-
Start Preamble
Start Printed Page 31074
AGENCY:
Consumer Product Safety Commission.
ACTION:
Final rule.
SUMMARY:
The Consumer Product Safety Commission (“CPSC,” “Commission,” or “we”) is issuing a final rule establishing requirements for the periodic audit of third party conformity assessment bodies as a condition of their continuing accreditation.
The final rule implements a section of the Consumer Product Safety Act (“CPSA”), as amended by the Consumer Product Safety Improvement Act of 2008 (“CPSIA”).
DATES:
This rule is effective on July 23, 2012.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Randy Butturini, U.S. Consumer Product Safety Commission, 4330 East West Highway, Bethesda, MD 20814; 301-504-7562; email: RButturini@cpsc.gov.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
I. Introduction
In the Federal Register of August 13, 2009 (74 FR 40784), we published a proposed rule that would establish requirements for the periodic audit of third party conformity assessment bodies as a condition of their continuing accreditation. The proposed rule would implement section 14(d)(1) of the CPSA, as amended by section 102(b) of the CPSIA. (On August 12, 2011, the President signed into law Public Law 112-28, which amended both the CPSA and the CPSIA. Section 10(a) of Public Law 112-28 redesignates what was identified as section 14(d) of the CPSA in the preamble of the proposed rule as section 14(i) of the CPSA; consequently, except where we are citing language from the proposed rule, the remainder of this document will refer to section 14(i) of the CPSA.)
Section 14(a)(1) of the CPSA (15 U.S.C. 2063(a)(1)) requires that the manufacturer (including the importer) and the private labeler, if any, of a product that is subject to an applicable consumer product safety rule under the CPSA, or any similar rule, ban, standard, or regulation under any other Act enforced by the CPSC, issue a certificate, which certifies “based on a test of each product or upon a reasonable testing program, that such product complies with all rules, bans, standards, or regulations applicable to the product under this Act or any other Act enforced by the Commission” and specifies each rule, ban, standard, or regulation applicable to the product. This requirement applies to any such product manufactured on or after November 12, 2008.
Section 14(a)(2) of the CPSA establishes a third party testing requirement for children's products that are subject to a children's product safety rule. In general, section 14(a)(2) of the CPSA states, in part, that every manufacturer or private labeler (if the children's product bears a private label) of such products shall submit sufficient samples of the product, or samples that are identical in all material respects to the product, to an accredited third party conformity assessment body to be tested for compliance with such children's product safety rule.
In the Federal Register of May 20, 2010 (75 FR 28336), we published a proposed rule that would establish the requirements for a reasonable testing program and for compliance and continued testing of children's products. In the Federal Register of November 8, 2011 (76 FR 69482), we published a final rule with respect to compliance and continued testing of children's products.
Section 14(a)(3) of the CPSA establishes various timelines for accreditation and requires the Commission to publish a notice of the requirements for accreditation of third party conformity assessment bodies to assess conformity with specific laws or regulations. We have published several notices of requirements in the Federal Register (see, e.g., 76 FR 49286 (August 10, 2011) (“Third Party Testing for Certain Children's Products; Notice of Requirements for Accreditation of Third Party Conformity Assessment Bodies to Assess Conformity with the Limits on Phthalates in Children's Toys and Child Care Articles,”); 76 FR 46598 (August 3, 2011) (“Third Party Testing for Certain Children's Products; Toys: Requirements for Accreditation of Third Party Conformity Assessment Bodies”)). Section 14(a)(3)(C) of the CPSA states that accreditation of third party conformity assessment bodies may be conducted by the Commission or by an independent accreditation organization designated by the Commission.
Section 14(i)(1) of the CPSA requires the Commission to establish “requirements for the periodic audit of third party conformity assessment bodies as a condition for the continuing accreditation of such conformity assessment bodies” under section 14(a)(3)(C) of the CPSA. This final rule implements section 14(i)(1) of the CPSA.
II. Comments on the Proposed Rule, the CPSC's Responses, and a Description of the Final Rule
The proposed rule would create a new part 1112, titled, “Audit Requirements for Third Party Conformity Assessment Bodies,” in Title 16 of the Code of Federal Regulations. Six commenters responded to the proposal.
We describe and respond to the comments in this section of this document and also describe the final rule. A summary of each of the commenter's topics is presented, and each topic is followed by staff's response. For ease of reading, each topic will be prefaced with a numbered “Comment”; and each response will be prefaced by a corresponding numbered “Response.” Each “Comment” is numbered to help distinguish between different topics. The number assigned to each comment is for organizational purposes only and does not signify the comment's value, or importance, or the order in which it was received. Comments on similar topics are grouped together.
A. Comments on Specific Provisions
Most commenters addressed specific sections in the proposed rule, or referenced issues associated with a particular term in a proposed section, but not directly relevant to the proposed section itself. We address those comments in this section. However, on our own initiative, we have renumbered the sections and renamed the part in which the sections will be placed. For example, proposed § 1112.1, titled, “Purpose,” is now renumbered as § 1112.20. As another example, the proposed rule would have created a part 1112, titled, “Audit Requirements for Third Party Conformity Assessment Bodies”; however, the final rule divides the audit requirements into two subparts and renames part 1112, “Requirements Pertaining to Third Party Conformity Assessment Bodies.” We have taken this action because, elsewhere in this issue of the Federal Register, we have published a proposed rule to establish other requirements pertaining to third party conformity assessment bodies (such as the requirements for accreditation and provisions for the withdrawal and suspension of third party conformity assessment bodies) and wish to place all requirements for third party conformity assessment bodies in a single location. This will make it easier for interested Start Printed Page 31075parties to locate the regulations pertaining to third party conformity assessment bodies.
1. § 1112.30—Purpose
Proposed § 1112.1 (now renumbered as § 1112.30 in the final rule) would describe the purpose of the audit rule. In brief, proposed § 1112.1 would state that part 1112 “establishes the audit requirements for third party conformity assessment bodies pursuant to section 14(d)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 2063(d)(1)).” Under section 14(i)(1) of the CPSA, compliance with the requirements in part 1112 would be a condition of continuing the accreditation of such third party conformity assessment bodies.
(Comment 1)—One commenter noted that the proposal referred to certifying organizations under the Labeling of Hazardous Art Materials Act (LHAMA). The commenter stated that art and craft companies cannot afford both LHAMA and what the commenter called “redundant” testing under the CPSIA. The commenter said that retailers that do not recognize the Art and Creative Materials Institute (ACMI) as a third party conformity assessment body are demanding additional tests. The commenter said the CPSC should consider the acceptance of current certification programs, such as ACMI's, to be in full compliance with the CPSIA.
(Response 1)—Although issues related to product testing are outside the scope of the audit rule, the commenter may have misinterpreted the statute and the proposed rule's reference to certifying organizations under LHAMA. Section 14(f)(2)(C) of the CPSA states that certifying organizations, as defined in appendix A to 16 CFR 500.14(b)(8), are third party conformity assessment bodies with respect to certifying art materials and art products to Federal Hazardous Substances Act (FHSA) requirements. Current certification programs, such as ACMI's, are for certifying to LHAMA rules. Section 14 of the CPSA, however, also requires children's products to be tested for compliance to children's product safety rules; and it defines “children's product safety rules” as “a consumer product safety rule under [the CPSA] or similar rule, regulation, standard, or ban under any other Act enforced by the Commission, including a rule declaring a consumer product to be a banned hazardous product or substance.” Thus, because the definition of “children's product safety rule” is broader than certification of art materials and art products to FHSA requirements, testing under section 14 of the CPSA is not “redundant” to LHAMA certification.
Therefore, the final rule retains the text of the “Purpose” section, although we have replaced “part,” with “subpart,” to reflect that the audit requirements are now subpart C of part 1112. Additionally, on our own initiative, we have:
- Changed the title from “Purpose,” to “What Is the Purpose of this Subpart?” to be consistent with the style used for other headings in the final rule;
- Revised the second sentence stating that “Compliance with these requirements is condition for the continuing accreditation * * *” to “Compliance with these requirements is a condition of the continuing accreditation * * *”; and
- Revised the third sentence by inserting a comma between “Labeling of Hazardous Art Materials Act” and “even.”
These changes are not substantive, and the latter two changes were made for grammatical purposes.
