Audit Requirements for Third Party Conformity Assessment Bodies, 31074-31085 [2012-10922]

Agencies

• Consumer Product Safety Commission

[Federal Register Volume 77, Number 101 (Thursday, May 24, 2012)]
[Rules and Regulations]
[Pages 31074-31085]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-10922]



[[Page 31073]]

Vol. 77

Thursday,

No. 101

May 24, 2012

Part II





Consumer Product Safety Commission





-----------------------------------------------------------------------





16 CFR Parts 1112 and 1118





Audit Requirements for Third Party Conformity Assessment Bodies and 
Requirements Pertaining to Third Party Conformity Assessment Bodies; 
Final Rule and Proposed Rule

Federal Register / Vol. 77 , No. 101 / Thursday, May 24, 2012 / Rules 
and Regulations

[[Page 31074]]


-----------------------------------------------------------------------

CONSUMER PRODUCT SAFETY COMMISSION

16 CFR Part 1112

[CPSC Docket No. CPSC-2009-0061]


 Audit Requirements for Third Party Conformity Assessment Bodies

AGENCY: Consumer Product Safety Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Consumer Product Safety Commission (``CPSC,'' 
``Commission,'' or ``we'') is issuing a final rule establishing 
requirements for the periodic audit of third party conformity 
assessment bodies as a condition of their continuing accreditation.
    The final rule implements a section of the Consumer Product Safety 
Act (``CPSA''), as amended by the Consumer Product Safety Improvement 
Act of 2008 (``CPSIA'').

DATES: This rule is effective on July 23, 2012.

FOR FURTHER INFORMATION CONTACT: Randy Butturini, U.S. Consumer Product 
Safety Commission, 4330 East West Highway, Bethesda, MD 20814; 301-504-
7562; email: RButturini@cpsc.gov.

SUPPLEMENTARY INFORMATION: 

I. Introduction

    In the Federal Register of August 13, 2009 (74 FR 40784), we 
published a proposed rule that would establish requirements for the 
periodic audit of third party conformity assessment bodies as a 
condition of their continuing accreditation. The proposed rule would 
implement section 14(d)(1) of the CPSA, as amended by section 102(b) of 
the CPSIA. (On August 12, 2011, the President signed into law Public 
Law 112-28, which amended both the CPSA and the CPSIA. Section 10(a) of 
Public Law 112-28 redesignates what was identified as section 14(d) of 
the CPSA in the preamble of the proposed rule as section 14(i) of the 
CPSA; consequently, except where we are citing language from the 
proposed rule, the remainder of this document will refer to section 
14(i) of the CPSA.)
    Section 14(a)(1) of the CPSA (15 U.S.C. 2063(a)(1)) requires that 
the manufacturer (including the importer) and the private labeler, if 
any, of a product that is subject to an applicable consumer product 
safety rule under the CPSA, or any similar rule, ban, standard, or 
regulation under any other Act enforced by the CPSC, issue a 
certificate, which certifies ``based on a test of each product or upon 
a reasonable testing program, that such product complies with all 
rules, bans, standards, or regulations applicable to the product under 
this Act or any other Act enforced by the Commission'' and specifies 
each rule, ban, standard, or regulation applicable to the product. This 
requirement applies to any such product manufactured on or after 
November 12, 2008.
    Section 14(a)(2) of the CPSA establishes a third party testing 
requirement for children's products that are subject to a children's 
product safety rule. In general, section 14(a)(2) of the CPSA states, 
in part, that every manufacturer or private labeler (if the children's 
product bears a private label) of such products shall submit sufficient 
samples of the product, or samples that are identical in all material 
respects to the product, to an accredited third party conformity 
assessment body to be tested for compliance with such children's 
product safety rule.
    In the Federal Register of May 20, 2010 (75 FR 28336), we published 
a proposed rule that would establish the requirements for a reasonable 
testing program and for compliance and continued testing of children's 
products. In the Federal Register of November 8, 2011 (76 FR 69482), we 
published a final rule with respect to compliance and continued testing 
of children's products.
    Section 14(a)(3) of the CPSA establishes various timelines for 
accreditation and requires the Commission to publish a notice of the 
requirements for accreditation of third party conformity assessment 
bodies to assess conformity with specific laws or regulations. We have 
published several notices of requirements in the Federal Register (see, 
e.g., 76 FR 49286 (August 10, 2011) (``Third Party Testing for Certain 
Children's Products; Notice of Requirements for Accreditation of Third 
Party Conformity Assessment Bodies to Assess Conformity with the Limits 
on Phthalates in Children's Toys and Child Care Articles,''); 76 FR 
46598 (August 3, 2011) (``Third Party Testing for Certain Children's 
Products; Toys: Requirements for Accreditation of Third Party 
Conformity Assessment Bodies'')). Section 14(a)(3)(C) of the CPSA 
states that accreditation of third party conformity assessment bodies 
may be conducted by the Commission or by an independent accreditation 
organization designated by the Commission.
    Section 14(i)(1) of the CPSA requires the Commission to establish 
``requirements for the periodic audit of third party conformity 
assessment bodies as a condition for the continuing accreditation of 
such conformity assessment bodies'' under section 14(a)(3)(C) of the 
CPSA. This final rule implements section 14(i)(1) of the CPSA.

II. Comments on the Proposed Rule, the CPSC's Responses, and a 
Description of the Final Rule

    The proposed rule would create a new part 1112, titled, ``Audit 
Requirements for Third Party Conformity Assessment Bodies,'' in Title 
16 of the Code of Federal Regulations. Six commenters responded to the 
proposal.
    We describe and respond to the comments in this section of this 
document and also describe the final rule. A summary of each of the 
commenter's topics is presented, and each topic is followed by staff's 
response. For ease of reading, each topic will be prefaced with a 
numbered ``Comment''; and each response will be prefaced by a 
corresponding numbered ``Response.'' Each ``Comment'' is numbered to 
help distinguish between different topics. The number assigned to each 
comment is for organizational purposes only and does not signify the 
comment's value, or importance, or the order in which it was received. 
Comments on similar topics are grouped together.

A. Comments on Specific Provisions

    Most commenters addressed specific sections in the proposed rule, 
or referenced issues associated with a particular term in a proposed 
section, but not directly relevant to the proposed section itself. We 
address those comments in this section. However, on our own initiative, 
we have renumbered the sections and renamed the part in which the 
sections will be placed. For example, proposed Sec.  1112.1, titled, 
``Purpose,'' is now renumbered as Sec.  1112.20. As another example, 
the proposed rule would have created a part 1112, titled, ``Audit 
Requirements for Third Party Conformity Assessment Bodies''; however, 
the final rule divides the audit requirements into two subparts and 
renames part 1112, ``Requirements Pertaining to Third Party Conformity 
Assessment Bodies.'' We have taken this action because, elsewhere in 
this issue of the Federal Register, we have published a proposed rule 
to establish other requirements pertaining to third party conformity 
assessment bodies (such as the requirements for accreditation and 
provisions for the withdrawal and suspension of third party conformity 
assessment bodies) and wish to place all requirements for third party 
conformity assessment bodies in a single location. This will make it 
easier for interested

[[Page 31075]]

