r é s e r vé

Usage t e ur
t i l i s a
à1u
IRIS CERTIFICATION TM ADDENDUM REV 3.0
JUILLET 2019

Ce document est à usage exclusif et non collectif des clients Normes en ligne.
Toute mise en réseau, reproduction et rediffusion, sous quelque forme que ce soit,
même partielle, sont strictement interdites.

This document is intended for the exclusive and non collective use of AFNOR Webshop
(Standards on line) customers. All network exploitation, reproduction and re-dissemination,
even partial, whatever the form (hardcopy or other media), is strictly prohibited.

BOUTIQUE AFNOR

Nom : ZHENGANG Jiao

Pour : ZHENGANG JIAO

Client : 80077768

Commande : N20191101-430130-T

le : 01/11/2019 à 04:52
BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS Addendum 2019

IRIS Certification™ rev. 03
as per 01/07/2019
English

INTRODUCTION
The purpose of the IRIS Addendum 2019 is to inform about the latest improvements in the IRIS
Certification™ rules rev.03:2017. Key areas are:
• Evolution of performance levels
• Implementation of corrections from Clarification on IRIS rev. 03 system – 1st edition
• Other corrections

Changes/corrections from original text are highlighted in bold italic.

Progressively, translations in other languages will be available.

IRIS CERTIFICATION PROCESS

4.2.1 Audit day calculation, page 13

Reporting time:
The reporting time is meant to be performed remotely and it is defined hereafter.

4.3 REDUCTION SCHEMES, page 15

…
In this case, the mandatory minimum number of IRIS Certification™ audit days are:
• 6 for certification audit,
• 1.5 for surveillance audit,
• 2.9 for recertification audit.
The final calculated days shall be rounded up to the higher half day.

4.6.2 IRIS Certification™ quality performance level, page 18

The quality performance level document is issued yearly by the IMC, after each successfully passed
audit, based on the performance related result of the audit (see 12.2). The yearly quality performance
level of a client is visible on the IRIS Certification™ portal. The quality performance level document is
issued in English.

For bronze level, the performance level document is issued after a confirmation by the
certification body that the documental veto check (see 3.3) was performed successfully. The
IMC may perform a spot check.

The performance level document for silver level is issued after a confirmation by the

Filename: 20190701 IRIS CertificationTM Addendum 2019 rev00

©2019 UNIFE. All rights reserved
BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

certification body that the documental veto check was performed successfully and a
successful check of the related documents by the IMC.
The criteria for these checks are not part of these IRIS Certification™ rules and will be
communicated to the involved stakeholders through the IRIS Certification™ portal.

For gold level, the decision must be confirmed by a committee appointed by the IRQB and the
respective criteria defined and communicated by the implementation

5.6 SURVEILLANCE AUDIT, page 21

…
The surveillance audit shall be conducted on site. It aims to assess the fulfilment of specified
requirements of the business management system, according to the scope described below.
…

5.8.1Remote functions, page 23

Remote functions are supporting functions on remote locations (e.g. design, sales, logistics,
purchasing and warehouses). They are considered only remote, when there is no autonomous
BMS.
They shall be audited, but cannot seek for their own IRIS Certification™ certificate.
…
Design and development
When the design and development function is a remote location, on site or remote, it shall be part of
each surveillance audit. It is mandatory to
…

5.8.2 Site extensions, page 24

A site extension is defined as such if:
• …
• …
• …
• …

• It is included in the audit plans (certification, surveillance 1, surveillance 2 and recertification

audit) of the evaluation process of the connected certified site.

©2019 UNIFE. All rights reserved page 2 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

IRIS CERTIFICATION™ ASSESSMENT METHODOLOGY

9.1 INFORMATION REQUIRED FOR THE AUDIT PLANNING, page 29

Following data (documents with detailed information) shall be provided by the client to the lead
auditor, latest sixty (60) days in advance of the audit:
a) stakeholder analysis (see Appendix 4, A1),
b) customer perception data (see Appendix 4, A2 and A5),
c) turtle diagrams for mandatory processes for performance evaluation (see Appendix 5),
d) list of organization processes and interactions.

In case the organization does not send the required data sixty (60) calendar days in advance
to the lead auditor, the relevant data shall be reviewed on site prior to the start of the audit
(data review). Such approach makes it more difficult for the auditors to prepare and plan a
proper assessment of the organization’s performance, therefore only the basic quality
performance level (bronze) can be achieved. In general, this case is for exceptional situations
and cannot be repeated every year.

