Skip to Content

Proposed Rule

Audit Requirements for Third Party Conformity Assessment Bodies

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble Start Printed Page 40784

AGENCY:

Consumer Product Safety Commission.

ACTION:

Proposed rule.

SUMMARY:

The Consumer Product Safety Commission (“CPSC” or “Commission”) is proposing to issue regulations establishing requirements for the periodic audit of third party conformity assessment bodies as a condition for their continuing accreditation. The proposed rule would implement section 14(d) of the Consumer Product Safety Act (“CPSA”), as amended by section 102(b) of the Consumer Product Safety Improvement Act of 2008 (“CPSIA”).

DATES:

Submit written or electronic comments on the proposed rule by October 13, 2009. Submit comments on information collection issues under the Paperwork Reduction Act of 1995 by September 14, 2009, (see the “Paperwork Reduction Act” section of this document).

ADDRESSES:

You may submit comments, identified by Docket No. CPSC-2009-0061, by any of the following methods:

Electronic Submissions

Submit electronic comments in the following way:

Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. To ensure timely processing of comments, the Commission is no longer accepting comments submitted by electronic mail (e-mail) except through www.regulations.gov.

Written Submissions

Submit written submissions in the following way:

Mail/Hand delivery/Courier (for paper, disk, or CD-ROM submissions), preferably in five copies, to: Office of the Secretary, Consumer Product Safety Commission, Room 502, 4330 East West Highway, Bethesda, MD 20814; telephone (301) 504-7923.

Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received may be posted without change, including any personal identifiers, contact information, or other personal information provided, to http://www.regulations.gov. Do not submit confidential business information, trade secret information, or other sensitive or protected information electronically. Such information should be submitted in writing.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Randy Butturini, U.S. Consumer Product Safety Commission, 4330 East West Highway, Bethesda, Maryland 20814; 301-504-7562; e-mail: RButturini@cpsc.gov.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Introduction

Section 14(a)(1) of the CPSA (15 U.S.C. 2063(a)(1)), as amended by the CPSIA (Pub. L. 110-314, 122 Stat. 3016), requires that the manufacturer (including the importer) and the private labeler, if any, of a product that is subject to an applicable consumer product safety rule under the CPSA, or any similar rule, ban, standard, or regulation under any other Act enforced by the CPSC, issue a certificate which certifies “based on a test of each product or upon a reasonable testing program, that such product complies with all rules, bans, standards, or regulations applicable to the product under this Act or any other Act enforced by the Commission” and specifies each rule, ban, standard, or regulation applicable to the product. This requirement applies to any such product manufactured on or after November 12, 2008. Section 14(a)(4) of the CPSA gives the CPSC the authority to designate, by rule, one or more of these parties to issue the required certificate and to relieve the other parties enumerated in section 14 of the CPSA from the requirement to furnish certificates. The CPSC issued a final rule in the Federal Register on November 18, 2008 (73 FR 68328) pertaining to such certificates of compliance.

Section 14(a)(2) of the CPSA establishes a third party testing requirement for children's products that are subject to a children's product safety rule. In general, section 14(a)(2) of the CPSA states, in part, that every manufacturer or private labeler (if the children's product bears a private label) of such products shall submit sufficient samples of the product, or samples that are identical in all material respects to the product, to an accredited third party conformity assessment body to be tested for compliance with such children's product safety rule. Section 14(a)(3) of the CPSA establishes various time lines for accreditation and requires the Commission to publish notice of the requirements for accreditation of third party conformity assessment bodies to assess conformity with specific laws or regulations, and the Commission has published several notices of requirements in the Federal Register (see 73 FR 54564 (September 22, 2008) (Notice of Requirements for Accreditation of Third Party Conformity Assessment Bodies to Assess Conformity with part 1301 of Title 16, Code of Federal Regulations)); 73 FR 62965 (October 22, 2008) (Notice of Requirements for Accreditation of Third Party Conformity Assessment Bodies to Assess Conformity With Part 1508, Part 1509, and/or Part 1511 of Title 16, Code of Federal Regulations)); 73 FR 67838 (November 17, 2008) (Notice of Requirements for Accreditation of Third Party Conformity Assessment Bodies to Assess Conformity With part 1501 of Title 16, Code of Federal Regulations); and 73 FR 78331 (December 22, 2008) (Notice of requirements for accreditation of third party conformity assessment bodies to assess conformity with the 600 parts per million (“ppm”) and 300 ppm lead content limits in metal and metal alloy parts of children's metal jewelry established by the Consumer Product Safety Improvement Act of 2008)).

Section 14(d)(1) of the CPSA, as added by the CPSIA, requires the Commission to establish “requirements for the periodic audit of third party conformity assessment bodies as a condition for the continuing accreditation of such conformity assessment bodies” under section 14(a)(3)(C) of the CPSA.

This proposed rule, if finalized, would implement section 14(d)(1) of the CPSA.

II. Description of the Proposed Rule

The proposal would create a new part 1112, titled “Audit Requirements for Third Party Conformity Assessment Bodies,” in Title 16 of the Code of Federal Regulations.

A. Proposed § 1112.1—Purpose

Proposed § 1112.1 would describe the purpose behind the new part 1112. In brief, proposed § 1112.1 would state that part 1112 “establishes the audit requirements for third party conformity assessment bodies pursuant to section 14(d)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 2063(d)(1)).” Under section 14(d)(1) of the CPSA, compliance with the requirements in part 1112 would be a condition for the continuing accreditation of such third party conformity assessment bodies.

Section 14(f)(2)(C) of the CPSA, “Testing and Certification of Art Materials and Products,” states that a certifying organization as defined in 16 Start Printed Page 40785CFR 1500.14(b)(8), Appendix A, “(or any successor regulation or ruling) meets the requirements of [section 14(f)(2)(A) of the CPSA] with respect to the certification of art material and art products required under this section or by regulations prescribed under the Federal Hazardous Substances Act (15 U.S.C. 1261 et seq.).” These certifying organizations certify that art materials conform to the requirements of ASTM D-4236 under the Labeling of Hazardous Art Materials Act (LHAMA), 15 U.S.C. 1277, which provided that the provisions of ASTM D-4236 shall be deemed a regulation issued by the Commission. Those requirements are codified at 16 CFR 1500.14(b)(8).

LHAMA and the standard it mandated provide certain requirements for art materials. Under these requirements, the producer or repackager of an art material must submit the product's formulation or reformulation to a toxicologist who will review the formulation to determine if the art material has potential to produce chronic adverse health effects through customary or reasonably foreseeable use. If the toxicologist does determine that the art material has this potential, the toxicologist will recommend appropriate chronic hazard labeling, and the producer or repackager must use suitable precautionary labeling on the product. If the art material presents an acute hazard, the labeling also must contain an acute hazard warning.