parties to locate the regulations pertaining to third party conformity 
assessment bodies.
1. Sec.  1112.30--Purpose
    Proposed Sec.  1112.1 (now renumbered as Sec.  1112.30 in the final 
rule) would describe the purpose of the audit rule. In brief, proposed 
Sec.  1112.1 would state that part 1112 ``establishes the audit 
requirements for third party conformity assessment bodies pursuant to 
section 14(d)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 
2063(d)(1)).'' Under section 14(i)(1) of the CPSA, compliance with the 
requirements in part 1112 would be a condition of continuing the 
accreditation of such third party conformity assessment bodies.
    (Comment 1)--One commenter noted that the proposal referred to 
certifying organizations under the Labeling of Hazardous Art Materials 
Act (LHAMA). The commenter stated that art and craft companies cannot 
afford both LHAMA and what the commenter called ``redundant'' testing 
under the CPSIA. The commenter said that retailers that do not 
recognize the Art and Creative Materials Institute (ACMI) as a third 
party conformity assessment body are demanding additional tests. The 
commenter said the CPSC should consider the acceptance of current 
certification programs, such as ACMI's, to be in full compliance with 
the CPSIA.
    (Response 1)--Although issues related to product testing are 
outside the scope of the audit rule, the commenter may have 
misinterpreted the statute and the proposed rule's reference to 
certifying organizations under LHAMA. Section 14(f)(2)(C) of the CPSA 
states that certifying organizations, as defined in appendix A to 16 
CFR 500.14(b)(8), are third party conformity assessment bodies with 
respect to certifying art materials and art products to Federal 
Hazardous Substances Act (FHSA) requirements. Current certification 
programs, such as ACMI's, are for certifying to LHAMA rules. Section 14 
of the CPSA, however, also requires children's products to be tested 
for compliance to children's product safety rules; and it defines 
``children's product safety rules'' as ``a consumer product safety rule 
under [the CPSA] or similar rule, regulation, standard, or ban under 
any other Act enforced by the Commission, including a rule declaring a 
consumer product to be a banned hazardous product or substance.'' Thus, 
because the definition of ``children's product safety rule'' is broader 
than certification of art materials and art products to FHSA 
requirements, testing under section 14 of the CPSA is not ``redundant'' 
to LHAMA certification.
    Therefore, the final rule retains the text of the ``Purpose'' 
section, although we have replaced ``part,'' with ``subpart,'' to 
reflect that the audit requirements are now subpart C of part 1112. 
Additionally, on our own initiative, we have:
     Changed the title from ``Purpose,'' to ``What Is the 
Purpose of this Subpart?'' to be consistent with the style used for 
other headings in the final rule;
     Revised the second sentence stating that ``Compliance with 
these requirements is condition for the continuing accreditation * * 
*'' to ``Compliance with these requirements is a condition of the 
continuing accreditation * * *''; and
     Revised the third sentence by inserting a comma between 
``Labeling of Hazardous Art Materials Act'' and ``even.''
    These changes are not substantive, and the latter two changes were 
made for grammatical purposes.
2. Subpart A--Purpose and Definitions
    Proposed Sec.  1112.3 would define various terms used in part 1112. 
The final rule now places all definitions in Sec.  1112.3 in subpart A, 
``Purpose and Definitions.''
a. Accreditation
    Proposed Sec.  1112.3(a) would define ``accreditation'' as:
    A procedure by which an authoritative body gives formal recognition 
that a third party conformity assessment body is competent to perform 
specific tasks. Accreditation recognizes a third party conformity 
assessment body's technical competence and is usually specific for 
tests of the systems, products, components, or materials for which the 
third party conformity assessment body claims proficiency.
    The preamble to the proposed rule explained that the definition was 
based on a description used by the International Organization for 
Standardization (ISO) in relation to ISO Standard ISO/IEC 17025:2005, 
``General Requirements for the Competence of Testing and Calibration 
Laboratories,'' except that it uses the term ``third party conformity 
assessment body,'' instead of ``lab,'' and refers to ``technical 
competence,'' instead of ``technical capability'' (see 74 FR at 40785). 
We explained that the term ``third party conformity assessment body'' 
is used in section 14(a)(3)(C) of the CPSA, and that we were aware that 
ISO/IEC 17025:2005, by reference, incorporates the definitions set 
forth in ISO/IEC 17000:2004, ``Conformity Assessment--Vocabulary and 
General Principles,'' but we decided against adopting the definition of 
``accreditation'' in ISO/IEC 17000 because it incorporates several 
other definitions by implied reference.
    (Comment 2)--One commenter would revise the first sentence of the 
definition to define ``accreditation'' as: ``A procedure by which an 
authoritative body gives formal recognition that a third party 
conformity assessment body meets competence requirements to perform 
specific tasks.'' The commenter explained that accreditation is ``not a 
subjective assessment of competence based on whatever the individual 
assessors think is important, but rather is a requirements-based 
activity.''
    (Response 2)--We agree with the commenter, and we have revised the 
definition accordingly.
    Additionally, on our own initiative, we have revised the numbering 
in Sec.  1112.3, generally, to eliminate the paragraph designations 
before each defined term. We removed the paragraph designations to be 
more consistent with accepted formats for regulations.
    (Comment 3)--One commenter suggested revising the definition of 
``accreditation'' to ``meet the international requirement,'' but they 
did not explain what is meant by ``the international requirement.''
    (Response 3)--For purposes of this response, we assume that the 
commenter's reference to ``international requirement'' means the 
definitions used in ISO/IEC 17000:2004, ``Conformity Assessment--
Vocabulary and General Principles.'' Section 5.5 of ISO/IEC 17000: 2004 
defines ``accreditation'' as ``third party attestation (5.2) related to 
a conformity assessment body (2.5) conveying a formal demonstration of 
its competence to carry out specific conformity assessment tasks.'' As 
we explained in the preamble to the proposed rule, ISO/IEC's definition 
of ``accreditation'' incorporates several other definitions by implied 
reference; therefore, we chose to adopt a more detailed definition of 
the term, rather than adopt a definition from ISO/IEC 17000, whose 
terms would compel the reader to consult even more definitions before 
they could understand how the rule defines ``accreditation'' (see 74 FR 
at 40785).
    Alternatively, because the commenter also discussed requiring 
reciprocity, it is possible that they meant to suggest that we amend 
the definition of ``accreditation'' to include a reciprocity 
requirement. As discussed later in part II.B of this preamble in the 
response to

[[Page 31076]]

Comment 12, a reciprocity requirement is beyond the scope of this rule.
    Consequently, we decline to revise the definition as suggested by 
the commenter.
    (Comment 4)--Another commenter stated that ISO/IEC 17025:2005 and 
ISO 17000:2004 have definitions that are the result of a consensus and 
are ``universally accepted and understood.'' The commenter said that 
the proposal's use of different definitions or modification of ISO 
definitions ``will create unnecessary problems in the process of 
accreditation and audits and should be avoided.''
    (Response 4)--As the preamble to the proposed rule explained (see 
74 FR at 40785), in the definition of ``accreditation,'' we chose to 
substitute the term ``third party conformity assessment body'' instead 
of ``lab'' to be consistent with the language in section 14(a)(3)(C) of 
the CPSA. The preamble to the proposed rule explained other differences 
between the proposed definitions and ISO/IEC 17025:2005 and ISO 
17000:2004; for example, we chose to define some terms to be consistent 
with notices of requirements issued by the Commission, while other 
definitions are almost identical to the corresponding ISO definition 
(id. at 40785 through 40786).
    Furthermore, because the commenter did not identify how any 
proposed definition would cause ``unnecessary problems,'' we decline to 
revise the rule as suggested by the commenter.
b. Accreditation Body
    Proposed Sec.  1112.3(b) would define ``accreditation body'' as 
``an entity that accredits or has accredited a third party conformity 
assessment body as meeting, at a minimum, the International 
Organization for Standardization (ISO) Standard ISO/IEC 17025:2005, 
`General Requirements for the Competence of Testing and Calibration 
Laboratories,' '' and any test methods or consumer product safety 
requirements specified in the relevant notice of requirements issued by 
the Commission, and is a signatory to the International Laboratory 
Accreditation Cooperation-Mutual Recognition Arrangement. The preamble 
to the proposed rule explained that the proposed definition of 
``accreditation body'' reflects the basic elements that the Commission 
has specified in its notices of requirements for the accreditation of 
third party conformity assessment bodies. The preamble also explained 
that the phrase ``at a minimum'' recognizes that some accreditation 
bodies, as part of the accreditation process, may demand that a third 
party conformity assessment body demonstrate its conformity with 
specific methods or programs, as well as demonstrate compliance with 
ISO/IEC 17025:2005 and with any test methods identified in the relevant 
notices of requirements issued by the Commission.
    (Comment 5)--Several commenters addressed issues relating to ISO/
IEC 17025:2005 rather than the definition itself.
    One commenter said that ISO/IEC 17025:2005 is a ``good baseline,'' 
but nevertheless, asserted that the CPSC should create a mechanism to 
supervise and control the acceptance of government-owned or government-
controlled conformity assessment bodies and firewalled conformity 
assessment bodies to help ensure their protection against undue 
influence. (A firewalled conformity assessment body is one that is 
owned, managed, or controlled by a manufacturer or private labeler of a 
children's product to be tested by the conformity assessment body for 
certification purposes and that seeks accreditation under the 
additional statutory criteria for ``firewalled'' conformity assessment 
bodies.)
    (Response 5)--Although the commenter's focus on issues of undue 
influence goes beyond the scope of the rule, we note that the statutory 
accreditation requirements pertaining to undue influence and 
government-owned, government-controlled, and firewalled conformity 
assessment bodies exceed those of ISO/IEC 17025:2005. Section 
14(f)(2)(D) of the CPSA requires firewalled conformity assessment 
bodies to have procedures to ensure that test results are protected 
from undue influence by the manufacturer, private labeler, or other 
interested party. Conformity assessment bodies that apply for CPSC 
approval as firewalled laboratories must submit to the Commission 
copies of their training documents, showing how employees are trained 
to notify the Commission immediately and confidentially of any attempt 
by the manufacturer, private labeler, or other interested party to hide 
or exert undue influence over the third party conformity assessment 
body's test results.
    For governmental laboratory applicants, CPSC staff engages the 
governmental entities relevant to requests for CPSC acceptance to 
obtain the necessary assurances of compliance with the statutory 
requirements for governmental conformity assessment bodies 
(laboratories). Section 14(f)(2)(B) of the CPSA requires that 
governmental-owned or controlled conformity assessment bodies may apply 
for CPSC recognition of their accreditation and be subject to the audit 
provisions, if, among other requirements:
     The conformity assessment body's testing results are not 
subject to undue influence by any other person, including another 
governmental entity; and
     The conformity assessment body does not exercise undue 
influence over other governmental authorities controlling distribution 
of products based on outcomes of the conformity assessment body's 
conformity assessments.

Thus, the final rule retains the definition of ``accreditation body'' 
without change, except that, on our own initiative, we have inserted 
``/International Electrotechnical Commission (IEC)'' after 
``International Organization for Standardization (ISO)'' to provide the 
full name corresponding to the abbreviation ``IEC''; and we added 
``:2005'' after ``17025'' to identify the particular edition of the 
standard. We address the process for initially accepting government and 
firewalled laboratories in the proposed rule on ``Requirements 
Pertaining to Third Party Conformity Assessment Bodies.''

