assessor Portal
• Access

• Events

• Claiming Fees and Expenses

• Improvements and Feedback to date

 What is the INAB CRM?
This new system was designed and developed to
manage INAB data and processes associated with
the accreditation and management of our
Conformity Assessment Bodies (CABs). CAB Assessor
Portal Portal

CRM
The scope of the system included our CABs, and INAB Staff

assessors who provide the expertise on which

accreditation depends.
Background
• INAB CRM launched in January 2017
• Currently 84 assessors have used the CRM to
manage their part in accreditation process
• 277 events organised in 2017
• Assessors were invited to register in CRM, when
their expertise required on event.
ACCESS: How to register for CRM?

• Email sent
• *Click on Complete Registration
• **Register for new account

NB – invitation only valid 30 days

 ACCESS: How to log in

• Once registered
• Access via INAB website – CRM portal
INAB Website - Homepage
Enter your email and password

NB: do not use old URL invitation link once registered

[Image from - Assessor Portal]

Homepage – Assessor Portal
Homepage – Assessor Portal
Padraig Keane

Events
How to claim?
The Assessment Visit
• Confirm availability
• The visit plan
• Plan confirmed
• On the day
• Submitting expense claims
• NC review and clearances
Confirm availability
• Review scope elements
• Select for visit
• Logistics and accommodation
Confirm availability
Confirm availability
Confirm availability
 Confirm availability

• Availability confirmed
The visit plan
The visit plan
Plan confirmed

• View documents
• Download NC template
Plan confirmed
Plan confirmed
Plan confirmed

• NC Template
• Unique to visit event and assessor
 On the day
• Upload NC template
• I have no NCs
• Evidence required??
• Possible errors
• Also applies to Extension to Scope by correspondence

• Confirm which scope elements were witnessed

• Upload report to documents section of CRM
• Officer will review before releasing to CAB
On the day

• Change to assessment procedures (2017)

On the day

• NC template upload
On the day

• NC template errors
On the day
On the day

• I have no non-conformities
On the day
On the day

• Confirm witnessed tests

On the day
 On the day

• Upload
audit
trail
report
Submitting expense claims
• Visit/event status
• Currency conversion
• Expense items
• Daily rate
• Travel – mileage/hire car/ ticket
• Receipts
• Reviewed by Officer and Manager
• Submitted
• Then rejected or paid
Submitting expense claims
Submitting expense claims

• When visit has been completed…

Submitting expense claims
Submitting expense claims
Submitting expense claims
Submitting expense claims
Submitting expense claims
Submitting expense claims
Submitting expense claims
Submitting expense claims
Submitting expense claims
• Claim submitted in error
• Guides
• Agreement
• INAB Hotels March 2016
• Schedule A-1 Business Rules for INAB Assessors
• Revision 2 – Sept 2017
• INAB Hotels March 2016
CRM portal library
NC review and clearances
• Edit details
• View documents
• RCA, CAPA report…Evidence??
• Comment
• Cleared/not cleared
• Second attempt required
• Recommendation
• SUBMIT TO INAB!
NC review and clearances
NC review and clearances
NC review and clearances
NC review and clearances
NC review and clearances
NC review and clearances
NC review and clearances
NC review and clearances
NC review and clearances
Feedback and Improvements
Feedback – CRM Survey results
 Feedback – assessor forum survey
• One shot at NC upload, no mistakes
• Downloading PS10 – PS10 changed, CABs requested to
upload zip files.
• Claim – error, print.
• Really like system
• No issue
• Portal Performance – Speed, timing, loading
 Improvements
• Portal Performance Review
• Servers – moved from US to Europe
• Investigation – monitoring tool
• New Non Conformity Template
Allows copy and paste, no restrictions
• Finance
• My Reference field on CRM under claim - appears on
payment
• Monitoring alert system for payments not processed within
a 2 hour frame.
Helpful hints and tips
• Deleting Documents – Request via INAB.
• ADD CLAIM – only when status of event at Addressing NCs;
Ready for Decision or Closed!
• Locked out of the portal – wait 5 minutes as the account
automatically unlocks
• All Portal users must redeem invite before they can start
using the portal.
Link in registration email.
• Avoid & and other special characters in file names.
 Helpful hints and tips
• NC template – assessor must download own
template from their portal

• NC template download – available at Plan

Confirmed status

• Unable to save NC Template – ensure file name

not too long c:\ counted as part of title (218 characters
max).
Thank you
Breakout Groups
17025 / 15189 Brid Burke main room

New Assessors introduction to INAB Marie O’Mahony

Group 1 hour -then revert to their own standard break out
group.

