Once an applicant company becomes certified, their certification is maintained through a process of continual surveillance auditing. This document sets out the minimum audit schedules.
Auditing is conducted using three methods, with non-compliances potentially triggering further auditing.
The role of ATTMA as a certification scheme is to ensure the initial and ongoing competence of the certified companies conducting air tightness testing for Building Regulations compliance. This is not to be confused with the certified companies conducting tests compliantly, that is the role of Building Control.
ATTMA adheres to the flowing principles of auditing as outlined in ISO 19011:2011 to ensure that all audits are effective and reliable:
1. Integrity – The foundation of professionalism
2. Fair Representation – to give a fair representation of the company
3. Due Professional Care – applying diligence and judgement in auditing
4. Confidentiality – all information shared is secure
5. Independence – the basis for impartiality, providing objective conclusions
6. Evidence Based Approach – giving a rational method for reaching reliable and reproducible audit conclusions
By following these principles, ATTMA provides relevant and sufficient audit conclusions, enabling its auditors to reach similar conclusions independently under
similar circumstances. This adherence helps the organisation act on audit information to improve its performance.
Companies shall have procedures in place to control and monitor their activities and demonstrate their competence and compliance with the relevant National
Occupational Standards (NOS) and the Minimum Technical Competencies (MTC). These Quality Management Systems (QMS) shall cover at least the following
aspects:
• Control of Standards and Regulations Documents
• Internal Training
• Testing Procedures
• Complaints Procedures
• Procedures for Envelope Area Calculations
• Job Allocations
• Record and File Management
• Calibration Arrangements
• Report Production and Quality Assurance of same
• Communication with Clients
It is not the responsibility of ATTMA to check that these documents and processes exist on application, but these may be checked if distance and witness auditing requirements are not met.
Note – For TrustMark approval, the above is checked on application.
ATTMA conducts three types of auditing:
1. Distance Auditing (retrospective auditing of work completed): A requirement of maintaining ATTMA certification, all testers must successfully undergo distance auditing as per the agreed schedules. Distance auditing is a desktop process designed to reassess testing work already completed against the test standards.
2. Witness Testing (conducted on-site): Not normally conducted as part of the audit schedule, witness testing is conducted by ATTMA on a live test site when the distance audit process has highlighted the auditees ongoing noncompliance against the test standards.
3. Quality Management System Auditing: Not normally conducted as part of the audit schedule, QMS Auditing is conducted by ATTMA at the registered business address of the auditee when the surveillance audit process has highlighted the auditees ongoing non-compliance with the National Occupational Standards.
This audit process has been developed from to ensure an unbiased and efficient method of reassessing and reaffirming all registered testers continued competence to fulfil their testing role and their compliance with the required standards and processes.
Distance auditing applies to all registered testers within the ATTMA Scheme.
Successful completion of at least 1 distance audit is required to maintain certification, except for ‘Specialist Applications’, who will have double the audit frequency, i.e., two distance audits per year. Note: failure to successfully complete the Annual Surveillance Auditing will result in further auditing as applicable.
Distance auditing is focused around reviewing the output of testers to assess whether they meet the requirements of the standards.
Testers will be assessed against one of the following test standards as appropriate:
• ATTMA TSL1
• ATTMA TSL2
• CIBSE TM23:2024
• BS EN 13829:2001 (Scotland only)
ATTMA selects a tester for auditing, either at random, or due to a ‘report audit trigger’ (see section 0 – Triggers).
ATTMA then selects a test to audit from the lodgement system. This may be any test, or tests, from the certification period being assessed.
An email with an audit link is automatically issued from the ATTMA Lodgement system to the tester (with the option of also sending the email to the notification email address setup by the company) requesting that the tester to uploads the following 4 key pieces of information:
Once the information request has been issued the tester has 30 days to upload the information via the link provided.
Note: Failure to upload the requested information within the defined time period will result in future tests being ‘blocked’, preventing them from being uploaded to the system (pseudo suspension).
All uploaded evidence is reviewed by an assigned ATTMA Auditor to ensure that it is sufficient to proceed with the audit process. Where the evidence is insufficient the ATTMA Auditor will request further information.
Note: If further information is requested, it should be provided to the Auditor within the original 30-day period. The Auditor may, at their discretion, manually adjust the time allowance, but this should only occur under exceptional circumstances.
The audit is completed using scheme form ‘FOA005-3 – Test Report Audit’ and issued to the Company, showing any Findings (as discussed in section 8 of this
document). Non-conformities must be responded to.
All Report Audits are completed and submitted to another qualified ATTMA auditor (usually the Technical Manager) to review the any non-conformities or recommendations before issuing a certification decision and countersigning the audit report.
As previously outlined, the process of going to site to witness a live test is not normally conducted as part of the audit schedule. On-site witness testing is
conducted when distance auditing ‘triggers’ the need to see someone, as discussed in the ‘triggers’ section of this document.
An on-site witness test involves an ATTMA Auditor witnessing a full live test being conducted to ensure proper technique and execution of the test standards.
This type of audit is focused around reviewing the test procedures of auditee to assess whether they meet the requirements of the test standards
ATTMA will select a tester for On-site Witness Testing based on the triggering of a ‘report audit trigger’ (see section 9 – Triggers).
ATTMA will contact the company and tester via email to arrange a suitable location and date for the On-site witness test to be conducted. ATTMA allows up to 14 days for this arrangement to be made.
Note: Failure to contact ATTMA and arrange this audit within the defined time period will result in future tests being ‘blocked’, preventing them from being uploaded to the system (pseudo suspension).