    (Comment 6)--One commenter said that there are substantial 
differences among accreditation bodies. In some cases, the conformity 
assessment body and the accreditation body are both government-
controlled. The commenter added that H.R. 2749, titled, the ``Food 
Safety Enhancement Act of 2009,'' has stricter requirements for 
firewalled conformity assessment bodies, including a restriction on 
such laboratories certifying their own products. The commenter 
suggested that the CPSC designate individual accreditation bodies based 
on specific criteria to prove their competency with CPSC requirements.
    (Response 6)--The Commission, through its notices of requirements, 
has required all third party conformity assessment bodies to be 
accredited by an accreditation body that is a signatory to the 
International Laboratory Accreditation Cooperation-Mutual Recognition 
Arrangement (ILAC-MRA) and further mandated that the scope of the 
accreditation include testing relative to the appropriate test 
method(s) or regulation(s) cited in the notice of requirements. All 
ILAC-MRA accreditation bodies must maintain conformity with the current 
version of ISO/IEC 17011 and related ILAC guidance documents and ensure 
that all accredited laboratories comply with ISO/IEC 17025:2005 and 
applicable ILAC policy and guidance documents. This ensures some degree 
of similarity

[[Page 31077]]

or uniformity among accreditation bodies, regardless of their 
geographical location, and it also ensures consistency among third 
party conformity assessment bodies accredited by such ILAC-MRA 
accreditation bodies. Requiring specific criteria of accreditation 
bodies is beyond the scope of the requirements for auditing conformity 
assessment bodies.
    As for the Food Safety Enhancement Act of 2009, it would restrict 
testing laboratories' certification activities. However, under section 
14 of the CPSA and CPSC regulations at 16 CFR part 1110, third party 
conformity assessment bodies do not issue certifications; accordingly, 
the bill's potential requirements are not directly relevant here. 
Additionally, nothing in section 14 of the CPSA prohibits firewalled 
conformity assessment bodies from testing a manufacturer's own 
products.
c. Audit
    Proposed Sec.  1112.3(c) would define ``audit'' as ``a systematic, 
independent, documented process for obtaining records, statements of 
fact, or other relevant information, and assessing them objectively to 
determine the extent to which specified requirements are fulfilled.'' 
The preamble to the proposed rule (74 FR at 40785) explained that this 
definition is almost identical to the definition of ``audit'' in ISO/
IEC 17000. Proposed Sec.  1112.3(c) also would explain that, for 
purposes of part 1112, an audit consists of two parts: (1) An 
examination by an accreditation body to determine whether the third 
party conformity assessment body meets or continues to meet the 
conditions for accreditation (a process known more commonly as a 
``reassessment,'' and that the remainder of this preamble will refer to 
as a ``reassessment''); and (2) the resubmission of the ``Consumer 
Product Conformity Assessment Body Acceptance Registration Form'' (CPSC 
Form 223) by the third party conformity assessment body and the CPSC's 
examination of the resubmitted CPSC Form 223 (that the remainder of 
this preamble will refer to as an ``examination'' by the CPSC).
    We received no comments on the proposed definition. However, on our 
own initiative, we have revised the phrase, ``is composed of two 
parts,'' to read ``consists of two parts.'' This change is for 
grammatical purposes only. Additionally, as stated earlier in part II.A 
of this preamble in the response to Comment 2, we have removed the 
paragraph designation; thus, the definition of ``audit'' is now at 
Sec.  1112.3 of the final rule rather than at Sec.  1112.3(c) (as 
proposed).
d. Commission
    Proposed Sec.  1112.3(d) would define ``Commission'' to mean the 
Consumer Product Safety Commission.
    We received no comments on this provision, and therefore, other 
than removing the paragraph designation (i.e., removing ``(d)'' before 
the definition of ``Commission'' appears), we have finalized the 
provision without change.
e. Quality Manager
    Proposed Sec.  1112.3(e) would define ``quality manager'' as an 
individual ``(however named) who, irrespective of other duties and 
responsibilities, has defined responsibility and authority for ensuring 
that the management system related to quality is implemented and 
followed at all times and who has direct access to the highest level of 
management at which decisions are made on the conformity assessment 
body's policy or resources.'' The preamble to the proposed rule 
explained that this definition is patterned after the explanation of 
the quality manager's role in ISO/IEC 17025:2005, section 4.1.5 (74 FR 
at 40786).
    We received no comments on this provision, and therefore, other 
than removing the paragraph designation, we have finalized the 
provision without change.
f. Use of Statutory Definitions
    Proposed Sec.  1112.3(f) would explain that, unless otherwise 
stated, the definitions of section 3 of the CPSA, and additional 
definitions in the CPSIA, are applicable for purposes of part 1112 of 
this title. Thus, for example, the CPSIA's definition of ``third party 
conformity assessment body,'' which includes independent conformity 
assessment bodies, government-owned or government-controlled conformity 
assessment bodies (subject to certain requirements in section 
14(f)(2)(B) of the CPSA), and ``firewalled'' conformity assessment 
bodies (subject to certain requirements in section 14(f)(2)(D) of the 
CPSA), would apply to part 1112; and the term ``third party conformity 
assessment body'' in part 1112 would be understood to include all three 
types of conformity assessment bodies.
    (Comment 7)--One commenter stated that referring to firewalled and 
government-owned or government-controlled conformity assessment bodies 
as ``third party conformity assessment bodies'' misuses a term with a 
specific definition. The commenter said that there are differences in 
how conformity assessment bodies operate and opined further that the 
CPSC ``needs to address those differences, not only in their 
accreditation requirements, but also in their audit requirements.''
    (Response 7)--Although the commenter did not identify a particular 
provision, we assume that the commenter was addressing part of the 
preamble to the proposed rule in which the Commission explained that 
under proposed Sec.  1112.3(f), ``unless otherwise stated, the 
definitions of section 3 of the CPSA and additional definitions in the 
CPSIA apply for purposes of part 1112 of this title'' (see 74 FR at 
40786). The preamble to the proposed rule added: ``Thus, for example, 
the CPSIA's definition of `third party conformity assessment body,' 
which includes independent conformity assessment bodies, government-
owned or government-controlled conformity assessment bodies (subject to 
certain requirements in section 14(f)(2)(B) of the CPSA), and 
`firewalled' conformity assessment bodies (subject to certain 
requirements in section 14(f)(2)(D) of the CPSA), would apply to part 
1112, and the term `third party conformity assessment body' in part 
1112 would be understood as including all three types of conformity 
assessment bodies'' (id.).
    Thus, with respect to the definition of ``third party conformity 
assessment body,'' the preamble to the proposed rule was referring to 
the section 14(f)(2) of the CPSA. Because the statute considers 
government-owned or government-controlled conformity assessment bodies 
and firewalled conformity assessment bodies to fall under ``third party 
conformity assessment body'' in section 14(f)(2) of the CPSA, we 
decline to revise the rule as suggested by the comment.
    As for establishing different accreditation requirements, sections 
14(f)(2)(B) and (f)(2)(D) of the CPSA already establish different 
requirements for government-owned or government-controlled conformity 
assessment bodies and firewalled conformity assessment bodies. 
Furthermore, the Commission, through its notices of requirements for 
the accreditation of third party conformity assessment bodies, 
establishes accreditation requirements. Thus, the commenter's request 
for different accreditation requirements is outside the scope of this 
rule.
    With respect to different audit requirements, the commenter did not 
suggest any changes to the rule that would apply to government-owned, 
government-controlled, or firewalled conformity assessment bodies. 
Consequently, we have no basis to establish different audit 
requirements

[[Page 31078]]

