[Federal Register Volume 77, Number 101 (Thursday, May 24, 2012)]
[Rules and Regulations]
[Pages 31073-31085]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-10922]
[[Page 31073]]
Vol. 77
Thursday,
No. 101
May 24, 2012
Part II
Consumer Product Safety Commission
-----------------------------------------------------------------------
16 CFR Parts 1112 and 1118
Audit Requirements for Third Party Conformity Assessment Bodies and
Requirements Pertaining to Third Party Conformity Assessment Bodies;
Final Rule and Proposed Rule
��Federal Register / Vol. 77 , No. 101 / Thursday, May 24, 2012 / Rules
and Regulations��
[[Page 31074]]
-----------------------------------------------------------------------
CONSUMER PRODUCT SAFETY COMMISSION
16 CFR Part 1112
[CPSC Docket No. CPSC-2009-0061]
Audit Requirements for Third Party Conformity Assessment Bodies
AGENCY: Consumer Product Safety Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Consumer Product Safety Commission (``CPSC,''
``Commission,'' or ``we'') is issuing a final rule establishing
requirements for the periodic audit of third party conformity
assessment bodies as a condition of their continuing accreditation.
The final rule implements a section of the Consumer Product Safety
Act (``CPSA''), as amended by the Consumer Product Safety Improvement
Act of 2008 (``CPSIA'').
DATES: This rule is effective on July 23, 2012.
FOR FURTHER INFORMATION CONTACT: Randy Butturini, U.S. Consumer Product
Safety Commission, 4330 East West Highway, Bethesda, MD 20814; 301-504-
7562; email: RButturini@cpsc.gov.
SUPPLEMENTARY INFORMATION:
I. Introduction
In the Federal Register of August 13, 2009 (74 FR 40784), we
published a proposed rule that would establish requirements for the
periodic audit of third party conformity assessment bodies as a
condition of their continuing accreditation. The proposed rule would
implement section 14(d)(1) of the CPSA, as amended by section 102(b) of
the CPSIA. (On August 12, 2011, the President signed into law Public
Law 112-28, which amended both the CPSA and the CPSIA. Section 10(a) of
Public Law 112-28 redesignates what was identified as section 14(d) of
the CPSA in the preamble of the proposed rule as section 14(i) of the
CPSA; consequently, except where we are citing language from the
proposed rule, the remainder of this document will refer to section
14(i) of the CPSA.)
Section 14(a)(1) of the CPSA (15 U.S.C. 2063(a)(1)) requires that
the manufacturer (including the importer) and the private labeler, if
any, of a product that is subject to an applicable consumer product
safety rule under the CPSA, or any similar rule, ban, standard, or
regulation under any other Act enforced by the CPSC, issue a
certificate, which certifies ``based on a test of each product or upon
a reasonable testing program, that such product complies with all
rules, bans, standards, or regulations applicable to the product under
this Act or any other Act enforced by the Commission'' and specifies
each rule, ban, standard, or regulation applicable to the product. This
requirement applies to any such product manufactured on or after
November 12, 2008.
Section 14(a)(2) of the CPSA establishes a third party testing
requirement for children's products that are subject to a children's
product safety rule. In general, section 14(a)(2) of the CPSA states,
in part, that every manufacturer or private labeler (if the children's
product bears a private label) of such products shall submit sufficient
samples of the product, or samples that are identical in all material
respects to the product, to an accredited third party conformity
assessment body to be tested for compliance with such children's
product safety rule.
In the Federal Register of May 20, 2010 (75 FR 28336), we published
a proposed rule that would establish the requirements for a reasonable
testing program and for compliance and continued testing of children's
products. In the Federal Register of November 8, 2011 (76 FR 69482), we
published a final rule with respect to compliance and continued testing
of children's products.
Section 14(a)(3) of the CPSA establishes various timelines for
accreditation and requires the Commission to publish a notice of the
requirements for accreditation of third party conformity assessment
bodies to assess conformity with specific laws or regulations. We have
published several notices of requirements in the Federal Register (see,
e.g., 76 FR 49286 (August 10, 2011) (``Third Party Testing for Certain
Children's Products; Notice of Requirements for Accreditation of Third
Party Conformity Assessment Bodies to Assess Conformity with the Limits
on Phthalates in Children's Toys and Child Care Articles,''); 76 FR
46598 (August 3, 2011) (``Third Party Testing for Certain Children's
Products; Toys: Requirements for Accreditation of Third Party
Conformity Assessment Bodies'')). Section 14(a)(3)(C) of the CPSA
states that accreditation of third party conformity assessment bodies
may be conducted by the Commission or by an independent accreditation
organization designated by the Commission.
Section 14(i)(1) of the CPSA requires the Commission to establish
``requirements for the periodic audit of third party conformity
assessment bodies as a condition for the continuing accreditation of
such conformity assessment bodies'' under section 14(a)(3)(C) of the
CPSA. This final rule implements section 14(i)(1) of the CPSA.
II. Comments on the Proposed Rule, the CPSC's Responses, and a
Description of the Final Rule
The proposed rule would create a new part 1112, titled, ``Audit
Requirements for Third Party Conformity Assessment Bodies,'' in Title
16 of the Code of Federal Regulations. Six commenters responded to the
proposal.
We describe and respond to the comments in this section of this
document and also describe the final rule. A summary of each of the
commenter's topics is presented, and each topic is followed by staff's
response. For ease of reading, each topic will be prefaced with a
numbered ``Comment''; and each response will be prefaced by a
corresponding numbered ``Response.'' Each ``Comment'' is numbered to
help distinguish between different topics. The number assigned to each
comment is for organizational purposes only and does not signify the
comment's value, or importance, or the order in which it was received.
Comments on similar topics are grouped together.
A. Comments on Specific Provisions
Most commenters addressed specific sections in the proposed rule,
or referenced issues associated with a particular term in a proposed
section, but not directly relevant to the proposed section itself. We
address those comments in this section. However, on our own initiative,
we have renumbered the sections and renamed the part in which the
sections will be placed. For example, proposed Sec. 1112.1, titled,
``Purpose,'' is now renumbered as Sec. 1112.20. As another example,
the proposed rule would have created a part 1112, titled, ``Audit
Requirements for Third Party Conformity Assessment Bodies''; however,
the final rule divides the audit requirements into two subparts and
renames part 1112, ``Requirements Pertaining to Third Party Conformity
Assessment Bodies.'' We have taken this action because, elsewhere in
this issue of the Federal Register, we have published a proposed rule
to establish other requirements pertaining to third party conformity
assessment bodies (such as the requirements for accreditation and
provisions for the withdrawal and suspension of third party conformity
assessment bodies) and wish to place all requirements for third party
conformity assessment bodies in a single location. This will make it
easier for interested
[[Page 31075]]
parties to locate the regulations pertaining to third party conformity
assessment bodies.
1. Sec. 1112.30--Purpose
Proposed Sec. 1112.1 (now renumbered as Sec. 1112.30 in the final
rule) would describe the purpose of the audit rule. In brief, proposed
Sec. 1112.1 would state that part 1112 ``establishes the audit
requirements for third party conformity assessment bodies pursuant to
section 14(d)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C.
2063(d)(1)).'' Under section 14(i)(1) of the CPSA, compliance with the
requirements in part 1112 would be a condition of continuing the
accreditation of such third party conformity assessment bodies.
(Comment 1)--One commenter noted that the proposal referred to
certifying organizations under the Labeling of Hazardous Art Materials
Act (LHAMA). The commenter stated that art and craft companies cannot
afford both LHAMA and what the commenter called ``redundant'' testing
under the CPSIA. The commenter said that retailers that do not
recognize the Art and Creative Materials Institute (ACMI) as a third
party conformity assessment body are demanding additional tests. The
commenter said the CPSC should consider the acceptance of current
certification programs, such as ACMI's, to be in full compliance with
the CPSIA.
(Response 1)--Although issues related to product testing are
outside the scope of the audit rule, the commenter may have
misinterpreted the statute and the proposed rule's reference to
certifying organizations under LHAMA. Section 14(f)(2)(C) of the CPSA
states that certifying organizations, as defined in appendix A to 16
CFR 500.14(b)(8), are third party conformity assessment bodies with
respect to certifying art materials and art products to Federal
Hazardous Substances Act (FHSA) requirements. Current certification
programs, such as ACMI's, are for certifying to LHAMA rules. Section 14
of the CPSA, however, also requires children's products to be tested
for compliance to children's product safety rules; and it defines
``children's product safety rules'' as ``a consumer product safety rule
under [the CPSA] or similar rule, regulation, standard, or ban under
any other Act enforced by the Commission, including a rule declaring a
consumer product to be a banned hazardous product or substance.'' Thus,
because the definition of ``children's product safety rule'' is broader
than certification of art materials and art products to FHSA
requirements, testing under section 14 of the CPSA is not ``redundant''
to LHAMA certification.