Note: It’s the responsibility of the certification body and the lead auditor to ensure that the
confidentiality of the data received from the client is secured.

9.2 AUDIT PLAN, page 29

The audit plan facilitates the scheduling and coordination of the audit activities on-site.
An audit plan shall be established for each audit (certification, surveillance and re-certification). It
shall be documented in the IRIS Certification™ Audit-Tool.
The audit team shall analyze all information provided by the client (see 9.1), taking into consideration
the organizations’ current situation and identified potential risk to the organization, its processes,
products and customers.

The lead auditor shall develop an audit plan considering:

• the organization processes considering their sequences and interactions,
• current organization performance data for all mandatory processes,
• audit information from previous audit, when applicable,
• follow up on issues from previous audits,
• the scope of the audit (identifying the applicable clauses of the assessment sheet and
performance evaluations),
• a clear identification of the units and processes to be audited, including remote locations and
site extensions,
• the dates and venues where the on-site audit activities are to be conducted,
• the expected time and duration for the on-site activities, the roles and responsibilities of the
audit team members,
• the identification of the auditee’s representatives for the audit,
• the planning of an opening meeting and closing meeting.

©2019 UNIFE. All rights reserved page 3 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

The focus shall be put on the weaknesses of the organization in past audits, especially those
identified during performance evaluations.

12.1 SCORING SYSTEM, page 34

The scoring system is based on the following assessment of an organization:
a) enablers evaluation through an assessment sheet based on ISO/TS 22163 requirements,
b) customer perception,
c) process performance through performance evaluation.

The evaluation of the organization will result in a global score, which considers and reinforces the
importance of customer orientation, process approach and the performance of a quality-oriented
organization.
…
a) Enablers evaluation
To reinforce the IRIS Certification™ approach of continual improvement, an assessment sheet is
used and following scoring principles shall be applied by the evaluation of items through the use of
maturity levels:
• a maturity level can only be awarded if all criteria specified for this maturity level and lower
maturity levels are met. Half points are not allowed.
E.g. the maturity level 3 cannot be awarded, if the criteria for maturity level 2 are not met.
• the criteria for a given score is met, when there is evidence of the criteria being addressed
consistently at all appropriate stages and on all appropriate projects.
E.g. a maturity level cannot be awarded without full deployment of the criteria or by showing
single areas of good practice.
• during the audit, the lead auditor can decide if a specific requirement is not applicable and can
be considered as ‘N/A’.

These scoring principles shall be applied for all type of IRIS Certification™ items.

These IRIS Certification™ items include:

• Knock-Out items (see Appendix 7),
• open items which are assessed through a five (5) level approach based on defined criteria
adopted for assessing the level of maturity of processes and the grade and (or) extension of
implementation, and
• closed items (answer is “YES” or “NO”) without progressive maturity levels.

Knock-Out (K.O.) items

K.O. items are also scored (yes/no). The fulfilment of the requirements associated to all applicable
K.O. items is mandatory and is considered as a prerequisite for IRIS certification. Some K.O. items
may not be applicable (see Appendix 7).

K.O. items are audited by each audit, including their applicability.

©2019 UNIFE. All rights reserved page 4 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

During a readiness review all applicable K.O. items shall be fulfilled. If not, the readiness review is
failed and has to be repeated.

By identification of a nonconformity on an applicable K.O. item during an on-site audit, it is deemed to

be a major nonconformity and a re-audit is mandatory.

Closed items
Items without progressive scoring.
Two possible scores:
• answer is “YES” - the requirement is met => 2 points;
• answer is “NO” - the requirement is not met => 0 points;

Open items
By applying the scoring principles, each individual requirement (item) shall be scored progressively
using maturity levels according to the following generic criteria:
• level “optimized” - the requirement is exceeded and continuously improved =>4 points,
• level “qualified” - the requirement is exceeded => 3 points,
• level “defined” - the requirement is met in full => 2 points,
• level “poor” - the requirement is partially met =>1 point,
- ISO/TS 22163 requirement is not fulfilled in all aspects (e.g. all described bullet points,)
- the requirement is not applied in all projects
- no impact on product quality nor on customer requirements
- a corrective action request (CAR) is mandatory and is understood as a minor
nonconformity following the ISO/IEC 17021-1:2015 definition.
• level “insufficient” - the requirement is not met => 0 points,
- ISO/TS 22163 requirement is not fulfilled
- a corrective action request (CAR) is mandatory and is understood as a major
nonconformity following the ISO/IEC 17021-1:2015 definition.