Inspection/Ref Materials Pat O’Brien

Certification James Stapleton

Policy on nonconformity
management (and other stuff)
Andrew Stratford
Before revision of ISO 17011
INAB’s policy:
• Major NCs required root cause analysis
• Assessment team could choose whether or
not root cause analysis was required for
minor NCs
• Documentary evidence always
Publication of new ISO 17011
New INAB policy
• In all cases, INAB now requires
• Submission of analysis of extent and cause
• Description of action planned to be taken or
already taken to resolve the NC
• Assessors can’t close the NC until this is received

• Evidence is not automatically required…

New INAB policy
Minor NCs - surveillance
• Assessor who raises NC decides whether or not
evidence is required (at discretion of assessor,
but default is no evidence required)

Major NCs, NCs at initial assessment and NCs

related to extensions to scope
• Must have evidence of implementation of actions
A niggly-naggly problem

Excel spreadsheet doesn’t currently handle this

Summary
Minor NC; CAB to provide:
• Analysis of extent and cause (mandatory)
• Description of actions taken or planned to be
taken (mandatory)
• Evidence of implementation of actions (optional,
at the discretion of the assessor)
Summary
Major NC, NCs from initial assessments or
extensions to scope; CAB to provide:
• Analysis of extent and cause (mandatory)
• Description of actions taken (mandatory)
• Evidence of implementation of actions
(mandatory)
That’s all for NCs

Next: sampling of requirements from

accreditation standards.
Sampling – before:
• INAB policy was to try to cover as many of the
clauses of the accreditation standard as possible.

Sampling – new:
• Some elements, such as internal audit,
management review, etc. are assessed every
time, but…
Sampling – new:
• INAB policy is now to cover a sample of clauses,
based on matrices for the different accreditation
standards
Sampling
• A matrix has been developed for every
accreditation standard.
• The lead assessor will use the relevant matrix
when formulating the visit plan
• The plan is to assess fewer clauses at each
surveillance visit, but there may now be time to
look at them in more depth
That’s all for sampling

Next: amended INAB forms

Amended INAB forms
Despite the introduction
of the CRM for handling
the assessment process,
the old familiar report
forms such as the X116
and AF118 forms will
remain
Amended INAB forms
• You’ll notice a few tweaks in these forms to
reflect the handling of NCs through the CRM
portal, but otherwise, no significant changes; we
still have to record what we’ve seen
• The forms are a bit flaky in places, but please
bear with us; we are working on a complete
revamp of key forms - cool new ones are on the
way
Questions?
What is new in INAB

Pat O’Brien
(1) New structure of INAB
INAB comprises 13 staff
- INAB Manager
- 3 Scheme mangers
- 8 Accreditation Assessment Mangers
- QM
- 1 Project Executive
- 2 Administration
 (1) New staff in INAB
• PADRAIG KEANE, Assessment Manager Joined INAB in March 2017.

• JONATHAN CARSON, Executive Officer Joined INAB in March 2016.

• JANE GLASS, Clerical Officer Joined INAB in March 2017.

 (1) Scheme Mangers

Scheme areas - based on MLA – 3 Scheme Managers.

ISO 17025, ISO 15189, ISO 17043

ISO 17021, ISO 17065 and ISO 17024
ISO 17020, ISO 17034
 (1) Scheme Manager Role

Role:- responsible for all matters relating to the management of the assigned
accreditation schemes

Responsibilities:- e.g. technical and policy issues, implement any changes,

bring items for discussion within INAB to ensure harmonisation, Advise on the
necessity for documents and development
 (1) INAB Board

The INAB Board is established as a permanent committee of the Health

and Safety Authority

- The Board comprises 12 persons

 (2) New Scheduling Unit – how it works

Why ! introduce scheduling efficiencies

- process is managed and driven by the INAB Administration with input from
assessment managers
- The normal running schedule is to work as far in advance as possible and no less
than 3 months in advance
 (2) New Scheduling Unit – how it works

- Communications will be by email, phone, etc as necessary and key decision

communication processed within CRM
- Once the date has been agreed by all parties, an event is set up in CRM
by Administration who will then send agreements to all parties, including the
Accreditation Officer as lead assessor.
- The agreements will have the standard p/p time of 4 hours automatically
included.
 (2) Key points of the policy

- INAB Administration will ensure the PS10 documentation is submitted,

- Assessment Managers provide all information needed to enable a visit to be
scheduled in a timely manner,
-will document all visit logistics (start, end times etc)
- responsible for issuing all visit plans (VP). Until such time as the scope
elements are in CRM, the VP can be issued by email through the CRM.
 (3) Role of the Assessment Team
The INAB assessment team comprises a Lead Assessor and/or a Technical
Assessor(s)/Technical Expert(s) and an INAB Officer.

The assessment team is responsible for providing INAB with a

recommendation on accreditation on completion of the visit.

The assessment team recommendation must be supported by evidence

collected by the team during the visit
 (3) Team functions within CRM
Lead assessor /Technical assessor / Expert
- Confirm Availability
- Review application or Accreditation and history, documents uploaded to
an event
- View the Visit Plan, assign scope elements, event Logistics, undertake
Actual Visit and record scope elements,
- Download NC template and upload to CRM
- Review CAB Corrective actions on NC and respond
- Upload documents to an event
 (3) Role of the Assessment Team
The INAB accreditation assessment manager is now the Lead
assessor and undertakes the opening and closing meeting, and reviews
the management systems, also ensures that the team is thorough,
professional, fair and objective as per the INAB Code of conduct (PS8) and to
ensure that all relevant aspects of the standard and INAB requirements are
reviewed in sufficient depth as per the visit plan.