Therefore, the final rule retains the text of the ``Purpose''
section, although we have replaced ``part,'' with ``subpart,'' to
reflect that the audit requirements are now subpart C of part 1112.
Additionally, on our own initiative, we have:
Changed the title from ``Purpose,'' to ``What Is the
Purpose of this Subpart?'' to be consistent with the style used for
other headings in the final rule;
Revised the second sentence stating that ``Compliance with
these requirements is condition for the continuing accreditation * *
*'' to ``Compliance with these requirements is a condition of the
continuing accreditation * * *''; and
Revised the third sentence by inserting a comma between
``Labeling of Hazardous Art Materials Act'' and ``even.''
These changes are not substantive, and the latter two changes were
made for grammatical purposes.
2. Subpart A--Purpose and Definitions
Proposed Sec. 1112.3 would define various terms used in part 1112.
The final rule now places all definitions in Sec. 1112.3 in subpart A,
``Purpose and Definitions.''
a. Accreditation
Proposed Sec. 1112.3(a) would define ``accreditation'' as:
A procedure by which an authoritative body gives formal recognition
that a third party conformity assessment body is competent to perform
specific tasks. Accreditation recognizes a third party conformity
assessment body's technical competence and is usually specific for
tests of the systems, products, components, or materials for which the
third party conformity assessment body claims proficiency.
The preamble to the proposed rule explained that the definition was
based on a description used by the International Organization for
Standardization (ISO) in relation to ISO Standard ISO/IEC 17025:2005,
``General Requirements for the Competence of Testing and Calibration
Laboratories,'' except that it uses the term ``third party conformity
assessment body,'' instead of ``lab,'' and refers to ``technical
competence,'' instead of ``technical capability'' (see 74 FR at 40785).
We explained that the term ``third party conformity assessment body''
is used in section 14(a)(3)(C) of the CPSA, and that we were aware that
ISO/IEC 17025:2005, by reference, incorporates the definitions set
forth in ISO/IEC 17000:2004, ``Conformity Assessment--Vocabulary and
General Principles,'' but we decided against adopting the definition of
``accreditation'' in ISO/IEC 17000 because it incorporates several
other definitions by implied reference.
(Comment 2)--One commenter would revise the first sentence of the
definition to define ``accreditation'' as: ``A procedure by which an
authoritative body gives formal recognition that a third party
conformity assessment body meets competence requirements to perform
specific tasks.'' The commenter explained that accreditation is ``not a
subjective assessment of competence based on whatever the individual
assessors think is important, but rather is a requirements-based
activity.''
(Response 2)--We agree with the commenter, and we have revised the
definition accordingly.
Additionally, on our own initiative, we have revised the numbering
in Sec. 1112.3, generally, to eliminate the paragraph designations
before each defined term. We removed the paragraph designations to be
more consistent with accepted formats for regulations.
(Comment 3)--One commenter suggested revising the definition of
``accreditation'' to ``meet the international requirement,'' but they
did not explain what is meant by ``the international requirement.''
(Response 3)--For purposes of this response, we assume that the
commenter's reference to ``international requirement'' means the
definitions used in ISO/IEC 17000:2004, ``Conformity Assessment--
Vocabulary and General Principles.'' Section 5.5 of ISO/IEC 17000: 2004
defines ``accreditation'' as ``third party attestation (5.2) related to
a conformity assessment body (2.5) conveying a formal demonstration of
its competence to carry out specific conformity assessment tasks.'' As
we explained in the preamble to the proposed rule, ISO/IEC's definition
of ``accreditation'' incorporates several other definitions by implied
reference; therefore, we chose to adopt a more detailed definition of
the term, rather than adopt a definition from ISO/IEC 17000, whose
terms would compel the reader to consult even more definitions before
they could understand how the rule defines ``accreditation'' (see 74 FR
at 40785).
Alternatively, because the commenter also discussed requiring
reciprocity, it is possible that they meant to suggest that we amend
the definition of ``accreditation'' to include a reciprocity
requirement. As discussed later in part II.B of this preamble in the
response to
[[Page 31076]]
Comment 12, a reciprocity requirement is beyond the scope of this rule.
Consequently, we decline to revise the definition as suggested by
the commenter.
(Comment 4)--Another commenter stated that ISO/IEC 17025:2005 and
ISO 17000:2004 have definitions that are the result of a consensus and
are ``universally accepted and understood.'' The commenter said that
the proposal's use of different definitions or modification of ISO
definitions ``will create unnecessary problems in the process of
accreditation and audits and should be avoided.''
(Response 4)--As the preamble to the proposed rule explained (see
74 FR at 40785), in the definition of ``accreditation,'' we chose to
substitute the term ``third party conformity assessment body'' instead
of ``lab'' to be consistent with the language in section 14(a)(3)(C) of
the CPSA. The preamble to the proposed rule explained other differences
between the proposed definitions and ISO/IEC 17025:2005 and ISO
17000:2004; for example, we chose to define some terms to be consistent
with notices of requirements issued by the Commission, while other
definitions are almost identical to the corresponding ISO definition
(id. at 40785 through 40786).
Furthermore, because the commenter did not identify how any
proposed definition would cause ``unnecessary problems,'' we decline to
revise the rule as suggested by the commenter.
b. Accreditation Body
Proposed Sec. 1112.3(b) would define ``accreditation body'' as
``an entity that accredits or has accredited a third party conformity
assessment body as meeting, at a minimum, the International
Organization for Standardization (ISO) Standard ISO/IEC 17025:2005,
`General Requirements for the Competence of Testing and Calibration
Laboratories,' '' and any test methods or consumer product safety
requirements specified in the relevant notice of requirements issued by
the Commission, and is a signatory to the International Laboratory
Accreditation Cooperation-Mutual Recognition Arrangement. The preamble
to the proposed rule explained that the proposed definition of
``accreditation body'' reflects the basic elements that the Commission
has specified in its notices of requirements for the accreditation of
third party conformity assessment bodies. The preamble also explained
that the phrase ``at a minimum'' recognizes that some accreditation
bodies, as part of the accreditation process, may demand that a third
party conformity assessment body demonstrate its conformity with
specific methods or programs, as well as demonstrate compliance with
ISO/IEC 17025:2005 and with any test methods identified in the relevant
notices of requirements issued by the Commission.
(Comment 5)--Several commenters addressed issues relating to ISO/
IEC 17025:2005 rather than the definition itself.
One commenter said that ISO/IEC 17025:2005 is a ``good baseline,''
but nevertheless, asserted that the CPSC should create a mechanism to
supervise and control the acceptance of government-owned or government-
controlled conformity assessment bodies and firewalled conformity
assessment bodies to help ensure their protection against undue
influence. (A firewalled conformity assessment body is one that is
owned, managed, or controlled by a manufacturer or private labeler of a
children's product to be tested by the conformity assessment body for
certification purposes and that seeks accreditation under the
additional statutory criteria for ``firewalled'' conformity assessment
bodies.)
(Response 5)--Although the commenter's focus on issues of undue
influence goes beyond the scope of the rule, we note that the statutory
accreditation requirements pertaining to undue influence and
government-owned, government-controlled, and firewalled conformity
assessment bodies exceed those of ISO/IEC 17025:2005. Section
14(f)(2)(D) of the CPSA requires firewalled conformity assessment
bodies to have procedures to ensure that test results are protected
from undue influence by the manufacturer, private labeler, or other
interested party. Conformity assessment bodies that apply for CPSC
approval as firewalled laboratories must submit to the Commission
copies of their training documents, showing how employees are trained
to notify the Commission immediately and confidentially of any attempt
by the manufacturer, private labeler, or other interested party to hide
or exert undue influence over the third party conformity assessment
body's test results.
For governmental laboratory applicants, CPSC staff engages the
governmental entities relevant to requests for CPSC acceptance to
obtain the necessary assurances of compliance with the statutory
requirements for governmental conformity assessment bodies
(laboratories). Section 14(f)(2)(B) of the CPSA requires that
governmental-owned or controlled conformity assessment bodies may apply
for CPSC recognition of their accreditation and be subject to the audit
provisions, if, among other requirements:
The conformity assessment body's testing results are not
subject to undue influence by any other person, including another
governmental entity; and
The conformity assessment body does not exercise undue
influence over other governmental authorities controlling distribution
of products based on outcomes of the conformity assessment body's
conformity assessments.
Thus, the final rule retains the definition of ``accreditation body''
without change, except that, on our own initiative, we have inserted
``/International Electrotechnical Commission (IEC)'' after
``International Organization for Standardization (ISO)'' to provide the
full name corresponding to the abbreviation ``IEC''; and we added
``:2005'' after ``17025'' to identify the particular edition of the
standard. We address the process for initially accepting government and
firewalled laboratories in the proposed rule on ``Requirements
Pertaining to Third Party Conformity Assessment Bodies.''