b) Customer perception; page 35

The evaluation of the organization shall focus on customer related requirements according to
following criteria:
• stakeholder expectations and needs,
• customer orientation,
• customer satisfaction,
• internal review activities and actions taken

By applying the scoring principles for this area, a maximum of 200 points can be achieved,
which are distributed as:
• Stakeholder analysis: 30 points
• Customer feedback: 50 points
• KPIs: 120 points

The specific ISO/TS 22163 requirements for customer perception performance can be found in
Appendix 4.

©2019 UNIFE. All rights reserved page 5 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

These requirements will be assessed once during each audit and their evaluation will be
considered in the scoring.

c) Process performance through process performance evaluation, page 36

The purpose of this clause is to focus on process performance:

Five (5) mandatory processes for performance evaluation are defined and are to be performed at
each type of audit (certification, first and second surveillance and re-certification):
a) project management (ISO/TS 22163 clause 8.1.3),
b) requirements for products and services (ISO/TS 22163 clause 8.2),
c) control of externally provided processes, products and services (ISO/TS 22163 clause 8.4),
d) design and development of products and services (ISO/TS 22163 clause 8.3),
e) production and service provision (ISO/TS 22163 clause 8.5).

Depending on the IRIS Certification™ activity (see clause 5.1), the mandatory process d) or e)
could be put as not applicable.

By applying the scoring principles for this area, a maximum of 100 points can be achieved,
which are distributed as follows:
• project management (ISO/TS 22163 clause 8.1.3): 20 points
• requirements for products and services (ISO/TS 22163 clause 8.2): 20 points
• control of externally provided processes, products and services
(ISO/TS 22163 clause 8.4): 20 points
• design and development of products and services
(ISO/TS 22163 clause 8.3): 20 points
• production and service provision (ISO/TS 22163 8.5): 20 points

The specific requirements for performance evaluation can be found in Appendix 6.

The five (5) mandatory processes for performance evaluation will be confirmed during the opening
meeting and assessed during the audit. Their evaluation will be considered in the scoring of the two
(2) pillars: ISO/TS 22163 requirements (assessment sheet) as well as in the performance evaluation
results. The final result is calculated based on the applicable processes for performance evaluation,
considering the respective IRIS activity.

12.2 THE IRIS CERTIFICATION™ QUALITY PERFORMANCE LEVELS,

page 36
According to the assessment results of the audit based on the three (3) pillars, an organization
achieves one of the following specific IRIS Certification™ quality performance level:

Bronze level is the basic level. It is obtained when a business management system according to
ISO/TS 22163 requirements is implemented and an assessment is performed using the
assessment sheet (see 12.1), no specific performance rating results are required. (Note: The
performance rating is executed in any case.)

©2019 UNIFE. All rights reserved page 6 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

Silver level implies, on top of the bronze level, a transparency of performance.

A business management system according to ISO/TS 22163 requirements including a
performance management system is implemented and effective;
high transparency is given during an audit in stakeholder analysis, customer feedback,
performance evaluation and KPIs.
In addition, a higher maturity level for ISO/TS 22163 requirements is needed.

Gold level is the highest level and can be achieved by clear evidence of optimized customer
perception performance.
Based on the high level of quality performance transparency, it is obvious that the audited
organization meets the customer requirements continuously and has a highly developed
business management system

The fulfilment of specific determined recommended requirements is mandatory for the gold level.

An organization is not audited to obtain an IRIS Certification™ quality performance level. The IRIS
Certification™ quality performance level is the result of assessments during the audit (certification,
first and second surveillance, recertification).
The IRIS Certification™ quality performance level could vary from year to year depending on the
results of assessments during the audit. Its achievement is not linked to any further prerequisites.

12.3 TRIGGERS FOR THE IRIS CERTIFICATION™ QUALITY

PERFORMANCE LEVELS, page 37
a) Bronze level
It is achieved by reaching the threshold of the enablers in a successful passed audit
(certification, surveillance, recertification).
The threshold is the product of two (2) factors: Factor 1, is the number of applicable items.
Factor 2, is fixed by the minimum required score (2 points).