2. Subpart A—Purpose and Definitions
Proposed § 1112.3 would define various terms used in part 1112. The final rule now places all definitions in § 1112.3 in subpart A, “Purpose and Definitions.”
a. Accreditation
Proposed § 1112.3(a) would define “accreditation” as:
A procedure by which an authoritative body gives formal recognition that a third party conformity assessment body is competent to perform specific tasks. Accreditation recognizes a third party conformity assessment body's technical competence and is usually specific for tests of the systems, products, components, or materials for which the third party conformity assessment body claims proficiency.
The preamble to the proposed rule explained that the definition was based on a description used by the International Organization for Standardization (ISO) in relation to ISO Standard ISO/IEC 17025:2005, “General Requirements for the Competence of Testing and Calibration Laboratories,” except that it uses the term “third party conformity assessment body,” instead of “lab,” and refers to “technical competence,” instead of “technical capability” (see 74 FR at 40785). We explained that the term “third party conformity assessment body” is used in section 14(a)(3)(C) of the CPSA, and that we were aware that ISO/IEC 17025:2005, by reference, incorporates the definitions set forth in ISO/IEC 17000:2004, “Conformity Assessment—Vocabulary and General Principles,” but we decided against adopting the definition of “accreditation” in ISO/IEC 17000 because it incorporates several other definitions by implied reference.
(Comment 2)—One commenter would revise the first sentence of the definition to define “accreditation” as: “A procedure by which an authoritative body gives formal recognition that a third party conformity assessment body meets competence requirements to perform specific tasks.” The commenter explained that accreditation is “not a subjective assessment of competence based on whatever the individual assessors think is important, but rather is a requirements-based activity.”
(Response 2)—We agree with the commenter, and we have revised the definition accordingly.
Additionally, on our own initiative, we have revised the numbering in § 1112.3, generally, to eliminate the paragraph designations before each defined term. We removed the paragraph designations to be more consistent with accepted formats for regulations.
(Comment 3)—One commenter suggested revising the definition of “accreditation” to “meet the international requirement,” but they did not explain what is meant by “the international requirement.”
(Response 3)—For purposes of this response, we assume that the commenter's reference to “international requirement” means the definitions used in ISO/IEC 17000:2004, “Conformity Assessment—Vocabulary and General Principles.” Section 5.5 of ISO/IEC 17000: 2004 defines “accreditation” as “third party attestation (5.2) related to a conformity assessment body (2.5) conveying a formal demonstration of its competence to carry out specific conformity assessment tasks.” As we explained in the preamble to the proposed rule, ISO/IEC's definition of “accreditation” incorporates several other definitions by implied reference; therefore, we chose to adopt a more detailed definition of the term, rather than adopt a definition from ISO/IEC 17000, whose terms would compel the reader to consult even more definitions before they could understand how the rule defines “accreditation” (see 74 FR at 40785).
Alternatively, because the commenter also discussed requiring reciprocity, it is possible that they meant to suggest that we amend the definition of “accreditation” to include a reciprocity requirement. As discussed later in part II.B of this preamble in the response to Start Printed Page 31076Comment 12, a reciprocity requirement is beyond the scope of this rule.
Consequently, we decline to revise the definition as suggested by the commenter.
(Comment 4)—Another commenter stated that ISO/IEC 17025:2005 and ISO 17000:2004 have definitions that are the result of a consensus and are “universally accepted and understood.” The commenter said that the proposal's use of different definitions or modification of ISO definitions “will create unnecessary problems in the process of accreditation and audits and should be avoided.”
(Response 4)—As the preamble to the proposed rule explained (see 74 FR at 40785), in the definition of “accreditation,” we chose to substitute the term “third party conformity assessment body” instead of “lab” to be consistent with the language in section 14(a)(3)(C) of the CPSA. The preamble to the proposed rule explained other differences between the proposed definitions and ISO/IEC 17025:2005 and ISO 17000:2004; for example, we chose to define some terms to be consistent with notices of requirements issued by the Commission, while other definitions are almost identical to the corresponding ISO definition (id. at 40785 through 40786).
Furthermore, because the commenter did not identify how any proposed definition would cause “unnecessary problems,” we decline to revise the rule as suggested by the commenter.
b. Accreditation Body
Proposed § 1112.3(b) would define “accreditation body” as “an entity that accredits or has accredited a third party conformity assessment body as meeting, at a minimum, the International Organization for Standardization (ISO) Standard ISO/IEC 17025:2005, `General Requirements for the Competence of Testing and Calibration Laboratories,' ” and any test methods or consumer product safety requirements specified in the relevant notice of requirements issued by the Commission, and is a signatory to the International Laboratory Accreditation Cooperation-Mutual Recognition Arrangement. The preamble to the proposed rule explained that the proposed definition of “accreditation body” reflects the basic elements that the Commission has specified in its notices of requirements for the accreditation of third party conformity assessment bodies. The preamble also explained that the phrase “at a minimum” recognizes that some accreditation bodies, as part of the accreditation process, may demand that a third party conformity assessment body demonstrate its conformity with specific methods or programs, as well as demonstrate compliance with ISO/IEC 17025:2005 and with any test methods identified in the relevant notices of requirements issued by the Commission.
(Comment 5)—Several commenters addressed issues relating to ISO/IEC 17025:2005 rather than the definition itself.
One commenter said that ISO/IEC 17025:2005 is a “good baseline,” but nevertheless, asserted that the CPSC should create a mechanism to supervise and control the acceptance of government-owned or government-controlled conformity assessment bodies and firewalled conformity assessment bodies to help ensure their protection against undue influence. (A firewalled conformity assessment body is one that is owned, managed, or controlled by a manufacturer or private labeler of a children's product to be tested by the conformity assessment body for certification purposes and that seeks accreditation under the additional statutory criteria for “firewalled” conformity assessment bodies.)
(Response 5)—Although the commenter's focus on issues of undue influence goes beyond the scope of the rule, we note that the statutory accreditation requirements pertaining to undue influence and government-owned, government-controlled, and firewalled conformity assessment bodies exceed those of ISO/IEC 17025:2005. Section 14(f)(2)(D) of the CPSA requires firewalled conformity assessment bodies to have procedures to ensure that test results are protected from undue influence by the manufacturer, private labeler, or other interested party. Conformity assessment bodies that apply for CPSC approval as firewalled laboratories must submit to the Commission copies of their training documents, showing how employees are trained to notify the Commission immediately and confidentially of any attempt by the manufacturer, private labeler, or other interested party to hide or exert undue influence over the third party conformity assessment body's test results.
For governmental laboratory applicants, CPSC staff engages the governmental entities relevant to requests for CPSC acceptance to obtain the necessary assurances of compliance with the statutory requirements for governmental conformity assessment bodies (laboratories). Section 14(f)(2)(B) of the CPSA requires that governmental-owned or controlled conformity assessment bodies may apply for CPSC recognition of their accreditation and be subject to the audit provisions, if, among other requirements:
- The conformity assessment body's testing results are not subject to undue influence by any other person, including another governmental entity; and
- The conformity assessment body does not exercise undue influence over other governmental authorities controlling distribution of products based on outcomes of the conformity assessment body's conformity assessments.
Thus, the final rule retains the definition of “accreditation body” without change, except that, on our own initiative, we have inserted “/International Electrotechnical Commission (IEC)” after “International Organization for Standardization (ISO)” to provide the full name corresponding to the abbreviation “IEC”; and we added “:2005” after “17025” to identify the particular edition of the standard. We address the process for initially accepting government and firewalled laboratories in the proposed rule on “Requirements Pertaining to Third Party Conformity Assessment Bodies.”
(Comment 6)—One commenter said that there are substantial differences among accreditation bodies. In some cases, the conformity assessment body and the accreditation body are both government-controlled. The commenter added that H.R. 2749, titled, the “Food Safety Enhancement Act of 2009,” has stricter requirements for firewalled conformity assessment bodies, including a restriction on such laboratories certifying their own products. The commenter suggested that the CPSC designate individual accreditation bodies based on specific criteria to prove their competency with CPSC requirements.