Under LHAMA, the producer or manufacturer of the art material must submit to the Commission a written description of the criteria the toxicologist uses to determine whether the producer/repackager's product has the potential to produce chronic adverse health effects and a list of art materials that require chronic hazard warning labels. A conformance statement indicating that the product has been reviewed in accordance with the standard as required must appear either on the product, at point of sale, or on an invoice. Furthermore, the “Guidelines for a Certifying Organization,” which can be found as Appendix A to 16 CFR 1500.14(b)(8), state, in part, that an “advisory board composed of not less than three or more than five toxicologists, at least one of whom is certified in toxicology by a nationally recognized certification board” should conduct periodic reviews of a toxicologist's reviews and that, “In cases where there is a disagreement by participating producers or participating users, with the determination of the toxicologist(s), there should be a method whereby the toxicologist's decision can be presented to the advisory board for arbitration.”

Thus, because section 14(f)(2)(A) of the CPSA considers organizations that follow the guideline listed at Appendix A to 16 CFR 1500.14(b)(8) to be third party conformity assessment bodies and because the “Guidelines for a Certifying Organization” establish a mechanism for reviewing the toxicologist's work (either periodically or in response to a disagreement), the proposed rule would not subject these certifying organizations to the audit requirements in part 1112.

B. Proposed § 1112.3—Definitions

Proposed § 1112.3 would define various terms used in part 1112.

Proposed § 1112.3(a) would define “accreditation” as: A procedure by which an authoritative body gives formal recognition that a third party conformity assessment body is competent to perform specific tasks. Accreditation recognizes a third party conformity assessment body's technical competence and is usually specific for tests of the systems, products, components, or materials for which the third party conformity assessment body claims proficiency.

The proposed definition is based on a description used by the International Organization for Standardization (ISO) in relation to ISO Standard ISO/IEC 17025:2005, “General Requirements for the Competence of Testing and Calibration Laboratories” (see International Organization for Standardization, “Accreditation,” accessed on the Internet at http://www.isoiec17025.com/​wst_​page4.html), except that it uses the term “third party conformity assessment body” instead of “lab” and refers to “technical competence” instead of “technical capability.” The term “third party conformity assessment body” is used in section 14(a)(3)(C) of the CPSA. The Commission is aware that ISO/IEC 17025, by reference, incorporates the definitions set forth in ISO/IEC 17000:2004, “Conformity Assessment—Vocabulary and General Principles,” but ISO/IEC 17000's definition of “accreditation” incorporates several other definitions by implied reference. Therefore, the proposed rule would adopt a more explanatory definition rather than adopt a definition from ISO/IEC 17000 whose terms necessitate additional definition themselves.

Proposed § 1112.3(b) would define “accreditation body” as “an entity that accredits or has accredited a third party conformity assessment body as meeting, at a minimum, the International Organization for Standardization (ISO) Standard ISO/IEC 17025:2005, ‘General Requirements for the Competence of Testing and Calibration Laboratories’ ” and any test methods or consumer product safety requirements specified in the relevant notice of requirements issued by the Commission and is a signatory to the International Laboratory Accreditation Cooperation—Mutual Recognition Arrangement. The proposed definition of “accreditation body” reflects the basic elements the Commission has specified in its notices of requirements for the accreditation of third party conformity assessment bodies. Additionally, the phrase “at a minimum” recognizes that some accreditation bodies may, as part of the accreditation process, demand that a third party conformity assessment body demonstrate its conformance with specific methods or programs in addition to demonstrating conformance with ISO/IEC 17025 and with any test methods identified in the relevant notices of requirements issued by the Commission.

ISO/IEC 17025 incorporates by reference the definitions in ISO/IEC 17000, and ISO/IEC 17000 defines “accreditation body” as an “authoritative body that performs accreditation.” However, for purposes of the proposed rule, the Commission believes that the proposed definition is more explanatory and, in this instance, more consistent with the notices of requirements for the accreditation of third party conformity assessment bodies.

Proposed § 1112.3(c) would define “audit” as “a systematic, independent, documented process for obtaining records, statements of fact, or other relevant information, and assessing them objectively to determine the extent to which specified requirements are fulfilled.” The proposed definition is almost identical to the definition of “audit” in ISO/IEC 17000. Proposed § 1112.3(c) also would explain that, for purposes of part 1112, an audit is composed of two parts: (1) An examination by an accreditation body to determine whether the third party conformity assessment body meets or continues to meet the conditions for accreditation (a process known more commonly as a “reassessment” and which the remainder of this preamble will refer to as a “reassessment”); and (2) the resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the CPSC's examination of the resubmitted CPSC Form 223 (which the remainder of this preamble will refer to as an Start Printed Page 40786“examination” by the CPSC). For example, assume that a third party conformity assessment body is accredited as conforming to ISO/IEC 17025 and to the testing pertaining to 16 CFR part 1501 (which pertains to “Method for Identifying Toys and Other Articles Intended for Use by Children Under 3 Years of Age Which Present Choking, Aspiration, or Ingestion Hazards Because of Small Parts”). The “reassessment” portion of the audit, in this example, would consist of the assessment or reassessment of the third party conformity assessment body by the accreditation body relative to ISO/IEC 17025 and the testing pertaining to 16 CFR part 1501. The “examination” portion of the audit would consist of the third party conformity assessment body re-registering at the CPSC through the completion of a new CPSC Form 223 and the CPSC's review of the information in the resubmitted form. If the third party conformity assessment body is a “firewalled” conformity assessment body or a government-owned or government-controlled conformity assessment body, the CPSC's examination may include verification to ensure that the entity continues to meet the appropriate statutory criteria pertaining to such conformity assessment bodies. (A “firewalled” conformity assessment body is a conformity assessment body that is “owned, managed, or controlled by a manufacturer or private labeler,” and such conformity assessment bodies are subject to certain statutory requirements and are accredited by the Commission by order (see section 14(f)(2)(D) of the CPSA). Section 14(f)(2)(B) of the CPSA also allows a third party conformity assessment body to be “owned or controlled in whole or in part by a government” under certain statutory conditions or requirements. The statutory requirements for “firewalled” and government-owned or government-controlled conformity assessment bodies are in addition to those pertaining to third party conformity assessment bodies generally.)

Proposed § 1112.3(d) would define “Commission” as meaning the Consumer Product Safety Commission.

Proposed § 1112.3(e) would define “quality manager” as an individual “(however named) who, irrespective of other duties and responsibilities, has defined responsibility and authority for ensuring that the management system related to quality is implemented and followed at all times and has direct access to the highest level of management at which decisions are made on the conformity assessment body's policy or resources.” This definition is patterned after the explanation of the quality manager's role in ISO/IEC 17025, section 4.1.5.

Proposed § 1112.3(f) would explain that, unless otherwise stated, the definitions of section 3 of the CPSA and additional definitions in the CPSIA apply for purposes of part 1112 of this title. Thus, for example, the CPSIA's definition of “third party conformity assessment body,” which includes independent conformity assessment bodies, government-owned or government-controlled conformity assessment bodies (subject to certain requirements in section 14(f)(2)(B) of the CPSA), and “firewalled” conformity assessment bodies (subject to certain requirements in section 14(f)(2)(D) of the CPSA), would apply to part 1112, and the term “third party conformity assessment body” in part 1112 would be understood as including all three types of conformity assessment bodies.