Threshold [points] = # applicable items x 2 points

b) Silver level
To get the silver level, the following minimum scores need to be achieved for the three (3)
pillars:
• enabler evaluation (assessment sheet based on ISO/TS 22163 requirements): seventy
percent (70%) of the maximum score,
• customer perception: seventy five percent (75%) of the maximum score,
• process performance through performance evaluation: eighty percent (80%) of the
maximum score.
Additionally, it is mandatory that the documents and data for the preparation of the audit are
available for the lead auditor sixty (60) days in advance (see 9).

©2019 UNIFE. All rights reserved page 7 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

b) Gold level
The triggers for the IRIS Certification™ quality performance level gold will be defined and
implemented progressively, after stabilisation of the silver level.
Further detailed criteria (as required) are not part of these IRIS Certification™ rules and will be
communicated through the IRIS Certification™ portal.

The IRIS Certification™ quality performance level is defined after finalization of the audit (and
is a result of it).

13.3 MANAGEMENT OF IMPROVEMENT ACTION REQUESTS, page 39

…
If a committed improvement activity has not been closed within the agreed time, this will be deemed
as a nonconformity against continual improvement.

©2019 UNIFE. All rights reserved page 8 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

APPENDIX 4: CUSTOMER PERCEPTION, page 46

To assess customer perception, three (3) areas are evaluated.
The first area is stakeholder analysis (rated 15%). It covers the needs and expectations of
interested parties relevant for the organization and its business management system. Based
on the analysis, necessary actions are defined.
The second area (rated 25%) is the feedback of the interested parties relevant for the
organization to the organization and how the organization deals with it. Finally (third area -
rated 60%), specific KPI’s are evaluated which are closely related to customer perception.

A1 STAKEHOLDER ANALYSIS

The stakeholder analysis is a structured approach for the organization to understand the
needs and expectations of interested parties and define (if/as required) relevant actions (see
ISO/TS 22163 clause 4.2).

The stakeholders of an organization shall be identified and evaluated for their relevance.
Customers and suppliers are mandatory for being integrated into a stakeholder analysis.

In general, the relevance is defined:

• by the impact a stakeholder has on the organization, and
• by the impact that the organization and its products and services have on the
stakeholder.
Criteria for defining the relevance can be the following: market impact, strategies, turnover,
criticality of supplies, safety, social aspects, direct or indirect influence. Key stakeholders,
having significant direct or indirect influence upon or importance within an organization shall
be identified and documented (e.g. within the description of the context of the organization).

The stakeholder analysis and the actions defined shall be reviewed and regularly updated.
The identified internal/external customers and suppliers shall be mentioned in the relevant
turtle diagram for the applicable mandatory processes for performance evaluation and/or
additional relevant documentation. As required, the organization may decide to additionally
perform an individual stakeholder analysis for dedicated departments, projects or products.
Organizations which have only internal customers shall consider their own needs and
expectations. These organizations should also consider information from external customers
available (e. g. a manufacturing organization should use information available from sales or
project management).

The stakeholder analysis is an input for the audit team and the start of the evaluation of
customer perception. The audit team shall review the current stakeholder analysis and the
respective process.

After a principle overview, the detailed assessment shall be focused on customers with active
orders and a significant percentage of the business volume in the current period. These
customers and their business should be used as guiding samples during the audit.
Following ISO/TS 22163 areas shall be considered for stakeholder analysis evaluation:
©2019 UNIFE. All rights reserved page 9 of 17
BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

• Understanding the organization and its context (ISO/TS 22163 clause 4.1),
• Understanding the needs and expectations of interested parties (ISO/TS 22163 clause
4.2),
• Business planning (ISO/TS 22163 clause 6.4).

A2 CUSTOMER FEEDBACK

Customer feedback can include customer surveys, customer feedback on delivered products
and services, results from customer audits, evaluation reports provided by the customer e.g.
via online portals, market share analysis, compliments and awards, warranty claims and
complaints and complaint statistics.

Feedback from (internal and external) customers is a good basis for assessing the capability
of an organization and its performance. Furthermore, customer feedback is an important input
for the continuous improvement of the business management system of the organization.
Therefore, customer feedback shall be considered as a mandatory input for the audit planning
and execution.