(Response 6)—The Commission, through its notices of requirements, has required all third party conformity assessment bodies to be accredited by an accreditation body that is a signatory to the International Laboratory Accreditation Cooperation-Mutual Recognition Arrangement (ILAC-MRA) and further mandated that the scope of the accreditation include testing relative to the appropriate test method(s) or regulation(s) cited in the notice of requirements. All ILAC-MRA accreditation bodies must maintain conformity with the current version of ISO/IEC 17011 and related ILAC guidance documents and ensure that all accredited laboratories comply with ISO/IEC 17025:2005 and applicable ILAC policy and guidance documents. This ensures some degree of similarity Start Printed Page 31077or uniformity among accreditation bodies, regardless of their geographical location, and it also ensures consistency among third party conformity assessment bodies accredited by such ILAC-MRA accreditation bodies. Requiring specific criteria of accreditation bodies is beyond the scope of the requirements for auditing conformity assessment bodies.
As for the Food Safety Enhancement Act of 2009, it would restrict testing laboratories' certification activities. However, under section 14 of the CPSA and CPSC regulations at 16 CFR part 1110, third party conformity assessment bodies do not issue certifications; accordingly, the bill's potential requirements are not directly relevant here. Additionally, nothing in section 14 of the CPSA prohibits firewalled conformity assessment bodies from testing a manufacturer's own products.
c. Audit
Proposed § 1112.3(c) would define “audit” as “a systematic, independent, documented process for obtaining records, statements of fact, or other relevant information, and assessing them objectively to determine the extent to which specified requirements are fulfilled.” The preamble to the proposed rule (74 FR at 40785) explained that this definition is almost identical to the definition of “audit” in ISO/IEC 17000. Proposed § 1112.3(c) also would explain that, for purposes of part 1112, an audit consists of two parts: (1) An examination by an accreditation body to determine whether the third party conformity assessment body meets or continues to meet the conditions for accreditation (a process known more commonly as a “reassessment,” and that the remainder of this preamble will refer to as a “reassessment”); and (2) the resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the CPSC's examination of the resubmitted CPSC Form 223 (that the remainder of this preamble will refer to as an “examination” by the CPSC).
We received no comments on the proposed definition. However, on our own initiative, we have revised the phrase, “is composed of two parts,” to read “consists of two parts.” This change is for grammatical purposes only. Additionally, as stated earlier in part II.A of this preamble in the response to Comment 2, we have removed the paragraph designation; thus, the definition of “audit” is now at § 1112.3 of the final rule rather than at § 1112.3(c) (as proposed).
d. Commission
Proposed § 1112.3(d) would define “Commission” to mean the Consumer Product Safety Commission.
We received no comments on this provision, and therefore, other than removing the paragraph designation (i.e., removing “(d)” before the definition of “Commission” appears), we have finalized the provision without change.
e. Quality Manager
Proposed § 1112.3(e) would define “quality manager” as an individual “(however named) who, irrespective of other duties and responsibilities, has defined responsibility and authority for ensuring that the management system related to quality is implemented and followed at all times and who has direct access to the highest level of management at which decisions are made on the conformity assessment body's policy or resources.” The preamble to the proposed rule explained that this definition is patterned after the explanation of the quality manager's role in ISO/IEC 17025:2005, section 4.1.5 (74 FR at 40786).
We received no comments on this provision, and therefore, other than removing the paragraph designation, we have finalized the provision without change.
f. Use of Statutory Definitions
Proposed § 1112.3(f) would explain that, unless otherwise stated, the definitions of section 3 of the CPSA, and additional definitions in the CPSIA, are applicable for purposes of part 1112 of this title. Thus, for example, the CPSIA's definition of “third party conformity assessment body,” which includes independent conformity assessment bodies, government-owned or government-controlled conformity assessment bodies (subject to certain requirements in section 14(f)(2)(B) of the CPSA), and “firewalled” conformity assessment bodies (subject to certain requirements in section 14(f)(2)(D) of the CPSA), would apply to part 1112; and the term “third party conformity assessment body” in part 1112 would be understood to include all three types of conformity assessment bodies.
(Comment 7)—One commenter stated that referring to firewalled and government-owned or government-controlled conformity assessment bodies as “third party conformity assessment bodies” misuses a term with a specific definition. The commenter said that there are differences in how conformity assessment bodies operate and opined further that the CPSC “needs to address those differences, not only in their accreditation requirements, but also in their audit requirements.”
(Response 7)—Although the commenter did not identify a particular provision, we assume that the commenter was addressing part of the preamble to the proposed rule in which the Commission explained that under proposed § 1112.3(f), “unless otherwise stated, the definitions of section 3 of the CPSA and additional definitions in the CPSIA apply for purposes of part 1112 of this title” (see 74 FR at 40786). The preamble to the proposed rule added: “Thus, for example, the CPSIA's definition of `third party conformity assessment body,' which includes independent conformity assessment bodies, government-owned or government-controlled conformity assessment bodies (subject to certain requirements in section 14(f)(2)(B) of the CPSA), and `firewalled' conformity assessment bodies (subject to certain requirements in section 14(f)(2)(D) of the CPSA), would apply to part 1112, and the term `third party conformity assessment body' in part 1112 would be understood as including all three types of conformity assessment bodies” (id.).
Thus, with respect to the definition of “third party conformity assessment body,” the preamble to the proposed rule was referring to the section 14(f)(2) of the CPSA. Because the statute considers government-owned or government-controlled conformity assessment bodies and firewalled conformity assessment bodies to fall under “third party conformity assessment body” in section 14(f)(2) of the CPSA, we decline to revise the rule as suggested by the comment.
As for establishing different accreditation requirements, sections 14(f)(2)(B) and (f)(2)(D) of the CPSA already establish different requirements for government-owned or government-controlled conformity assessment bodies and firewalled conformity assessment bodies. Furthermore, the Commission, through its notices of requirements for the accreditation of third party conformity assessment bodies, establishes accreditation requirements. Thus, the commenter's request for different accreditation requirements is outside the scope of this rule.
With respect to different audit requirements, the commenter did not suggest any changes to the rule that would apply to government-owned, government-controlled, or firewalled conformity assessment bodies. Consequently, we have no basis to establish different audit requirements Start Printed Page 31078for different types of third party conformity assessment bodies.
3. § 1112.31—Who is subject to these audit requirements?
Proposed § 1112.5 (now renumbered as § 1112.31 in the final rule) would explain that the requirements in part 1112 apply to third party conformity assessment bodies operating pursuant to section 14(a)(2) of the CPSA, and it would reiterate that third party conformity assessment bodies must comply with the audit requirements as a condition of the Commission's acceptance of their accreditation.
We received no comments on this provision, and other than to renumber it, we have finalized the provision without change.
4. § 1112.33—What must an audit address or cover? Who conducts the audit?
Proposed § 1112.3(c) would explain that, for purposes of part 1112, an audit consists of two parts: (1) An examination by an accreditation body to determine whether the third party conformity assessment body meets or continues to meet the conditions for accreditation (the “reassessment” portion of the audit); and (2) the resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the CPSC's examination of the resubmitted CPSC Form 223. If the third party conformity assessment body is a “firewalled” conformity assessment body or a government-owned or government-controlled conformity assessment body, the CPSC's examination may include verification to ensure that the entity continues to meet the appropriate statutory criteria pertaining to such conformity assessment bodies.
a. § 1112.33(a)—What does the reassessment portion of the audit cover?
Under proposed § 1112.7(a) (now renumbered as § 1112.33(a) in the final rule), the reassessment portion of the audit may cover the management systems, specific tests, types of tests, calibrations, or types of calibrations that are the subject of the third party conformity assessment body's accreditation. The proposal also stated that the reassessment portion must examine the third party conformity assessment body's management systems to ensure that the third party conformity assessment body is free from any undue influence regarding its technical judgment.
(Comment 8)—One commenter noted that the text might be interpreted to require that only the management system from ISO/IEC 17025:2005 be met. The commenter said that we should require applicants to fulfill all requirements in ISO/IEC 17025:2005 rather than the management requirements.
(Response 8)—We interpret the commenter as referring to the preamble to the proposed rule (74 FR at 40786), which states that “Under proposed § 1112.7(a), the reassessment portion of the audit may cover the management systems, specific tests * * *.” and referencing proposed § 1112.7(a), which also uses the word “may.”