Technical / experts to assess the technical competence of the client conformity

assessment body (CAB) and its compliance with the relevant international
standard(s)/requirements for a specific scope
 (4) PS10 content and review

This statement sets out the Irish National Accreditation Board policy on the
submission of documents by a Conformity Assessment Body (CAB –
laboratory, certification and inspection body, reference material producer) to INAB,
prior to an assessment/surveillance/re-assessment visit or scheduled witnessed
activity.
(4) PS10 - CAB submission timeframe
• CABs provide the information to INAB six weeks prior to a scheduled
surveillance visit, and six months prior to a to a scheduled extension to
scope assessment
• All PS10 documentation submitted to INAB must be uploaded to
INAB CRM via the Client Portal. 
• A zipped folder with all documents for each team member
(4) Doc’s required for each TM on visit day
• Quality manual and any amendments
• Schedule of all audits
• issued report/certificate
• Register and summary of non- conforming work investigation
• Primary sample collection manual (ISO 15189 only);
• A review of compliance with mandatory documents (INAB DC1 refers)
• Identification of all relationships with related organisations
• A documented impact/risk analysis on impartiality and independence
of CAB activities.
(4) Documents For Submission: ALL CABs
• Minutes of last Management Review
• Organisation chart; highlighting changes
• Current list of key personnel and deputies and changes;
• Details of activity related to scope of accreditation and how the CAB
manages the maintenance of competence in areas where there
has been no activity;
• Current schedule of quality and technical meetings;
(4) Documents For Submission: ALL CABs
• Details of all critical and foreign locations where activities are
carried out or where offices are located;
• A review of the relevant legislation affecting your scope of
accreditation.
• Records and CAB conclusions of the audit of the effectiveness of
the corrective actions implemented in response to the
nonconformities raised at the previous INAB assessment.
(4) Additional for Laboratories
• Proficiency Testing 5 year plan and performance
• investigation reference number for any out of specification results
with a brief summary of conclusions;
• Those operating a flexible scope of accreditation, the current version
of the Master List of Flexible Scope Changes
• process flow diagram from sample receipt to reporting
• current list of blood fridges, a summary report of blood usage and
a list of notifications to the National Haemovigilance Office
(4) Additional for Laboratories
• Where applicable, a summary of amendments to accredited test
methods since the previous visit.

• For laboratories applying for an extension to scope; the current

validated procedures and validation/verification summary report
 (4) Reference Material Producers (RMP)
• Changes to key authorized competent personnel that perform
particular activities relating to RM production. (Personnel, including
subcontractors, personnel of external bodies, or other individuals acting on
the RMP’s behalf);
• Where an RMP uses subcontractors to undertake part of the
production, include any changes to sampling, processing, handling,
homogeneity and stability testing, characterization, storage or distribution
of an RM,
 (4) Reference Material Producers (RMP)
• RMP shall submit any changes to the planning stage or deviations
from the production plan or the metrological traceability of the
certified values or characterization study.
(4) Certification & Inspection Bodies H/O
• Changes to the impartiality committee or involvement with related
bodies
• Details of new certificates issued with associated EA sector or
technical area;
• Details of amendments to technical standards in response to
legislative updates
• List of personnel authorised as competent in the conformity
assessment activities
• List of approved sub-contractors
(4) Witnessed activities (CB and IB)
• Copy of the audit plan
• Previous client audit report completed by the CB/IB
• Location of, and directions to, the witnessed activity, with contact
details for on-site personnel
• Details of audit/inspection duration determination/calculation
• A copy of the audit/inspection procedure and the working
documents used by the auditor/inspector.
Thank you for your attention
Assessor Management

Marie O’Mahony
Assessor Management
• What’s new?

• New business model in INAB (2017)

- CRM for visits management
- INAB Lead Assessor
- CRM generated assessor contracts

• CRM tool for Assessor Qualification (go live Feb 2018)

Assessor Management
• What’s new?

• ISO 17011 Rev 2 – (competency criteria)(Nov 2017)

• New Mandatory IAF MD20 (Jan 2018 implementation)

• Competencies model – A ; B; C; D.
 Assessor Management
Result:- Development of new Assessor Management processes

- Qualification and Competency management

- Training programme

- Monitoring programme

- Assessor records management

 Assessor Management
• Defined minimum competency criteria

• Educational- Degree level

• Work experience in technical sector (4 years)

• Assessor training in standard

• CPD – (e-learning/assessments/
membership of professional body/committees )
 Assessor Management
• Training Programme

• Induction training

• Training of technical experts

• Identification of training needs/Refresher training

• Updates /notifications/Publications
 Assessor Management
Monitoring Programme -3 year cycle – Rolling schedule

Combination of :
- On-site Monitoring

- Reports Review (findings/assessment reports/recommendations)

- Client feedback on assessment team performance post decision

- Against the defined competency criteria

- (A;B;C;D).
 Assessor Management
Monitoring Programme

3 year cycle – Rolling schedule

- Annual Assessor Performance Review of monitoring schedule

- Evaluation and decision will be completed at end of Year 3

- Feedback to assessor/expert following evaluation

 Assessor Management
Assessors Records Management
• New CRM tool for qualification of applicant assessors/experts and extension
of competencies for active assessors/experts.