The timeframe for the data to be considered, shall include and focus on the period since the
last audit was conducted.
After a principle overview, the assessment shall be focused on customer(s) with active orders
and a significant percentage of the business volume in this period.
Organizations which have only internal customers shall consider their feedback. These
organizations should also consider feedback from external customers available through their
internal customers (e. g. a manufacturing organization should use information available from
sales or project management).

Note: During the audit planning customer feedback information (e. g. customer complaints)
should be used to preselect customer projects or processes to be reviewed further during the
audit.

Following ISO/TS 22163 areas shall be considered for customer feedback evaluation:
• Customer focus (ISO/TS 22163 clause 5.1.2),
• Customer communication - Supplemental (ISO/TS 22163 clause 8.2.1.1),
• Customer satisfaction - Supplemental (ISO/TS 22163 clause 9.1.2.1).

A3 CUSTOMER PERCEPTION KPI’S

Customer perception KPI analysis is a structured approach for the organization to check the
grade in which the organization is achieving the results related to customer perception.
Furthermore, it is the basis to induce appropriate actions to improve customer perception (as
required).
The results related to customer perception shall be measured by means of the following KPIs:
• Customer satisfaction (see ISO/TS 22163 clause 9.1.1.1 g)
• Customer on time delivery (see ISO/TS 22163 clause 9.1.1.1 h)
• Nonconformities raised by the customer (see ISO/TS 22163 clause 9.1.1.1 I)

©2019 UNIFE. All rights reserved page 10 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

Customer Perception KPI analysis shall evaluate both the application and the performance
achieved for each of the three (3) above mentioned KPI´s.

The Application of each KPI shall be evaluated by checking the compliance with ISO/TS 22163
clause 9.1.1.1 a) to f).

The performance of each KPI shall be evaluated by checking the real value measured during
the audited period and their compliance with both, internal targets and, when available, main
customers´ targets.

In order to determine the effectiveness level of the KPIs, the audit team evaluates the
evidence arising from the KPI analysis and select the corresponding KPI effectiveness level (A
- E), based upon the descriptions given in the below table (Table 9).

E D
The KPI is not completely
The KPI is documented,
documented, established,
established, implemented and
implemented and maintaines as
maintained as per ISO/TS 22163
per ISO/TS 22163 requirements
requirements 9.1.1.1 a) to f).
9.1.1.1 a) to f).
However the KPI is NOT regularly
indicating the EXPECTED
PERFORMANCE and appropriate
action is NOT being taken
C B
The KPI is documented, The KPI is documented,
established, implemented and established, implemented and
maintained as per ISO/TS 22163 maintained as per ISO/TS 22163
requirements 9.1.1.1 a) to f). requirements 9.1.1.1 a) to f).
However the KPI is NOT regularly Furthermore the KPI is regularly
indicating the EXPECTED indicating the EXPECTED
PERFORMANCE and appropriate PERFORMANCE though it cannot
action is being taken be demonstrated tha this
performance is in line with
CUSTOMER EXPECTED RESULTS.
A
The KPI is documented,
established, implemented and
maintained as per ISO/TS 22163
requirements 9.1.1.1 a) to f).
Furthermore the KPI is regularly
indicating the EXPECTED
PERFORMANCE and it can be
demonstrated tha this
performance is in line with
CUSTOMER EXPECTED RESULTS.

KPI EVALUATION MATRIX

Table 9: Matrix for KPI evaluation

The value of the KPI effectiveness levels (A - E) are defined in the below table (Table 10).

KPI effectiveness level Score

A 20 points

B 15 points

C 10 points

D 5 points

E 0 points

Table 10: KPI effectiveness levels

©2019 UNIFE. All rights reserved page 11 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

A4 APPLICATION OF CUSTOMER PERCEPTION IN IRIS CERTIFICATION

a) Preparation and execution of internal audit

The organization implements a stakeholder analysis and the gathering and analysis of
customer perception data by:
• performing and maintaining a stakeholder analysis,
• identifying of key stakeholders,
• defining relevant KPI,
• measuring and analyzing performance and customer feedback,
• reviewing results with management,
• defining appropriate actions to improve customer perception,
• defining actions to improve the gathering information (survey, complaints, feedbacks,
…).

b) Preparation of IRIS audit by the organization

The organization prepares a data package (see A5) and sends it to the lead auditor before the
audit.