for different types of third party conformity assessment bodies.
3. Sec.  1112.31--Who is subject to these audit requirements?
    Proposed Sec.  1112.5 (now renumbered as Sec.  1112.31 in the final 
rule) would explain that the requirements in part 1112 apply to third 
party conformity assessment bodies operating pursuant to section 
14(a)(2) of the CPSA, and it would reiterate that third party 
conformity assessment bodies must comply with the audit requirements as 
a condition of the Commission's acceptance of their accreditation.
    We received no comments on this provision, and other than to 
renumber it, we have finalized the provision without change.
4. Sec.  1112.33--What must an audit address or cover? Who conducts the 
audit?
    Proposed Sec.  1112.3(c) would explain that, for purposes of part 
1112, an audit consists of two parts: (1) An examination by an 
accreditation body to determine whether the third party conformity 
assessment body meets or continues to meet the conditions for 
accreditation (the ``reassessment'' portion of the audit); and (2) the 
resubmission of the ``Consumer Product Conformity Assessment Body 
Acceptance Registration Form'' (CPSC Form 223) by the third party 
conformity assessment body and the CPSC's examination of the 
resubmitted CPSC Form 223. If the third party conformity assessment 
body is a ``firewalled'' conformity assessment body or a government-
owned or government-controlled conformity assessment body, the CPSC's 
examination may include verification to ensure that the entity 
continues to meet the appropriate statutory criteria pertaining to such 
conformity assessment bodies.
a. Sec.  1112.33(a)--What does the reassessment portion of the audit 
cover?
    Under proposed Sec.  1112.7(a) (now renumbered as Sec.  1112.33(a) 
in the final rule), the reassessment portion of the audit may cover the 
management systems, specific tests, types of tests, calibrations, or 
types of calibrations that are the subject of the third party 
conformity assessment body's accreditation. The proposal also stated 
that the reassessment portion must examine the third party conformity 
assessment body's management systems to ensure that the third party 
conformity assessment body is free from any undue influence regarding 
its technical judgment.
    (Comment 8)--One commenter noted that the text might be interpreted 
to require that only the management system from ISO/IEC 17025:2005 be 
met. The commenter said that we should require applicants to fulfill 
all requirements in ISO/IEC 17025:2005 rather than the management 
requirements.
    (Response 8)--We interpret the commenter as referring to the 
preamble to the proposed rule (74 FR at 40786), which states that 
``Under proposed Sec.  1112.7(a), the reassessment portion of the audit 
may cover the management systems, specific tests * * *.'' and 
referencing proposed Sec.  1112.7(a), which also uses the word ``may.''
    During the reassessment portion of the audit, the accreditation 
body examines the competence of the entire operation of the conformity 
assessment body, including the competence of the personnel, the 
validity of the conformity assessment methodology, and the validity of 
the conformity assessment results. We agree with the commenter that the 
use of the word ``may'' in these sections could be misinterpreted as 
not requiring compliance by the conformity assessment body with all 
sections of ISO/IEC 17025:2005, and the proposed rule was not intended 
to suggest that the reassessment could be limited to management systems 
alone. To the contrary, the proposal's mention of ``specific tests, 
types of tests, calibrations, or types of calibrations'' was to show 
that a reassessment extends to technical requirements too. 
Consequently, we have revised Sec.  1112.33(a) to state that the 
reassessment portion of an audit of a conformity assessment body by an 
accreditation body covers management requirements and technical 
requirements. The remainder of Sec.  1123.33(a), pertaining to 
examination of the third party conformity assessment body's management 
systems, is unchanged.
    (Comment 9)--Several commenters said that because products must be 
certified as being in compliance, the principles for impartiality and 
undue influence need to come from ISO/IEC Guide 65, General 
Requirements for Bodies Operating Product Certification Systems, which 
is a standard for certifying bodies. One commenter said that ISO/IEC 
Guide 65 is important especially for firewalled and government 
conformity assessment bodies. Additionally, the commenter said that the 
CPSC should require ``applicants'' to submit evidence of fulfillment of 
ISO/IEC 17025:2005 section 4.1.5.b. as part of their application to the 
CPSC, both initially and with ongoing audits. The commenter said that 
this information is needed in addition to current firewalled training 
and that applicants need to be able to notify the Commission about 
undue influence. Further, ISO/IEC Guide 65 has several requirements to 
protect impartiality and conflict of interest, the commenter noted.
    One commenter added that the Occupation Safety and Health 
Administration (OSHA) has a National Recognized Testing Laboratory 
(NRTL) program that uses ISO/IEC Guide 65's requirements to review a 
laboratory's independence. Rigorous evaluation of the independence of a 
laboratory should be required annually or at least with surveillance 
and reassessment visits, the commenter urged.
    Another commenter remarked that OSHA's NRTL and the U.S. Federal 
Communications Commission's (FCC's) Telecommunications Body 
Certification (TBC) programs could be used as sources.
    Another commenter suggested that we consider the principles of 
product certification outlined in the American National Standards 
Institute document, titled, ``National Conformity Assessment Principles 
for the United States.'' The commenter said that manufacturer 
certification based on testing by laboratories accredited to ISO/IEC 
17025:2005 can ensure that a product conforms to a required standard at 
the time of testing, but it ``does not ensure that the product 
continues to conform to the standard throughout production and 
distribution.''
    (Response 9)--The commenters may have misinterpreted the rule. 
Conformity assessment bodies test products, whereas domestic 
manufacturers and importers are responsible for certifying that their 
products comply with all rules, bans, standards, or regulations under 
the CPSA or any other Act enforced by the Commission under existing 
CPSC regulations at 16 CFR part 1110. Consequently, with respect to the 
comment regarding ISO/IEC Guide 65, we note that ISO/IEC Guide 65 
provides requirements for certification bodies, which have different 
requirements and responsibilities than third party conformity 
assessment bodies (which, under section 14 of the CPSA and our 
regulations at 16 CFR part 1110, test children's products but do not 
issue certificates for such products), including attestations of 
conformity and surveillance activities. The requirements to protect 
impartiality and conflict of interest in ISO/IEC Guide 65 are tailored 
toward those functions.

[[Page 31079]]

    As for the suggestion that a conformity assessment body submit 
evidence of its fulfillment of ISO/IEC 17025:2005 section 4.1.5.b. as 
part of its application to the CPSC, both initially and with ongoing 
audits, section 102(c) of the CPSIA states that in establishing 
standards for accreditation of a third party conformity assessment 
body, the Commission may consider standards and protocols for 
accreditation of such conformity assessment bodies by independent 
accreditation organizations that are in effect on the date of enactment 
(August 14, 2008). Accreditation of third party conformity assessment 
bodies may be conducted either by the Commission or by an independent 
accreditation organization designated by the Commission. In our notices 
of requirements for the accreditation of third party conformity 
assessment bodies, we have established accreditation to ISO/IEC 
17025:2005, with the accreditation conducted by an accreditation body 
that is a signatory to the ILAC-MRA as a baseline requirement for 
accreditation. Thus, we have designated accreditation organizations 
(accreditation bodies) to conduct accreditation of third party 
conformity assessment bodies. Records related to accreditation 
assessments and reassessments are maintained by the accreditation 
bodies and the third party conformity assessment bodies.
    Consequently, the commenter's suggestion regarding evidence of a 
third party conformity assessment body's fulfillment of ISO/IEC 
17025:2005 requirements is unnecessary because Sec.  1112.39 requires a 
third party conformity assessment body to retain records related to the 
last three reassessments conducted by the accreditation body and make 
such records available to the CPSC upon request. Records of 
nonconformities related to safeguards against undue influence (or any 
ISO/IEC 17025:2005 requirement), as well as the corrective actions, 
must be made available upon the CPSC's request.
    In addition, Sec.  1112.37 requires the quality manager at the 
third party conformity assessment body to notify the CPSC within five 
business days of an accreditation body's notification of suspension, 
reduction, or withdrawal of accreditation. Failure to do so may lead to 
CPSC withdrawal of the laboratory as a CPSC-recognized third party 
conformity assessment body.
    As for the comment regarding a product's continued conformity to 
standards throughout the product's production and distribution, such 
matters are outside the scope of this audit rule; instead, they are 
addressed in a separate rulemaking pertaining to ``Testing and Labeling 
Pertaining to Product Certification'' (75 FR 28336 (May 20, 2010); 76 
FR 69482 (November 8, 2011)).
b. Sec.  1112.33(b)--Who conducts the reassessment portion of the 
audit?
    Proposed Sec.  1112.7(b) (now renumbered as Sec.  1112.33(b) in the 
final rule) would require the third party conformity assessment body to 
have the accreditation body that accredited the third party conformity 
assessment body perform the reassessment portion of the audit. For 
example, if a third party conformity assessment body was accredited for 
a particular scope by an accreditation body named AB-1, then AB-1 would 
conduct the reassessment. If, however, the same third party conformity 
assessment body changes its accreditation for the same scope, such that 
it becomes accredited by a different accreditation body, named AB-2, 
then AB-2 would conduct the reassessment.
    The preamble to the proposed rule also suggested that accreditation 
bodies performing reassessments conform to ISO/IEC 17011 titled, 
``Conformity Assessment--General Requirements for Accreditation Bodies 
Accrediting Conformity Assessment Bodies'' (74 FR at 40787). The 
preamble to the proposed rule stated that certain provisions in ISO/IEC 
17011, notably sections 7.11, ``Reassessment and Surveillance''; 7.12, 
``Extending Accreditation''; and 7.13, ``Suspending, Withdrawing, or 
Reducing Accreditation,'' may be relevant, particularly when conducting 
a reassessment (id.).
    (Comment 10)--One commenter stated that only a fraction of the many 
tests which a conformity assessment body may be accredited to perform 
actually are examined during any single reassessment. The commenter 
said it is up to the accreditation body performing the reassessment to 
decide which tests to undertake. In addition, the commenter asked 
whether a conformity assessment body must insist that the accreditation 
body reassess every two years all CPSC tests to which the conformity 
assessment body is accredited.
    (Response 10)--The commenter may have confused reassessment with 
surveillance. ISO/IEC 17011 defines ``assessment'' as ``a process 
undertaken by an accreditation body to assess the competence of a 
conformity assessment body, based on particular standard(s) and/or 
other normative documents and for a defined scope of accreditation.'' 
(See ISO/IEC 17011:2004, Conformity assessment--General requirements 
for accreditation bodies accrediting conformity assessment bodies, at 
section 3.7.) Assessing the competence of a conformity assessment body 
involves assessing the competence of all conformity assessment body 
operations, including (among other things) the competence of the 
personnel, the validity of the conformity assessment methodology, and 
the validity of the conformity assessment results. Reassessment is 
described as similar to an initial assessment, except that experience 
gained during previous assessments shall be taken into account. (Id. at 
section 7.11.1.) The outcome of these different approaches is the same 
in that the accreditation body must demonstrate that it has assessed 
adequately each of the third party conformity assessment body's 
competencies (including technical and management systems competencies) 
over the reassessment period.
    ``Surveillance'' is defined as ``a set of activities, except 
reassessment, to monitor the continued fulfillment by accredited CABs 
of requirements for accreditation'' (id. at section 3.18). Typically, 
surveillance consists of a subset of the reassessment activities, and 
it is conducted between reassessments.
    We note that, on our own initiative, we have revised the last 
sentence in Sec.  1112.33(b), by inserting a comma between ``changes it 
accreditation'' and ``so that it becomes accredited. * * *'' This 
change is for grammatical purposes.
c. Sec.  1112.33(c)--What is the examination portion of the audit?
    As for the examination portion of the audit, proposed Sec.  
1112.7(c) (now renumbered as Sec.  1112.33(c) in the final rule) would 
explain that the third party conformity assessment body must have the 
examination portion of the audit conducted by the Commission. The 
examination portion of the audit would consist of resubmission of CPSC 
Form 223 by the third party conformity assessment body to the CPSC and 
the CPSC's examination of the resubmitted form. Resubmission of the 
CPSC Form 223 would occur in two ways: (1) There would be a continuing 
obligation to ensure that the information submitted on CPSC Form 223 is 
current, such that a third party conformity assessment body would 
submit a new CPSC Form 223 whenever the information changes; and (2) In 
the absence of any changes that would necessitate the submission of a 
new CPSC Form 223, the third party conformity assessment body would 
reregister at the CPSC every 2 years, using CPSC Form 223.

