The third-party audit process
Organizations seeking certification to TL 9000 need to first follow the steps described on the TL 9000 Registration Process pages. Part of that process involves selecting a CB that will audit their organization to determine if their processes conform to the requirements of TL 9000.
Before a CB can perform any assessments of conformance to TL 9000 it must first be accredited by another organization, called an Accreditation Body (AB), to assure that the CB is competent in its assessments. The AB must also be authorized to accredit CBs by TIA-BPC.
For this purpose, TIA-BPC has selected ABs in several countries around the world who then select and accredit various CBs to perform assessments of conformance to TL 9000 through audits of the organization's processes.
The TIA-BPC / TL 9000 model calls for the Accreditation Bodies to be accredited by TIA-BPC. We assure they understand the governance we expect over their Certification Bodies. Once accredited, the AB's can certify CB's. That is, the AB's make sure that accredited CB's are following the rules TIA-BPC defines, together with the global IAF rules, and the rules defined by the AB. Once accredited, the CB then certifies their auditors. TIA-BPC guidance says they need to classify their auditors into one of three categories: Auditor, Lead Auditor, Telecom/ICT Industry Experienced Auditor (TIEA). TIA-BPC has identified specific requirements for these classifications but it is the CB's responsibility to follow this guidance. Records showing that the auditors are meeting the defined classifications maintained by the CB and those are periodically assessed by the AB.
To certify the Organization to TL 9000, the CB performs the audit and, if successful, recommends certification. The audit report is reviewed for compliance by the CB. Samples of audit reports are reviewed by the AB to assure the CB is following guidance. The CB certifies their auditors and issues the certificate.
TIA-BPC maintains all information about ABs, CBs, and TL 9000 registrations on the Registration Management System (RMS) and much of this information is available to the public through links later on this page.
Selecting one of the links below provides a list with hyperlinks that profiles the various organizations and also provides contact information.
Auditors who perform audits for CBs must also meet rigid standards.
Below are CB Auditor requirements, qualifications and guidance:
|Document Name||Revision||Effective Date|
|Qualification and Experience Requirements for TL 9000 Certification Body Auditors||5.0||11/15/2019|
|Code of Practice for the TL 9000 Certification Process||8.0||01/01/2019|
|Code of Practice for the TL 9000 Certification Process (Japanese)||8.0||01/01/2019|
|CB Guidance for Monitoring Auditor Performance||1.0||02/05/2015|
Not all auditors are competent in all areas so the TIA-BPC utilizes NACE industry classification codes to assure that auditors assess only those organization where the auditor is competent. NACE codes describe an organization's type of business and auditors are qualified to audit organizations with certain NACE codes.
- NACE Codes for Product Category Table Release 5.6 (Revision 2)
- NACE Codes for Product Category Table Release 5.6 (Revision 1)
- NACE Codes for Product Category Table Release 5.5 (Revision 2)
- NACE Codes for Product Category Table Release 5.5 (Revision 1)
- NACE Codes for Product Category Table Release 5.4 (Revision 1)
- NACE Codes for Product Category Table Release 5.4 (Revision 2)
- NACE Codes for Product Category Table Release 5.3
How long should an audit take? That depends on the size of the organization, scope of registration, etc. Audits can last from one day to months. TIA-BPC provides a guide for the duration of a TL 9000 audit exclusive of the ISO 9001 portion of the audit. These guidelines are revised as needed and are not tied to a particular releases of the TL 9000 Handbooks.
|Document Name||Revision||Effective Date||Mandatory Usage|
|Auditor Time Chart||6.0||08/09/19||09/01/19|
|Measurement Complexity Factor Tool||2.2||12/11/19|
Per the IAF mandatory document webpage, IAF MD 3 ASRP was withdrawn 31 October 2019 in accordance with IAF Resolution 2019-16. Certification bodies will have one year following withdrawal (i.e. 31 October 2019) to transition their certified organization away from IAF MD3.