c) Preparation of IRIS audit and audit planning by the certification body

The lead auditor will analyze the data during the preparation of the audit. The lead auditor
selects information to be checked in more detail during the audit, during the readiness review,
if applicable.

d) Execution of IRIS audit

The audit team checks and evaluates the processes and data listed above. During the opening
meeting of each audit any changes in the sent customer perception data and the results of
monitoring the customer perception data on site, needs to be communicated to the audit team
for consideration in the audit. The audit planning shall be adapted accordingly if necessary.
As needed, spot checks are performed based on the list of customers provided in the
stakeholder analysis. At least two of the key customers with relevant projects/orders in the
current period shall be selected. Based on the matrix for KPI evaluation (Table 9) and the KPI
effectiveness level (Table 10), the audit team will evaluate the respective KPI. The arithmetic
average of the sampling will be considered as the total final result of this KPI.
The audit team shall ensure that the detailed samples taken are not the same as in the
previous audit. The assessment of customer perception performance shall be performed by
the audit team and documented the audit tool.

A5 DATA PACKAGE “CUSTOMER PERCEPTION”

The following documents related to customer perception are required for audit planning
(see 9.1):
• list of the organization’s main/relevant customers including their feedback (see Annex
4, A2)
• customer complaint status,
• warranty claim statistics,
• management review report,

©2019 UNIFE. All rights reserved page 12 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

• KPI’s with link to internal/external process customer (including product and service
quality and delivery performance). If applicable, KPI for safety related aspects. For each
KPI the definition and the values for the audited period shall be provided.

The timeframe for the data to be considered, shall include and focus on the period since the
last audit conducted.

APPENDIX 6: PERFORMANCE EVALUATION, page 51

The performance evaluation is used for the evaluation of processes.

Five (5) mandatory processes for performance evaluation are defined and are to be performed
at each type of audit (certification, first and second surveillance and re-certification):
a) project management (ISO/TS 22163 clause 8.1.3),
b) requirements for products and services (ISO/TS 22163 clause 8.2),
c) control of externally provided processes, products and services (ISO/TS 22163
clause 8.4),
d) design and development of products and services (ISO/TS 22163 clause 8.3),
e) production and service provision (ISO/TS 22163 clause 8.5).

Depending on the IRIS Certification™ activity (see 5.1), the mandatory process d) or e) could
be put as not applicable.
…..

c) During the audit

The audit team evaluates the effectiveness of each audited mandatory process considering:
• process application - the extent to which process steps are realized, and
• process performance - the extent to which process performance is achieved.

In order to determine the effectiveness level of the audited process, the audit team evaluates the
audit evidence arising from the performance evaluation report (see template) and select the
corresponding effectiveness level (A - E), based upon the descriptions given in the below table (Table
11).

©2019 UNIFE. All rights reserved page 13 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

The process is documented, established, The process is documented, established, The process is documented, established,
implemented and maintained as per implemented and maintained as per implemented and maintained as per ISO/TS
ISO/TS 22163 requirements. ISO/TS 22163 requirements. 22163 requirements.

However the process is NOT delivering the However the process is NOT delivering Furthermore the process is delivering the
CUSTOMER EXPECTED PERFORMANCE the CUSTOMER EXPECTED CUSTOMER EXPECTED PERFORMANCE
PROCESS APPLICATION

and appropriate action is NOT being taken. PERFORMANCE but appropriate action is and there are no nonconformities identified.
being taken.

The process is documented, established, The process is documented, established, The process is documented, established,
PARTIALLY implemented and PARTIALLY implemented and PARTIALLY implemented and
THEREFORE PARTIALLY maintained as THEREFORE PARTIALLY maintained as THEREFORE PARTIALLY maintained as
per ISO/TS 22163 requirements. per ISO/TS 22163 requirements.. per ISO/TS 22163 requirements.
However the process is NOT delivering the However the process is NOT delivering the However the process is delivering the
CUSTOMER EXPECTED PERFORMANCE CUSTOMER EXPECTED PERFORMANCE CUSTOMER EXPECTED PERFORMANCE.
and appropriate action is NOT being taken. but appropriate action is being taken.

The process is NOT documented, The process is NOT documented, The process is NOT documented,
established, implemented and maintained established, implemented and maintained established, implemented and maintained
as per ISO/TS 22163 requirements.. as per ISO/TS 22163 requirements. as per ISO/TS 22163 requirements.