C. Proposed § 1112.5—Who Is Subject to These Audit Requirements?

Proposed § 1112.5 would explain that the requirements in part 1112 apply to third party conformity assessment bodies operating pursuant to section 14(a)(2) of the CPSA and would reiterate that third party conformity assessment bodies must comply with the audit requirements as a continuing condition of the Commission's acceptance of their accreditation. However, as explained earlier in part II.A of this preamble, certifying organizations described in Appendix A to 16 CFR 1500.14(b)(8) (pertaining to LHAMA and the certification of art material and art products) are not subject to the audit requirements.

D. Proposed § 1112.7—What Must an Audit Address or Cover? Who Conducts the Audit?

As described earlier in part II.B of this document, proposed § 1112.3(c) would explain that, for purposes of part 1112, an audit is composed of two parts: (1) An examination by an accreditation body to determine whether the third party conformity assessment body meets or continues to meet the conditions for accreditation (the “reassessment” portion of the audit); and (2) the resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the CPSC's examination of the resubmitted CPSC Form 223. If the third party conformity assessment body is a “firewalled” conformity assessment body or a government-owned or government-controlled conformity assessment body, the CPSC's examination may include verification to ensure that the entity continues to meet the appropriate statutory criteria pertaining to such conformity assessment bodies.

Under proposed § 1112.7(a), the reassessment portion of the audit may cover the management systems, specific tests, types of tests, calibrations, or types of calibrations that are the subject of the third party conformity assessment body's accreditation. For example, if an accreditation body accredited a third party conformity assessment body on the latter's conformity with ISO/IEC 17025 and additional method(s) or programs from the accreditation body or tests identified in the relevant notice of requirements issued by the Commission, the reassessment portion of the audit could have the accreditation body assess the third party conformity assessment body's conformity with ISO/IEC 17025 and assess whether the third party conformity assessment body is qualified to use the specific method(s) or programs from the accreditation body or the tests identified in the relevant notice of requirements. The examination portion of the audit conducted by the CPSC would consist of the third party conformity assessment body's resubmission of a CPSC Form 223, the CPSC's examination of the resubmitted form, and a check by the CPSC to see whether the third party conformity assessment body continues to meet the statutory requirements applicable to it.

It is important to note that, with one exception, the proposed rule would not specify the precise scope of a reassessment by an accreditation body. The Commission recognizes that accrediting bodies often have the flexibility to determine whether a third party conformity assessment body continues to conform with its accreditation requirements and to decide what systems or test methods to examine as part of the reassessment process. Thus, the proposed rule would state that the reassessment portion of the audit “may” (rather than “must”) cover the management systems, specific tests, types of tests, calibrations, or types of calibrations that are the subject of the third party conformity assessment body's accreditation. Proposed § 1112.7(a) would, however, expressly require each reassessment to examine the third party conformity assessment body's management systems to ensure that the third party conformity assessment body is free from any undue influence regarding its technical judgment. Such an examination would be consistent with ISO/IEC 17025, section 4.1, “Organization,” and note 2 to section 4.1.4 states that:

Start Printed Page 40787

If the laboratory wishes to be recognized as a third-party laboratory, it should be able to demonstrate that it is impartial and that its personnel are free from any undue commercial, financial and other pressures which might influence their technical judgment. The third-party testing or calibration laboratory should not engage in any activities that may endanger trust in its independence of judgment and integrity in relation to its testing or calibration activities.

(See International Organization for Standardization, ISO/IEC 17025: 2005(E), “General Requirements for the Competence of Testing and Calibration Laboratories,” at page 2.) Such an examination also would be consistent with section 14(f)(2)(D)(ii) of the CPSA, which requires “firewalled” conformity assessment bodies to have established procedures to ensure that:

(I) Its test results are protected from undue influence by the manufacturer, private labeler or other interested party;

(II) The Commission is notified immediately of any attempt by the manufacturer, private labeler or other interested party to hide or exert undue influence over test results; and

(III) Allegations of undue influence may be reported confidentially to the Commission.

Proposed § 1112.7(b) would require the third party conformity assessment body to have the accreditation body that accredited the third party conformity assessment body perform the reassessment portion of the audit. For example, if a third party conformity assessment body was accredited by an accreditation body named AB-1, then AB-1 would conduct the reassessment. If, however, the same third party conformity assessment body changes its accreditation, so that it becomes accredited by a different accreditation body named AB-2, then AB-2 would conduct the reassessment.

The proposed rule contemplates that accrediting bodies performing a reassessment will conform to ISO/IEC 17011, “Conformity Assessment—General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies.” Certain provisions in ISO/IEC 17011, notably sections 7.11, “Reassessment and Surveillance,” 7.12, “Extending Accreditation,” and 7.13, “Suspending, Withdrawing, or Reducing Accreditation,” may be particularly relevant when conducting a reassessment.

As for the examination portion of the audit, proposed § 1112.7(c) would explain that the third party conformity assessment body must have the examination portion of the audit conducted by the Commission. The examination portion of the audit would consist of resubmission of CPSC Form 223 by the third party conformity assessment body to the CPSC and the CPSC's examination of the resubmitted form. As explained later in part II.E of this document, resubmission of the CPSC Form 223 would occur in two ways: (1) There would be a continuing obligation to ensure that the information submitted on CPSC Form 223 is current, such that a third party conformity assessment body would submit a new CPSC Form 223 whenever the information changes; and (2) in the absence of any changes that would necessitate the submission of a new CPSC Form 223, the third party conformity assessment body would re-register at the CPSC every two years using CPSC Form 223.

Additionally, proposed § 1112.7(c) would contain specific requirements for the CPSC's examination of “firewalled” and government-owned or government-controlled conformity assessment bodies. For “firewalled” conformity assessment bodies, proposed § 1112.7(c)(1) would state that the examination portion of the audit conducted by the CPSC may include verification to ensure that the “firewalled” conformity assessment body continues to meet the criteria set forth in section 14(f)(2)(D) of the CPSA. Section 14(f)(2)(D) of the CPSA states that:

Upon request, the Commission may accredit a conformity assessment body that is owned, managed, or controlled by a manufacturer or private labeler as a third party conformity assessment body if the Commission by order finds that—

(i) Accreditation of the conformity assessment body would provide equal or greater consumer safety protection than the manufacturer's or private labeler's use of an independent third party conformity assessment body; and

(ii) The conformity assessment body has established procedures to ensure that—

(I) Its test results are protected from undue influence by the manufacturer, private labeler or other interested party;

(II) The Commission is notified immediately of any attempt by the manufacturer, private labeler or other interested party to hide or exert undue influence over test results; and

(III) Allegations of undue influence may be reported confidentially to the Commission.

Thus, for example, under proposed § 1112.7(c)(1), the CPSC could examine whether a “firewalled” conformity assessment body's established procedures continue to exist and examine its mechanisms for confidential reporting of allegations of undue influence. For government-owned or government-controlled conformity assessment bodies, proposed § 1112.7(c)(2) would state that the examination portion of the audit conducted by the CPSC may include verification that the government-owned or government-controlled conformity assessment body continues to meet the five criteria set forth in section 14(f)(2)(B) of the CPSA. In brief, section 14(f)(2)(B) of the CPSA states that the term “third party conformity assessment body” may include a government-owned or government-controlled entity if:

(i) Private labelers located in any nation are permitted to choose conformity assessment bodies that are not owned or controlled by the government of that nation;

(ii) The entity's testing results are not subject to undue influence by any other person, including another governmental entity;

(iii) The entity is not accorded more favorable treatment than other third party conformity assessment bodies in the same nation who have been accredited under [section 14 of the CPSA];

(iv) The entity's testing results are accorded no greater weight by other governmental authorities than those of other third party conformity assessment bodies accredited under [section 14 of the CPSA]; and

(v) The entity does not exercise undue influence over other governmental authorities on matters affecting its operations or on decisions by other governmental authorities controlling distribution of products based on outcomes of the entity's conformity assessments.