(Comment 6)--One commenter said that there are substantial
differences among accreditation bodies. In some cases, the conformity
assessment body and the accreditation body are both government-
controlled. The commenter added that H.R. 2749, titled, the ``Food
Safety Enhancement Act of 2009,'' has stricter requirements for
firewalled conformity assessment bodies, including a restriction on
such laboratories certifying their own products. The commenter
suggested that the CPSC designate individual accreditation bodies based
on specific criteria to prove their competency with CPSC requirements.
(Response 6)--The Commission, through its notices of requirements,
has required all third party conformity assessment bodies to be
accredited by an accreditation body that is a signatory to the
International Laboratory Accreditation Cooperation-Mutual Recognition
Arrangement (ILAC-MRA) and further mandated that the scope of the
accreditation include testing relative to the appropriate test
method(s) or regulation(s) cited in the notice of requirements. All
ILAC-MRA accreditation bodies must maintain conformity with the current
version of ISO/IEC 17011 and related ILAC guidance documents and ensure
that all accredited laboratories comply with ISO/IEC 17025:2005 and
applicable ILAC policy and guidance documents. This ensures some degree
of similarity
[[Page 31077]]
or uniformity among accreditation bodies, regardless of their
geographical location, and it also ensures consistency among third
party conformity assessment bodies accredited by such ILAC-MRA
accreditation bodies. Requiring specific criteria of accreditation
bodies is beyond the scope of the requirements for auditing conformity
assessment bodies.
As for the Food Safety Enhancement Act of 2009, it would restrict
testing laboratories' certification activities. However, under section
14 of the CPSA and CPSC regulations at 16 CFR part 1110, third party
conformity assessment bodies do not issue certifications; accordingly,
the bill's potential requirements are not directly relevant here.
Additionally, nothing in section 14 of the CPSA prohibits firewalled
conformity assessment bodies from testing a manufacturer's own
products.
c. Audit
Proposed Sec. 1112.3(c) would define ``audit'' as ``a systematic,
independent, documented process for obtaining records, statements of
fact, or other relevant information, and assessing them objectively to
determine the extent to which specified requirements are fulfilled.''
The preamble to the proposed rule (74 FR at 40785) explained that this
definition is almost identical to the definition of ``audit'' in ISO/
IEC 17000. Proposed Sec. 1112.3(c) also would explain that, for
purposes of part 1112, an audit consists of two parts: (1) An
examination by an accreditation body to determine whether the third
party conformity assessment body meets or continues to meet the
conditions for accreditation (a process known more commonly as a
``reassessment,'' and that the remainder of this preamble will refer to
as a ``reassessment''); and (2) the resubmission of the ``Consumer
Product Conformity Assessment Body Acceptance Registration Form'' (CPSC
Form 223) by the third party conformity assessment body and the CPSC's
examination of the resubmitted CPSC Form 223 (that the remainder of
this preamble will refer to as an ``examination'' by the CPSC).
We received no comments on the proposed definition. However, on our
own initiative, we have revised the phrase, ``is composed of two
parts,'' to read ``consists of two parts.'' This change is for
grammatical purposes only. Additionally, as stated earlier in part II.A
of this preamble in the response to Comment 2, we have removed the
paragraph designation; thus, the definition of ``audit'' is now at
Sec. 1112.3 of the final rule rather than at Sec. 1112.3(c) (as
proposed).
d. Commission
Proposed Sec. 1112.3(d) would define ``Commission'' to mean the
Consumer Product Safety Commission.
We received no comments on this provision, and therefore, other
than removing the paragraph designation (i.e., removing ``(d)'' before
the definition of ``Commission'' appears), we have finalized the
provision without change.
e. Quality Manager
Proposed Sec. 1112.3(e) would define ``quality manager'' as an
individual ``(however named) who, irrespective of other duties and
responsibilities, has defined responsibility and authority for ensuring
that the management system related to quality is implemented and
followed at all times and who has direct access to the highest level of
management at which decisions are made on the conformity assessment
body's policy or resources.'' The preamble to the proposed rule
explained that this definition is patterned after the explanation of
the quality manager's role in ISO/IEC 17025:2005, section 4.1.5 (74 FR
at 40786).
We received no comments on this provision, and therefore, other
than removing the paragraph designation, we have finalized the
provision without change.
f. Use of Statutory Definitions
Proposed Sec. 1112.3(f) would explain that, unless otherwise
stated, the definitions of section 3 of the CPSA, and additional
definitions in the CPSIA, are applicable for purposes of part 1112 of
this title. Thus, for example, the CPSIA's definition of ``third party
conformity assessment body,'' which includes independent conformity
assessment bodies, government-owned or government-controlled conformity
assessment bodies (subject to certain requirements in section
14(f)(2)(B) of the CPSA), and ``firewalled'' conformity assessment
bodies (subject to certain requirements in section 14(f)(2)(D) of the
CPSA), would apply to part 1112; and the term ``third party conformity
assessment body'' in part 1112 would be understood to include all three
types of conformity assessment bodies.
(Comment 7)--One commenter stated that referring to firewalled and
government-owned or government-controlled conformity assessment bodies
as ``third party conformity assessment bodies'' misuses a term with a
specific definition. The commenter said that there are differences in
how conformity assessment bodies operate and opined further that the
CPSC ``needs to address those differences, not only in their
accreditation requirements, but also in their audit requirements.''
(Response 7)--Although the commenter did not identify a particular
provision, we assume that the commenter was addressing part of the
preamble to the proposed rule in which the Commission explained that
under proposed Sec. 1112.3(f), ``unless otherwise stated, the
definitions of section 3 of the CPSA and additional definitions in the
CPSIA apply for purposes of part 1112 of this title'' (see 74 FR at
40786). The preamble to the proposed rule added: ``Thus, for example,
the CPSIA's definition of `third party conformity assessment body,'
which includes independent conformity assessment bodies, government-
owned or government-controlled conformity assessment bodies (subject to
certain requirements in section 14(f)(2)(B) of the CPSA), and
`firewalled' conformity assessment bodies (subject to certain
requirements in section 14(f)(2)(D) of the CPSA), would apply to part
1112, and the term `third party conformity assessment body' in part
1112 would be understood as including all three types of conformity
assessment bodies'' (id.).
Thus, with respect to the definition of ``third party conformity
assessment body,'' the preamble to the proposed rule was referring to
the section 14(f)(2) of the CPSA. Because the statute considers
government-owned or government-controlled conformity assessment bodies
and firewalled conformity assessment bodies to fall under ``third party
conformity assessment body'' in section 14(f)(2) of the CPSA, we
decline to revise the rule as suggested by the comment.
As for establishing different accreditation requirements, sections
14(f)(2)(B) and (f)(2)(D) of the CPSA already establish different
requirements for government-owned or government-controlled conformity
assessment bodies and firewalled conformity assessment bodies.
Furthermore, the Commission, through its notices of requirements for
the accreditation of third party conformity assessment bodies,
establishes accreditation requirements. Thus, the commenter's request
for different accreditation requirements is outside the scope of this
rule.
With respect to different audit requirements, the commenter did not
suggest any changes to the rule that would apply to government-owned,
government-controlled, or firewalled conformity assessment bodies.
Consequently, we have no basis to establish different audit
requirements
[[Page 31078]]
for different types of third party conformity assessment bodies.
3. Sec. 1112.31--Who is subject to these audit requirements?
Proposed Sec. 1112.5 (now renumbered as Sec. 1112.31 in the final
rule) would explain that the requirements in part 1112 apply to third
party conformity assessment bodies operating pursuant to section
14(a)(2) of the CPSA, and it would reiterate that third party
conformity assessment bodies must comply with the audit requirements as
a condition of the Commission's acceptance of their accreditation.
We received no comments on this provision, and other than to
renumber it, we have finalized the provision without change.
4. Sec. 1112.33--What must an audit address or cover? Who conducts the
audit?
Proposed Sec. 1112.3(c) would explain that, for purposes of part
1112, an audit consists of two parts: (1) An examination by an
accreditation body to determine whether the third party conformity
assessment body meets or continues to meet the conditions for
accreditation (the ``reassessment'' portion of the audit); and (2) the
resubmission of the ``Consumer Product Conformity Assessment Body
Acceptance Registration Form'' (CPSC Form 223) by the third party
conformity assessment body and the CPSC's examination of the
resubmitted CPSC Form 223. If the third party conformity assessment
body is a ``firewalled'' conformity assessment body or a government-
owned or government-controlled conformity assessment body, the CPSC's
examination may include verification to ensure that the entity
continues to meet the appropriate statutory criteria pertaining to such
conformity assessment bodies.
a. Sec. 1112.33(a)--What does the reassessment portion of the audit
cover?
Under proposed Sec. 1112.7(a) (now renumbered as Sec. 1112.33(a)
in the final rule), the reassessment portion of the audit may cover the
management systems, specific tests, types of tests, calibrations, or
types of calibrations that are the subject of the third party
conformity assessment body's accreditation. The proposal also stated
that the reassessment portion must examine the third party conformity
assessment body's management systems to ensure that the third party
conformity assessment body is free from any undue influence regarding
its technical judgment.