• New Assessors/experts - All records will be in CRM

- (Educational qualifications/relevant training certificates/CRM
classifications /Contracts)

• Existing active assessors/experts - combination of hard copy and electronic

records combination currently
 Assessor Management
Assessors Records Management
• For effective records management and to ensure records are current :-

• Can Active assessors/experts please complete Profile in CRM when

qualification tool is live

• Instructions will be updated in CRM assessor portal manual

• INAB will send notification with request to complete

in timeframe of go-live date + 2 months.
 Feedback

Marie O’Mahony
 Feedback
• Stakeholder Feedback

• Client Feedback

• Annual Assessor Performance Review Feedback

• Evaluation feedback for Assessors/experts

• Positive and negative feedback captured

 Other Feedback
Other Specific Categories of Feedback
• Complaints

• Visit – AF119 (log of issue).

• Right of Reply (on recommendations)

• Appeals (Adverse decision on accreditation status)

• INAB Policy - PS25 on Feedback mechanisms

INAB Stakeholder Feedback

Summary of Feedback received in 2016 -2017:

2016 2017

Client Feedbacks 20 18

Complaints 3 1
Appeals 1 0
Client Feedback Examples 2016
• Queries/Clarifications/Suggested Amendments to INAB Policy
statements/application forms (PS 11; PS23; PS 8)

• Queries/clarifications on INAB/Standards requirements

• Negative experience from end users of accredited services from CABs

(laboratories/inspection bodies/certification bodies)

• Negative feedback on conduct of INAB team at visits

• Positive feedback on added value provided by INAB team at visits

Client Feedback Examples 2016
• Negative feedback on INAB not accrediting blood cultures to Irish
guidelines

• Raising of ncs against guidelines and not the standard

• Disagreement with recommendations of INAB team

• Negative feedback on fees

• Delays in arranging extension to scope visit

 Client Feedback Examples 2017
• Discrepancies on website
• Negative feedback on member of INAB team

• Lack of appreciation of aspects of medical laboratory services

• Lack of sufficient INAB team planning re witnessing on visit

• Feedback on inconsistency of CB auditors in an INAB accredited CB

• Positive feedback on teams /

• Positive feedback on CRM
 Client Feedback Examples 2017
• Queries on flexible scope assessment

• Dissatisfaction at removal of blood cultures from scope

• No of assessor days for IB assessment/ Use of logo on vehicles

• Accreditation of Irish legal entities by UKAS/A2LA

• Omission of specific clause in standard scheme for accredited CBs

• Delays in responses to corrective actions

Client Feedback Outcomes
• Investigated directly with clients and followed up to ensure issue was
addressed as per standard requirements

• Application forms updated to allow CABs highlight specific

regulatory/mandatory requirement deadlines

• Introduce new INAB Policy Statement to clarify provision of accredited

/unaccredited services by INAB accredited testing and calibration
laboratories – PS23

• Update relevant INAB Policy statements to provide

clarification/Amendment
Client Feedback Outcomes
• Additional visit to accredited CAB to evaluate submitted feedback provided
by end-user. Presented outcome to Board of INAB.

• Outcomes from investigations provided to stakeholders presenting

conclusions and recommendations.

• Positive Feedback presented to teams/team members

• Negative feedback presented to Teams/team members

• Clarifications to client where investigation

concluded that no evidence to support stakeholder claim.
Client Feedback Outcomes
• INAB Medical Advisory Committee assigned Microbiology TFG to evaluate
Irish Guidelines on blood cultures

• Invited stakeholder to give presentation to INAB Medical Advisory

Committee on specific medical laboratory aspects to put on annual
workplan of committee.

• Corrected website discrepancies and carried out audit.

• Clarifications provided directly to stakeholders on INAB policy and on

current status regarding a number of issues
• (eg flexible scope, use of logo on vehicles etc)
Client Feedback Outcomes

• INAB Regulations updated to address a number of issues (use of

logo on vehicles, additional visits within required timeframes)

• Notifications issued in relation to accreditation of blood cultures

to revised Irish guidelines.

• Transition arrangements introduced to include previously excluded

clause from standard scheme.
Annual Assessor Performance Review Feedback
• Assessment teams are performing to a high standard

• Clients are recognising added value

• Teams are implementing CRM system well

• Some issues in relation to

- submission of reports post visit
- Review of submitted corrective actions/action plans
- Assessor records updates
Annual Assessor Performance Review Feedback
• New Assessor Monitoring Process and 3 year Monitoring Programme
being introduced in 2018

• Thank you for your important contribution to the delivery of

INAB’s accreditation service to date

• Thank you for co-operation with the significant number of changes

in INAB in 2017

• Thank you for your continued co-operation

 ISO 17011 Revision

Summary of key changes

Marie O’Mahony
 ISO 17011 Revision
• “Conformity assessment – Requirements for accreditation bodies
accrediting conformity assessment bodies”

• Alignment with Casco Common Structure for standards

- Incorporation of CASCO common elements in clauses on :-

Impartiality, Confidentiality

Complaints, appeals (Mandatory wording)

Management system (Options A and B)