During the reassessment portion of the audit, the accreditation body examines the competence of the entire operation of the conformity assessment body, including the competence of the personnel, the validity of the conformity assessment methodology, and the validity of the conformity assessment results. We agree with the commenter that the use of the word “may” in these sections could be misinterpreted as not requiring compliance by the conformity assessment body with all sections of ISO/IEC 17025:2005, and the proposed rule was not intended to suggest that the reassessment could be limited to management systems alone. To the contrary, the proposal's mention of “specific tests, types of tests, calibrations, or types of calibrations” was to show that a reassessment extends to technical requirements too. Consequently, we have revised § 1112.33(a) to state that the reassessment portion of an audit of a conformity assessment body by an accreditation body covers management requirements and technical requirements. The remainder of § 1123.33(a), pertaining to examination of the third party conformity assessment body's management systems, is unchanged.
(Comment 9)—Several commenters said that because products must be certified as being in compliance, the principles for impartiality and undue influence need to come from ISO/IEC Guide 65, General Requirements for Bodies Operating Product Certification Systems, which is a standard for certifying bodies. One commenter said that ISO/IEC Guide 65 is important especially for firewalled and government conformity assessment bodies. Additionally, the commenter said that the CPSC should require “applicants” to submit evidence of fulfillment of ISO/IEC 17025:2005 section 4.1.5.b. as part of their application to the CPSC, both initially and with ongoing audits. The commenter said that this information is needed in addition to current firewalled training and that applicants need to be able to notify the Commission about undue influence. Further, ISO/IEC Guide 65 has several requirements to protect impartiality and conflict of interest, the commenter noted.
One commenter added that the Occupation Safety and Health Administration (OSHA) has a National Recognized Testing Laboratory (NRTL) program that uses ISO/IEC Guide 65's requirements to review a laboratory's independence. Rigorous evaluation of the independence of a laboratory should be required annually or at least with surveillance and reassessment visits, the commenter urged.
Another commenter remarked that OSHA's NRTL and the U.S. Federal Communications Commission's (FCC's) Telecommunications Body Certification (TBC) programs could be used as sources.
Another commenter suggested that we consider the principles of product certification outlined in the American National Standards Institute document, titled, “National Conformity Assessment Principles for the United States.” The commenter said that manufacturer certification based on testing by laboratories accredited to ISO/IEC 17025:2005 can ensure that a product conforms to a required standard at the time of testing, but it “does not ensure that the product continues to conform to the standard throughout production and distribution.”
(Response 9)—The commenters may have misinterpreted the rule. Conformity assessment bodies test products, whereas domestic manufacturers and importers are responsible for certifying that their products comply with all rules, bans, standards, or regulations under the CPSA or any other Act enforced by the Commission under existing CPSC regulations at 16 CFR part 1110. Consequently, with respect to the comment regarding ISO/IEC Guide 65, we note that ISO/IEC Guide 65 provides requirements for certification bodies, which have different requirements and responsibilities than third party conformity assessment bodies (which, under section 14 of the CPSA and our regulations at 16 CFR part 1110, test children's products but do not issue certificates for such products), including attestations of conformity and surveillance activities. The requirements to protect impartiality and conflict of interest in ISO/IEC Guide 65 are tailored toward those functions.Start Printed Page 31079
As for the suggestion that a conformity assessment body submit evidence of its fulfillment of ISO/IEC 17025:2005 section 4.1.5.b. as part of its application to the CPSC, both initially and with ongoing audits, section 102(c) of the CPSIA states that in establishing standards for accreditation of a third party conformity assessment body, the Commission may consider standards and protocols for accreditation of such conformity assessment bodies by independent accreditation organizations that are in effect on the date of enactment (August 14, 2008). Accreditation of third party conformity assessment bodies may be conducted either by the Commission or by an independent accreditation organization designated by the Commission. In our notices of requirements for the accreditation of third party conformity assessment bodies, we have established accreditation to ISO/IEC 17025:2005, with the accreditation conducted by an accreditation body that is a signatory to the ILAC-MRA as a baseline requirement for accreditation. Thus, we have designated accreditation organizations (accreditation bodies) to conduct accreditation of third party conformity assessment bodies. Records related to accreditation assessments and reassessments are maintained by the accreditation bodies and the third party conformity assessment bodies.
Consequently, the commenter's suggestion regarding evidence of a third party conformity assessment body's fulfillment of ISO/IEC 17025:2005 requirements is unnecessary because § 1112.39 requires a third party conformity assessment body to retain records related to the last three reassessments conducted by the accreditation body and make such records available to the CPSC upon request. Records of nonconformities related to safeguards against undue influence (or any ISO/IEC 17025:2005 requirement), as well as the corrective actions, must be made available upon the CPSC's request.
In addition, § 1112.37 requires the quality manager at the third party conformity assessment body to notify the CPSC within five business days of an accreditation body's notification of suspension, reduction, or withdrawal of accreditation. Failure to do so may lead to CPSC withdrawal of the laboratory as a CPSC-recognized third party conformity assessment body.
As for the comment regarding a product's continued conformity to standards throughout the product's production and distribution, such matters are outside the scope of this audit rule; instead, they are addressed in a separate rulemaking pertaining to “Testing and Labeling Pertaining to Product Certification” (75 FR 28336 (May 20, 2010); 76 FR 69482 (November 8, 2011)).
b. § 1112.33(b)—Who conducts the reassessment portion of the audit?
Proposed § 1112.7(b) (now renumbered as § 1112.33(b) in the final rule) would require the third party conformity assessment body to have the accreditation body that accredited the third party conformity assessment body perform the reassessment portion of the audit. For example, if a third party conformity assessment body was accredited for a particular scope by an accreditation body named AB-1, then AB-1 would conduct the reassessment. If, however, the same third party conformity assessment body changes its accreditation for the same scope, such that it becomes accredited by a different accreditation body, named AB-2, then AB-2 would conduct the reassessment.
The preamble to the proposed rule also suggested that accreditation bodies performing reassessments conform to ISO/IEC 17011 titled, “Conformity Assessment—General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies” (74 FR at 40787). The preamble to the proposed rule stated that certain provisions in ISO/IEC 17011, notably sections 7.11, “Reassessment and Surveillance”; 7.12, “Extending Accreditation”; and 7.13, “Suspending, Withdrawing, or Reducing Accreditation,” may be relevant, particularly when conducting a reassessment (id.).
(Comment 10)—One commenter stated that only a fraction of the many tests which a conformity assessment body may be accredited to perform actually are examined during any single reassessment. The commenter said it is up to the accreditation body performing the reassessment to decide which tests to undertake. In addition, the commenter asked whether a conformity assessment body must insist that the accreditation body reassess every two years all CPSC tests to which the conformity assessment body is accredited.
(Response 10)—The commenter may have confused reassessment with surveillance. ISO/IEC 17011 defines “assessment” as “a process undertaken by an accreditation body to assess the competence of a conformity assessment body, based on particular standard(s) and/or other normative documents and for a defined scope of accreditation.” (See ISO/IEC 17011:2004, Conformity assessment—General requirements for accreditation bodies accrediting conformity assessment bodies, at section 3.7.) Assessing the competence of a conformity assessment body involves assessing the competence of all conformity assessment body operations, including (among other things) the competence of the personnel, the validity of the conformity assessment methodology, and the validity of the conformity assessment results. Reassessment is described as similar to an initial assessment, except that experience gained during previous assessments shall be taken into account. (Id. at section 7.11.1.) The outcome of these different approaches is the same in that the accreditation body must demonstrate that it has assessed adequately each of the third party conformity assessment body's competencies (including technical and management systems competencies) over the reassessment period.
“Surveillance” is defined as “a set of activities, except reassessment, to monitor the continued fulfillment by accredited CABs of requirements for accreditation” (id. at section 3.18). Typically, surveillance consists of a subset of the reassessment activities, and it is conducted between reassessments.
We note that, on our own initiative, we have revised the last sentence in § 1112.33(b), by inserting a comma between “changes it accreditation” and “so that it becomes accredited. * * *” This change is for grammatical purposes.
c. § 1112.33(c)—What is the examination portion of the audit?
