CERTIFICATION AGREEMENT

AUDISO a.s. (Certified Body) is a Czech independent certification company operating on an

international basis.
AUDISO a.s. (hereinafter referred to as CB) is accredited by the Czech Accreditation Institute (Český
institut pro akreditaci, o.p.s.) to provide certification as follows:
- Quality Management System (ISO 9001),
- Welding Process Quality Management System (ISO 3834-2, ISO 3834-3, ISO 3834-4),
- Road Quality Management System (MP SJ-PK Part II/1, II/2, II/4),
- Environmental Management System (ISO 14001),
- Occupational Health and Safety Management System (ISO 45001),
- Information Security Management System (ISO/IEC 27001),
- Energy Management System (ISO 50001)
- Information Technology Service Management System (ISO/IEC 20000-1)
- Scrap Metal Waste Quality Management System (Council Regulation (EU) no. 333/2011),
- Food Safety Management System (ISO 22000)
For the valid accreditation certificate please visit www.audiso.cz
At the same time, the Company has authorized procedures for implementation of integrated
management systems. It refers to integration of management systems above listed which is especially
convenient for economy and organisation of smaller size businesses.
Purpose of Document
The purpose of this document is to facilitate CB client’s orientation into the topic of management
system certification.
The rules provided hereunder are binding for certified clients as well as CB.
This document becomes binding upon the execution of a Certification Contract.
The below are the major stages of the process:
A) Granting of Certificate
- Review and register the client’s application for certification
- Execute a Certification Contract
- Set up an audit team
- Prepare an Audit Plan and Schedule
- Process of certification audit
- Write an Audit Report
- Audit Report evaluated by the head of CB
- Issue a certificate and submit the “Rules for Use of Certificate and AUDISO Certified Body Marking“
document
1/8
PSD 17 rev. 10
 B) Maintenance of Certification
- Maintain the certification (surveillance audits)
- Extend or reduce the content of certification (special audits)
- Renew the certification (recertification audits)
- Suspend, or revoke the certificate

C) Other Provisions
- Requests for information
- Complaints, appeals
- Confidentiality

Article A
Granting of Certificate
Review and register applications for certification
A potential applicant for certification will contact CB. Based on general information (location,
certification field, number of employees, etc.), the CB officer will send a certification offer to the
applicant for certification. If the offer is accepted by the applicant, the applicant will receive an
“Application and Question Form” document in electronic form that must be completed by the
applicant. Information filled in the Application and Question Form is used to draft a contract and
register the client (Client Card) in the CB electronic system.
Execute a Certification Contract
When the application has been reviewed and checked for completeness, or any missing data
completed, a draft Certification Contract is prepared. The Certification Contract is executed by both
parties in writing.
Set up an audit team and prepare an audit plan and schedule
Upon execution of the contract, the head of CB will set up an audit team (head of the audit team,
auditors, or possibly technical experts). If the audit date is approved, the head of the audit team will
prepare an audit “Audit Plan and Schedule”. This Audit Plan and Schedule (incl. members of the audit
team) will be submitted to the client for approval no later than 7 days before the scheduled date. The
Audit Plan and Schedule is submitted in electronic form (so-called Client Card) to the client’s e-mail
address indicated in the Application and Question Form. The audit team and audit plan will be
approved / confirmed by the client on the Client Card.
The audit program (contains all audits during the valid certification) is accessible to the client on the
Client Card.
The Client has the right to appeal the audit team. Any intent to appeal must be made in writing within
3 days from receipt of the information on members of the audit team from the Certified Body.
In this case, the Certified Body must appoint one or more new auditors. In such case, the Certified Body
is authorised to change the audit date.
Process of Certification Audit
Stage 1 Audit
The Stage 1 audit means the initial certification of the management system.