 ISO 17011 Revision

• Removal of Proficiency testing and other comparisons for

laboratories:

- Too specific

- EA/ILAC MLA documents to address

 ISO 17011 Revision
• Scope now allows for other “Accreditation Schemes” to be
covered

• Reference Material Producers/Proficiency Testing

Providers/Verification and validation/other in note

• Addition of new definitions :

-Accreditation scheme
-Flexible scope of accreditation
-Remote assessment
-Assessment programme
 ISO 17011 Revision

• Introduction of the concept of risk

- representative sampling

• Incorporation of Competence Criteria for all AB personnel into

standard with informative Annex A on knowledge & skills for
performing accreditation activities
 ISO 17011 Revision

• Very brief summary of key changes

• 3 year transition period

• Current Gap Analysis in progress

• Peer evaluation in Sept 2018 will be to new Revision

INAB Assessor Forum
EA Peer Evaluation
 European Accreditation Peer Evaluation Process
• EA appointed by EU Commission to manage the Accreditation framework.

• Key component of Framework is Peer Evaluation Process.

• This process demonstrates the competence and reliability of all MLA

signatory Accreditation Bodies.

• INAB next scheduled Peer evaluation 24 th -28th Sept 2018

• INAB will be assessed against MLA requirements and ISO 17011 Rev 2.
 INAB EA MLA Scope
• INAB is EA MLA signatory for :-
-Testing (including medical testing)/Calibration
-Inspection
-Management System Certification/ Product Certification

• In 2018 – plan to extend to include Reference Material Producers

– ISO 17034

• International recognition of all reports and certificates issued by INAB

accredited Conformity assessment Bodies
 EA Peer Evaluation Process
• Dates confirmed – 24th -28th September 2018

• Against ISO 17011:2017 Rev 2; EU Reg 765/2008; EA/ILAC/IAF mandatory documents

• Team of international Accreditation Body peer experts

• 35 man-days reviewing INAB systems and processes and records

• Findings:- NCs, Concerns, Comments

• Decision taken at EA MAC

 INAB EA Peer Evaluation Process
Head Office Assessment – Monday ; Thursday; Friday
- INAB Policies/Processes/Quality Management System Records

- Technical File Records - File reviews over accreditation cycle

On-site Witnessing of Assessment Teams on visits – Tuesday to Wednesday

- INAB teams evaluation of applicant /accredited CABs

Different CABs and different teams where possible

Risk based approach –Accreditation Cycle (Standard and scope of accreditation)

 INAB EA Peer Evaluation Process
Current topics/focus:

- Accreditation cycle – coverage of standard and scope of accreditation

- Notified bodies/flexible scopes

- Assessor/Decision-maker competencies

- Transitions to revised standards

- Implementation of EA/ILAC/IAF mandatory documents

- Impartiality/confidentiality/conflict of interest issues

 INAB EA Peer Evaluation
Some issues to consider

- Review and update profile in CRM

- Prepare well

- Have relevant documentation (DC 1)/standard/Mandatory docs/forms/scope etc

- Lead assessor will introduce team evaluator and explain role as silent observer

- Perform as normal and follow visit plan- pay attention to time management
 INAB EA Peer Evaluation
- Factual findings and recommendation with justification

- Do not engage observer in assessment

- Ensure the CAB does not engage the team member in assessment

- Answer his/her queries at private breaks/coffee

- Technical experts – supervision and consultation with LA on findings to determine

categorisation.

- Remain focussed and remember you are capable competent ,

experienced teams, who are representing INAB .
INAB EA Peer Evaluation

Enjoy the experience

General Data Protection Regulation
(GDPR)
Frank Crowe
 What I will talk about today
 Data Protection Act
 What is Personal Data
 Data Protection Principles
 Key Terms
 General Data Protection Regulation (GDPR)
 Why should we care about the GDPR
 Going forward
 The Data Protection Act
The Data Protection Acts 1988 and 2003 are based
around eight principles of good information handling.

These give people specific rights in relation to their

personal information and place certain obligations on
those organisations that are responsible for processing
it.
 What is Personal Data
Personal data means data which relate to a living
individual who can be identified

a) From those data, or

b) From those data and other information which is in
the possession of, or is likely to come into the
possession of, the data controller.
UK Information Commissioner’s Office
 8 core principles of data protection
They Set out the main responsibilities for organisations.
1. Obtain and process the information fairly
2. Keep it only for one or more specified and lawful purposes
3. Process it only in ways compatible with the purposes for which it was given initially
4. Keep it safe and secure
5. Keep it accurate and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it no longer than is necessary for the specified purpose or purposes
8. Give a copy of his/her personal data to any individual, on request
 Key Data Protection Terms
• Processing – any operation or set of operations which is performed on
personal data.
• Data Subject - a natural person whose personal data is processed by a
controller or processor.
• Data Controller - the entity that determines the purposes, conditions and
means of the processing of personal data.
• Data Processor - the entity that processes data on behalf of the Data
Controller.
 GDPR
• The European Union's General Data Protection
Regulation comes into effect on 25 May 2018 and
harmonises 28 DP Laws across the EU.