As for the examination portion of the audit, proposed § 1112.7(c) (now renumbered as § 1112.33(c) in the final rule) would explain that the third party conformity assessment body must have the examination portion of the audit conducted by the Commission. The examination portion of the audit would consist of resubmission of CPSC Form 223 by the third party conformity assessment body to the CPSC and the CPSC's examination of the resubmitted form. Resubmission of the CPSC Form 223 would occur in two ways: (1) There would be a continuing obligation to ensure that the information submitted on CPSC Form 223 is current, such that a third party conformity assessment body would submit a new CPSC Form 223 whenever the information changes; and (2) In the absence of any changes that would necessitate the submission of a new CPSC Form 223, the third party conformity assessment body would reregister at the CPSC every 2 years, using CPSC Form 223.Start Printed Page 31080
Additionally, proposed § 1112.7(c) would contain specific requirements for the CPSC's examination of “firewalled” and government-owned or government-controlled conformity assessment bodies. For “firewalled” conformity assessment bodies, proposed § 1112.7(c)(1) would state that the examination portion of the audit conducted by the CPSC may include verification to ensure that the “firewalled” conformity assessment body continues to meet the criteria set forth in section 14(f)(2)(D) of the CPSA. Thus, for example, under proposed § 1112.7(c)(1), we could examine whether a “firewalled” conformity assessment body's established procedures continue to exist; and likewise, it could review its mechanisms for confidential reporting of allegations of undue influence. For government-owned or government-controlled conformity assessment bodies, proposed § 1112.7(c)(2) would state that the examination portion of the audit conducted by the CPSC may include verification that the government-owned or government-controlled conformity assessment body continues to meet the five criteria set forth in section 14(f)(2)(B) of the CPSA. Thus, for example, under proposed § 1112.7(c)(2), the CPSC could examine whether a government-owned conformity assessment body has procedures in place to ensure that its testing results are not subject to undue influence by any other person.
We received no comments on this provision, and aside from renumbering it as § 1112.33(c), we finalized the provision without change. Elsewhere in this issue of the Federal Register, however, we have published a proposed rule to establish other requirements pertaining to third party conformity assessment bodies (such as the requirements for accreditation and provisions for the withdrawal and suspension of third party conformity assessment bodies). The proposed rule would establish different requirements on the resubmission of CPSC Form 223, by asking for additional documentation to support CPSC Form 223.
5. § 1112.35—When must an audit be conducted?
Proposed § 1112.9(a) (now renumbered as § 1112.35 in the final rule) would state that, at a minimum, each third party conformity assessment body must be reassessed at the frequency established by its accreditation body for reassessments of the accreditation. For example, if the accreditation body would conduct a reassessment to reexamine a third party conformity assessment body's accreditation after 2 years, the minimum reassessment frequency for that third party conformity assessment body would be 2 years.
As for the examination portion of the audit conducted by the CPSC, proposed § 1112.9(b)(1) would require each third party conformity assessment body to ensure that the information it submitted on CPSC Form 223 is current and submit a new CPSC Form 223 whenever the information, such as the third party conformity assessment body's address, telephone number, or ownership, changes. In the absence of any changes that would necessitate the submission of a new CPSC Form 223, proposed § 1112.9(b)(2) would require the third party conformity assessment body to reregister at the CPSC every 2 years, using CPSC Form 223.
On our own initiative, we have decided against issuing a final rule regarding the timing of the examination portion of the audit. After the publication of the proposed rule in the Federal Register on August 13, 2009, we have acquired more experience registering third party conformity assessment bodies and have made modifications to CPSC software, as well as to CPSC Form 223. This combination of experience and the modifications to the CPSC's registration system have prompted us to reconsider when the examination portion of an audit should be conducted. Elsewhere in this issue of the Federal Register, we have published a proposed rule to establish other requirements pertaining to third party conformity assessment bodies; the proposed rule contains a new provision regarding the timing of the examination portion of the audit; and we believe that the new proposed provision is clearer and easier to implement. Therefore, rather than codify when the examination portion of an audit must be conducted, the final rule reserves § 1112.35(b).
6. § 1112.37—What must a third party conformity assessment body do after an audit?
In general, once the accreditation body has conducted its reassessment of a third party conformity assessment body, the accreditation body will present its initial findings, along with any supporting evidence, to the quality manager for the third party conformity assessment body. The accreditation body may give the third party conformity assessment body's personnel the opportunity to present any objections they have to the initial findings. The accreditation body may adjust its findings in response to any valid objections.
When the accreditation body presents its findings to the third party conformity assessment body, proposed § 1112.11(a) would require the third party conformity assessment body's quality manager to receive the findings and, if necessary, initiate corrective action in response to the findings. Proposed § 1112.11(b) would require the quality manager to prepare a resolution report; the resolution report would identify the corrective actions taken and any follow-up activities. If immediate corrective action is necessary (as may be the case if the findings identify problems associated with incorrect procedures, invalid actions, or the creation or use of invalid data), proposed § 1112.11(b) would require the quality manager to document that they notified the relevant parties within the third party conformity assessment body to take immediate corrective action and also to document the action(s) taken.
Proposed § 1112.11(c) would require the quality manager to notify the CPSC if the accreditation body decides to reduce, suspend, or withdraw the third party conformity assessment body's accreditation and the reduction, suspension, or withdrawal of accreditation is relevant to the third party conformity assessment body's activities pertaining to a CPSC regulation or test method. The notification would be sent to the Assistant Executive Director, Office of Hazard Identification and Reduction, within five business days of the accreditation body's notification to the third party conformity assessment body. If a third party conformity assessment body does not notify the CPSC in the manner that proposed § 1112.11(c) would require, then such noncompliance may be grounds for withdrawal of acceptance of the accreditation by the Commission under section 14(e)(1)(B) of the CPSA for failure to “comply with an applicable protocol, standard, or requirement established by the Commission” under the audit regulations.
Proposed § 1112.11(d) would explain that the CPSC will notify the third party conformity assessment body if the CPSC finds that the third party conformity assessment body no longer meets the conditions contained in CPSC Form 223 or in the relevant statutory provisions applicable to that third party conformity assessment body. The CPSC also will identify the condition or statutory provision that is no longer met, specify a time by which the third party conformity assessment body must notify the CPSC of the steps that it intends to Start Printed Page 31081take to correct the deficiency, and indicate when it will complete such steps. Proposed § 1112.11(d) also would require the quality manager to document that they notified the relevant parties within the third party conformity assessment body to take corrective action and also document the action(s) taken.
Proposed § 1112.11(e) would describe the possible consequences if a third party conformity assessment body fails to remedy the deficiency in a timely fashion. In brief, proposed § 1112.11(e) would state that the CPSC “shall take whatever action it deems appropriate under the circumstances, up to and including withdrawing the CPSC's accreditation of the third party conformity assessment body or the CPSC's acceptance of the third party conformity assessment body's accreditation.”
We received no comments on this provision, but we have renumbered the provision as § 1112.37 in the final rule. Additionally, on our own initiative, we have:
- Revised the second sentence in § 1112.37(b), by changing “he/she notified” to “they notified”;
- Revised the address in § 1112.37(c), to replace “Maryland” with “MD”; and
- Revised the next-to-last sentence in § 1112.37(d), to change “correct the deficiency and when it will complete such steps” to “correct the deficiency, and indicate when it will complete such steps”; and
- Revised the last sentence in § 1112.37(d), by changing “he/she notified” to “they notified * * *.”
These changes are for grammatical purposes.
7. § 1112.39—What records should a third party conformity assessment body retain regarding an audit?
Proposed § 1112.13 (now renumbered as § 1112.39 in the final rule) would require a third party conformity assessment body to retain all records related to an audit and all records pertaining to the third party conformity assessment body's resolution of, or plans for, resolving nonconformities identified by the audit. Such nonconformities could be identified through a reassessment by an accreditation body or through an examination by the CPSC. The proposal also would require third party conformity assessment bodies to retain records related to the last three reassessments (or however many reassessments have been conducted, if the third party conformity assessment body has been reassessed less than three times) and make such records available to the CPSC, upon request.
The proposal also would require third party conformity assessment bodies to retain records related to the last three reassessments because such records may reveal whether a pattern of problems with accreditation exists, and the records may indicate how quickly such problems are addressed and resolved.
(Comment 11)—One commenter noted that ISO/IEC 17011 requires the accreditation body, rather than the conformity assessment body, to keep records of reassessments. The commenter said that it would be a burden on the accreditation body to make duplicates of these records and provide them to the conformity assessment body. The commenter said that a third party conformity assessment body could meet the objectives for record retention by keeping records of resolutions of nonconformities.