Thus, for example, under proposed § 1112.7(c)(2), the CPSC could examine whether a government-owned conformity assessment body has procedures in place to ensure that its testing results are not subject to undue influence by any other person. CPSC staff is considering whether to specify the types of documents government-owned or government-controlled conformity assessment bodies should have to demonstrate compliance with section 14(f)(2)(B) of the CPSA; however, because such details may be more appropriately considered to be part of the accreditation or acceptance of accreditation processes rather than part of an “audit,” the Commission may amend the previously-published notices of requirements and/or include such information in any future notices of requirements.

E. Proposed § 1112.9—When Must an Audit Be Conducted?

Proposed § 1112.9(a) would state that, at a minimum, each third party conformity assessment body must be reassessed at the frequency established by its accreditation body for reassessments of the accreditation. For example, if the accreditation body would conduct a reassessment to reexamine a third party conformity Start Printed Page 40788assessment body's accreditation after two years, the minimum reassessment frequency for that third party conformity assessment body, under proposed § 1112.9(a), would be two years.

Third party conformity assessment bodies are free to have themselves reassessed more frequently (such as annually or on any other predetermined schedule) and may wish to consider having reassessments conducted if a change has occurred that may affect their capabilities. For example, if a third party conformity assessment body desires to perform an additional method, it may wish to consider being reassessed at an earlier date so that the reassessment examines the third party conformity assessment body's conformance with ISO/IEC 17025 and all methods covered by the accreditation(s). As another example, accreditation bodies themselves may have shorter intervals between initial accreditation and a reassessment or allow for another type of action called “surveillance.” Section 7.11.3 of ISO/IEC 17011 discusses various dates for reassessment and/or surveillance of a third party conformity assessment body's accreditation. ISO/IEC 17011 defines “surveillance” as a “set of activities, except reassessment, to monitor the continued fulfillment by accredited [conformity assessment bodies] of requirements for accreditation.” “Surveillance,” therefore, is distinct from “reassessment.” Section 7.11.3 of ISO/IEC 17011 directs accreditation bodies to design a plan for reassessment and surveillance and recommends that the first on-site surveillance be conducted “no later than 12 months from the date of initial accreditation.”

As for the examination portion of the audit conducted by the CPSC, proposed § 1112.9(b)(1) would require each third party conformity assessment body to ensure that the information it submitted on CPSC Form 223 is current and to submit a new CPSC Form 223 whenever the information, such as the third party conformity assessment body's address, telephone number, or ownership, changes. This will ensure that the information available to CPSC reflects the most current information for a particular third party conformity assessment body. In the absence of any changes that would necessitate the submission of a new CPSC Form 223, proposed § 1112.9(b)(2) would require the third party conformity assessment body to re-register at the CPSC every two years using CPSC Form 223. This re-registration requirement may help CPSC identify third party conformity assessment bodies that have gone out of business or discontinued testing of products subject to the CPSC's jurisdiction and remove such third party conformity assessment bodies from its list of accredited third party conformity assessment bodies.

If a third party conformity assessment body has registered more than once with the CPSC, has registered at different times, and has no changes in information that would warrant the submission of a new CPSC Form 223, the first examination portion of the audit, under proposed § 1112.9(b)(3), would be performed two years after the last registration date, and then every two years thereafter. For example, assume that a third party conformity assessment body registers in 2009 to test for lead paint and later registers in 2010 to test for small parts. The examination portion of the audit would occur in 2012, and subsequent examination portions of the audit would be at 2014, 2016, etc. If the third party conformity assessment body has made changes that warranted the submission of a new CPSC Form 223, then, under proposed § 1112.9(b)(4), the first examination portion of the audit would be performed two years after the submission of the new CPSC Form 223.

F. Proposed § 1112.11—What Must a Third Party Conformity Assessment Body Do After an Audit?

In general, once the accreditation body has conducted its reassessment of a third party conformity assessment body, the accreditation body will present its initial findings along with any supporting evidence to the quality manager for the third party conformity assessment body. The accreditation body may give the third party conformity assessment body's personnel the opportunity to present any objections they have to the initial findings. The accreditation body may then adjust its findings in response to any valid objections.

When the accreditation body presents its findings to the third party conformity assessment body, proposed § 1112.11(a) would require the third party conformity assessment body's quality manager to receive the findings and, if necessary, to initiate corrective action in response to the findings. Proposed § 1112.11(b) would require the quality manager to prepare a resolution report; the resolution report would identify the corrective actions taken and any follow-up activities. If immediate corrective action is necessary (as may be the case if the findings identify problems associated with incorrect procedures, invalid actions, or the creation or use of invalid data), proposed § 1112.11(b) would require the quality manager to document that he/she notified the relevant parties within the third party conformity assessment body to take immediate corrective action and also document the action(s) taken.

Proposed § 1112.11(c) would require the quality manager to notify the CPSC if the accreditation body decides to reduce, suspend, or withdraw the third party conformity assessment body's accreditation, and the reduction, suspension, or withdrawal of accreditation is relevant to the third party conformity assessment body's activities pertaining to a CPSC regulation or test method. For example, assume that a third party conformity assessment body is accredited by its accreditation body to perform lead paint testing and to perform tests to detect the presence of a specific substance (which this example will refer to as Test 2), where the latter test is not done to determine whether children's products conform to an applicable children's product safety rule and also is not within the scope of the CPSC's acceptance of the accreditation for the third party conformity assessment body. Assume further that the accreditation body finds the third party conformity assessment body to remain competent to conduct the lead tests, but withdraws accreditation with respect to Test 2. Under this example, the quality manager would not have to notify the CPSC that the accreditation body has withdrawn accreditation for Test 2 because Test 2 was not relevant to the third party conformity assessment body's testing of children's products.

In circumstances when a notification is required, the notification would be sent to the Assistant Executive Director, Office of Hazard Identification and Reduction, within five business days of the accreditation body's notification to the third party conformity assessment body. This provision will help ensure that the CPSC is notified about third party conformity assessment bodies that have their accreditation suspended or withdrawn or have the scope of their accreditation reduced after a reassessment. If a third party conformity assessment body does not notify the CPSC as proposed § 1112.11(c) would require, such non-compliance may be grounds for withdrawal of acceptance of the accreditation by the Commission itself under section 14(e)(1)(B) of the CPSA for failure to “comply with an applicable * * * requirement established by the Commission” under the audit regulations.