(Comment 8)--One commenter noted that the text might be interpreted
to require that only the management system from ISO/IEC 17025:2005 be
met. The commenter said that we should require applicants to fulfill
all requirements in ISO/IEC 17025:2005 rather than the management
requirements.
(Response 8)--We interpret the commenter as referring to the
preamble to the proposed rule (74 FR at 40786), which states that
``Under proposed Sec. 1112.7(a), the reassessment portion of the audit
may cover the management systems, specific tests * * *.'' and
referencing proposed Sec. 1112.7(a), which also uses the word ``may.''
During the reassessment portion of the audit, the accreditation
body examines the competence of the entire operation of the conformity
assessment body, including the competence of the personnel, the
validity of the conformity assessment methodology, and the validity of
the conformity assessment results. We agree with the commenter that the
use of the word ``may'' in these sections could be misinterpreted as
not requiring compliance by the conformity assessment body with all
sections of ISO/IEC 17025:2005, and the proposed rule was not intended
to suggest that the reassessment could be limited to management systems
alone. To the contrary, the proposal's mention of ``specific tests,
types of tests, calibrations, or types of calibrations'' was to show
that a reassessment extends to technical requirements too.
Consequently, we have revised Sec. 1112.33(a) to state that the
reassessment portion of an audit of a conformity assessment body by an
accreditation body covers management requirements and technical
requirements. The remainder of Sec. 1123.33(a), pertaining to
examination of the third party conformity assessment body's management
systems, is unchanged.
(Comment 9)--Several commenters said that because products must be
certified as being in compliance, the principles for impartiality and
undue influence need to come from ISO/IEC Guide 65, General
Requirements for Bodies Operating Product Certification Systems, which
is a standard for certifying bodies. One commenter said that ISO/IEC
Guide 65 is important especially for firewalled and government
conformity assessment bodies. Additionally, the commenter said that the
CPSC should require ``applicants'' to submit evidence of fulfillment of
ISO/IEC 17025:2005 section 4.1.5.b. as part of their application to the
CPSC, both initially and with ongoing audits. The commenter said that
this information is needed in addition to current firewalled training
and that applicants need to be able to notify the Commission about
undue influence. Further, ISO/IEC Guide 65 has several requirements to
protect impartiality and conflict of interest, the commenter noted.
One commenter added that the Occupation Safety and Health
Administration (OSHA) has a National Recognized Testing Laboratory
(NRTL) program that uses ISO/IEC Guide 65's requirements to review a
laboratory's independence. Rigorous evaluation of the independence of a
laboratory should be required annually or at least with surveillance
and reassessment visits, the commenter urged.
Another commenter remarked that OSHA's NRTL and the U.S. Federal
Communications Commission's (FCC's) Telecommunications Body
Certification (TBC) programs could be used as sources.
Another commenter suggested that we consider the principles of
product certification outlined in the American National Standards
Institute document, titled, ``National Conformity Assessment Principles
for the United States.'' The commenter said that manufacturer
certification based on testing by laboratories accredited to ISO/IEC
17025:2005 can ensure that a product conforms to a required standard at
the time of testing, but it ``does not ensure that the product
continues to conform to the standard throughout production and
distribution.''
(Response 9)--The commenters may have misinterpreted the rule.
Conformity assessment bodies test products, whereas domestic
manufacturers and importers are responsible for certifying that their
products comply with all rules, bans, standards, or regulations under
the CPSA or any other Act enforced by the Commission under existing
CPSC regulations at 16 CFR part 1110. Consequently, with respect to the
comment regarding ISO/IEC Guide 65, we note that ISO/IEC Guide 65
provides requirements for certification bodies, which have different
requirements and responsibilities than third party conformity
assessment bodies (which, under section 14 of the CPSA and our
regulations at 16 CFR part 1110, test children's products but do not
issue certificates for such products), including attestations of
conformity and surveillance activities. The requirements to protect
impartiality and conflict of interest in ISO/IEC Guide 65 are tailored
toward those functions.
[[Page 31079]]
As for the suggestion that a conformity assessment body submit
evidence of its fulfillment of ISO/IEC 17025:2005 section 4.1.5.b. as
part of its application to the CPSC, both initially and with ongoing
audits, section 102(c) of the CPSIA states that in establishing
standards for accreditation of a third party conformity assessment
body, the Commission may consider standards and protocols for
accreditation of such conformity assessment bodies by independent
accreditation organizations that are in effect on the date of enactment
(August 14, 2008). Accreditation of third party conformity assessment
bodies may be conducted either by the Commission or by an independent
accreditation organization designated by the Commission. In our notices
of requirements for the accreditation of third party conformity
assessment bodies, we have established accreditation to ISO/IEC
17025:2005, with the accreditation conducted by an accreditation body
that is a signatory to the ILAC-MRA as a baseline requirement for
accreditation. Thus, we have designated accreditation organizations
(accreditation bodies) to conduct accreditation of third party
conformity assessment bodies. Records related to accreditation
assessments and reassessments are maintained by the accreditation
bodies and the third party conformity assessment bodies.
Consequently, the commenter's suggestion regarding evidence of a
third party conformity assessment body's fulfillment of ISO/IEC
17025:2005 requirements is unnecessary because Sec. 1112.39 requires a
third party conformity assessment body to retain records related to the
last three reassessments conducted by the accreditation body and make
such records available to the CPSC upon request. Records of
nonconformities related to safeguards against undue influence (or any
ISO/IEC 17025:2005 requirement), as well as the corrective actions,
must be made available upon the CPSC's request.
In addition, Sec. 1112.37 requires the quality manager at the
third party conformity assessment body to notify the CPSC within five
business days of an accreditation body's notification of suspension,
reduction, or withdrawal of accreditation. Failure to do so may lead to
CPSC withdrawal of the laboratory as a CPSC-recognized third party
conformity assessment body.
As for the comment regarding a product's continued conformity to
standards throughout the product's production and distribution, such
matters are outside the scope of this audit rule; instead, they are
addressed in a separate rulemaking pertaining to ``Testing and Labeling
Pertaining to Product Certification'' (75 FR 28336 (May 20, 2010); 76
FR 69482 (November 8, 2011)).
b. Sec. 1112.33(b)--Who conducts the reassessment portion of the
audit?
Proposed Sec. 1112.7(b) (now renumbered as Sec. 1112.33(b) in the
final rule) would require the third party conformity assessment body to
have the accreditation body that accredited the third party conformity
assessment body perform the reassessment portion of the audit. For
example, if a third party conformity assessment body was accredited for
a particular scope by an accreditation body named AB-1, then AB-1 would
conduct the reassessment. If, however, the same third party conformity
assessment body changes its accreditation for the same scope, such that
it becomes accredited by a different accreditation body, named AB-2,
then AB-2 would conduct the reassessment.
The preamble to the proposed rule also suggested that accreditation
bodies performing reassessments conform to ISO/IEC 17011 titled,
``Conformity Assessment--General Requirements for Accreditation Bodies
Accrediting Conformity Assessment Bodies'' (74 FR at 40787). The
preamble to the proposed rule stated that certain provisions in ISO/IEC
17011, notably sections 7.11, ``Reassessment and Surveillance''; 7.12,
``Extending Accreditation''; and 7.13, ``Suspending, Withdrawing, or
Reducing Accreditation,'' may be relevant, particularly when conducting
a reassessment (id.).
(Comment 10)--One commenter stated that only a fraction of the many
tests which a conformity assessment body may be accredited to perform
actually are examined during any single reassessment. The commenter
said it is up to the accreditation body performing the reassessment to
decide which tests to undertake. In addition, the commenter asked
whether a conformity assessment body must insist that the accreditation
body reassess every two years all CPSC tests to which the conformity
assessment body is accredited.
(Response 10)--The commenter may have confused reassessment with
surveillance. ISO/IEC 17011 defines ``assessment'' as ``a process
undertaken by an accreditation body to assess the competence of a
conformity assessment body, based on particular standard(s) and/or
other normative documents and for a defined scope of accreditation.''
(See ISO/IEC 17011:2004, Conformity assessment--General requirements
for accreditation bodies accrediting conformity assessment bodies, at
section 3.7.) Assessing the competence of a conformity assessment body
involves assessing the competence of all conformity assessment body
operations, including (among other things) the competence of the
personnel, the validity of the conformity assessment methodology, and
the validity of the conformity assessment results. Reassessment is
described as similar to an initial assessment, except that experience
gained during previous assessments shall be taken into account. (Id. at
section 7.11.1.) The outcome of these different approaches is the same
in that the accreditation body must demonstrate that it has assessed
adequately each of the third party conformity assessment body's
competencies (including technical and management systems competencies)
over the reassessment period.