[[Page 31080]]

    Additionally, proposed Sec.  1112.7(c) would contain specific 
requirements for the CPSC's examination of ``firewalled'' and 
government-owned or government-controlled conformity assessment bodies. 
For ``firewalled'' conformity assessment bodies, proposed Sec.  
1112.7(c)(1) would state that the examination portion of the audit 
conducted by the CPSC may include verification to ensure that the 
``firewalled'' conformity assessment body continues to meet the 
criteria set forth in section 14(f)(2)(D) of the CPSA. Thus, for 
example, under proposed Sec.  1112.7(c)(1), we could examine whether a 
``firewalled'' conformity assessment body's established procedures 
continue to exist; and likewise, it could review its mechanisms for 
confidential reporting of allegations of undue influence. For 
government-owned or government-controlled conformity assessment bodies, 
proposed Sec.  1112.7(c)(2) would state that the examination portion of 
the audit conducted by the CPSC may include verification that the 
government-owned or government-controlled conformity assessment body 
continues to meet the five criteria set forth in section 14(f)(2)(B) of 
the CPSA. Thus, for example, under proposed Sec.  1112.7(c)(2), the 
CPSC could examine whether a government-owned conformity assessment 
body has procedures in place to ensure that its testing results are not 
subject to undue influence by any other person.
    We received no comments on this provision, and aside from 
renumbering it as Sec.  1112.33(c), we finalized the provision without 
change. Elsewhere in this issue of the Federal Register, however, we 
have published a proposed rule to establish other requirements 
pertaining to third party conformity assessment bodies (such as the 
requirements for accreditation and provisions for the withdrawal and 
suspension of third party conformity assessment bodies). The proposed 
rule would establish different requirements on the resubmission of CPSC 
Form 223, by asking for additional documentation to support CPSC Form 
223.
5. Sec.  1112.35--When must an audit be conducted?
    Proposed Sec.  1112.9(a) (now renumbered as Sec.  1112.35 in the 
final rule) would state that, at a minimum, each third party conformity 
assessment body must be reassessed at the frequency established by its 
accreditation body for reassessments of the accreditation. For example, 
if the accreditation body would conduct a reassessment to reexamine a 
third party conformity assessment body's accreditation after 2 years, 
the minimum reassessment frequency for that third party conformity 
assessment body would be 2 years.
    As for the examination portion of the audit conducted by the CPSC, 
proposed Sec.  1112.9(b)(1) would require each third party conformity 
assessment body to ensure that the information it submitted on CPSC 
Form 223 is current and submit a new CPSC Form 223 whenever the 
information, such as the third party conformity assessment body's 
address, telephone number, or ownership, changes. In the absence of any 
changes that would necessitate the submission of a new CPSC Form 223, 
proposed Sec.  1112.9(b)(2) would require the third party conformity 
assessment body to reregister at the CPSC every 2 years, using CPSC 
Form 223.
    On our own initiative, we have decided against issuing a final rule 
regarding the timing of the examination portion of the audit. After the 
publication of the proposed rule in the Federal Register on August 13, 
2009, we have acquired more experience registering third party 
conformity assessment bodies and have made modifications to CPSC 
software, as well as to CPSC Form 223. This combination of experience 
and the modifications to the CPSC's registration system have prompted 
us to reconsider when the examination portion of an audit should be 
conducted. Elsewhere in this issue of the Federal Register, we have 
published a proposed rule to establish other requirements pertaining to 
third party conformity assessment bodies; the proposed rule contains a 
new provision regarding the timing of the examination portion of the 
audit; and we believe that the new proposed provision is clearer and 
easier to implement. Therefore, rather than codify when the examination 
portion of an audit must be conducted, the final rule reserves Sec.  
1112.35(b).
6. Sec.  1112.37--What must a third party conformity assessment body do 
after an audit?
    In general, once the accreditation body has conducted its 
reassessment of a third party conformity assessment body, the 
accreditation body will present its initial findings, along with any 
supporting evidence, to the quality manager for the third party 
conformity assessment body. The accreditation body may give the third 
party conformity assessment body's personnel the opportunity to present 
any objections they have to the initial findings. The accreditation 
body may adjust its findings in response to any valid objections.
    When the accreditation body presents its findings to the third 
party conformity assessment body, proposed Sec.  1112.11(a) would 
require the third party conformity assessment body's quality manager to 
receive the findings and, if necessary, initiate corrective action in 
response to the findings. Proposed Sec.  1112.11(b) would require the 
quality manager to prepare a resolution report; the resolution report 
would identify the corrective actions taken and any follow-up 
activities. If immediate corrective action is necessary (as may be the 
case if the findings identify problems associated with incorrect 
procedures, invalid actions, or the creation or use of invalid data), 
proposed Sec.  1112.11(b) would require the quality manager to document 
that they notified the relevant parties within the third party 
conformity assessment body to take immediate corrective action and also 
to document the action(s) taken.
    Proposed Sec.  1112.11(c) would require the quality manager to 
notify the CPSC if the accreditation body decides to reduce, suspend, 
or withdraw the third party conformity assessment body's accreditation 
and the reduction, suspension, or withdrawal of accreditation is 
relevant to the third party conformity assessment body's activities 
pertaining to a CPSC regulation or test method. The notification would 
be sent to the Assistant Executive Director, Office of Hazard 
Identification and Reduction, within five business days of the 
accreditation body's notification to the third party conformity 
assessment body. If a third party conformity assessment body does not 
notify the CPSC in the manner that proposed Sec.  1112.11(c) would 
require, then such noncompliance may be grounds for withdrawal of 
acceptance of the accreditation by the Commission under section 
14(e)(1)(B) of the CPSA for failure to ``comply with an applicable 
protocol, standard, or requirement established by the Commission'' 
under the audit regulations.
    Proposed Sec.  1112.11(d) would explain that the CPSC will notify 
the third party conformity assessment body if the CPSC finds that the 
third party conformity assessment body no longer meets the conditions 
contained in CPSC Form 223 or in the relevant statutory provisions 
applicable to that third party conformity assessment body. The CPSC 
also will identify the condition or statutory provision that is no 
longer met, specify a time by which the third party conformity 
assessment body must notify the CPSC of the steps that it intends to

[[Page 31081]]

take to correct the deficiency, and indicate when it will complete such 
steps. Proposed Sec.  1112.11(d) also would require the quality manager 
to document that they notified the relevant parties within the third 
party conformity assessment body to take corrective action and also 
document the action(s) taken.
    Proposed Sec.  1112.11(e) would describe the possible consequences 
if a third party conformity assessment body fails to remedy the 
deficiency in a timely fashion. In brief, proposed Sec.  1112.11(e) 
would state that the CPSC ``shall take whatever action it deems 
appropriate under the circumstances, up to and including withdrawing 
the CPSC's accreditation of the third party conformity assessment body 
or the CPSC's acceptance of the third party conformity assessment 
body's accreditation.''
    We received no comments on this provision, but we have renumbered 
the provision as Sec.  1112.37 in the final rule. Additionally, on our 
own initiative, we have:
     Revised the second sentence in Sec.  1112.37(b), by 
changing ``he/she notified'' to ``they notified'';
     Revised the address in Sec.  1112.37(c), to replace 
``Maryland'' with ``MD''; and
     Revised the next-to-last sentence in Sec.  1112.37(d), to 
change ``correct the deficiency and when it will complete such steps'' 
to ``correct the deficiency, and indicate when it will complete such 
steps''; and
     Revised the last sentence in Sec.  1112.37(d), by changing 
``he/she notified'' to ``they notified * * *.''