(Response 11)—It is not the intent of the recordkeeping provision for the conformity assessment body to make available to the CPSC all records associated with reassessments that are maintained by the accreditation body. However, assessment and reassessment records need to be retained by the conformity assessment body and made available, upon request, to the CPSC, and the records must include reports of nonconformities, as well as resolution of nonconformities. In addition, assessment/reassessment reports that the accreditation body provides to the conformity assessment body must be made available to the CPSC, upon request.
Consequently, we have amended the rule to clarify that the records retained should include any records received from the accreditation body, as well as the records generated by the conformity assessment body (such as a resolution report discussed in § 1112.39) related to reassessment. Additionally, on our own initiative, and for grammatical purposes, we have revised the last sentence in § 1112.39, by inserting a comma between “however many reassessments have been conducted” and “if the third party conformity assessment body has been reassessed less than three times” and by inserting another comma after “available to the CPSC” and “upon request.” We also have changed the words “relating to” to “related to” throughout § 1112.39; these changes are for grammatical purposes only.
B. General Comments
Many comments pertained to issues outside the scope of the rule. For example, some comments addressed matters related to the initial accreditation of third party conformity assessment bodies. Other comments sought “reciprocity” between conformity assessment body (“laboratory”) programs administered by other federal agencies or other entities. We address those comments in this section.
(Comment 12)—A commenter suggested that the CPSC include reciprocity provisions as part of its accreditation criteria for laboratories to ensure a level playing field for testing organizations based in the United States with respect to foreign competition. Another commenter suggested that the CPSC amend the proposed requirements to include reciprocity provisions drawn from OSHA's NRTL and FCC's TCB programs. The commenter argued that the CPSC would be putting in place a “system of special privileges” that would damage laboratories in the United States because the third party conformity assessment body accreditation process is “open to all countries while other countries' conformity assessment systems are not open to U.S.-based laboratories,” thus creating “a one-way trading relationship and does not advantage all in the supply chain.” Another commenter expressed concern about a lack of reciprocity requirements, stating that foreign countries that wish to participate in a third party conformity assessment body program should be “mandated to offer recognition to U.S.-based laboratories for its certification programs.”
(Response 12)—We decline to revise the rule as suggested by the commenters. Issues regarding reciprocity, either of laboratory accreditation or test results, are outside the scope of this rule. Nothing in section 14(i)(1) of the CPSA authorizes the Commission to include reciprocity of laboratory accreditations or test results as falling within a “periodic audit of third party conformity assessment bodies as a condition for the continuing accreditation of such conformity assessment bodies under [section 14(a)(3)(C) of the CPSA].” Furthermore, we do not believe that we have the legal authority to impose a requirement on foreign governments.
(Comment 13)—One commenter expressed opposition to having accreditation by a signatory to the ILAC-MRA. The commenter said there is no reciprocal agreement with ILAC countries to accept accreditations by the American National Standards Institute, OSHA, or the Standards Council of Canada. The commenter said such acceptance by the CPSC would help to ensure the impartiality of certification.Start Printed Page 31082
(Response 13)—As explained in more detail in the response to Comment 6 above, accreditation by a signatory to the ILAC-MRA ensures some degree of similarity or uniformity among accreditation bodies, regardless of their geographical location, and it also ensures uniformity among third party conformity assessment bodies accredited by ILAC-MRA accreditation bodies. While the commenter is correct that there is no reciprocal agreement with ILAC countries to accept certain accreditations by entities in the United States or Canada, we do not believe that the audit requirement in the CPSIA gives the Commission the authority to demand reciprocity from foreign countries as a function of the audit process. An international agreement of that type is beyond the scope of this rulemaking.
As for the impartiality of certification, we note that the CPSA does not require conformity assessment bodies to issue certificates. Instead, under existing CPSC regulations at 16 CFR part 1110, domestic manufacturers and importers issue certificates.
(Comment 14)—One commenter noted that, in some “systems,” the same government entity is responsible for accreditation, testing, and certification. The commenter said that sections 14(f)(2)(B)(i) through (f)(2)(B)(v) of the CPSA (which lists the criteria for Commission acceptance of governmental conformity assessment bodies) should require extensive documentation during initial acceptance and during audits.
(Response 14)—The commenter did not elaborate on or describe what documentation would be necessary. In any event, the commenter's focus appears to be on revising the statutory or administrative criteria pertaining to government-owned or government-controlled conformity assessment bodies, rather than revising the proposed audit requirements. Thus, the comment is outside the scope of the rule.
(Comment 15)—One commenter stated that a Government Accountability Office (GAO) report issued in August 2009, assessing the effectiveness of enforcement of the CPSC's requirements, identified some resource limitations that could affect our ability to address and enforce requirements on foreign laboratories (both government-owned or government-controlled and firewalled conformity assessment bodies).
(Response 15)—The commenter may have confused laboratories whose tests form the basis for a manufacturer or importer to issue a children's product certificate, with CPSC laboratory testing in support of its import surveillance activities. The GAO report titled, “Better Information and Planning Would Strengthen CPSC's Oversight of Imported Products,” GAO-09-803 (available on the Internet at http://www.gao.gov/new.items/d09803.pdf), refers to overseas manufacturers whose products are imported into the United States and are tested by the CPSC at our laboratory facilities. The GAO report does not discuss accreditation or audit requirements for laboratories. Accordingly, issues regarding the GAO report are outside the scope of this rule.
(Comment 16)—One commenter suggested that to alleviate uncertainty and confusion, the CPSC should address the lack of a definition for a “reasonable testing program.”
(Response 16)—This comment is outside the scope of the audit provisions of section 14(i)(1) of the CPSA. This rulemaking implements section 14(i)(1) of the CPSA. A “reasonable testing program” is part of section 14(a)(1) of the CPSA, and we note that, in the Federal Register of May 20, 2010 (75 FR 28336), we published a proposed rule on “Testing and Labeling Pertaining to Product Certification.” The proposed rule contained (among other things) requirements for a “reasonable testing program.” However, in the final rule on “Testing and Labeling Pertaining to Product Certification” (76 FR 69482 (November 8, 2011)), we decided to reserve, rather than finalize, the “reasonable testing program” requirements. Thus, issues related to a “reasonable testing program” are part of a separate rulemaking.
(Comment 17)—One commenter suggested that the CPSC reassert that compliance to the CPSIA is the manufacturer's responsibility, not the retailer's, and that retailers must accept testing from any accredited third party conformity assessment body approved by the CPSC.
(Response 17)—Current CPSC regulations, at 16 CFR part 1110, limit the persons required to comply with the certification requirements of section 14(a) of the CPSA to: the importer (for products manufactured outside of the United States) and to the domestic manufacturer (for products manufactured within the United States). Neither the CPSIA, nor the CPSA, require a retailer to accept product testing results from any accredited third party conformity assessment body whose accreditation is accepted by the CPSC.
Additionally, as we noted in the preamble to our proposed rule on “Testing and Labeling Pertaining to Product Certification” (75 FR 28336, 28337 (May 20, 2010)):
The Commission understands the economic ramifications that small businesses (and even large businesses) face regarding the testing costs required by section 102 of the CPSIA. Moreover, retailers and importers may be imposing significant additional testing cost on manufacturers by requiring that products that have already been tested by a third party conformity assessment body be tested again by a specific third party conformity assessment body selected by the retailer or importer. The Commission wants to emphasize to retailers and sellers of children's products that they can rely on certificates provided by product suppliers if those certificates are based on testing conducted by a third party conformity assessment body. Section 19(b) of the CPSA provides that a retailer or seller of a children's product shall not be subject to civil or criminal penalties for selling products that do not comply with applicable safety standards if it holds a certificate issued in accordance with section 14(a) of the CPSA to the effect that such consumer product conforms to all applicable consumer product safety rules, unless such person knows that such consumer product does not conform. The Commission notes that section 19(b) of the CPSA does not relieve any person of the obligation to conduct a corrective action should any product violate an applicable safety standard and need to be recalled.
III. Paperwork Reduction Act
The final rule contains information collection requirements that are subject to public comment and review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520).
The OMB has approved the information collection requirements in this rule. The OMB control number pertaining to such approval is OMB 3041-0140, and it expires on December 31, 2012.