``Surveillance'' is defined as ``a set of activities, except
reassessment, to monitor the continued fulfillment by accredited CABs
of requirements for accreditation'' (id. at section 3.18). Typically,
surveillance consists of a subset of the reassessment activities, and
it is conducted between reassessments.
We note that, on our own initiative, we have revised the last
sentence in Sec. 1112.33(b), by inserting a comma between ``changes it
accreditation'' and ``so that it becomes accredited. * * *'' This
change is for grammatical purposes.
c. Sec. 1112.33(c)--What is the examination portion of the audit?
As for the examination portion of the audit, proposed Sec.
1112.7(c) (now renumbered as Sec. 1112.33(c) in the final rule) would
explain that the third party conformity assessment body must have the
examination portion of the audit conducted by the Commission. The
examination portion of the audit would consist of resubmission of CPSC
Form 223 by the third party conformity assessment body to the CPSC and
the CPSC's examination of the resubmitted form. Resubmission of the
CPSC Form 223 would occur in two ways: (1) There would be a continuing
obligation to ensure that the information submitted on CPSC Form 223 is
current, such that a third party conformity assessment body would
submit a new CPSC Form 223 whenever the information changes; and (2) In
the absence of any changes that would necessitate the submission of a
new CPSC Form 223, the third party conformity assessment body would
reregister at the CPSC every 2 years, using CPSC Form 223.
[[Page 31080]]
Additionally, proposed Sec. 1112.7(c) would contain specific
requirements for the CPSC's examination of ``firewalled'' and
government-owned or government-controlled conformity assessment bodies.
For ``firewalled'' conformity assessment bodies, proposed Sec.
1112.7(c)(1) would state that the examination portion of the audit
conducted by the CPSC may include verification to ensure that the
``firewalled'' conformity assessment body continues to meet the
criteria set forth in section 14(f)(2)(D) of the CPSA. Thus, for
example, under proposed Sec. 1112.7(c)(1), we could examine whether a
``firewalled'' conformity assessment body's established procedures
continue to exist; and likewise, it could review its mechanisms for
confidential reporting of allegations of undue influence. For
government-owned or government-controlled conformity assessment bodies,
proposed Sec. 1112.7(c)(2) would state that the examination portion of
the audit conducted by the CPSC may include verification that the
government-owned or government-controlled conformity assessment body
continues to meet the five criteria set forth in section 14(f)(2)(B) of
the CPSA. Thus, for example, under proposed Sec. 1112.7(c)(2), the
CPSC could examine whether a government-owned conformity assessment
body has procedures in place to ensure that its testing results are not
subject to undue influence by any other person.
We received no comments on this provision, and aside from
renumbering it as Sec. 1112.33(c), we finalized the provision without
change. Elsewhere in this issue of the Federal Register, however, we
have published a proposed rule to establish other requirements
pertaining to third party conformity assessment bodies (such as the
requirements for accreditation and provisions for the withdrawal and
suspension of third party conformity assessment bodies). The proposed
rule would establish different requirements on the resubmission of CPSC
Form 223, by asking for additional documentation to support CPSC Form
223.
5. Sec. 1112.35--When must an audit be conducted?
Proposed Sec. 1112.9(a) (now renumbered as Sec. 1112.35 in the
final rule) would state that, at a minimum, each third party conformity
assessment body must be reassessed at the frequency established by its
accreditation body for reassessments of the accreditation. For example,
if the accreditation body would conduct a reassessment to reexamine a
third party conformity assessment body's accreditation after 2 years,
the minimum reassessment frequency for that third party conformity
assessment body would be 2 years.
As for the examination portion of the audit conducted by the CPSC,
proposed Sec. 1112.9(b)(1) would require each third party conformity
assessment body to ensure that the information it submitted on CPSC
Form 223 is current and submit a new CPSC Form 223 whenever the
information, such as the third party conformity assessment body's
address, telephone number, or ownership, changes. In the absence of any
changes that would necessitate the submission of a new CPSC Form 223,
proposed Sec. 1112.9(b)(2) would require the third party conformity
assessment body to reregister at the CPSC every 2 years, using CPSC
Form 223.
On our own initiative, we have decided against issuing a final rule
regarding the timing of the examination portion of the audit. After the
publication of the proposed rule in the Federal Register on August 13,
2009, we have acquired more experience registering third party
conformity assessment bodies and have made modifications to CPSC
software, as well as to CPSC Form 223. This combination of experience
and the modifications to the CPSC's registration system have prompted
us to reconsider when the examination portion of an audit should be
conducted. Elsewhere in this issue of the Federal Register, we have
published a proposed rule to establish other requirements pertaining to
third party conformity assessment bodies; the proposed rule contains a
new provision regarding the timing of the examination portion of the
audit; and we believe that the new proposed provision is clearer and
easier to implement. Therefore, rather than codify when the examination
portion of an audit must be conducted, the final rule reserves Sec.
1112.35(b).
6. Sec. 1112.37--What must a third party conformity assessment body do
after an audit?
In general, once the accreditation body has conducted its
reassessment of a third party conformity assessment body, the
accreditation body will present its initial findings, along with any
supporting evidence, to the quality manager for the third party
conformity assessment body. The accreditation body may give the third
party conformity assessment body's personnel the opportunity to present
any objections they have to the initial findings. The accreditation
body may adjust its findings in response to any valid objections.
When the accreditation body presents its findings to the third
party conformity assessment body, proposed Sec. 1112.11(a) would
require the third party conformity assessment body's quality manager to
receive the findings and, if necessary, initiate corrective action in
response to the findings. Proposed Sec. 1112.11(b) would require the
quality manager to prepare a resolution report; the resolution report
would identify the corrective actions taken and any follow-up
activities. If immediate corrective action is necessary (as may be the
case if the findings identify problems associated with incorrect
procedures, invalid actions, or the creation or use of invalid data),
proposed Sec. 1112.11(b) would require the quality manager to document
that they notified the relevant parties within the third party
conformity assessment body to take immediate corrective action and also
to document the action(s) taken.
Proposed Sec. 1112.11(c) would require the quality manager to
notify the CPSC if the accreditation body decides to reduce, suspend,
or withdraw the third party conformity assessment body's accreditation
and the reduction, suspension, or withdrawal of accreditation is
relevant to the third party conformity assessment body's activities
pertaining to a CPSC regulation or test method. The notification would
be sent to the Assistant Executive Director, Office of Hazard
Identification and Reduction, within five business days of the
accreditation body's notification to the third party conformity
assessment body. If a third party conformity assessment body does not
notify the CPSC in the manner that proposed Sec. 1112.11(c) would
require, then such noncompliance may be grounds for withdrawal of
acceptance of the accreditation by the Commission under section
14(e)(1)(B) of the CPSA for failure to ``comply with an applicable
protocol, standard, or requirement established by the Commission''
under the audit regulations.
Proposed Sec. 1112.11(d) would explain that the CPSC will notify
the third party conformity assessment body if the CPSC finds that the
third party conformity assessment body no longer meets the conditions
contained in CPSC Form 223 or in the relevant statutory provisions
applicable to that third party conformity assessment body. The CPSC
also will identify the condition or statutory provision that is no
longer met, specify a time by which the third party conformity
assessment body must notify the CPSC of the steps that it intends to
[[Page 31081]]
take to correct the deficiency, and indicate when it will complete such
steps. Proposed Sec. 1112.11(d) also would require the quality manager
to document that they notified the relevant parties within the third
party conformity assessment body to take corrective action and also
document the action(s) taken.
Proposed Sec. 1112.11(e) would describe the possible consequences
if a third party conformity assessment body fails to remedy the
deficiency in a timely fashion. In brief, proposed Sec. 1112.11(e)
would state that the CPSC ``shall take whatever action it deems
appropriate under the circumstances, up to and including withdrawing
the CPSC's accreditation of the third party conformity assessment body
or the CPSC's acceptance of the third party conformity assessment
body's accreditation.''
We received no comments on this provision, but we have renumbered
the provision as Sec. 1112.37 in the final rule. Additionally, on our
own initiative, we have:
Revised the second sentence in Sec. 1112.37(b), by
changing ``he/she notified'' to ``they notified'';
Revised the address in Sec. 1112.37(c), to replace
``Maryland'' with ``MD''; and
Revised the next-to-last sentence in Sec. 1112.37(d), to
change ``correct the deficiency and when it will complete such steps''
to ``correct the deficiency, and indicate when it will complete such
steps''; and
Revised the last sentence in Sec. 1112.37(d), by changing
``he/she notified'' to ``they notified * * *.''
These changes are for grammatical purposes.
7. Sec. 1112.39--What records should a third party conformity
assessment body retain regarding an audit?
Proposed Sec. 1112.13 (now renumbered as Sec. 1112.39 in the
final rule) would require a third party conformity assessment body to
retain all records related to an audit and all records pertaining to
the third party conformity assessment body's resolution of, or plans
for, resolving nonconformities identified by the audit. Such
nonconformities could be identified through a reassessment by an
accreditation body or through an examination by the CPSC. The proposal
also would require third party conformity assessment bodies to retain
records related to the last three reassessments (or however many
reassessments have been conducted, if the third party conformity
assessment body has been reassessed less than three times) and make
such records available to the CPSC, upon request.