These changes are for grammatical purposes.
7. Sec.  1112.39--What records should a third party conformity 
assessment body retain regarding an audit?
    Proposed Sec.  1112.13 (now renumbered as Sec.  1112.39 in the 
final rule) would require a third party conformity assessment body to 
retain all records related to an audit and all records pertaining to 
the third party conformity assessment body's resolution of, or plans 
for, resolving nonconformities identified by the audit. Such 
nonconformities could be identified through a reassessment by an 
accreditation body or through an examination by the CPSC. The proposal 
also would require third party conformity assessment bodies to retain 
records related to the last three reassessments (or however many 
reassessments have been conducted, if the third party conformity 
assessment body has been reassessed less than three times) and make 
such records available to the CPSC, upon request.
    The proposal also would require third party conformity assessment 
bodies to retain records related to the last three reassessments 
because such records may reveal whether a pattern of problems with 
accreditation exists, and the records may indicate how quickly such 
problems are addressed and resolved.
    (Comment 11)--One commenter noted that ISO/IEC 17011 requires the 
accreditation body, rather than the conformity assessment body, to keep 
records of reassessments. The commenter said that it would be a burden 
on the accreditation body to make duplicates of these records and 
provide them to the conformity assessment body. The commenter said that 
a third party conformity assessment body could meet the objectives for 
record retention by keeping records of resolutions of nonconformities.
    (Response 11)--It is not the intent of the recordkeeping provision 
for the conformity assessment body to make available to the CPSC all 
records associated with reassessments that are maintained by the 
accreditation body. However, assessment and reassessment records need 
to be retained by the conformity assessment body and made available, 
upon request, to the CPSC, and the records must include reports of 
nonconformities, as well as resolution of nonconformities. In addition, 
assessment/reassessment reports that the accreditation body provides to 
the conformity assessment body must be made available to the CPSC, upon 
request.
    Consequently, we have amended the rule to clarify that the records 
retained should include any records received from the accreditation 
body, as well as the records generated by the conformity assessment 
body (such as a resolution report discussed in Sec.  1112.39) related 
to reassessment. Additionally, on our own initiative, and for 
grammatical purposes, we have revised the last sentence in Sec.  
1112.39, by inserting a comma between ``however many reassessments have 
been conducted'' and ``if the third party conformity assessment body 
has been reassessed less than three times'' and by inserting another 
comma after ``available to the CPSC'' and ``upon request.'' We also 
have changed the words ``relating to'' to ``related to'' throughout 
Sec.  1112.39; these changes are for grammatical purposes only.

B. General Comments

    Many comments pertained to issues outside the scope of the rule. 
For example, some comments addressed matters related to the initial 
accreditation of third party conformity assessment bodies. Other 
comments sought ``reciprocity'' between conformity assessment body 
(``laboratory'') programs administered by other federal agencies or 
other entities. We address those comments in this section.
    (Comment 12)--A commenter suggested that the CPSC include 
reciprocity provisions as part of its accreditation criteria for 
laboratories to ensure a level playing field for testing organizations 
based in the United States with respect to foreign competition. Another 
commenter suggested that the CPSC amend the proposed requirements to 
include reciprocity provisions drawn from OSHA's NRTL and FCC's TCB 
programs. The commenter argued that the CPSC would be putting in place 
a ``system of special privileges'' that would damage laboratories in 
the United States because the third party conformity assessment body 
accreditation process is ``open to all countries while other countries' 
conformity assessment systems are not open to U.S.-based 
laboratories,'' thus creating ``a one-way trading relationship and does 
not advantage all in the supply chain.'' Another commenter expressed 
concern about a lack of reciprocity requirements, stating that foreign 
countries that wish to participate in a third party conformity 
assessment body program should be ``mandated to offer recognition to 
U.S.-based laboratories for its certification programs.''
    (Response 12)--We decline to revise the rule as suggested by the 
commenters. Issues regarding reciprocity, either of laboratory 
accreditation or test results, are outside the scope of this rule. 
Nothing in section 14(i)(1) of the CPSA authorizes the Commission to 
include reciprocity of laboratory accreditations or test results as 
falling within a ``periodic audit of third party conformity assessment 
bodies as a condition for the continuing accreditation of such 
conformity assessment bodies under [section 14(a)(3)(C) of the CPSA].'' 
Furthermore, we do not believe that we have the legal authority to 
impose a requirement on foreign governments.
    (Comment 13)--One commenter expressed opposition to having 
accreditation by a signatory to the ILAC-MRA. The commenter said there 
is no reciprocal agreement with ILAC countries to accept accreditations 
by the American National Standards Institute, OSHA, or the Standards 
Council of Canada. The commenter said such acceptance by the CPSC would 
help to ensure the impartiality of certification.

[[Page 31082]]

    (Response 13)--As explained in more detail in the response to 
Comment 6 above, accreditation by a signatory to the ILAC-MRA ensures 
some degree of similarity or uniformity among accreditation bodies, 
regardless of their geographical location, and it also ensures 
uniformity among third party conformity assessment bodies accredited by 
ILAC-MRA accreditation bodies. While the commenter is correct that 
there is no reciprocal agreement with ILAC countries to accept certain 
accreditations by entities in the United States or Canada, we do not 
believe that the audit requirement in the CPSIA gives the Commission 
the authority to demand reciprocity from foreign countries as a 
function of the audit process. An international agreement of that type 
is beyond the scope of this rulemaking.
    As for the impartiality of certification, we note that the CPSA 
does not require conformity assessment bodies to issue certificates. 
Instead, under existing CPSC regulations at 16 CFR part 1110, domestic 
manufacturers and importers issue certificates.
    (Comment 14)--One commenter noted that, in some ``systems,'' the 
same government entity is responsible for accreditation, testing, and 
certification. The commenter said that sections 14(f)(2)(B)(i) through 
(f)(2)(B)(v) of the CPSA (which lists the criteria for Commission 
acceptance of governmental conformity assessment bodies) should require 
extensive documentation during initial acceptance and during audits.
    (Response 14)--The commenter did not elaborate on or describe what 
documentation would be necessary. In any event, the commenter's focus 
appears to be on revising the statutory or administrative criteria 
pertaining to government-owned or government-controlled conformity 
assessment bodies, rather than revising the proposed audit 
requirements. Thus, the comment is outside the scope of the rule.
    (Comment 15)--One commenter stated that a Government Accountability 
Office (GAO) report issued in August 2009, assessing the effectiveness 
of enforcement of the CPSC's requirements, identified some resource 
limitations that could affect our ability to address and enforce 
requirements on foreign laboratories (both government-owned or 
government-controlled and firewalled conformity assessment bodies).
    (Response 15)--The commenter may have confused laboratories whose 
tests form the basis for a manufacturer or importer to issue a 
children's product certificate, with CPSC laboratory testing in support 
of its import surveillance activities. The GAO report titled, ``Better 
Information and Planning Would Strengthen CPSC's Oversight of Imported 
Products,'' GAO-09-803 (available on the Internet at https://www.gao.gov/new.items/d09803.pdf), refers to overseas manufacturers 
whose products are imported into the United States and are tested by 
the CPSC at our laboratory facilities. The GAO report does not discuss 
accreditation or audit requirements for laboratories. Accordingly, 
issues regarding the GAO report are outside the scope of this rule.
    (Comment 16)--One commenter suggested that to alleviate uncertainty 
and confusion, the CPSC should address the lack of a definition for a 
``reasonable testing program.''
    (Response 16)--This comment is outside the scope of the audit 
provisions of section 14(i)(1) of the CPSA. This rulemaking implements 
section 14(i)(1) of the CPSA. A ``reasonable testing program'' is part 
of section 14(a)(1) of the CPSA, and we note that, in the Federal 
Register of May 20, 2010 (75 FR 28336), we published a proposed rule on 
``Testing and Labeling Pertaining to Product Certification.'' The 
proposed rule contained (among other things) requirements for a 
``reasonable testing program.'' However, in the final rule on ``Testing 
and Labeling Pertaining to Product Certification'' (76 FR 69482 
(November 8, 2011)), we decided to reserve, rather than finalize, the 
``reasonable testing program'' requirements. Thus, issues related to a 
``reasonable testing program'' are part of a separate rulemaking.
    (Comment 17)--One commenter suggested that the CPSC reassert that 
compliance to the CPSIA is the manufacturer's responsibility, not the 
retailer's, and that retailers must accept testing from any accredited 
third party conformity assessment body approved by the CPSC.
    (Response 17)--Current CPSC regulations, at 16 CFR part 1110, limit 
the persons required to comply with the certification requirements of 
section 14(a) of the CPSA to: the importer (for products manufactured 
outside of the United States) and to the domestic manufacturer (for 
products manufactured within the United States). Neither the CPSIA, nor 
the CPSA, require a retailer to accept product testing results from any 
accredited third party conformity assessment body whose accreditation 
is accepted by the CPSC.
    Additionally, as we noted in the preamble to our proposed rule on 
``Testing and Labeling Pertaining to Product Certification'' (75 FR 
28336, 28337 (May 20, 2010)):

    The Commission understands the economic ramifications that small 
businesses (and even large businesses) face regarding the testing 
costs required by section 102 of the CPSIA. Moreover, retailers and 
importers may be imposing significant additional testing cost on 
manufacturers by requiring that products that have already been 
tested by a third party conformity assessment body be tested again 
by a specific third party conformity assessment body selected by the 
retailer or importer. The Commission wants to emphasize to retailers 
and sellers of children's products that they can rely on 
certificates provided by product suppliers if those certificates are 
based on testing conducted by a third party conformity assessment 
body. Section 19(b) of the CPSA provides that a retailer or seller 
of a children's product shall not be subject to civil or criminal 
penalties for selling products that do not comply with applicable 
safety standards if it holds a certificate issued in accordance with 
section 14(a) of the CPSA to the effect that such consumer product 
conforms to all applicable consumer product safety rules, unless 
such person knows that such consumer product does not conform. The 
Commission notes that section 19(b) of the CPSA does not relieve any 
person of the obligation to conduct a corrective action should any 
product violate an applicable safety standard and need to be 
recalled.