PSD 17 rev. 10
2/8
The Stage 1 audit SM is mainly aimed to:
- Assess the readiness of the organisation for Stage 2 audit;
- Assess the level of compliance of SM documentation with the relevant international standard;
- Assess the client’s sphere of activity (locations, etc.), and specific workplace conditions;
- Collect the necessary information with respect to the range of processes and compliance in
relation to the evaluated certification system (compliance with the application and question form,
etc.);
- Evaluate the internal audit system and review the system by the management
Stage 1 audit is conducted by the head of the audit team based on documentation submitted by the
client (other members of the audit team may participate in Stage 1 audit if requested by the head of
the audit team). In case of any uncertainties arising of documentation, legislation, or specific location
conditions, etc., the head of the audit team is responsible to clarify them directly with the client. In the
circumstances should require to visit the client’s location, the head of the audit team is responsible to
schedule and conduct the visit.
The outcome of Stage 1 audit is a written “Stage 1 Audit Report”, stating the relevant weaknesses that
might result in nonconformities identified within Stage 2 audit, and stating the conditions for the
process of Stage 2 audit. If any nonconformities are identified between the Application and Question
Form and the actual pursued activities during evaluation by the head of the audit team, the head of
the audit team must document such nonconformity in the Stage 1 Audit Report. The head of the audit
team will advise the head of CB thereof and they will jointly ensure that, for example, the audit team
is extended, or the scope of certification is reviewed, or any other steps necessary for correct
completion of Stage 2 Audit.
The head of the audit team hands in the Stage 1 Audit Report (in electronic form) to the representative
of the assessed organization. Referring to Stage 1 Audit results, the head of the audit team will propose
the schedule of Stage 2 Audit and make sure that the audit schedule is reviewed and approved by a
representative of the assessed organisation (in electronic form).
The interval between Stage 1 Audit and Stage 2 Audit shall not exceed six months. If this interval is
exceeded, Stage 1 Audit must be repeated by CB.
Stage 2 Audit
Stage 2 Audit is aimed to review the system of the applicant for certification at its workplace /
workplaces and focused on information and proof of compliance with all requirements of the certified
standard and the fulfilment of such requirements in the client’s business.
On-site assessment begins with an opening session of the entire team of auditors and possible
technical experts with the client’s representatives.
The next steps:
a) The head of the audit team will present the audit time schedule to the audience
b) Contact persons (counterparts of the audit team) and places to review the specific elements, and
duties and powers of the audit team are discussed
c) The audit is conducted by auditors together with technical experts (if necessary)
d) Findings are recorded on files of the auditors
e) The head of the audit team will classify the findings based on team discussions at the end of every
day and publish “Deficiency Classification” describing the type of findings.
Types of findings:
PSD 17 rev. 10
3/8
 - Significant nonconformity (non-compliance with any requirements of the standard, or legal
non-compliance)
- Less significant nonconformity (partial non-compliance with any requirements of the
standard)
f) If three or more “Minor nonconformities” are specified to meet a single requirement of the
standard, “major nonconformity” has to be issued.
g) The audit team will further identify areas for improvement of the system and positive findings
(strengths) – consequently, those are included in the “Final Audit Report”
h) On the last day of the audit, during the final meeting of the audit team and the client’s
representatives, the head of the audit team will present the overall audit findings to the client and
the applicant may comment on the presented conclusions
i) If the client’s representative does not approve the findings, the head of the audit team must
document such nonconformity in the Final Audit Report. The decision to grant a certificate is for
the certification body.
j) If findings are valid after the end of audit review within certification, the head of the audit team
will determine next steps considering their classification:
- In case of less significant nonconformity, the head of the audit team has to point out the
client’s duty to solve the nonconformity. The client is responsible to determine the
appropriate corrective action and a deadline to fulfil the action (with agreement of the head
of the audit team). A fulfilment of the corrective action is checked at the beginning of the
next (surveillance or re-certification) audit.
- If determined less significant nonconformities are not resolved until a date of the next audit,
CB suspends the validity of the issued certificate until the nonconformities are eliminated
within the specified additional period (if the nonconformities are not eliminated within this
period, the certification is withdrawn.
- Areas for improvement defined in the “Final Audit Report” may be used by the certified
organisation and their application will be reviewed during the follow-up surveillance audit.

Stage 2 audit is completed by executing an Audit Report that includes summary findings (i.e. possible
occurrence of nonconformities, defined areas for improvement and strengths), specified locations for
certification, draft text of the field of the certification scope, and recommendations of the audit team
to grant / not grant a certificate, or any other conditions of certification.