Proposed § 1112.11(d) would explain that the CPSC will notify the third party Start Printed Page 40789conformity assessment body if the CPSC finds that the third party conformity assessment body no longer meets the conditions contained in CPSC Form 223 or in the relevant statutory provisions applying to that third party conformity assessment body. The CPSC also will identify the condition or statutory provision that is no longer met and specify a time by which the third party conformity assessment body must notify the CPSC of the steps that it intends to take to correct the deficiency and when it will complete such steps. Proposed § 1112.11(d) also would require the quality manager to document that he/she notified the relevant parties within the third party conformity assessment body to take corrective action and also document the action(s) taken.

Proposed § 1112.11(e) would describe the possible consequences if a third party conformity assessment body fails to remedy the deficiency in a timely fashion. In brief, proposed § 1112.11(e) would state that the CPSC “shall take whatever action it deems appropriate under the circumstances, up to and including withdrawing the CPSC's accreditation of the third party conformity assessment body or the CPSC's acceptance of the third party conformity assessment body's accreditation.”

G. Proposed § 1112.13—What Records Should a Third Party Conformity Assessment Body Retain Regarding an Audit?

Proposed § 1112.13 would require a third party conformity assessment body to retain all records relating to an audit and all records pertaining to the third party conformity assessment body's resolution of or plans for resolving nonconformities identified by the audit. Such nonconformities could be identified through a reassessment by an accreditation body or through an examination by the CPSC. The proposal also would require third party conformity assessment bodies to retain records relating to the last three reassessments (or however many reassessments have been conducted if the third party conformity assessment body has been reassessed less than three times) and to make such records available to the CPSC upon request.

The Commission also proposes to require third party conformity assessment bodies to retain records relating to the last three reassessments because such records may reveal whether a pattern of problems with accreditation exists and how quickly such problems are addressed and resolved.

III. Paperwork Reduction Act

This proposed rule contains information collection requirements that are subject to public comment and review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). This part of the preamble to the proposed rule describes the provisions in this section of the document with an estimate of the annual reporting burden. Our estimate includes the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing each collection of information.

The Commission invites comments on: (1) Whether the collection of information is necessary for the proper performance of the CPSC's functions, including whether the information will have practical utility; (2) the accuracy of the CPSC's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques, when appropriate, and other forms of information technology.

Title: Audit Requirements for Third Party Conformity Assessment Bodies.

Description: The proposed rule would require third party conformity assessment bodies to comply with the audit requirements. As part of these requirements, the proposed rule would, if finalized, require the third party conformity assessment bodies to complete an on-line form to begin the examination portion of the audit process. This form asks for certain identifying information pertaining to the third party conformity assessment body, information concerning whether the third party conformity assessment body is owned, managed, or controlled by manufacturers or private labelers of children's products, whether the third party conformity assessment body is owned or controlled by a government entity, the laboratory accreditation certificate for the third party conformity assessment body, and, for “firewalled” conformity assessment bodies, training materials. Additionally, the proposed rule would require third party conformity assessment bodies to retain records relating to a reassessment and all records pertaining to the third party conformity assessment body's resolution or plans for resolving nonconformities identified by the reassessment. The proposal also would require third party conformity assessment bodies to retain such records relating to the last three reassessments (or however many reassessments have been conducted if the third party conformity assessment body has been reassessed less than three times). Proposed § 1112.13 would require the third party conformity assessment body to make such records available to the CPSC upon request.

Description of Respondents: Persons who are third party conformity assessment bodies pursuant to section 14(a) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 2063(a)).

The CPSC estimates the burden of this collection of information as follows:

Table 1—Estimated Annual Reporting Burden

16 CFR SectionNumber of respondentsFrequency of responsesTotal annual responsesHours per responseTotal hours
1112.9(b)(1)15011501150
1112.9(b)(2)3130.250.75
1112.1315011504600
Total750.75
There are no capital costs or operating and maintenance costs associated with this collection of information.

Our estimates are based on the following information:

  • As of June 5, 2009, 153 third party conformity assessment bodies had registered with the CPSC. However, because the CPSC expects to receive additional registrations and because section 14(a)(3)(B)(vi) of the CPSA Start Printed Page 40790requires the Commission to issue a notice of requirement for “all other children's product safety rules,” it is anticipated that many more third party conformity assessment bodies will register. Therefore, the Commission tentatively estimates the number of third party conformity assessment bodies to be 300.
  • Under proposed § 1112.9(b)(1), third party conformity assessment bodies would be required to resubmit CPSC Form 223. At a minimum, assuming there are no changes to the information that a third party conformity assessment body has submitted previously in its CPSC Form 223, the resubmission would occur every two years from the date of the previous submission. As all third party conformity assessment bodies have not submitted their first CPSC Form 223s at the same time, only some would be expected to resubmit a CPSC Form 223 in any one year. The percentage of third party conformity assessment bodies that will resubmit a CPSC Form 223 in a given year cannot be determined at this time, so, for purposes of this analysis, the CPSC will assume that half of the third party conformity assessment bodies will resubmit a CPSC Form 223 in any given year. Thus, the estimated number of respondents for proposed § 1112.9(b)(1) is 150 (300 total third party conformity assessment bodies × 0.5 resubmissions annually per third party conformity assessment bodies = 150 resubmissions annually). Furthermore, the CPSC estimates the burden hour for each resubmission to be one hour, so the total burden associated with proposed § 1112.9(b)(1) would be 150 hours (150 resubmissions × 1 hour per resubmission = 150 hours).
  • Under proposed § 1112.9(b)(2), third party conformity assessment bodies would be required to ensure that the information submitted on CPSC Form 223 is current and to submit a new CPSC Form 223 whenever the information changes. Based on current experience with third party conformity assessment bodies, the CPSC estimates that only one percent of third party conformity assessment bodies will revise or update their information, so the estimated number of respondents is 3 (300 third party conformity assessment bodies × 0.01 revisions per conformity assessment body = 3 revisions per year).
  • Under proposed § 1112.13, third party conformity assessment bodies will have to retain records pertaining to an audit and their resolution of or plans for resolving nonconformities identified through a reassessment by an accrediting body or through an examination by the CPSC. The proposal also would require third party conformity assessment bodies to retain records relating to the last three reassessments (or however many reassessments have been conducted if the number of reassessments is less than three). The number of third party conformity assessment bodies to be reassessed in a given year cannot be determined at this time, but, for purposes of this analysis, the CPSC will assume that half will be reassessed in any given year. Thus, the estimated number of respondents is 150 (300 third party conformity assessment bodies × 0.5 reassessments annually per third party conformity assessment bodies = 150 reassessments annually). As for the time required to retain such records, it is difficult to estimate such time with precision because the amount of time is likely to vary among the third party conformity assessment bodies. Third party conformity assessment bodies that are accredited in more than one field or that have scopes that include a large number of tests are likely to require more time to manage the records generated during an audit than those who are accredited in only one field or whose scopes are limited to only a few tests. It is also likely that third party conformity assessment bodies at which a large number of nonconformities are discovered during a reassessment audit will require more time to maintain the records since more records are likely to be generated in correcting the nonconformities. Nevertheless, the CPSC tentatively estimates that it will take 4 hours per third party conformity assessment body, so the overall recordkeeping burden will be 600 hours (150 reassessments per year × 4 hours per record per reassessment = 600 hours). Most respondents probably will need less time to maintain records, but some can be expected to require more time due to factors such as the number of nonconformities found that might require the preparation of additional documents.