III. Paperwork Reduction Act

    The final rule contains information collection requirements that 
are subject to public comment and review by the Office of Management 
and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501-3520).
    The OMB has approved the information collection requirements in 
this rule. The OMB control number pertaining to such approval is OMB 
3041-0140, and it expires on December 31, 2012.

IV. Regulatory Flexibility Act

    The CPSC has examined the impacts of the final rule under the 
Regulatory Flexibility Act (5 U.S.C. 601-612). The Regulatory 
Flexibility Act requires agencies to analyze regulatory options that 
would minimize any significant impact of a rule on small entities. 
Because the required information is minimal, and the costs associated 
with the audits are low, the Commission certifies that the final rule 
would not have a significant economic impact on a substantial number of 
small entities.

A. Objectives and Legal Basis for the Final Rule

    Section 14(i)(1) of the CPSA requires the Commission to establish 
requirements for the periodic audit of third party conformity 
assessment

[[Page 31083]]

bodies as a condition of their continuing accreditation. The final rule 
implements the requirements for the periodic audits. The purpose of a 
periodic audit is to ensure that an accredited laboratory continues to 
be competent to perform the testing services for which it has been 
accredited. In the case of accredited third party conformity assessment 
bodies that are owned, managed, or controlled by a manufacturer (or 
``firewalled laboratories''), or that are owned or controlled, in whole 
or in part, by a government entity, the audit requirements give the 
Commission the opportunity to ensure that the third party conformity 
assessment body continues to comply with the CPSIA's requirements for 
``firewalled'' and government-owned or government-controlled conformity 
assessment bodies.

B. Firms Subject to the Requirement for Periodic Audits

    The requirement for periodic audits will affect only third party 
conformity assessment bodies that intend to provide the CPSIA-required 
third party conformity assessment services for manufacturers or private 
labelers of children's products. Third party conformity assessment 
bodies that do not intend to offer third party conformance testing for 
children's products are not affected by the requirements for 
accreditation or periodic audits.
    As of August 29, 2011, the CPSC had accepted the accreditations of 
87 third party conformity assessment bodies located within the United 
States. This number could increase, somewhat, over the next year or so, 
as the remaining notices of requirements for accreditation are issued 
and the stays of enforcement of the requirements for third party 
testing (which the Commission issued pending clarification of the 
regulations and testing requirements) are lifted. Of the third party 
conformity assessment bodies located in the United States with CPSC-
accepted accreditations, 12 are owned by large, foreign-based 
companies; 22 are large, U.S.-based companies; and the remaining 53 
could be small businesses, according to the criteria established by the 
U.S. Small Business Administration (SBA), which, for a testing 
laboratory (NAICS code 54138), is a company with less than $12 million 
in annual revenue.

C. Requirements of the Final Rule and Possible Impacts on Small 
Businesses

    The notices of requirements issued by the CPSC for the 
accreditation of third party conformity assessment bodies state, as a 
baseline requirement, that third party conformity assessment bodies 
must be accredited by an accreditation body that is a signatory to the 
ILAC-MRA. ILAC is an international cooperation of laboratory 
accreditation bodies that seek to harmonize laboratory accreditation 
procedures to facilitate the acceptance of the testing results of 
accredited laboratories within and across national boundaries. The 
ILAC-MRA includes requirements for the initial assessment of 
laboratories, as well as periodic reassessments. Laboratories that do 
not submit to the periodic reassessments lose their accredited status.
    Under the final rule, the periodic audit of a third party 
conformity assessment body would consist of two parts. The first part 
would be a reassessment by the accreditation body to determine whether 
it continues to meet the conditions of accreditation. The second part 
of the audit would be the resubmission to the CPSC of CPSC Form 223 and 
its review by the CPSC.
    All signatories to the ILAC-MRA have requirements for the periodic 
reassessment of accredited laboratories. The ILAC-MRA harmonized 
procedures for surveillance and reassessment of accredited laboratories 
and recommended that the time between reassessments be no more than 60 
months, provided that the accreditation body undertakes somewhat less 
comprehensive surveillance visits at least every 18 months. However, 
many accreditation bodies opt to undertake more frequent full 
reassessments, rather than conduct surveillance visits. According to 
ISO/IEC 17011, if an accreditation body does not conduct surveillance 
visits, full reassessments of accredited laboratories must take place 
at least once every 2 years.
    The resubmission of CPSC Form 223 is intended to provide the 
Commission with an opportunity to ensure that the third party 
conformity assessment body continues to be accredited by an ILAC-MRA 
signatory and continues to comply with the requirements for firewalled 
and government-owned or controlled conformity assessment bodies, if 
applicable. However, because CPSC staff, in light of its experience 
with the accreditation process and software changes, has reconsidered 
when the form should be submitted, and therefore, the final rule does 
not state when the CPSC Form 223 must be resubmitted. Instead, such 
matters will be addressed in a separate rulemaking.
    Costs associated with periodic audits include: The time cost of the 
assessor from the accreditation body; and his or her travel, lodging, 
and meal expenses incurred while conducting the reassessment. According 
to an accreditation body representative, a reassessment typically takes 
2 to 3 days; and the cost charged to the third party conformity 
assessment body usually will be $3,000 to $4,000 per field (e.g., 
chemical, electrical, or mechanical testing) in which the third party 
conformity assessment body is accredited. Therefore, a third party 
conformity assessment body that is accredited for testing conformance 
to both chemical and mechanical standards could expect an assessment or 
reassessment to cost $6,000 to $8,000.
    Another expense of a reassessment by an accreditation body is the 
cost of the time spent by third party conformity assessment body 
personnel to cooperate with the assessors. This includes the time 
required to prepare or assemble documents needed by the auditors, as 
well as the time it takes to explain or demonstrate the procedures used 
at the third party conformity assessment body. No empirical estimates 
of this cost were found; however, the amount of time spent by third 
party conformity assessment body personnel during a reassessment could 
be close to the amount of time spent by the assessor. If the average 
reassessment takes 2.5 days (or 20 hours), and the wage of the 
employees involved is about $44 an hour, then the cost of the time of 
the third party conformity assessment body's personnel spent 
cooperating with the reassessment would be about $880. The median 
hourly wage of architecture and engineering occupations in testing 
laboratories (NAICS code 541380) is $31.65. U.S. Department of Labor, 
Bureau of Labor Statistics, National Occupational Employment and Wage 
Estimates, May 2008 (https://www.bls.gov/oes/oes_dl.htm). In 2008, 
wages and salaries represented about 71.9 percent of total compensation 
for professional and related occupations in private industry (U.S. 
Department of Labor, Bureau of Labor Statistics, Employer cost for 
Employee Compensation (data extracted on June 17, 2009)).) The cost 
could be higher if the reassessment takes longer than 2.5 days or 
higher-paid employees are involved in the reassessment.
    The periodic audits required would cost third party conformity 
assessment bodies about $4,000 to $5,000 (rounded to the nearest 
thousand) per field in which the third party conformity assessment body 
is accredited. This expense includes the cost of the accreditation 
body's assessors, as well as the third party conformity assessment body 
personnel's time spent on the assessments and other costs, such as the 
cost of providing the materials required

[[Page 31084]]

of ``firewalled'' conformity assessment bodies. The time between audits 
will vary to some degree among accreditation bodies; however, a typical 
period is about once every 2 years. Therefore, the annual average cost 
of the periodic audits would be approximately $2,000 to $2,500 per 
field in which the third party conformity assessment body is 
accredited. Therefore, the annual cost to a third party conformity 
assessment body accredited in three fields (e.g., chemical, mechanical, 
and electrical) would be approximately $6,000 to $7,500.
    As noted earlier, of the third party conformity assessment bodies 
based in the United States, for which the CPSC has recognized 
accreditations, 43 (or about 62 percent) appear to be small businesses, 
according to the SBA criteria. However, it is unlikely that the rule 
will have a significant adverse impact on many third party conformity 
assessment bodies. The only third party conformity assessment bodies 
that will seek accreditation for testing children's products are those 
that expect to receive substantial revenue from the third party testing 
requirement in the CPSA, as amended by the CPSIA. Those third party 
conformity assessment bodies that do not expect substantial revenue 
from the testing will not seek to be accredited for the testing, or 
they can choose not renew their accreditation--if they initially sought 
accreditation--but the revenue they expected did not materialize.

D. Alternatives to the Final Rule Considered

    Given that the CPSC is relying upon accreditation bodies that are 
signatories to the ILAC-MRA to accredit and reassess the third party 
conformity assessment bodies, there are no realistic alternatives to 
the final rule that would lower substantially the cost of the periodic 
audits. The frequency of the reassessments of the third party 
conformity assessment bodies is determined by the accreditation bodies, 
not by the CPSC.

V. Environmental Considerations

    This final rule falls within the scope of the Commission's 
environmental review regulations at 16 CFR Sec.  1021.5(c)(2), which 
provide a categorical exclusion from any requirement for the agency to 
prepare an environmental assessment or environmental impact statement 
for product certification rules.