IV. Regulatory Flexibility Act
The CPSC has examined the impacts of the final rule under the Regulatory Flexibility Act (5 U.S.C. 601-612). The Regulatory Flexibility Act requires agencies to analyze regulatory options that would minimize any significant impact of a rule on small entities. Because the required information is minimal, and the costs associated with the audits are low, the Commission certifies that the final rule would not have a significant economic impact on a substantial number of small entities.
A. Objectives and Legal Basis for the Final Rule
Section 14(i)(1) of the CPSA requires the Commission to establish requirements for the periodic audit of third party conformity assessment Start Printed Page 31083bodies as a condition of their continuing accreditation. The final rule implements the requirements for the periodic audits. The purpose of a periodic audit is to ensure that an accredited laboratory continues to be competent to perform the testing services for which it has been accredited. In the case of accredited third party conformity assessment bodies that are owned, managed, or controlled by a manufacturer (or “firewalled laboratories”), or that are owned or controlled, in whole or in part, by a government entity, the audit requirements give the Commission the opportunity to ensure that the third party conformity assessment body continues to comply with the CPSIA's requirements for “firewalled” and government-owned or government-controlled conformity assessment bodies.
B. Firms Subject to the Requirement for Periodic Audits
The requirement for periodic audits will affect only third party conformity assessment bodies that intend to provide the CPSIA-required third party conformity assessment services for manufacturers or private labelers of children's products. Third party conformity assessment bodies that do not intend to offer third party conformance testing for children's products are not affected by the requirements for accreditation or periodic audits.
As of August 29, 2011, the CPSC had accepted the accreditations of 87 third party conformity assessment bodies located within the United States. This number could increase, somewhat, over the next year or so, as the remaining notices of requirements for accreditation are issued and the stays of enforcement of the requirements for third party testing (which the Commission issued pending clarification of the regulations and testing requirements) are lifted. Of the third party conformity assessment bodies located in the United States with CPSC-accepted accreditations, 12 are owned by large, foreign-based companies; 22 are large, U.S.-based companies; and the remaining 53 could be small businesses, according to the criteria established by the U.S. Small Business Administration (SBA), which, for a testing laboratory (NAICS code 54138), is a company with less than $12 million in annual revenue.
C. Requirements of the Final Rule and Possible Impacts on Small Businesses
The notices of requirements issued by the CPSC for the accreditation of third party conformity assessment bodies state, as a baseline requirement, that third party conformity assessment bodies must be accredited by an accreditation body that is a signatory to the ILAC-MRA. ILAC is an international cooperation of laboratory accreditation bodies that seek to harmonize laboratory accreditation procedures to facilitate the acceptance of the testing results of accredited laboratories within and across national boundaries. The ILAC-MRA includes requirements for the initial assessment of laboratories, as well as periodic reassessments. Laboratories that do not submit to the periodic reassessments lose their accredited status.
Under the final rule, the periodic audit of a third party conformity assessment body would consist of two parts. The first part would be a reassessment by the accreditation body to determine whether it continues to meet the conditions of accreditation. The second part of the audit would be the resubmission to the CPSC of CPSC Form 223 and its review by the CPSC.
All signatories to the ILAC-MRA have requirements for the periodic reassessment of accredited laboratories. The ILAC-MRA harmonized procedures for surveillance and reassessment of accredited laboratories and recommended that the time between reassessments be no more than 60 months, provided that the accreditation body undertakes somewhat less comprehensive surveillance visits at least every 18 months. However, many accreditation bodies opt to undertake more frequent full reassessments, rather than conduct surveillance visits. According to ISO/IEC 17011, if an accreditation body does not conduct surveillance visits, full reassessments of accredited laboratories must take place at least once every 2 years.
The resubmission of CPSC Form 223 is intended to provide the Commission with an opportunity to ensure that the third party conformity assessment body continues to be accredited by an ILAC-MRA signatory and continues to comply with the requirements for firewalled and government-owned or controlled conformity assessment bodies, if applicable. However, because CPSC staff, in light of its experience with the accreditation process and software changes, has reconsidered when the form should be submitted, and therefore, the final rule does not state when the CPSC Form 223 must be resubmitted. Instead, such matters will be addressed in a separate rulemaking.
Costs associated with periodic audits include: The time cost of the assessor from the accreditation body; and his or her travel, lodging, and meal expenses incurred while conducting the reassessment. According to an accreditation body representative, a reassessment typically takes 2 to 3 days; and the cost charged to the third party conformity assessment body usually will be $3,000 to $4,000 per field (e.g., chemical, electrical, or mechanical testing) in which the third party conformity assessment body is accredited. Therefore, a third party conformity assessment body that is accredited for testing conformance to both chemical and mechanical standards could expect an assessment or reassessment to cost $6,000 to $8,000.
Another expense of a reassessment by an accreditation body is the cost of the time spent by third party conformity assessment body personnel to cooperate with the assessors. This includes the time required to prepare or assemble documents needed by the auditors, as well as the time it takes to explain or demonstrate the procedures used at the third party conformity assessment body. No empirical estimates of this cost were found; however, the amount of time spent by third party conformity assessment body personnel during a reassessment could be close to the amount of time spent by the assessor. If the average reassessment takes 2.5 days (or 20 hours), and the wage of the employees involved is about $44 an hour, then the cost of the time of the third party conformity assessment body's personnel spent cooperating with the reassessment would be about $880. The median hourly wage of architecture and engineering occupations in testing laboratories (NAICS code 541380) is $31.65. U.S. Department of Labor, Bureau of Labor Statistics, National Occupational Employment and Wage Estimates, May 2008 (http://www.bls.gov/oes/oes_dl.htm). In 2008, wages and salaries represented about 71.9 percent of total compensation for professional and related occupations in private industry (U.S. Department of Labor, Bureau of Labor Statistics, Employer cost for Employee Compensation (data extracted on June 17, 2009)).) The cost could be higher if the reassessment takes longer than 2.5 days or higher-paid employees are involved in the reassessment.
The periodic audits required would cost third party conformity assessment bodies about $4,000 to $5,000 (rounded to the nearest thousand) per field in which the third party conformity assessment body is accredited. This expense includes the cost of the accreditation body's assessors, as well as the third party conformity assessment body personnel's time spent on the assessments and other costs, such as the cost of providing the materials required Start Printed Page 31084of “firewalled” conformity assessment bodies. The time between audits will vary to some degree among accreditation bodies; however, a typical period is about once every 2 years. Therefore, the annual average cost of the periodic audits would be approximately $2,000 to $2,500 per field in which the third party conformity assessment body is accredited. Therefore, the annual cost to a third party conformity assessment body accredited in three fields (e.g., chemical, mechanical, and electrical) would be approximately $6,000 to $7,500.
As noted earlier, of the third party conformity assessment bodies based in the United States, for which the CPSC has recognized accreditations, 43 (or about 62 percent) appear to be small businesses, according to the SBA criteria. However, it is unlikely that the rule will have a significant adverse impact on many third party conformity assessment bodies. The only third party conformity assessment bodies that will seek accreditation for testing children's products are those that expect to receive substantial revenue from the third party testing requirement in the CPSA, as amended by the CPSIA. Those third party conformity assessment bodies that do not expect substantial revenue from the testing will not seek to be accredited for the testing, or they can choose not renew their accreditation—if they initially sought accreditation—but the revenue they expected did not materialize.
D. Alternatives to the Final Rule Considered
Given that the CPSC is relying upon accreditation bodies that are signatories to the ILAC-MRA to accredit and reassess the third party conformity assessment bodies, there are no realistic alternatives to the final rule that would lower substantially the cost of the periodic audits. The frequency of the reassessments of the third party conformity assessment bodies is determined by the accreditation bodies, not by the CPSC.
V. Environmental Considerations
This final rule falls within the scope of the Commission's environmental review regulations at 16 CFR § 1021.5(c)(2), which provide a categorical exclusion from any requirement for the agency to prepare an environmental assessment or environmental impact statement for product certification rules.
VI. Effective Date
The final rule becomes effective on July 23, 2012.
Start List of SubjectsList of Subjects in 16 CFR Part 1112
- Consumer protection
- Third party conformity assessment body
- Audit
For the reasons stated above, the Commission amends Title 16 of the Code of Federal Regulations by adding a new part 1112, subpart A and subpart C, to read as follows:
Start PartPART 1112—REQUIREMENTS PERTAINING TO THIRD PARTY CONFORMITY ASSESSMENT BODIES
- 1112.1
- [Reserved]
- 1112.3
- Definitions.