Prepare an Audit Report

Based on Audit report, findings and areas for improvement, the head of the audit team will prepare
the final “Audit Report” and submit it for approval by the head of the CB (in case of identified significant
nonconformities, the report will only be prepared after consequent review (the extraordinary audit)
of their resolution).
Decision to grant /not grant a certificate
Based on the Audit Report, nonconformities and time schedule of the client (with respect to the
specified date of implementation of corrective actions), the Certification Body will decide whether to
grant, delay or reject certification. The decision is part of the Audit Report that is delivered to the client
in writing or electronic form.
Issue a certificate, certification mark

PSD 17 rev. 10
4/8
In case of positive decision on certification, the certificate will be issued and sent to the client in the
required language and scope of fields as provided in the Audit Report.
Consequently, the certificate is registered in the list of issued certificates
Certification mark is submitted to the client together with the certificate in electronic form.
The rules for use of the certificate and marking are provided in the “Rules for Use of Certificate and
AUDISO Certified Body Marking“ document, which is handed over to the client together with the
certificates.

Article B
Maintenance of Certification
Surveillance Audits
The Certified Body conducts surveillance audits to ensure that the level of SM certified company is
maintained in accordance with requirements of the standard(s).
Surveillance audits are conducted according to the plan of surveillance audits. The surveillance audit
plan is submitted to the certified company together with the Audit Report and certificates. The course
of audit is equal to Stage 2 certification audit.
If any changes to the scope of certification are identified during surveillance audit (e.g. on the client
request), the changes must be documented by the head of the audit team in the Closing Audit Meeting
Report of the audit team. He will advise the head of CB of such situation to jointly ensure possible
revaluation of the scope of certification, etc.
The output from surveillance audit is the decision to extend the validity period, or suspend or, as a last
resort, revoke a certificate.
Extraordinary Audits
An extraordinary audit of the certified organisation by the Certified Body may be conducted:
- To investigate a challenge of compliance with the certification criteria and obligations
contingent upon the validity of the certificate,
- If the certified organisation whose certificate was suspended applies for its consequent
renewal,
- If a breach of certification principles and obligations was identified during regular surveillance,
- If any changes affecting the performance of certification principles and obligations contingent
upon the validity of certificate occurred during regular surveillance,
- In case of change in the scope and term of validity of the certificate (extension/reduction of
the scope of certificate), and change in legal personality, or organisational structure, etc.
Extraordinary audits are either based on amendment to the contract or a separate contract. Costs
associated with conducting an extraordinary audit shall be charged to the certified company.
Renewal of Certification (Recertification Audit)
The certification must be renewed before the expiry of the validity period. The renewal requires a full
re-certification audit. To conduct the audit, a new certification contract at least 1 month before the
expiry of the validity period of certification is required.
Suspension of Certification
The suspension of certification means temporary revocation and the validity of certification may be
suspended by CB provided that:
PSD 17 rev. 10
5/8
 - Significant nonconformities are identified in SM (during surveillance and extraordinary audits)
- Less significant nonconformities in SM are not eliminated with the set deadline
- The certified company repeatedly fails to respond to invitation to approve dates of surveillance
audits
The suspension of certification is a temporary measure not to exceed 3 months. If no corrective actions
are taken before the expiry of the said 3-month term, the certification will be revoked.
The certified company will be notified of the suspension of certification in writing and it becomes
effective 30 days of notice.
If the certification is suspended, the certified company may not refer to certification in external
communications during the period of suspension (e.g. contract negotiations, publications, or
advertising).
The fact that a certification was suspended will be published on the CB website.
Revocation of Certification
The certification will be revoked by the Certified Body if:
- Activities subject to certification cease to exist in the certified company. For example, takeover
or merger, liquidation or bankruptcy proceedings. In case of liquidation or bankruptcy
proceedings, the certificate becomes invalid as of the date of liquidation or bankruptcy
proceedings according to valid legal provisions;
- Certification Contract between the Certified Body and the certified company is terminated due
to withdrawal of the contractor for failure to honour the obligations of the certified company
to the Certified Body as provided under the contract, or failure to meet the terms of payment
under the contract by the client;
- The Certified Body has been informed about dissolution of the certified company;
- The certified company fails to apply for renewal of the certification within 3 months of
suspension;
- The certified company fails to prove its ability to meet the specified certification criteria and
obligations;
- The certified company whose certificate is suspended has failed, in due time, to correct the
nonconformities that resulted in suspension; and
- If requested by the certified company in writing.
The certified company will be notified of revocation of the certification in writing and it becomes
effective 30 days of notice. For recertification, the SM certification process must be repeated in full
scope.
In case of revocation of the certification, the certified company must immediately any further use of
the certificate or certification marking must be stopped, and no reference can be made thereto.
All legal consequences will arise from any misuse or misleading, incl. the application of claim procedure
against the certified company. The fact that the certification was revoked will be published on the CB
website.