The proposal also would require third party conformity assessment
bodies to retain records related to the last three reassessments
because such records may reveal whether a pattern of problems with
accreditation exists, and the records may indicate how quickly such
problems are addressed and resolved.
(Comment 11)--One commenter noted that ISO/IEC 17011 requires the
accreditation body, rather than the conformity assessment body, to keep
records of reassessments. The commenter said that it would be a burden
on the accreditation body to make duplicates of these records and
provide them to the conformity assessment body. The commenter said that
a third party conformity assessment body could meet the objectives for
record retention by keeping records of resolutions of nonconformities.
(Response 11)--It is not the intent of the recordkeeping provision
for the conformity assessment body to make available to the CPSC all
records associated with reassessments that are maintained by the
accreditation body. However, assessment and reassessment records need
to be retained by the conformity assessment body and made available,
upon request, to the CPSC, and the records must include reports of
nonconformities, as well as resolution of nonconformities. In addition,
assessment/reassessment reports that the accreditation body provides to
the conformity assessment body must be made available to the CPSC, upon
request.
Consequently, we have amended the rule to clarify that the records
retained should include any records received from the accreditation
body, as well as the records generated by the conformity assessment
body (such as a resolution report discussed in Sec. 1112.39) related
to reassessment. Additionally, on our own initiative, and for
grammatical purposes, we have revised the last sentence in Sec.
1112.39, by inserting a comma between ``however many reassessments have
been conducted'' and ``if the third party conformity assessment body
has been reassessed less than three times'' and by inserting another
comma after ``available to the CPSC'' and ``upon request.'' We also
have changed the words ``relating to'' to ``related to'' throughout
Sec. 1112.39; these changes are for grammatical purposes only.
B. General Comments
Many comments pertained to issues outside the scope of the rule.
For example, some comments addressed matters related to the initial
accreditation of third party conformity assessment bodies. Other
comments sought ``reciprocity'' between conformity assessment body
(``laboratory'') programs administered by other federal agencies or
other entities. We address those comments in this section.
(Comment 12)--A commenter suggested that the CPSC include
reciprocity provisions as part of its accreditation criteria for
laboratories to ensure a level playing field for testing organizations
based in the United States with respect to foreign competition. Another
commenter suggested that the CPSC amend the proposed requirements to
include reciprocity provisions drawn from OSHA's NRTL and FCC's TCB
programs. The commenter argued that the CPSC would be putting in place
a ``system of special privileges'' that would damage laboratories in
the United States because the third party conformity assessment body
accreditation process is ``open to all countries while other countries'
conformity assessment systems are not open to U.S.-based
laboratories,'' thus creating ``a one-way trading relationship and does
not advantage all in the supply chain.'' Another commenter expressed
concern about a lack of reciprocity requirements, stating that foreign
countries that wish to participate in a third party conformity
assessment body program should be ``mandated to offer recognition to
U.S.-based laboratories for its certification programs.''
(Response 12)--We decline to revise the rule as suggested by the
commenters. Issues regarding reciprocity, either of laboratory
accreditation or test results, are outside the scope of this rule.
Nothing in section 14(i)(1) of the CPSA authorizes the Commission to
include reciprocity of laboratory accreditations or test results as
falling within a ``periodic audit of third party conformity assessment
bodies as a condition for the continuing accreditation of such
conformity assessment bodies under [section 14(a)(3)(C) of the CPSA].''
Furthermore, we do not believe that we have the legal authority to
impose a requirement on foreign governments.
(Comment 13)--One commenter expressed opposition to having
accreditation by a signatory to the ILAC-MRA. The commenter said there
is no reciprocal agreement with ILAC countries to accept accreditations
by the American National Standards Institute, OSHA, or the Standards
Council of Canada. The commenter said such acceptance by the CPSC would
help to ensure the impartiality of certification.
[[Page 31082]]
(Response 13)--As explained in more detail in the response to
Comment 6 above, accreditation by a signatory to the ILAC-MRA ensures
some degree of similarity or uniformity among accreditation bodies,
regardless of their geographical location, and it also ensures
uniformity among third party conformity assessment bodies accredited by
ILAC-MRA accreditation bodies. While the commenter is correct that
there is no reciprocal agreement with ILAC countries to accept certain
accreditations by entities in the United States or Canada, we do not
believe that the audit requirement in the CPSIA gives the Commission
the authority to demand reciprocity from foreign countries as a
function of the audit process. An international agreement of that type
is beyond the scope of this rulemaking.
As for the impartiality of certification, we note that the CPSA
does not require conformity assessment bodies to issue certificates.
Instead, under existing CPSC regulations at 16 CFR part 1110, domestic
manufacturers and importers issue certificates.
(Comment 14)--One commenter noted that, in some ``systems,'' the
same government entity is responsible for accreditation, testing, and
certification. The commenter said that sections 14(f)(2)(B)(i) through
(f)(2)(B)(v) of the CPSA (which lists the criteria for Commission
acceptance of governmental conformity assessment bodies) should require
extensive documentation during initial acceptance and during audits.
(Response 14)--The commenter did not elaborate on or describe what
documentation would be necessary. In any event, the commenter's focus
appears to be on revising the statutory or administrative criteria
pertaining to government-owned or government-controlled conformity
assessment bodies, rather than revising the proposed audit
requirements. Thus, the comment is outside the scope of the rule.
(Comment 15)--One commenter stated that a Government Accountability
Office (GAO) report issued in August 2009, assessing the effectiveness
of enforcement of the CPSC's requirements, identified some resource
limitations that could affect our ability to address and enforce
requirements on foreign laboratories (both government-owned or
government-controlled and firewalled conformity assessment bodies).
(Response 15)--The commenter may have confused laboratories whose
tests form the basis for a manufacturer or importer to issue a
children's product certificate, with CPSC laboratory testing in support
of its import surveillance activities. The GAO report titled, ``Better
Information and Planning Would Strengthen CPSC's Oversight of Imported
Products,'' GAO-09-803 (available on the Internet at http://www.gao.gov/new.items/d09803.pdf), refers to overseas manufacturers
whose products are imported into the United States and are tested by
the CPSC at our laboratory facilities. The GAO report does not discuss
accreditation or audit requirements for laboratories. Accordingly,
issues regarding the GAO report are outside the scope of this rule.
(Comment 16)--One commenter suggested that to alleviate uncertainty
and confusion, the CPSC should address the lack of a definition for a
``reasonable testing program.''
(Response 16)--This comment is outside the scope of the audit
provisions of section 14(i)(1) of the CPSA. This rulemaking implements
section 14(i)(1) of the CPSA. A ``reasonable testing program'' is part
of section 14(a)(1) of the CPSA, and we note that, in the Federal
Register of May 20, 2010 (75 FR 28336), we published a proposed rule on
``Testing and Labeling Pertaining to Product Certification.'' The
proposed rule contained (among other things) requirements for a
``reasonable testing program.'' However, in the final rule on ``Testing
and Labeling Pertaining to Product Certification'' (76 FR 69482
(November 8, 2011)), we decided to reserve, rather than finalize, the
``reasonable testing program'' requirements. Thus, issues related to a
``reasonable testing program'' are part of a separate rulemaking.
(Comment 17)--One commenter suggested that the CPSC reassert that
compliance to the CPSIA is the manufacturer's responsibility, not the
retailer's, and that retailers must accept testing from any accredited
third party conformity assessment body approved by the CPSC.
(Response 17)--Current CPSC regulations, at 16 CFR part 1110, limit
the persons required to comply with the certification requirements of
section 14(a) of the CPSA to: the importer (for products manufactured
outside of the United States) and to the domestic manufacturer (for
products manufactured within the United States). Neither the CPSIA, nor
the CPSA, require a retailer to accept product testing results from any
accredited third party conformity assessment body whose accreditation
is accepted by the CPSC.
Additionally, as we noted in the preamble to our proposed rule on
``Testing and Labeling Pertaining to Product Certification'' (75 FR
28336, 28337 (May 20, 2010)):
The Commission understands the economic ramifications that small
businesses (and even large businesses) face regarding the testing
costs required by section 102 of the CPSIA. Moreover, retailers and
importers may be imposing significant additional testing cost on
manufacturers by requiring that products that have already been
tested by a third party conformity assessment body be tested again
by a specific third party conformity assessment body selected by the
retailer or importer. The Commission wants to emphasize to retailers
and sellers of children's products that they can rely on
certificates provided by product suppliers if those certificates are
based on testing conducted by a third party conformity assessment
body. Section 19(b) of the CPSA provides that a retailer or seller
of a children's product shall not be subject to civil or criminal
penalties for selling products that do not comply with applicable
safety standards if it holds a certificate issued in accordance with
section 14(a) of the CPSA to the effect that such consumer product
conforms to all applicable consumer product safety rules, unless
such person knows that such consumer product does not conform. The
Commission notes that section 19(b) of the CPSA does not relieve any
person of the obligation to conduct a corrective action should any
product violate an applicable safety standard and need to be
recalled.