VI. Effective Date

    The final rule becomes effective on July 23, 2012.

List of Subjects in 16 CFR Part 1112

    Consumer protection, Third party conformity assessment body, Audit.

    For the reasons stated above, the Commission amends Title 16 of the 
Code of Federal Regulations by adding a new part 1112, subpart A and 
subpart C, to read as follows:

PART 1112--REQUIREMENTS PERTAINING TO THIRD PARTY CONFORMITY 
ASSESSMENT BODIES

Sec.
Subpart A--Purpose and Definitions
1112.1 [Reserved]
1112.3 Definitions.
1112.1 [Reserved]
Subpart B--[Reserved]
Subpart C--Audit Requirements for Third Party Conformity Assessment 
Bodies
1112.30 What is the purpose of this subpart?
1112.31 Who is subject to these audit requirements?
1112.33 What must an audit address or over and who conducts the 
audit?
1112.35 When must an audit be conducted?
1112.37 What must a third party conformity assessment body do after 
an audit?
1112.39 What records should a third party conformity assessment body 
retain regarding an audit?

    Authority:  Pub. L. 110-314, section 3, 122 Stat. 3016, 3017 
(2008); 15 U.S.C. 2063.

Subpart A--Purpose and Definitions


Sec.  1112.3  Definitions.

    Unless otherwise stated, the definitions of section 3 of the CPSA 
and additional definitions in the Consumer Product Safety Improvement 
Act of 2008, Public Law 110-314, apply for purposes of this part. The 
following definitions apply for purposes of this subpart:
    Accreditation means a procedure by which an authoritative body 
gives formal recognition that a third party conformity assessment body 
meets competence requirements to perform specific tasks. Accreditation 
recognizes a third party conformity assessment body's technical 
capability and is usually specific for tests of the systems, products, 
components, or materials for which the third party conformity 
assessment body claims proficiency.
    Accreditation body means an entity that:
    (1) Accredits or has accredited a third party conformity assessment 
body as meeting, at a minimum, the International Organization for 
Standardization (ISO)/International Electrotechnical Commission (IEC) 
Standard ISO/IEC 17025:2005, ``General Requirements for the Competence 
of Testing and Calibration Laboratories,'' and any test methods or 
consumer product safety requirements specified in the relevant notice 
of requirements issued by the Commission; and
    (2) Is a signatory to the International Laboratory Accreditation 
Cooperation-Mutual Recognition Arrangement.
    Audit means a systematic, independent, documented process for 
obtaining records, statements of fact, or other relevant information, 
and assessing them objectively to determine the extent to which 
specified requirements are fulfilled. An audit, for purposes of this 
part, consists of two parts:
    (1) An examination by an accreditation body to determine whether 
the third party conformity assessment body meets or continues to meet 
the conditions for accreditation (a process known more commonly as a 
``reassessment''); and
    (2) The resubmission of the ``Consumer Product Conformity 
Assessment Body Acceptance Registration Form'' (CPSC Form 223) by the 
third party conformity assessment body and the Consumer Product Safety 
Commission's (``CPSC's'') examination of the resubmitted CPSC Form 223. 
If the third party conformity assessment body is owned, managed, or 
controlled by a manufacturer or private labeler (also known as a 
``firewalled'' conformity assessment body) or is a government-owned or 
government-controlled conformity assessment body, the CPSC's 
examination may include verification to ensure that the entity 
continues to meet the appropriate statutory criteria pertaining to such 
conformity assessment bodies.
    CPSC means the Consumer Product Safety Commission.
    Quality manager means an individual (however named) who, 
irrespective of other duties and responsibilities, has defined 
responsibility and authority for ensuring that the management system 
related to quality is implemented and followed at all times and has 
direct access to the highest level of management at which decisions are 
made on the conformity assessment body's policy or resources.

Subpart B--[Reserved]

Subpart C--Audit Requirements for Third Party Conformity Assessment 
Bodies


Sec.  1112.30  What is the purpose of this subpart?

    This subpart establishes the audit requirements for third party 
conformity assessment bodies pursuant to section

[[Page 31085]]

14(i)(1) of the Consumer Product Safety Act (CPSA) (15 U.S.C. 
2063(i)(1)). Compliance with these requirements is a condition of the 
continuing accreditation of such third party conformity assessment 
bodies pursuant to section 14(a)(3)(C) of the CPSA. However, this 
subpart does not apply to certifying organizations under the Labeling 
of Hazardous Art Materials Act, even if such organizations are third 
party conformity assessment bodies.


Sec.  1112.31  Who is subject to these audit requirements?

    Except for certifying organizations described in 16 CFR 
1500.14(b)(8), these audit requirements apply to third party conformity 
assessment bodies operating pursuant to section 14(a)(2) of the CPSA. 
Third party conformity assessment bodies must comply with the audit 
requirements as a continuing condition of the CPSC's acceptance of 
their accreditation.


Sec.  1112.33  What must an audit address or cover and who conducts the 
audit?

    (a) The reassessment portion of an audit must cover management 
requirements and technical requirements. Each reassessment portion of 
an audit also must examine the third party conformity assessment body's 
management systems to ensure that the third party conformity assessment 
body is free from any undue influence regarding its technical judgment.
    (b) The third party conformity assessment body must have the 
reassessment portion of the audit conducted by the same accreditation 
body that accredited the third party conformity assessment body. For 
example, if a third party conformity assessment body was accredited by 
an accreditation body named AB-1, then AB-1 would conduct the 
reassessment. If, however, the same third party conformity assessment 
body changes its accreditation so that it becomes accredited by a 
different accreditation body named AB-2, then AB-2 would conduct the 
reassessment.
    (c) The third party conformity assessment body must have the 
examination portion of the audit conducted by the CPSC. The examination 
portion of the audit will consist of resubmission of the ``Consumer 
Product Conformity Assessment Body Acceptance Registration Form'' (CPSC 
Form 223) by the third party conformity assessment body and the CPSC's 
examination of the resubmitted CPSC Form 223.
    (1) For ``firewalled'' conformity assessment bodies, the CPSC's 
examination may include verification to ensure that the ``firewalled'' 
conformity assessment body continues to meet the criteria set forth in 
section 14(f)(2)(D) of the CPSA.
    (2) For government-owned or government-controlled conformity 
assessment bodies, the CPSC's examination may include verification to 
ensure that the government-owned or government-controlled conformity 
assessment body continues to meet the criteria set forth in section 
14(f)(2)(B) of the CPSA.


Sec.  1112.35   When must an audit be conducted?

    (a) At a minimum, each third party conformity assessment body must 
be reassessed at the frequency established by its accreditation body.
    (b) [Reserved]


Sec.  1112.37   What must a third party conformity assessment body do 
after an audit?

    (a) When the accreditation body presents its findings to the third 
party conformity assessment body, the third party conformity assessment 
body's quality manager must receive the findings and, if necessary, 
initiate corrective action in response to the findings.
    (b) The quality manager must prepare a resolution report 
identifying the corrective actions taken and any follow-up activities. 
If findings indicate that immediate corrective action is necessary, the 
quality manager must document that they notified the relevant parties 
within the third party conformity assessment body to take immediate 
corrective action and also document the action(s) taken.
    (c) If the accreditation body decides to reduce, suspend, or 
withdraw the third party conformity assessment body's accreditation, 
and the reduction, suspension, or withdrawal of accreditation is 
relevant to the third party conformity assessment body's activities 
pertaining to a CPSC regulation or test method, the quality manager 
must notify the CPSC. Such notification must be sent to the Assistant 
Executive Director, Office of Hazard Identification and Reduction, 
Consumer Product Safety Commission, 4330 East West Highway, Bethesda, 
MD 20814, within five business days of the accreditation body's 
notification to the third party conformity assessment body.
    (d) If the CPSC finds that the third party conformity assessment 
body no longer meets the conditions specified in CPSC Form 223, or in 
the relevant statutory provisions applicable to that third party 
conformity assessment body, the CPSC will notify the third party 
conformity assessment body, identify the condition or statutory 
provision that is no longer met, and specify a time by which the third 
party conformity assessment body shall notify the CPSC of the steps it 
intends to take to correct the deficiency, and indicate when it will 
complete such steps. The quality manager must document that they 
notified the relevant parties within the third party conformity 
assessment body to take corrective action and also document the 
action(s) taken.
    (e) If the third party conformity assessment body fails to remedy 
the deficiency in a timely fashion, the CPSC shall take whatever action 
it deems appropriate under the circumstances, up to and including 
withdrawing the CPSC's accreditation of the third party conformity 
assessment body or the CPSC's acceptance of the third party conformity 
assessment body's accreditation.


Sec.  1112.39  What records should a third party conformity assessment 
body retain regarding an audit?

    A third party conformity assessment body must retain all records 
related to an audit that it receives from an accreditation body 
regarding a reassessment and all records pertaining to the third party 
conformity assessment body's resolution of, or plans for, resolving 
nonconformities identified through a reassessment by an accreditation 
body or through an examination by the CPSC. A third party conformity 
assessment body also must retain such records related to the last three 
reassessments (or however many reassessments have been conducted, if 
the third party conformity assessment body has been reassessed less 
than three times) and make such records available to the CPSC, upon 
request.

Todd A. Stevenson,
Secretary.
[FR Doc. 2012-10922 Filed 5-23-12; 8:45 am]
BILLING CODE 6355-01-P