• The main purpose of GDPR is to give EU citizens greater

control over how their personal data is collected,
protected and used.
 8 principles condensed into 6
1. Obtain and process the information fairly 1. Lawfulness, fairness and transparency
2. Keep it only for one or more specified and 2. Purpose limitations
lawful purposes 3. Data minimisation
3. Process it only in ways compatible with the 4. Accuracy
purposes for which it was given to you 5. Storage limitations
initially 6. Integrity and confidentiality
4. Keep it safe and secure
5. Keep it accurate and up-to-date
6. Ensure that it is adequate, relevant and not
Rec.59; Article.12(2)
excessive
Controllers have a legal obligation to give
7. Retain it no longer than is necessary for the
effect to the rights of data subjects.
specified purpose or purposes
8. Give a copy of his/her personal data to any
individual, on request
 GDPR – New Accountability
• Introduces new accountability obligations for any
organisation that handles data about EU citizens -
whether that organisation is located in the EU or not.

• And places stricter responsibilities on organisations to

prove they are adequately managing and protecting
personal data.
GDPR widens the definition personal data
• While the definition of personal data has always been fairly wide,
the GDPR broadens it even further.
• The GDPR considers any data that can be used to identify an
individual as personal data. It includes for the first time, things,
such as, genetic, mental, cultural, economic or social information.
• From 25 May, hardly any personal data will not fall under the
GDPR, making it difficult for organisations to avoid having to
comply with its requirements.
 GDPR - A Regulation not a Directive
What is the difference?

• A regulation is a binding legislative act. It must be

applied in its entirety across the EU.

• In contrast to the current DP directive the GDPR is

intended to apply directly in each EU member state
without the need for implementing legislation.
 GDPR applies to all
• The GDPR not only applies to organisations located
within the EU but it will also apply to organisations
located outside of the EU if they offer goods or services
to, or monitor the behaviour of, EU data subjects.

• It applies to all companies processing and holding the

personal data of data subjects residing in the European
Union, regardless of the company’s location.
 GDPR and UK
• On September 13 2017, the U.K. government introduced
in Parliament the Data Protection Bill. The main aim of
the bill is to implement the General Data Protection
Regulation into U.K. domestic law.

• With the deadline for Brexit not until 31 March 2019,

the GDPR will be effective in the UK for more than ten
months.
 Why should we care about GDPR

Increased Administrative Overheads

GDPR is a more rigorous specification than the current

data protection act which means more detailed and
onerous obligations are imposed on organisations.
 Why should we care about GDPR
1. Consent
• In general you have to have a data subject’s consent
to process their data.
• While there are specific circumstances in which
consent is not strictly necessary, these generally
revolve around legal requirements, such as,
compliance with another law or where the data
subject’s consent is provided through a contract.
 Why should we care about GDPR
1. Consent
• Data controllers will have to ensure that they secure clear and
unambiguous consent from the data subject before processing
personal data.
• Critically, the data controller is not permitted to count,
silence, pre-ticked boxes or inactivity as consent. It has to be
freely given, specific, informed and unambiguous.
 The data subject has the right to withdraw consent at any
time.
 Why should we care about GDPR
2. Right to erasure (‘right to be forgotten’)

• The broad principle underpinning this right is to

enable an individual to request the deletion or
removal of personal data where there is no
compelling reason for its continued processing.
 Why should we care about GDPR
3. Data Breach Notification
• The GDPR introduces a common data breach
notification and is aimed at ensuring organisations
constantly monitor for breaches of data protection.

• The regulation requires organisation to notify the

local data protection authority of a data breach
within 72 hours of discovering the data breach.
 Why should we care about GDPR
4. GDPR expands liability beyond data controllers

• In the past only data controllers were considered

responsible for data processing activities, but the
GDPR extends liability to all organisations that touch
personal data.
 Why should we care about GDPR
5. Massive Fines

General conditions for imposing administrative fines

• The GDPR gives supervisory authorities the power to
issue fines of up to:

20 million or 4% of annual global turnover -

whichever is greater.
 Why should we care about GDPR
6. Access Right

• Also known as the Right to Access, it entitles the

data subject to have access to and information about
the personal data that a controller has concerning
them.
 Why should we care about GDPR
7. Data Portability

• The requirement for controllers to provide the data

subject with a copy of his or her data in a format
that allows for easy use with another controller.
 Increased Administrative Overhead
• Processing personal data under the GDPR puts a
considerable administrative overhead on any
organisation.

• Therefore, we have to be prudent when it comes to

processing personal data.
 Going Forward

• INAB - Participating in HSA GDPR Project Groups.