Furthermore the process is NOT delivering However the process is NOT delivering the However the process is delivering the
the CUSTOMER EXPECTED CUSTOMER EXPECTED PERFORMANCE CUSTOMER EXPECTED PERFORMANCE.
PERFORMANCE and appropriate action is but, appropriate action is being taken.
NOT being taken.

PROCESS PERFORMANCE

Table 11: Matrix for performance evaluation

The value of the effectiveness levels (A - E) are defined in the below table (Table 12).

Effectiveness level Score

A 20 points

B 15 points

C 10 points

D 5 points

E 0 points

Table 12: Effectiveness levels

The process performance level is derived from the evaluation and is recorded in the performance
evaluation template.

Evidences are collected during the audit based also on the assessment sheet.
Corrective Action Request (CAR) are the result of nonconformities identified in the processes of the
organization and through the assessment sheet.

©2019 UNIFE. All rights reserved page 14 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

APPENDIX 7: KNOCK OUT (K.O.) REQUIREMENTS, page 56

Knock out (K.O.) requirements, which, depending on the IRIS activity of the organization, can
be defined as not applicable:
• 8.5.1.2 Special processes
• 8.8 RAMS / LCC
• 8.9 First article inspection
…

8.1.3 Project management

The organization shall establish, implement and maintain a documented process to manage projects.
NOTE 1 The scope of the project management process depends on the business model of an
organization. In most of the rail sector companies it is from tender phase until the end of warranty
period. However, in other cases it can be limited to design and development only (e.g. for the
development of a new product family or platform).

APPENDIX 8: ACTIVITIES TO MANAGE BY PROCESSES AND KPIS,

page 57
The table in Appendix 8 shows a summary overview of all processes, KPIs and related
documented information.
There are 22 mandatory processes required in the ISO/TS 22163:2017.
These twenty-two (22) processes shall be covered by the organization according to their
business management system. They could be combined or split by covering all ISO/TS
requirements.

From these processes, five (5) processes are identified as mandatory to perform the
performance evaluation. Each evaluation shall fully cover the related process

APPENDIX 9: TERMS AND DEFINITIONS, page 61

Term Definition

Indicator, selected by the top management, to evaluate the

Key Performance performance of the business management system.
Indicator (KPI)
[ISO/TS 22163:2017, 3.1.20]

©2019 UNIFE. All rights reserved page 15 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

APPENDIX 10: ABBREVIATIONS, page 62

Abbreviation Explanation

IRQB The International Rail Quality Board

OTIF On Time in Full

OTD On Time Delivery

©2019 UNIFE. All rights reserved page 16 of 17

BOUTIQUE AFNOR - Usage réservé à 1 utilisateur (Code client : 80077768)IRIS CERTIFICATION TM ADDENDUM REV 3.0:2019-07
ZHENGANG Jiao ([email protected]) Pour : ZHENGANG JIAO

IRIS ADDENDUM 2019 - IRIS Certification™ rev. 03 English

IMPLEMENTATION CLARIFICATION ON ISO/TS 22163:2017 – FIRST

EDITION 2017-05
When the clarification has an impact on text, the specific text is marked in italic and bold.

Nr. Clause Lang. Page Clarification

1 3.1 Terms and EN 4 3.1.16 handover wrong definition

definitions for the rail 3.1.16 handover
sector
Passing control authority of the subject item from
one organization to another, including transfer of
responsibilities to the receiving organization.

8.1.3.7 Project d) the project performance (actual situation vs.

2 communications EN 17 planned situation) based on KPIs as specified in
management 9.1.1.1 (e.g. requirements, time, costs);

9.1.1.1 General —
3 EN 17 n) project costs (see 8.1.3.4);
Supplemental

4 9.4 Process reviews EN 65 The process stakeholders are defined by the

organization in it process description, e.g. turtle
diagram and therefore are to be considered in the
respective process review.

Attendance of top management has to be clearly

demonstrated during the process review. A mandated
participation is required to ensure the stakeholder
input/feedback to the process even timely shifted.

5 Bibliography EN 69 Add missing reference to

ISO 10005:2018, Quality management systems —

Guidelines for quality plans

©2019 UNIFE. All rights reserved page 17 of 17