PSD 17 rev. 10
6/8
 Article C
Other Information
Required Information
a) Client data access by CB
The client undertakes to allow the representatives of the Certified Body to access its buildings and
facilities during regular working hours. It also ensures the right to conduct interviews of
representatives of the Certified Body with all the client’s personnel and get their full assistance for the
scope of activities under the Certification Contract. The client also ensures the right to review all
documentation considered important by the Certified Body.
b) Client data access by the Czech Accreditation Institute
The client undertakes to allow the Czech Accreditation Institute to access the information related to
its certification in order to review compliance of CB AUDISO a.s. processes with the Czech technical
standard CSN EN ISO/IEC 17021-1 – Conformity assessment – Requirements for bodies providing audit
and certification of management systems.
The client undertakes to allow access to the Czech Accreditation Institute to the witness assessment
of the activities, procedures and staff of the Certification body.
c) Certification data access by the certified company
All records that are prepared in the scope of the client’s management system audit are listed on the
client card that is available to the client in electronic form.
d) Access to client data for other interested parties
In the case of providing information to other interested parties, the client is requested in advance by
the head of the CB for written consent to provide information. Note: in case if CB is requested by the
Police of the Czech Republic to provide any information, the head of CB is responsible for
communication and cooperation with the Police of the Czech Republic, the client is not informed.
Reporting Duty
During the period of validity of the certification, and especially on the occasion of surveillance audits,
extraordinary audits, or renewal of the certification, the applicant undertakes to, without any
unnecessary delay, notify the Certified Body of any changes and modifications related to SM and
information on the current scope of fields as provided in the certificate.
The certified company shall report any extraordinary events to the Certified Body such as:
a) legal, commercial, organizational status or ownership;
b) organization and its management (ie. key or technical staff, or the people who make decisions
in the organization);
c) contact addresses and registered offices;
d) subject of activities within the certified management system;
e) significant changes in the management system and processes;
f) environmental accidents;
g) serious incidents related to safety and heath at work;
h) serious incident or violation of OHS regulation requiring the involvement of the relevant
regulatory body;
i) Changes in the company´s technological procedures and activities and others.

PSD 17 rev. 10
7/8
Failure to notify the relevant changes may result in revocation of the certification.
The process of appealing against decision of the Certified Body
The rejection of an application for certification as well as suspension or revocation of the certification
can be appealed by the applicant.
The Certified Body undertakes to examine any appeal with due diligence and independently and award
its decision in writing.
If the Certified Body accepts an appeal, it will adopt a new decision on granting/non-granting or
suspension/revocation of the certification.
If the Certified Body does not accept an appeal, the original decision is valid.
The parties shall each bear its own cost and expenses associated with said internal appeal procedure.
The client must appeal against decision in writing within 30 days of receipt of decision.
The appeal must be examined, and decision notified within 30 days from the date of appeal.
Complaint filing process
A client is entitled to file a complaint about activities made by the certification body (the CB). The
complaint has to be lodged in a written way or via the e-mail at info@audiso.cz.
The CB head evaluates the complaint whether it relates to certification activities which is the CB
responsible for.
The CB head advises the complaint author of the evaluation in a written way or via the e-mail.
Afterwards, he informs him/her of the investigation and final result (by 10 days from the complaint
filing).
Confidentiality
Both parties undertake to maintain confidentiality towards third parties regarding the acquired
knowledge to perform the Certification Contract, in particular take appropriate actions, set up internal
orders, make arrangements, or use any other resources. The duty of confidentiality shall survive the
termination of Certification Contract if not agreed otherwise between the parties (e.g. for legal
reason).
Publicity
Both parties, each at its own cost, shall have the right to disclose the fact that certification is in progress
or completed.

PSD 17 rev. 10
8/8