III. Paperwork Reduction Act
The final rule contains information collection requirements that
are subject to public comment and review by the Office of Management
and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C.
3501-3520).
The OMB has approved the information collection requirements in
this rule. The OMB control number pertaining to such approval is OMB
3041-0140, and it expires on December 31, 2012.
IV. Regulatory Flexibility Act
The CPSC has examined the impacts of the final rule under the
Regulatory Flexibility Act (5 U.S.C. 601-612). The Regulatory
Flexibility Act requires agencies to analyze regulatory options that
would minimize any significant impact of a rule on small entities.
Because the required information is minimal, and the costs associated
with the audits are low, the Commission certifies that the final rule
would not have a significant economic impact on a substantial number of
small entities.
A. Objectives and Legal Basis for the Final Rule
Section 14(i)(1) of the CPSA requires the Commission to establish
requirements for the periodic audit of third party conformity
assessment
[[Page 31083]]
bodies as a condition of their continuing accreditation. The final rule
implements the requirements for the periodic audits. The purpose of a
periodic audit is to ensure that an accredited laboratory continues to
be competent to perform the testing services for which it has been
accredited. In the case of accredited third party conformity assessment
bodies that are owned, managed, or controlled by a manufacturer (or
``firewalled laboratories''), or that are owned or controlled, in whole
or in part, by a government entity, the audit requirements give the
Commission the opportunity to ensure that the third party conformity
assessment body continues to comply with the CPSIA's requirements for
``firewalled'' and government-owned or government-controlled conformity
assessment bodies.
B. Firms Subject to the Requirement for Periodic Audits
The requirement for periodic audits will affect only third party
conformity assessment bodies that intend to provide the CPSIA-required
third party conformity assessment services for manufacturers or private
labelers of children's products. Third party conformity assessment
bodies that do not intend to offer third party conformance testing for
children's products are not affected by the requirements for
accreditation or periodic audits.
As of August 29, 2011, the CPSC had accepted the accreditations of
87 third party conformity assessment bodies located within the United
States. This number could increase, somewhat, over the next year or so,
as the remaining notices of requirements for accreditation are issued
and the stays of enforcement of the requirements for third party
testing (which the Commission issued pending clarification of the
regulations and testing requirements) are lifted. Of the third party
conformity assessment bodies located in the United States with CPSC-
accepted accreditations, 12 are owned by large, foreign-based
companies; 22 are large, U.S.-based companies; and the remaining 53
could be small businesses, according to the criteria established by the
U.S. Small Business Administration (SBA), which, for a testing
laboratory (NAICS code 54138), is a company with less than $12 million
in annual revenue.
C. Requirements of the Final Rule and Possible Impacts on Small
Businesses
The notices of requirements issued by the CPSC for the
accreditation of third party conformity assessment bodies state, as a
baseline requirement, that third party conformity assessment bodies
must be accredited by an accreditation body that is a signatory to the
ILAC-MRA. ILAC is an international cooperation of laboratory
accreditation bodies that seek to harmonize laboratory accreditation
procedures to facilitate the acceptance of the testing results of
accredited laboratories within and across national boundaries. The
ILAC-MRA includes requirements for the initial assessment of
laboratories, as well as periodic reassessments. Laboratories that do
not submit to the periodic reassessments lose their accredited status.
Under the final rule, the periodic audit of a third party
conformity assessment body would consist of two parts. The first part
would be a reassessment by the accreditation body to determine whether
it continues to meet the conditions of accreditation. The second part
of the audit would be the resubmission to the CPSC of CPSC Form 223 and
its review by the CPSC.
All signatories to the ILAC-MRA have requirements for the periodic
reassessment of accredited laboratories. The ILAC-MRA harmonized
procedures for surveillance and reassessment of accredited laboratories
and recommended that the time between reassessments be no more than 60
months, provided that the accreditation body undertakes somewhat less
comprehensive surveillance visits at least every 18 months. However,
many accreditation bodies opt to undertake more frequent full
reassessments, rather than conduct surveillance visits. According to
ISO/IEC 17011, if an accreditation body does not conduct surveillance
visits, full reassessments of accredited laboratories must take place
at least once every 2 years.
The resubmission of CPSC Form 223 is intended to provide the
Commission with an opportunity to ensure that the third party
conformity assessment body continues to be accredited by an ILAC-MRA
signatory and continues to comply with the requirements for firewalled
and government-owned or controlled conformity assessment bodies, if
applicable. However, because CPSC staff, in light of its experience
with the accreditation process and software changes, has reconsidered
when the form should be submitted, and therefore, the final rule does
not state when the CPSC Form 223 must be resubmitted. Instead, such
matters will be addressed in a separate rulemaking.
Costs associated with periodic audits include: The time cost of the
assessor from the accreditation body; and his or her travel, lodging,
and meal expenses incurred while conducting the reassessment. According
to an accreditation body representative, a reassessment typically takes
2 to 3 days; and the cost charged to the third party conformity
assessment body usually will be $3,000 to $4,000 per field (e.g.,
chemical, electrical, or mechanical testing) in which the third party
conformity assessment body is accredited. Therefore, a third party
conformity assessment body that is accredited for testing conformance
to both chemical and mechanical standards could expect an assessment or
reassessment to cost $6,000 to $8,000.
Another expense of a reassessment by an accreditation body is the
cost of the time spent by third party conformity assessment body
personnel to cooperate with the assessors. This includes the time
required to prepare or assemble documents needed by the auditors, as
well as the time it takes to explain or demonstrate the procedures used
at the third party conformity assessment body. No empirical estimates
of this cost were found; however, the amount of time spent by third
party conformity assessment body personnel during a reassessment could
be close to the amount of time spent by the assessor. If the average
reassessment takes 2.5 days (or 20 hours), and the wage of the
employees involved is about $44 an hour, then the cost of the time of
the third party conformity assessment body's personnel spent
cooperating with the reassessment would be about $880. The median
hourly wage of architecture and engineering occupations in testing
laboratories (NAICS code 541380) is $31.65. U.S. Department of Labor,
Bureau of Labor Statistics, National Occupational Employment and Wage
Estimates, May 2008 (http://www.bls.gov/oes/oes_dl.htm). In 2008,
wages and salaries represented about 71.9 percent of total compensation
for professional and related occupations in private industry (U.S.
Department of Labor, Bureau of Labor Statistics, Employer cost for
Employee Compensation (data extracted on June 17, 2009)).) The cost
could be higher if the reassessment takes longer than 2.5 days or
higher-paid employees are involved in the reassessment.
The periodic audits required would cost third party conformity
assessment bodies about $4,000 to $5,000 (rounded to the nearest
thousand) per field in which the third party conformity assessment body
is accredited. This expense includes the cost of the accreditation
body's assessors, as well as the third party conformity assessment body
personnel's time spent on the assessments and other costs, such as the
cost of providing the materials required
[[Page 31084]]
of ``firewalled'' conformity assessment bodies. The time between audits
will vary to some degree among accreditation bodies; however, a typical
period is about once every 2 years. Therefore, the annual average cost
of the periodic audits would be approximately $2,000 to $2,500 per
field in which the third party conformity assessment body is
accredited. Therefore, the annual cost to a third party conformity
assessment body accredited in three fields (e.g., chemical, mechanical,
and electrical) would be approximately $6,000 to $7,500.
As noted earlier, of the third party conformity assessment bodies
based in the United States, for which the CPSC has recognized
accreditations, 43 (or about 62 percent) appear to be small businesses,
according to the SBA criteria. However, it is unlikely that the rule
will have a significant adverse impact on many third party conformity
assessment bodies. The only third party conformity assessment bodies
that will seek accreditation for testing children's products are those
that expect to receive substantial revenue from the third party testing
requirement in the CPSA, as amended by the CPSIA. Those third party
conformity assessment bodies that do not expect substantial revenue
from the testing will not seek to be accredited for the testing, or
they can choose not renew their accreditation--if they initially sought
accreditation--but the revenue they expected did not materialize.
D. Alternatives to the Final Rule Considered
Given that the CPSC is relying upon accreditation bodies that are
signatories to the ILAC-MRA to accredit and reassess the third party
conformity assessment bodies, there are no realistic alternatives to
the final rule that would lower substantially the cost of the periodic
audits. The frequency of the reassessments of the third party
conformity assessment bodies is determined by the accreditation bodies,
not by the CPSC.
V. Environmental Considerations
This final rule falls within the scope of the Commission's
environmental review regulations at 16 CFR Sec. 1021.5(c)(2), which
provide a categorical exclusion from any requirement for the agency to
prepare an environmental assessment or environmental impact statement
for product certification rules.