The total burden, therefore, is 750.75 hours, which the CPSC will round up to 751 hours.

In compliance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)), the CPSC has submitted the information collection requirements of this rule to OMB for review. Interested persons are requested to fax comments regarding information collection by September 14, 2009, to the Office of Information and Regulatory Affairs, OMB (see ADDRESSES).

IV. Regulatory Flexibility Act

The CPSC has examined the impacts of the proposed rule under the Regulatory Flexibility Act (5 U.S.C. 601-612). The Regulatory Flexibility Act requires agencies to analyze regulatory options that would minimize any significant impact of a rule on small entities. Because the required information is minimal and the costs associated with the audits are low, the Commission certifies that the proposed rule would not have a significant economic impact on a substantial number of small entities.

A. Objectives and Legal Basis for the Draft Proposed Rule

Section 102(b) of the CPSIA requires the Commission to establish requirements for the periodic audit of the third party conformity assessment bodies in order for them to maintain their accreditation. The draft proposed rule would implement the CPSIA's audit requirement. The purpose of a periodic audit is to ensure that an accredited third party conformity assessment body is still competent to perform the testing services for which it has been accredited. In the case of accredited third party conformity assessment bodies that are owned, managed, or controlled by a manufacturer (or “firewalled” conformity assessment bodies) or that are owned or controlled in whole or in part by a government entity, the audit requirements provide the Commission with an opportunity to ensure that the third party conformity assessment body continues to comply with the CPSIA's requirements for “firewalled” and government-owned or government-controlled conformity assessment bodies.

B. Firms Subject to the Requirement for Periodic Audits

The requirement for periodic audits will only affect those third party conformity assessment bodies that seek to be able to provide the CPSIA-required third-party conformity assessment services for manufacturers or private labelers of children's products. Third party conformity assessment bodies that do not intend to offer third party conformance testing for children's products are not affected by the requirements for accreditation or periodic audits.

As of June 5, 2009, the CPSC had accepted the accreditations of 153 third party conformity assessment bodies. Of these, 40 are located within the United States. Of the third party conformity assessment bodies located in the United Start Printed Page 40791States, six of the locations are owned by very large, foreign-based companies; nine are affiliated with large, United States-based companies; and the balance or 25 (about 63 percent) are affiliated with companies that could be small businesses according to the criteria established by the Small Business Administration (SBA), which for a testing laboratory (NAICS code 541380) is a company with less than $12.5 million in annual revenue.

It is likely that the number of third party conformity assessment bodies with CPSC-accepted accreditations will increase over the next several months or years as the CPSIA's third party testing requirements are implemented or become effective. (The Commission, in a notice published in the Federal Register on February 9, 2009 (74 FR 6396), announced a stay of enforcement pertaining to certain provisions of section 14(a) of the CPSA; those provisions, in general, required testing and issuance of certificates of compliance by manufacturers, and the stay is to remain in effect until February 10, 2010. Additionally, section 14(a)(3)(B) of the CPSA establishes a timeline for accreditation and directs the CPSC to publish “notices of requirements” for accreditation of third party conformity assessment bodies; as more notices of requirements issue, it is reasonable to expect that the number of third party conformity assessment bodies seeking accreditation will increase.) Therefore, it is not possible to state with certainty how many third party conformity assessment bodies will ultimately be accredited. CPSC staff believes that the number of third party conformity assessment bodies in the United States that are ultimately accredited for testing children's products may reach 120. If 63 percent of these meet the SBA criteria for a small business, then about 76 small U.S. businesses would be affected by this proposed rule.

C. Requirements of the Draft Proposed Rule and Possible Impacts on Small Businesses

The notices of requirements issued by the CPSC for the accreditation of third party conformity assessment bodies state that, as a baseline requirement, third party conformity assessment bodies must be accredited by an accreditation body that is a signatory to the International Laboratory Accreditation Cooperation—Mutual Recognition Arrangement (ILAC-MRA). ILAC is an international cooperation of laboratory accreditation bodies that seeks to harmonize laboratory accreditation procedures so as to facilitate the acceptance of the testing results of accredited laboratories both within and across national boundaries. The ILAC-MRA includes requirements for the initial assessment of laboratories and periodic reassessments. Laboratories that do not submit to the periodic reassessments lose their accredited status.

Under the proposed rule, the periodic audit of a third party conformity assessment body would consist of two parts. The first part would be a reassessment by the accrediting body to determine whether it continues to meet the conditions for accreditation. The second part of the audit would be the resubmission to the CPSC of CPSC Form 223 and its review by the CPSC.

All signatories to the ILAC-MRA have requirements for the periodic reassessment of accredited laboratories. The ILAC-MRA harmonized procedures for surveillance and reassessment of accredited laboratories (available on the Internet at http://www.ilac.org/​documents/​ILAC_​G10_​1996_​harm_​proced_​for_​surve_​and_​reass_​of_​accrd_​labs.pdf) recommend that the time between reassessments be no more than 60 months provided that the accrediting body undertakes somewhat less comprehensive surveillance visits at least every 18 months. However, many accrediting bodies opt to undertake more frequent full reassessments rather than conduct surveillance visits. According to ISO/IEC 17011, if an accreditation body does not conduct surveillance visits, full reassessments of accredited laboratories must take place at least once every two years.

The resubmission of CPSC Form 223 is intended to give the CPSC an opportunity to ensure that the third party conformity assessment body is still accredited by an ILAC-MRA signatory and still complies with the requirements of section 102 of the CPSIA with respect to “firewalled” and government-owned or government-controlled conformity assessment bodies. The CPSC is proposing that CPSC Form 223 be kept current or that, in the absence of any changes to the information that a third party conformity assessment body has previously submitted, be resubmitted every two years.

The cost of the periodic audit includes the cost of the time of the accrediting body's assessor to conduct the assessment, the cost of the assessor's travel to the site, and the cost of lodging and meals while the assessor is conducting the reassessment. According to a representative of an accrediting body, a reassessment will typically take two to three days, and the cost charged to the third party conformity assessment body usually will be $3,000 to $4,000 per field (e.g., chemical, electrical, or mechanical testing) in which the third party conformity assessment body is accredited. Therefore, a third party conformity assessment body that is accredited for testing conformance to both chemical and mechanical standards could expect an assessment or reassessment to cost $6,000 to $8,000.

Another cost of a reassessment by an accrediting body is the cost of the time that third party conformity assessment body personnel spend cooperating with the assessors. This includes the time required to prepare or assemble documents needed by the auditors and to explain or demonstrate the procedures used at the third party conformity assessment body. No empirical estimates of this cost were found, but one might expect that the amount of time spent by third party conformity assessment body personnel during a reassessment would be close to the amount of time spent by the assessor. If the average reassessment takes 2.5 days (or 20 hours) and the wage of the employees involved is about $44 an hour, then the cost of the time of the third party conformity assessment body's personnel spent cooperating with the reassessment would be about $880. (The median hourly wage of architecture and engineering occupations in testing laboratories (NAICS code 541380) is $31.65 (U.S. Department of Labor, Bureau of Labor Statistics, National Occupational Employment and Wage Estimates, May 2008 (data extracted on June 17, 2009 from http://www.bls.gov/​data/​). In 2008, wages and salaries represented about 71.9 percent of total compensation for professional and related occupations in private industry (U.S. Department of Labor, Bureau of Labor Statistics, Employer cost for Employee Compensation (data extracted on June 17, 2009)).) The cost could be higher if a reassessment took longer than 2.5 days or higher paid employees were involved in the reassessment.