- 1112.1
- [Reserved]
- 1112.30
- What is the purpose of this subpart?
- 1112.31
- Who is subject to these audit requirements?
- 1112.33
- What must an audit address or over and who conducts the audit?
- 1112.35
- When must an audit be conducted?
- 1112.37
- What must a third party conformity assessment body do after an audit?
- 1112.39
- What records should a third party conformity assessment body retain regarding an audit?
Subpart A—Purpose and Definitions Subpart B—[Reserved] Subpart C—Audit Requirements for Third Party Conformity Assessment Bodies Subpart A—Purpose and Definitions
Definitions.Unless otherwise stated, the definitions of section 3 of the CPSA and additional definitions in the Consumer Product Safety Improvement Act of 2008, Public Law 110-314, apply for purposes of this part. The following definitions apply for purposes of this subpart:
Accreditation means a procedure by which an authoritative body gives formal recognition that a third party conformity assessment body meets competence requirements to perform specific tasks. Accreditation recognizes a third party conformity assessment body's technical capability and is usually specific for tests of the systems, products, components, or materials for which the third party conformity assessment body claims proficiency.
Accreditation body means an entity that:
(1) Accredits or has accredited a third party conformity assessment body as meeting, at a minimum, the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) Standard ISO/IEC 17025:2005, “General Requirements for the Competence of Testing and Calibration Laboratories,” and any test methods or consumer product safety requirements specified in the relevant notice of requirements issued by the Commission; and
(2) Is a signatory to the International Laboratory Accreditation Cooperation-Mutual Recognition Arrangement.
Audit means a systematic, independent, documented process for obtaining records, statements of fact, or other relevant information, and assessing them objectively to determine the extent to which specified requirements are fulfilled. An audit, for purposes of this part, consists of two parts:
(1) An examination by an accreditation body to determine whether the third party conformity assessment body meets or continues to meet the conditions for accreditation (a process known more commonly as a “reassessment”); and
(2) The resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the Consumer Product Safety Commission's (“CPSC's”) examination of the resubmitted CPSC Form 223. If the third party conformity assessment body is owned, managed, or controlled by a manufacturer or private labeler (also known as a “firewalled” conformity assessment body) or is a government-owned or government-controlled conformity assessment body, the CPSC's examination may include verification to ensure that the entity continues to meet the appropriate statutory criteria pertaining to such conformity assessment bodies.
CPSC means the Consumer Product Safety Commission.
Quality manager means an individual (however named) who, irrespective of other duties and responsibilities, has defined responsibility and authority for ensuring that the management system related to quality is implemented and followed at all times and has direct access to the highest level of management at which decisions are made on the conformity assessment body's policy or resources.
Subpart B—[Reserved]
Subpart C—Audit Requirements for Third Party Conformity Assessment Bodies
What is the purpose of this subpart?This subpart establishes the audit requirements for third party conformity assessment bodies pursuant to section Start Printed Page 3108514(i)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 2063(i)(1)). Compliance with these requirements is a condition of the continuing accreditation of such third party conformity assessment bodies pursuant to section 14(a)(3)(C) of the CPSA. However, this subpart does not apply to certifying organizations under the Labeling of Hazardous Art Materials Act, even if such organizations are third party conformity assessment bodies.
Who is subject to these audit requirements?Except for certifying organizations described in 16 CFR 1500.14(b)(8), these audit requirements apply to third party conformity assessment bodies operating pursuant to section 14(a)(2) of the CPSA. Third party conformity assessment bodies must comply with the audit requirements as a continuing condition of the CPSC's acceptance of their accreditation.
What must an audit address or cover and who conducts the audit?(a) The reassessment portion of an audit must cover management requirements and technical requirements. Each reassessment portion of an audit also must examine the third party conformity assessment body's management systems to ensure that the third party conformity assessment body is free from any undue influence regarding its technical judgment.
(b) The third party conformity assessment body must have the reassessment portion of the audit conducted by the same accreditation body that accredited the third party conformity assessment body. For example, if a third party conformity assessment body was accredited by an accreditation body named AB-1, then AB-1 would conduct the reassessment. If, however, the same third party conformity assessment body changes its accreditation so that it becomes accredited by a different accreditation body named AB-2, then AB-2 would conduct the reassessment.
(c) The third party conformity assessment body must have the examination portion of the audit conducted by the CPSC. The examination portion of the audit will consist of resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the CPSC's examination of the resubmitted CPSC Form 223.
(1) For “firewalled” conformity assessment bodies, the CPSC's examination may include verification to ensure that the “firewalled” conformity assessment body continues to meet the criteria set forth in section 14(f)(2)(D) of the CPSA.
(2) For government-owned or government-controlled conformity assessment bodies, the CPSC's examination may include verification to ensure that the government-owned or government-controlled conformity assessment body continues to meet the criteria set forth in section 14(f)(2)(B) of the CPSA.
When must an audit be conducted?(a) At a minimum, each third party conformity assessment body must be reassessed at the frequency established by its accreditation body.
(b) [Reserved]
What must a third party conformity assessment body do after an audit?(a) When the accreditation body presents its findings to the third party conformity assessment body, the third party conformity assessment body's quality manager must receive the findings and, if necessary, initiate corrective action in response to the findings.
(b) The quality manager must prepare a resolution report identifying the corrective actions taken and any follow-up activities. If findings indicate that immediate corrective action is necessary, the quality manager must document that they notified the relevant parties within the third party conformity assessment body to take immediate corrective action and also document the action(s) taken.
(c) If the accreditation body decides to reduce, suspend, or withdraw the third party conformity assessment body's accreditation, and the reduction, suspension, or withdrawal of accreditation is relevant to the third party conformity assessment body's activities pertaining to a CPSC regulation or test method, the quality manager must notify the CPSC. Such notification must be sent to the Assistant Executive Director, Office of Hazard Identification and Reduction, Consumer Product Safety Commission, 4330 East West Highway, Bethesda, MD 20814, within five business days of the accreditation body's notification to the third party conformity assessment body.
(d) If the CPSC finds that the third party conformity assessment body no longer meets the conditions specified in CPSC Form 223, or in the relevant statutory provisions applicable to that third party conformity assessment body, the CPSC will notify the third party conformity assessment body, identify the condition or statutory provision that is no longer met, and specify a time by which the third party conformity assessment body shall notify the CPSC of the steps it intends to take to correct the deficiency, and indicate when it will complete such steps. The quality manager must document that they notified the relevant parties within the third party conformity assessment body to take corrective action and also document the action(s) taken.
(e) If the third party conformity assessment body fails to remedy the deficiency in a timely fashion, the CPSC shall take whatever action it deems appropriate under the circumstances, up to and including withdrawing the CPSC's accreditation of the third party conformity assessment body or the CPSC's acceptance of the third party conformity assessment body's accreditation.
What records should a third party conformity assessment body retain regarding an audit?A third party conformity assessment body must retain all records related to an audit that it receives from an accreditation body regarding a reassessment and all records pertaining to the third party conformity assessment body's resolution of, or plans for, resolving nonconformities identified through a reassessment by an accreditation body or through an examination by the CPSC. A third party conformity assessment body also must retain such records related to the last three reassessments (or however many reassessments have been conducted, if the third party conformity assessment body has been reassessed less than three times) and make such records available to the CPSC, upon request.
Todd A. Stevenson,
Secretary.
[FR Doc. 2012-10922 Filed 5-23-12; 8:45 am]
BILLING CODE 6355-01-P
Document Information
- Comments Received:
- 0 Comments
- Effective Date:
- 7/23/2012
- Published:
- 05/24/2012
- Department:
- Consumer Product Safety Commission
- Entry Type:
- Rule
- Action:
- Final rule.
- Document Number:
- 2012-10922
- Dates:
- This rule is effective on July 23, 2012.
- Pages:
- 31073-31085 (13 pages)
- Docket Numbers:
- CPSC Docket No. CPSC-2009-0061
- Topics:
- Accounting, Consumer protection
- PDF File:
- 2012-10922.pdf
- CFR: (7)
- 16 CFR 1112.3
- 16 CFR 1112.30
- 16 CFR 1112.31
- 16 CFR 1112.33
- 16 CFR 1112.35
- More ...