• Policies, procedures and guidelines are currently

being developed.
• Guidance will be provided.
Questions ?
• Break out groups
 INAB Processes
Induction Training for new assessors/experts
BREAK OUT GROUP
Marie O’Mahony
 INAB Processes Induction Training
• INAB Accreditation Cycle

• Visits Management – Assessors Portal

• Code of Conduct for Assessment Teams

• Recommendations and Decisions

 INAB Processes Induction Training

• INAB Publications

• Assessor Monitoring Programme

• INAB Stakeholder feedback

• INAB Objectives
 INAB Accreditation Cycle
• Pre-assessment

• Assessment

• Award +6 Months (1st visit)

• 4 Annual on-site visits

• Reassessment Visit (5th visit)

 INAB Accreditation Cycle
• Purpose - Verification of technical competence of CAB

- Technical Scope of Accreditation

- Specified Conformity Assessment Body Standard
(ISO 17025/ ISO 17020 etc)
- INAB accreditation requirements (R1 ; Terms & Conditions ; DC 1)

• Extensions to scope /Additional visits/ Major NCs/Minor NCs

 Visits Management and Assessor Portal
• INAB CRM System

• INAB Assessor Portal and events

• INAB Client Portal and events

• Assessor Portal Library

• INAB Centralised Visit Scheduler for events

• Contract Agreements per event

Visits Management and Assessor Portal
Pre-visit activities

-Accept invitation to event

-Review application/documentation

- Select scope elements for assessment

- Download INAB forms for use at visit (NC template!)

- GN1 to GN3 guidance notes on completion of forms

Visits Management and Assessor Portal
On-site visit activities
- Opening meeting -purpose

-Visit - Combination of assessment techniques –

interview; review of records/procedures ; witnessing;
vertical audits.

- Factual findings – corrective plan and/or evidence

- Reference relevant clause for the finding
Visits Management and Assessor Portal
On-site visit activities
- No consultancy – can give non-prescriptive advice

Private meeting -Purpose

-To discuss with team and categorise
findings and to prepare recommendation

Closing meeting - Purpose

- To present recommendation
Visits Management and Assessor Portal
Post visit activities

- Upload INAB forms used at visit (NC template) ASAP

- Review Corrective action plans and evidence where

applicable in event via Assessor Portal

- Submit review of NC batches to INAB

Visits Management and Assessor Portal
Post visit activities

- Submit fees /expenses via Assessor Portal

- Submit change requests via Assessor Portal

- Maintain your Profile up to date via Assessor Portal

Code of Conduct for Assessment Teams
• Assessors/Experts are representing INAB at all times
- Policy Statement PS 8

- Respect for client

- Clarification of INAB Policy in private
- Open-minded
- No direct contact with client outside of visit
- Timely response
 INAB Publications - INAB Website
• DC 1 - INAB Mandatory and Guidance Documents – Policy and Index

• R1 Regulations and T&C terms and conditions

• INAB Policy Statements

• INAB Forms

• Confidentiality/Conflict of Interest to be addressed for every visit

• Data Security
INAB Expectations
• In-depth assessment/ not consultancy

• Evidence based – positive and negative

• Balanced reporting

• Representative Sampling over cycle

• Peer review – verification of CAB competence

• Resulting in a reliable recommendation for decision maker

 INAB Objectives

INAB Objectives
• Professional Effective Accreditation Service to verify competence

• Thorough, Fair, Objective Peer Review

• Harmonised and consistent approach across all schemes

Assessment teams are key to delivery of this high level of service.

 INAB Objectives

Outcome
• Recommendations with supporting justification (based on objective
evidence) on technical competence of CAB for agreed scope.

• Achieve harmonisation across all schemes (Laboratories; Certification

Bodies; Inspection Bodies; Reference Material Producers)

• Preserve Integrity and Reputation of INAB Accreditation and by

extension its Accredited Clients
Outcomes
• Client receives a professional internationally recognised
accreditation service

• End user of accredited service has confidence in reliability of

accredited outputs (eg test reports/calibration certificates/
inspection reports etc)

• Improves standards of performance

• Protects the consumer/patient

/business/economy
Assessment teams are key to the continued delivery of an effective

reliable professional internationally recognised accreditation service.

Q&A
 Accreditation
INAB Breakout Group Inspection and RMP

Pat O’Brien
 ISO 17034
• In November 2016, ISO 17034 “General requirements for the competence of
reference material producers” has been published by ISO.
• IAF / ILAC General Assembly endorsed a 3 year transition period to ISO 17034:2016
from date of publication.
• ILAC website www.ilac.org should be consulted for publication of new or revised
guidance documents, as the ILAC WG 17034 will advise whether ILAC guidance or
policy is needed.
• All INAB surveillance / reassessments from 1st May 2018 will be carried out to ISO
17034:2016.
• From 1st October 2017 all new applicants will be assessed against ISO 17034:2016.
 INAB Policy RM
• From the 1st November 2019, accreditation to ISO Guide 34 will no longer be available and
accreditation certificates to Guide 34 no longer valid.
• INAB requests that accredited Reference Material Producers submit a transition action
plan
- the plan shall include:
- All specific actions to be taken to implement the changes,
- The timeframe for completion of such actions,
- The persons responsible for the actions,
- Process in place to monitor progress and completion of the actions.
 Significant Changes within ISO 17034
• 4.2 Impartiality
• 4.3 Confidentiality (new)
• 5. Structural Requirements
• 7.9. Metrological traceability of certified values
• 7.11. Assessment and Monitoring of Stability
• 7.12. Characterisation
• 7.18. Complaints
Inspection ISO 17020 Terms and definitions
• Clause 3.8; ISO/IEC 17020
• impartiality
• presence of objectivity

• NOTE 1 Objectivity means that conflicts of interest do not exist or are resolved so as not to
adversely influence subsequent activities of the inspection body.