Another requirement would be the resubmission of CPSC Form 223, which must be done every two years. The cost to resubmit this form is probably low for most third party conformity assessment bodies, unless there have been significant changes in the third party conformity assessment body's ownership or internal practices since the last time it submitted the form. On average, the CPSC estimates that it will take one hour to complete this form and submit it electronically. If the form is completed by a manager, the cost would average $68, assuming the median Start Printed Page 40792hourly compensation for a general or operations manager in a testing laboratory. (The median hourly wage of a general or operations managers in testing laboratories (NAICS code 541380) is $48.73 (U.S. Department of Labor, Bureau of Labor Statistics, National Occupational Employment and Wage Estimates, May 2008 (data extracted on June 17, 2009 from http://www.bls.gov/​data/​)). In 2008, wages and salaries represented about 71.9 percent of total compensation for professional and related occupations in private industry (U.S. Department of Labor, Bureau of Labor Statistics, Employer cost for Employee Compensation (data extracted on June 17, 2009)).) The cost could be somewhat higher than average for “firewalled” and government-owned or government-controlled conformity assessment bodies. “Firewalled” conformity assessment bodies will need to provide the CPSC staff with the updated information and documents that describe the training that the “firewalled” conformity assessment body employees receive for reporting to the CPSC any allegation of an attempt by a manufacturer, private labeler, or other interested party to hide or exert undue influence over test results. Government-owned or government-controlled conformity assessment bodies might need to provide updated information to demonstrate that the government entity does not exert undue influence on the operation of the third party conformity assessment body or the testing results and that the third party conformity assessment body is not treated more favorably than other accredited third party conformity assessment bodies in the same nation.

The draft proposed rule also would require that third party conformity assessment bodies keep the information on CPSC Form 223 current. Based on the experience to date, the CPSC staff expects that about one percent of the third party conformity assessment bodies will need to provide updates to the form during the year. These updates should take about 15 minutes to complete online.

The periodic audits that would be required would cost third party conformity assessment bodies about $4,000 to $5,000 (rounded to the nearest thousand) per field in which the third party conformity assessment body is accredited. This cost includes the cost of the accrediting body's assessors as well as the time of the third party conformity assessment body personnel that is spent on the audit, and other costs, such as the cost of providing the materials required of “firewalled” conformity assessment bodies. The time periods between audits will vary to some degree between accrediting bodies, but a typical period is about every two years. Therefore, the annual average cost of the periodic audits would be approximately $2,000 to $2,500 per field in which the third party conformity assessment body is accredited. Therefore, the annual cost to a third party conformity assessment body accredited in three fields (e.g., chemical, mechanical, and electrical) would be approximately $6,000 to $7,500.

As noted earlier, the SBA considers a testing laboratory to be a small business if its annual revenue is less than $12.5 million. According to the 2002 Economic Census, a very high percentage of testing laboratories would be considered to be small businesses. In 2002, almost 97 percent of all testing laboratories had revenue of less than $10 million, and almost 50 percent had revenue of less than $500,000 (see U.S. Department of Commerce, Bureau of the Census, 2002 Economic Census (release date November 15, 2005); accessed at http://factfinder.census.gov/​servlet/​IBQTable?​_​bm=​y&​-ds_​name=​EC0254SSSZ4&​-NAICS2002=​541380 (June 4, 2008)). Also, about 63 percent of the third party conformity assessment bodies that have been accredited so far for testing children's products appear to be small businesses. Therefore, it is likely that the proposed rule will impact a substantial number of small businesses. However, it is unlikely that the rule will have significant adverse impact on many third party conformity assessment bodies. The only third party conformity assessment bodies that will seek accreditation for testing children's products are those that expect to receive substantial revenue from the testing required by the CPSIA. Those third party conformity assessment bodies that do not expect substantial revenue from the testing required by the CPSIA will not seek to be accredited for the testing or they will not renew their accreditation if they had initially sought accreditation, but the expected revenue did not materialize.

D. Alternatives Considered to the Draft Proposed Rule

Given that the CPSC is relying upon accrediting bodies that are signatories to the ILAC-MRA to accredit and reassess the third party conformity assessment bodies, there are no realistic alternatives to the draft proposed rule that would substantially lower the cost of the periodic audits. The frequency of the reassessments of the third party conformity assessment bodies is determined by the accrediting bodies, not the CPSC. The CPSC could reduce the frequency that CPSC Form 223 must be resubmitted. However, it probably takes a third party conformity assessment body an average of 1 hour to review and resubmit CPSC Form 223 and any supplemental materials. Therefore, reducing the frequency that this form has to be resubmitted would not significantly lower the cost of the periodic audits.

V. Environmental Considerations

This proposed rule falls within the scope of the Commission's environmental review regulations at 16 CFR 1021.5(c)(2) which provide a categorical exclusion from any requirement for the agency to prepare an environmental assessment or environmental impact statement for product certification rules.

VI. Effective Date

The Commission is proposing that any final rule based on this proposal become effective 60 days after its date of publication in the Federal Register.

Start List of Subjects

List of Subjects in 16 CFR Part 1112

End List of Subjects

For the reasons stated above, the Commission proposes to amend Title 16 of the Code of Federal Regulations by adding a new part 1112 to read as follows:

Start Part

PART 1112—AUDIT REQUIREMENTS FOR THIRD PARTY CONFORMITY ASSESSMENT BODIES

1112.1
Purpose.
1112.3
Definitions.
1112.5
Who Is Subject to These Audit Requirements?
1112.7
What Must an Audit Address or Cover? Who Conducts the Audit?
1112.9
When Must an Audit be Conducted?
1112.11
What Must a Third Party Conformity Assessment Body Do After an Audit?
1112.13
What Records Should a Third Party Conformity Assessment Body Retain Regarding an Audit?
Start Authority

Authority: Public Law 110-314, Sec. 3, 122 Stat. 3016, 3017 (2008); 15 U.S.C. 2063.

End Authority
Purpose.

This part establishes the audit requirements for third party conformity assessment bodies pursuant to section 14(d)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 2063(d)(1)). Compliance with these requirements is a condition for the continuing accreditation of such third party conformity assessment bodies pursuant Start Printed Page 40793to section 14(a)(3)(C) of the CPSA. However, this part does not apply to certifying organizations under the Labeling of Hazardous Art Materials Act even if such organizations are third party conformity assessment bodies.

Definitions.

The following definitions apply for purposes of this part:

(a) “Accreditation” means a procedure by which an authoritative body gives formal recognition that a third party conformity assessment body is competent to perform specific tasks. Accreditation recognizes a third party conformity assessment body's technical capability and is usually specific for tests of the systems, products, components, or materials for which the third party conformity assessment body claims proficiency.