VI. Effective Date
The final rule becomes effective on July 23, 2012.
List of Subjects in 16 CFR Part 1112
Consumer protection, Third party conformity assessment body, Audit.
For the reasons stated above, the Commission amends Title 16 of the
Code of Federal Regulations by adding a new part 1112, subpart A and
subpart C, to read as follows:
PART 1112--REQUIREMENTS PERTAINING TO THIRD PARTY CONFORMITY
ASSESSMENT BODIES
Sec.
Subpart A--Purpose and Definitions
1112.1 [Reserved]
1112.3 Definitions.
1112.1 [Reserved]
Subpart B--[Reserved]
Subpart C--Audit Requirements for Third Party Conformity Assessment
Bodies
1112.30 What is the purpose of this subpart?
1112.31 Who is subject to these audit requirements?
1112.33 What must an audit address or over and who conducts the
audit?
1112.35 When must an audit be conducted?
1112.37 What must a third party conformity assessment body do after
an audit?
1112.39 What records should a third party conformity assessment body
retain regarding an audit?
Authority: Pub. L. 110-314, section 3, 122 Stat. 3016, 3017
(2008); 15 U.S.C. 2063.
Subpart A--Purpose and Definitions
Sec. 1112.3 Definitions.
Unless otherwise stated, the definitions of section 3 of the CPSA
and additional definitions in the Consumer Product Safety Improvement
Act of 2008, Public Law 110-314, apply for purposes of this part. The
following definitions apply for purposes of this subpart:
Accreditation means a procedure by which an authoritative body
gives formal recognition that a third party conformity assessment body
meets competence requirements to perform specific tasks. Accreditation
recognizes a third party conformity assessment body's technical
capability and is usually specific for tests of the systems, products,
components, or materials for which the third party conformity
assessment body claims proficiency.
Accreditation body means an entity that:
(1) Accredits or has accredited a third party conformity assessment
body as meeting, at a minimum, the International Organization for
Standardization (ISO)/International Electrotechnical Commission (IEC)
Standard ISO/IEC 17025:2005, ``General Requirements for the Competence
of Testing and Calibration Laboratories,'' and any test methods or
consumer product safety requirements specified in the relevant notice
of requirements issued by the Commission; and
(2) Is a signatory to the International Laboratory Accreditation
Cooperation-Mutual Recognition Arrangement.
Audit means a systematic, independent, documented process for
obtaining records, statements of fact, or other relevant information,
and assessing them objectively to determine the extent to which
specified requirements are fulfilled. An audit, for purposes of this
part, consists of two parts:
(1) An examination by an accreditation body to determine whether
the third party conformity assessment body meets or continues to meet
the conditions for accreditation (a process known more commonly as a
``reassessment''); and
(2) The resubmission of the ``Consumer Product Conformity
Assessment Body Acceptance Registration Form'' (CPSC Form 223) by the
third party conformity assessment body and the Consumer Product Safety
Commission's (``CPSC's'') examination of the resubmitted CPSC Form 223.
If the third party conformity assessment body is owned, managed, or
controlled by a manufacturer or private labeler (also known as a
``firewalled'' conformity assessment body) or is a government-owned or
government-controlled conformity assessment body, the CPSC's
examination may include verification to ensure that the entity
continues to meet the appropriate statutory criteria pertaining to such
conformity assessment bodies.
CPSC means the Consumer Product Safety Commission.
Quality manager means an individual (however named) who,
irrespective of other duties and responsibilities, has defined
responsibility and authority for ensuring that the management system
related to quality is implemented and followed at all times and has
direct access to the highest level of management at which decisions are
made on the conformity assessment body's policy or resources.
Subpart B--[Reserved]
Subpart C--Audit Requirements for Third Party Conformity Assessment
Bodies
Sec. 1112.30 What is the purpose of this subpart?
This subpart establishes the audit requirements for third party
conformity assessment bodies pursuant to section
[[Page 31085]]
14(i)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C.
2063(i)(1)). Compliance with these requirements is a condition of the
continuing accreditation of such third party conformity assessment
bodies pursuant to section 14(a)(3)(C) of the CPSA. However, this
subpart does not apply to certifying organizations under the Labeling
of Hazardous Art Materials Act, even if such organizations are third
party conformity assessment bodies.
Sec. 1112.31 Who is subject to these audit requirements?
Except for certifying organizations described in 16 CFR
1500.14(b)(8), these audit requirements apply to third party conformity
assessment bodies operating pursuant to section 14(a)(2) of the CPSA.
Third party conformity assessment bodies must comply with the audit
requirements as a continuing condition of the CPSC's acceptance of
their accreditation.
Sec. 1112.33 What must an audit address or cover and who conducts the
audit?
(a) The reassessment portion of an audit must cover management
requirements and technical requirements. Each reassessment portion of
an audit also must examine the third party conformity assessment body's
management systems to ensure that the third party conformity assessment
body is free from any undue influence regarding its technical judgment.
(b) The third party conformity assessment body must have the
reassessment portion of the audit conducted by the same accreditation
body that accredited the third party conformity assessment body. For
example, if a third party conformity assessment body was accredited by
an accreditation body named AB-1, then AB-1 would conduct the
reassessment. If, however, the same third party conformity assessment
body changes its accreditation so that it becomes accredited by a
different accreditation body named AB-2, then AB-2 would conduct the
reassessment.
(c) The third party conformity assessment body must have the
examination portion of the audit conducted by the CPSC. The examination
portion of the audit will consist of resubmission of the ``Consumer
Product Conformity Assessment Body Acceptance Registration Form'' (CPSC
Form 223) by the third party conformity assessment body and the CPSC's
examination of the resubmitted CPSC Form 223.
(1) For ``firewalled'' conformity assessment bodies, the CPSC's
examination may include verification to ensure that the ``firewalled''
conformity assessment body continues to meet the criteria set forth in
section 14(f)(2)(D) of the CPSA.
(2) For government-owned or government-controlled conformity
assessment bodies, the CPSC's examination may include verification to
ensure that the government-owned or government-controlled conformity
assessment body continues to meet the criteria set forth in section
14(f)(2)(B) of the CPSA.
Sec. 1112.35 When must an audit be conducted?
(a) At a minimum, each third party conformity assessment body must
be reassessed at the frequency established by its accreditation body.
(b) [Reserved]
Sec. 1112.37 What must a third party conformity assessment body do
after an audit?
(a) When the accreditation body presents its findings to the third
party conformity assessment body, the third party conformity assessment
body's quality manager must receive the findings and, if necessary,
initiate corrective action in response to the findings.
(b) The quality manager must prepare a resolution report
identifying the corrective actions taken and any follow-up activities.
If findings indicate that immediate corrective action is necessary, the
quality manager must document that they notified the relevant parties
within the third party conformity assessment body to take immediate
corrective action and also document the action(s) taken.
(c) If the accreditation body decides to reduce, suspend, or
withdraw the third party conformity assessment body's accreditation,
and the reduction, suspension, or withdrawal of accreditation is
relevant to the third party conformity assessment body's activities
pertaining to a CPSC regulation or test method, the quality manager
must notify the CPSC. Such notification must be sent to the Assistant
Executive Director, Office of Hazard Identification and Reduction,
Consumer Product Safety Commission, 4330 East West Highway, Bethesda,
MD 20814, within five business days of the accreditation body's
notification to the third party conformity assessment body.
(d) If the CPSC finds that the third party conformity assessment
body no longer meets the conditions specified in CPSC Form 223, or in
the relevant statutory provisions applicable to that third party
conformity assessment body, the CPSC will notify the third party
conformity assessment body, identify the condition or statutory
provision that is no longer met, and specify a time by which the third
party conformity assessment body shall notify the CPSC of the steps it
intends to take to correct the deficiency, and indicate when it will
complete such steps. The quality manager must document that they
notified the relevant parties within the third party conformity
assessment body to take corrective action and also document the
action(s) taken.
(e) If the third party conformity assessment body fails to remedy
the deficiency in a timely fashion, the CPSC shall take whatever action
it deems appropriate under the circumstances, up to and including
withdrawing the CPSC's accreditation of the third party conformity
assessment body or the CPSC's acceptance of the third party conformity
assessment body's accreditation.
Sec. 1112.39 What records should a third party conformity assessment
body retain regarding an audit?
A third party conformity assessment body must retain all records
related to an audit that it receives from an accreditation body
regarding a reassessment and all records pertaining to the third party
conformity assessment body's resolution of, or plans for, resolving
nonconformities identified through a reassessment by an accreditation
body or through an examination by the CPSC. A third party conformity
assessment body also must retain such records related to the last three
reassessments (or however many reassessments have been conducted, if
the third party conformity assessment body has been reassessed less
than three times) and make such records available to the CPSC, upon
request.
Todd A. Stevenson,
Secretary.
[FR Doc. 2012-10922 Filed 5-23-12; 8:45 am]
BILLING CODE 6355-01-P