---

For over two decades, PJR has been working diligently with thousands of satisfied clients as a trusted certification body. While disputes may occasionally arise, we take pride in the fact that we only encounter an average of about 20 disputes per year. Understanding that disputes are an essential part of the certification process, PJR ensures that concerns are addressed and resolved in an organized manner. In this blog, we will explain what constitutes a dispute, the step-by-step process PJR follows to resolve disputes, and the possible outcomes that arise from this procedure.

Disputes, also known as “appeals,” refer to officially-filed disagreements raised by auditees regarding the conclusions drawn by the auditor. To initiate the dispute process, a PJR client contacts the PJR team at our headquarters in Troy, MI, requesting the “Dispute Resolution Request Form” (F-217). All dispute requests must be submitted within 15 calendar days of completing the audit, with each nonconformance documented on an individual F-217 form.

The F-217 form captures essential details about the audit in question. The “Resolution Request” section includes fields for:

1. Certification Criteria: The nonconformance number assigned by the auditor.
2. Auditor/CB Finding: A summary or direct copy of the nonconformance as issued by the auditor.
3. Justification for Dispute Request: A detailed description of the disagreement, encompassing points related to evidence, audit criteria, or other relevant aspects.
4. Description of Attachments: A comprehensive explanation of the evidence provided to substantiate the dispute, which can be submitted in any format.

Upon receiving the necessary forms and evidence, PJR schedules a dispute hearing. Led by the Dispute Chairperson, this hearing involves auditee representatives, the auditor responsible for the disputed nonconformance, and a Dispute Panel consisting of three Lead Auditors from the corresponding scheme. During the hearing, each side presents their perspective, and the panel may ask additional questions to clarify the situation.

After the hearing concludes, the Dispute Panel engages in a private discussion to render a final decision on the disputed item(s). This decision is considered binding and is communicated to the auditee. There are three possible outcomes:

1. Upholding the disputed nonconformance: The auditee’s argument against the nonconformance is rejected, and the nonconformance must be addressed accordingly.
2. Overturning the disputed nonconformance: The Dispute Panel accepts the argument against the nonconformance, and the nonconformance is removed from the official audit report.
3. Upholding but reducing the disputed nonconformance: In this scenario, part of the nonconformance may be considered valid, while other parts may be eliminated or reduced in severity. An updated audit report is provided in such cases.

If you have any questions regarding the Dispute Process or how it aligns with your ongoing relationship with PJR, feel free to contact us by phone at (248) 358-3388 or email: pjr@pjr.com.

---

---

Change control guidelines are designed to mitigate the risks associated with product modifications, and strict adherence to these guidelines is important. Identifying the attributes of change should begin early in the development cycle, encompassing the manufacture of products for pre-clinical and clinical testing, as well as throughout the product life cycle. Every change in design or manufacturing processes must be thoroughly documented according to regulatory guidelines.

Typically, the control of changes is overseen by a change control committee or designated individuals, depending on the size and complexity of an organization. All discussions, meeting minutes, emails, and notes associated with changes must be included in change documentation, regardless of the number of people involved. A controlled change is defined by the establishment of all necessary documents, approvals, and data, while uncontrolled changes can lead to compliance violations if not properly reviewed and approved by quality control.

The specific processes involved in change control may vary depending on the organization, but they should include certain minimum requirements. A change request form is completed and submitted, with details such as the description of the change, potential impact on other documents, and dates of approval. The change control staff reviews the request form to assess the significance of the change and its alignment with current good manufacturing practices (CGMP). Once reviewed and approved, the change control staff submits the necessary documentation to the appropriate regulatory authorities.

While change control may seem straightforward for smaller-scale businesses, it becomes more complex as the organization grows and handles additional processes and products. However, there are solutions to streamline document collaboration through enhanced document sharing and meeting software. Storing documents in a centralized digital location with clear revision/change history, such as SharePoint, can reduce the need for additional (or manual) documentation.

When developing or optimizing change control procedures, it is important to consider the regulatory perspective. While there may be regional differences between regulatory agencies such as the FDA, ISO, and the EU, the general principles covered by CGMP guidelines include having written procedures for proposed changes, providing supporting data to demonstrate the quality of revised processes, ensuring all changes are controlled and documented, and recording and justifying any deviations from established control procedures.

For more information on change control procedures as part of ISO 13485 certification for medical devices, reach out to PJR via phone: (248) 358-3388 or email: pjr@pjr.com.

---

---

Completing an R2V3 Transition audit is a big milestone for organizations in the recycling industry. PJR, a Certification Body, provides important insights to ease concerns and ensure a smooth due diligence process.