(b) “Accreditation body” means an entity that:

(1) Accredits or has accredited a third party conformity assessment body as meeting, at a minimum, the International Organization for Standardization (ISO) Standard ISO/IEC 17025:2005, “General Requirements for the Competence of Testing and Calibration Laboratories” and any test methods or consumer product safety requirements specified in the relevant notice of requirements issued by the Commission; and

(2) Is a signatory to the International Laboratory Accreditation Cooperation—Mutual Recognition Arrangement.

(c) “Audit” means a systematic, independent, documented process for obtaining records, statements of fact, or other relevant information, and assessing them objectively to determine the extent to which specified requirements are fulfilled. An audit, for purposes of this part, is composed of two parts:

(1) An examination by an accreditation body to determine whether the third party conformity assessment body meets or continues to meet the conditions for accreditation (a process known more commonly as a “reassessment”); and

(2) The resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the Consumer Product Safety Commission's (“CPSC's”) examination of the resubmitted CPSC Form 223. If the third party conformity assessment body is owned, managed, or controlled by a manufacturer or private labeler (also known as a “firewalled” conformity assessment body) or is a government-owned or government-controlled conformity assessment body, the CPSC's examination may include verification to ensure that the entity continues to meet the appropriate statutory criteria pertaining to such conformity assessment bodies.

(d) “CPSC” means the Consumer Product Safety Commission.

(e) “Quality manager” means an individual (however named) who, irrespective of other duties and responsibilities, has defined responsibility and authority for ensuring that the management system related to quality is implemented and followed at all times and has direct access to the highest level of management at which decisions are made on the conformity assessment body's policy or resources.

(f) Unless otherwise stated, the definitions of section 3 of the CPSA and additional definitions in the Consumer Product Safety Improvement Act of 2008, Pub. L. 110-314, apply for purposes of part 1112 of this title.

Who Is Subject to These Audit Requirements?

Except for certifying organizations described in 16 CFR 1500.14(b)(8), these audit requirements apply to third party conformity assessment bodies operating pursuant to section 14(a)(2) of the CPSA. Third party conformity assessment bodies must comply with the audit requirements as a continuing condition of the CPSC's acceptance of their accreditation.

What Must an Audit Address or Cover? Who Conducts the Audit?

(a) The reassessment portion of an audit may cover the management systems, specific tests, types of tests, calibrations, or types of calibrations that are the subject of the third party conformity assessment body's accreditation. Each reassessment portion of an audit also must examine the third party conformity assessment body's management systems to ensure that the third party conformity assessment body is free from any undue influence regarding its technical judgment.

(b) The third party conformity assessment body must have the reassessment portion of the audit conducted by the same accreditation body that accredited the third party conformity assessment body. For example, if a third party conformity assessment body was accredited by an accreditation body named AB-1, then AB-1 would conduct the reassessment. If, however, the same third party conformity assessment body changes its accreditation, so that it becomes accredited by a different accreditation body named AB-2, then AB-2 would conduct the reassessment.

(c) The third party conformity assessment body must have the examination portion of the audit conducted by the CPSC. The examination portion of the audit will consist of resubmission of the “Consumer Product Conformity Assessment Body Acceptance Registration Form” (CPSC Form 223) by the third party conformity assessment body and the CPSC's examination of the resubmitted CPSC Form 223.

(1) For “firewalled” conformity assessment bodies, the CPSC's examination may include verification to ensure that the “firewalled” conformity assessment body continues to meet the criteria set forth in section 14(f)(2)(D) of the CPSA.

(2) For government-owned or government-controlled conformity assessment bodies, the CPSC's examination may include verification to ensure that the government-owned or government-controlled conformity assessment body continues to meet the criteria set forth in section 14(f)(2)(B) of the CPSA.

When Must an Audit be Conducted?

(a) At a minimum, each third party conformity assessment body must be reassessed at the frequency established by its accreditation body.

(b) For the examination portion of the audit, which is conducted by the CPSC:

(1) Each third party conformity assessment body must ensure that the information it submitted on CPSC Form 223 is current and submit a new CPSC Form 223 whenever the information changes.

(2) In the absence of any changes that would necessitate the submission of a new CPSC Form 223, the third party conformity assessment body must re-register at the CPSC every two years using CPSC Form 223.

(3) If the third party conformity assessment body has registered more than once with the CPSC, has registered at different times, and has no changes in information that would warrant the submission of a new CPSC Form 223, the first examination portion of the audit should be performed two years after the last registration date, and then every two years thereafter.

(4) If the third party conformity assessment body has made changes that warranted the submission of a new CPSC Form 223, then the first examination portion of the audit would be performed two years after the submission of the new CPSC Form 223.

Start Printed Page 40794
What Must a Third Party Conformity Assessment Body Do After an Audit?

(a) When the accreditation body presents its findings to the third party conformity assessment body, the third party conformity assessment body's quality manager must receive the findings and, if necessary, initiate corrective action in response to the findings.

(b) The quality manager must prepare a resolution report identifying the corrective actions taken and any follow-up activities. If findings indicate that immediate corrective action is necessary, the quality manager must document that he/she notified the relevant parties within the third party conformity assessment body to take immediate corrective action and also document the action(s) taken.

(c) If the accreditation body decides to reduce, suspend, or withdraw the third party conformity assessment body's accreditation, and the reduction, suspension, or withdrawal of accreditation is relevant to the third party conformity assessment body's activities pertaining to a CPSC regulation or test method, the quality manager must notify the CPSC. Such notification must be sent to the Assistant Executive Director, Office of Hazard Identification and Reduction, Consumer Product Safety Commission, 4330 East West Highway, Bethesda, Maryland 20814, within five business days of the accreditation body's notification to the third party conformity assessment body.

(d) If the CPSC finds that the third party conformity assessment body no longer meets the conditions specified in CPSC Form 223 or in the relevant statutory provisions applicable to that third party conformity assessment body, the CPSC will notify the third party conformity assessment body, identify the condition or statutory provision that is no longer met, and specify a time by which the third party conformity assessment body shall notify the CPSC of the steps it intends to take to correct the deficiency and when it will complete such steps. The quality manager must document that he/she notified the relevant parties within the third party conformity assessment body to take corrective action and also document the action(s) taken.

(e) If the third party conformity assessment body fails to remedy the deficiency in a timely fashion, the CPSC shall take whatever action it deems appropriate under the circumstances, up to and including withdrawing the CPSC's accreditation of the third party conformity assessment body or the CPSC's acceptance of the third party conformity assessment body's accreditation.

What Records Should a Third Party Conformity Assessment Body Retain Regarding an Audit?

A third party conformity assessment body must retain all records relating to an audit and all records pertaining to the third party conformity assessment body's resolution of or plans for resolving nonconformities identified through a reassessment by an accreditation body or through an examination by the CPSC. A third party conformity assessment body also must retain such records relating to the last three reassessments (or however many reassessments have been conducted if the third party conformity assessment body has been reassessed less than three times) and make such records available to the CPSC upon request.

Start Signature

Dated: August 7, 2009.

Todd A. Stevenson,

Secretary.

End Signature End Part End Supplemental Information

[FR Doc. E9-19443 Filed 8-12-09; 8:45 am]

BILLING CODE 6355-01-P