• NOTE 2 Other terms that are useful in conveying the element of impartiality are:
independence, freedom from conflict, of interests, freedom from bias, lack of prejudice,
neutrality, fairness, open-mindedness, even-handedness, detachment, balance.
 Impartiality
• Synonyms for impartiality
Noun: Even-handedness
Probity; Neutrality; Equality; Fairness; Justice

• Antonyms for impartiality

Unfairness
 Independence
Independence is the complete freedom of control or influence from another party, be
it a single individual, a group of people, or an organization.
 
• Synonyms for independence
Noun: Liberty, Freedom
Ability, Autonomy, Self-determination, Self-government, Self-reliance, Self-rule,
Self-suf­ficiency, Separation, Sovereignty, Aptitude, Autarchy, License, Qualification
 
• Antonyms for independence
Dependence, Inaptitude, Subordination
 Impartiality / Independence
• Things to be assessed:

• We assess the analyses done by the inspection body about potential risks. And the
actions to manage, control and eliminate or minimize the risks: other activities of
the inspection body, related bodies, subcontracting, other activities of the
personnel, commercial relations, contracts of inspectors (remuneration),
impartiality declarations of the personnel…
• Check if the analyses and controls fulfil with the type of independence and its
requirements.
• Implementation of impartiality and independence policy.
Impartiality / Independence–Field
Application
• First, look closer at the preparation stage for assessment (the planning)
then the content of assessment in the office and observation of key points
during witnessing activities.
• Estimate how many time do you need and who from the inspection body
you may need to interview / observe to get appropriate evidences of these
two fundamental requirements that unambiguously determine the “type”
of the applicant inspection body and is enough rugged to stay “stable” in
the future.
• What kind of information can you use in practice to cross-check statements
of the management of the inspection body.
Competence -Independence Type A, B &C
• The competence requirements for Type A and Type C are identical. In
cases where competent inspectors who comply with Type A independence
requirements are difficult to find because potential inspectors are
engaged with the items inspected, Type C could be an alternative for Type
A
• (the only difference being that with Type C there is less assurance that
impartiality requirements are met, but the competence of the inspectors
is the same).
 Testing and/or Inspection

• Inspection activities can overlap with testing and certification activities

where these activities have common characteristics.

• Inspection and certification can use testing activities.

 Testing and/or Inspection
Pressure equipment inspection body, with NDT. Two possibilities:
 
• Contracting a laboratory to perform the NDT.

• Accredited testing lab or inspection body.

• Non accredited testing lab or inspection body.

• The IB performs the NTD on their own.

 ISO 17020 / ILAC P15

• If the IB asks for inspection activity and contracts the test to an accredited
lab/IB, the AB will assess that the IB checks that the lab or IB is accredited
in the specific test… The IB will be accredited under 17020. If the IB ask
for a Directive will be included in the scope (NB).
 ISO 17020 / ILAC P15

• If the IB ask for inspection activity and contracts the test to a NON
accredited lab/IB the AB assess that the IB assess the competence of the
lab/IB to perform the NDT: qualification of the person that assess, record,
frequency… The IB will be accredited under 17020.
 ISO 17020 / ILAC P15

• If the IB is asking for an inspection activity in which test are used, we will
accredit under 17020 (scope) but, if the tests are performed by themselves
the AB will assess some relevant and applicable parts of 17025 to assure
that the test comply (personnel, procedures/test methods, equipment,
premises, PT participation,…)
ILAC G27:06/2017
• ILAC G27:06/2017 – Guidance on measurements performed as part of
an inspection process 
• This document is intended to provide guidance on measurements carried
out as part of an inspection activity for both inspection bodies and the
accreditation bodies assessing inspection bodies.  The key objective of this
guidance is to help ensure the validity of the measurements performed as
part of inspections carried out in accordance with ISO/IEC 17020.  It also
provides examples via case studies of measurements carried out in
inspection that may need to take into consideration the requirements
included in ISO/IEC 17025 and ISO 15189.
ILAC G27:06/2017
• “If a measurement activity is performed by a subcontractor, it needs to be
accredited in order to make it possible for the inspection to be considered
as performed under accreditation. Refer to ILAC P15, application note
7.4.2a. If the subcontractor only performs the measurement activities
required by the inspection, it needs to be accredited against ISO/IEC
17025.”
• This would speak in favour of required accreditation. But neither ISO/IEC
17020:2012 nor ILAC P15:2016 require accreditation of subcontracted parts
of inspection; requiring accreditation is an (not allowed) extension of the
standard’s requirements.
Current EA views that is being considered
• The ILAC G27 requirement shall be redrafted in a way that
• Accreditation shall be the preferred means to
demonstrate compliance with the standard, but

• In justified situations (on the basis of qualified

evaluation/professional judgement) non-accredited
contributions (see ILAC P8, cl. 9.1) shall stay accepted.
 AB Team -

• The qualification of the team members, because all the scope has to be
covered and the different applicable requirements from other standards
(e.g. 17025).
 Thank you for your attention
Documents available at
www.inab.ie
www.european-accreditation.org
www.ilac.org