1. Understanding the Requirements:

PJR emphasizes the importance of clarity regarding certification criteria during the R2V3 Transition. SERI’s COP Advisory 22 (version 1.4) serves as a guide for organizations, clearly outlining the necessary steps. To summarize, a vendor must meet the following conditions:

• Possess an active R2V3 certificate, or
• Hold R2:2013 certification and have completed an R2V3 Transition Audit, and
• Have a scope of certification covering the required equipment, components, materials, and R2 Process Requirements.

2. Timelines and PJR’s Role:

PJR acknowledges the eagerness of organizations to obtain their certificates quickly. R2V3 is renowned for its rigorous requirements, leading to its credibility in the recycling industry. PJR strives to process audit packages in a timely manner, considering factors such as closure of nonconformities, auditor availability, and prioritization of urgent packages nearing expiration or facing active suspensions.

Although delays can be frustrating, PJR reassures its clients that they are committed to supporting them during the R2V3 Transition period. PJR appreciates the patience and confidence demonstrated by its clients and remains dedicated to providing the best possible service.

The R2V3 certification process and its impact on due diligence can be complex. Understanding these guidelines and timelines will help organizations ensure compliance and meet the expectations of suppliers. While delays may occur, PJR is dedicated to diligently processing audit packages and supporting its clients throughout the transition to R2V3.

---

---

To protect sensitive information, organizations must invest in their cybersecurity procedures.

Detection of breaches is a crucial first step in incident response. Pre-incident detection involves taking preventive measures before an attack occurs, while real-time detection can sense when an attack is underway. Unfortunately, post-incident detection is the most common, requiring the awareness of a successful attack to stop it. The response to an attack involves identifying, containing, eradicating, and recovering from the incident.

Establishing a resilient cybersecurity plan starts with comprehensive risk assessment. Factors like who may target the organization, what they may target, and how they may achieve their goals will help identify weaknesses. Regulatory and contractual requirements should also be considered.

Once risks have been identified, there are several ways to respond:

• By treating risk, you may implement a measure (or several measures) to reduce the chance or the impact of treating said risk.
• By terminating risk, you eliminate the risk at the source.
• By transferring risk, you pass the responsibility for said risk on to another party, such as outsourcing to a transferring third party or taking on insurance.
• By tolerating risk, you elect to retain the risk – perhaps because there is no viable way to effectively treat it or because the risk has been deemed acceptable.

It’s important to remember that implementing security measures doesn’t guarantee complete protection. A layered approach is recommended, with different types of security challenges to make it harder to be attacked. Organizations often focus on technology but should not neglect the human component and social processes associated with leveraging a possible attack.

For more information, contact PJR via phone: (248) 358-3388 or email: pjr@pjr.com.

---

---

On Wednesday, June 14, 2023, the Institute of Scrap Recycling Industries (ISRI) will host the annual Safety Stand-Down Day.

This day serves as a reminder for everyone involved in the recyclable materials industry to dedicate at least one hour of their workday to engaging in safety conversations and activities. ISRI has been organizing this event for eight years, encouraging its members to prioritize health and safety. Health and safety programs play an important role in protecting workers and businesses. By implementing these programs, companies achieve various benefits, including preventing injuries and illnesses, improving compliance with regulations, reducing costs, engaging workers, embracing social responsibility, and increasing productivity.

The OSHA Safe + Sound campaign emphasizes three pillars that contribute to a robust health and safety program: management leadership, worker participation, and finding and fixing hazards:

1. Management Leadership: Top management’s commitment to safety is crucial for success. When management demonstrates a genuine concern for safety and health, workers recognize its importance to the overall success of the business. Ways in which management can display commitment include developing and communicating safety policies, allocating resources, integrating safety into operational decisions, recognizing safety achievements, and leading by example.
2. Worker Participation: Involving workers in the safety program is vital. Workers possess valuable knowledge and experience related to their jobs, making them essential in identifying and solving safety challenges. For worker participation to be effective, employees must feel comfortable reporting incidents, suggesting improvements, and speaking up without fear of retaliation or discrimination.
3. Find and Fix Hazards: Proactively identifying and controlling workplace hazards is key to preventing injuries and illnesses. Traditional approaches to hazard management are often reactive, waiting until an incident occurs or external inspections uncover problems. A systematic approach is more effective, involving workers in hazard identification, conducting inspections, investigating incidents, evaluating controls, and continuously monitoring and improving safety measures.

The annual Safety Stand-Down Day provides an opportunity for the recyclable materials industry to focus on safety and health. By dedicating time to safety conversations and activities, companies can demonstrate their commitment to the well-being of their employees and overall business success. Through initiatives like the OSHA Safe + Sound campaign, businesses can create a culture of safety by emphasizing management leadership, worker participation, and a proactive approach to identifying and addressing hazards. By prioritizing health and safety, the industry can continue to reduce injuries, protect workers, and enhance productivity, ultimately contributing to a safer and more efficient workplace.

Learn more here on the ISRI Website.

---