The audit will be completed using scheme form ‘FOA005-4 – Witness Test Audit’ and issued to the Company, showing any Findings (as discussed in section 8 of this document). Non-conformities must be responded to.
All Witness Test Audits are completed and submitted to another qualified ATTMA auditor (usually the Technical Manager) to review the any non-conformities or
recommendations before issuing a certification decision and countersigning the audit report.
Quality Management System auditing is not normally conducted as part of the audit schedule, except where ‘triggers’ are met.
A QMS audit involves an audit against the National Occupational Standards (NOS) to ensure compliance is being met. The auditor shall assess the following in
accordance with the NOS.
ATTMA will select a tester for a QMS Audit based on the triggering of a ‘report audit trigger’ (see section 9 – Triggers).
ATTMA will contact the company and tester via email to arrange a suitable date for the QMS Audit to be conducted. ATTMA allows up to 14 days for this arrangement to be made.
The audit will be completed using scheme form ‘FOA005-7 – QMS Audit Report’ and issued to the Company, showing any Findings (as discussed in section 8 of this document). Non-conformities must be responded to.
All QMS Audits are completed and submitted to another qualified ATTMA auditor (usually the Technical Manager) to review the any non-conformities or
recommendations before issuing a certification decision and countersigning the audit report.
ATTMA Certified organisations who hold TrustMark Approval are subject to additional ‘ongoing’ QMS auditing in line with the requirements defined within
TrustMark’s Framework Operating Requirements.
9.1.1 ATTMA Auditors may raise the following findings during the audit process. These are broken down into three levels:
a) Recommendation: This is a suggestion made by auditors to improve the effectiveness and efficiency of a company’s operations, testing procedures, or quality management system. These recommendations often arise from findings during audits and aim to enhance compliance, mitigate risks. The auditor does not need to see evidence that the recommendation has been implemented, nor is it mandatory to implement a recommendation. However, the recommendation should be taken with the knowledge that the Auditors possess, knowing that the improvements may help and support them in the future.
b) Minor Non-Compliance: This is a deviation from a requirement that does not significantly affect a company’s operations, testing procedures, or quality management system. It is typically a single event or a low-risk situation that is corrected without major changes to the system. For example, a minor nonconformance might be a momentary lapse in managerial judgment or a minor procedural error. The auditor will set a time limit on when this needs to be completed depending on the nature and severity of the non-conformance. It is mandatory to respond to the nonconformance in the given time frame. Failure to respond in time may result in your company being temporarily or permanently suspended from the scheme.
c) Major Non-Conformance: This is a more serious issue that indicates a failure to meet a requirement, which is likely to significantly impact a company’s operations, testing procedures, or quality management system. Major non-conformances often involve repeated occurrences or complex problems that require significant effort to correct. Examples include the absence of important legal documents, multiple unauthorised document alterations, or unauthorised purchases from unknown suppliers.
The auditor will set a time limit on when this needs to be completed depending on the nature and severity of the non-conformance. It is mandatory to respond to the nonconformance in the given time frame. Failure to respond in time may result in your company being temporarily or permanently suspended from the scheme. The identification of a Major Non-conformance may necessitate the audited company to complete an internal investigation to determine whether this issue is an isolated incident or has affected multiple tests. If multiple tests are affected, the noncompliance must be addressed, and the reports and results re-issued. The auditor will set a deadline for this, based on the nature and severity of the non-conformance. The Auditor may suspend the tester from conducting future tests, should the major non-compliance warrant doing so, or require an on-site audit, at the cost of the company.
The following table dictates the outcomes where accumulated findings exist, along with actions required:
During all audit types, findings may be raised. Some findings may directly impact the result of the test, and therefore are identified as independent triggers.
Companies holding UKAS accreditation to ISO/IEC 17025:2017 with a scope covering air tightness testing will not be subject to Quality Management Auditing
(QMS) but testers of said companies will still be subject to on-site and distance auditing as required.
Companies must submit the results of their annual UKAS audit visits and details of non-compliances and corrective actions to the Scheme Manager for filing.
The Scheme Manager will determine whether the results of the UKAS audits necessitate any additional surveillance to cover specific shortcomings or issues and non-compliances raised by the UKAS audits. This is at the discretion of the Scheme Manager.
Companies and their testers registered to the TrustMark Scheme are required to undergo continual Quality Management System (QMS) checks to ensure continuous compliance with the scheme’s standards and to maintain the integrity and quality of services provided by its members.
These checks are conducted using the ATTMA Lodgement system, with the requirement to upload QMS information to the ATTMA Lodgement Portal with expiry
dates.
Additionally, individual testers registered to the TrustMark Scheme may be audited against an increased audit criteria to ensure their compliance with the requirements and understanding of the TrustMark Code of Conduct.
ATTMA conducts audits on a sample of data only. Whilst checks are done automatically through the Lodgement system, ATTMA does not operate with a 100%
audit policy.
The auditor’s role is to find evidence of compliance against the audit criteria, not to look for non-conformities.
Auditors are not consultants and are not authorised to advise on how to comply with the criteria documents. Any recommendations given will only be given following the natural course of the audit. The auditor is not legally liable for any recommendations made.
The auditor might not pick up on all non-conformities within this sample, or nonconformities that exist but that aren’t present within the representative sample. If the auditor has not found a non-conformity, it is not permissible of the member to continue the non-conforming action if the member company is aware that it is not correct (as per the procedures and technical documents the member company is required to follow). If in doubt, guidance should be sought for the scheme’s
Managing Director or Technical Manager.
Auditor may increase or decrease sample sizes (e.g., number of witness tests or number of reports analysed) at their discretion depending on the complexity of the sample.
Withholding evidence or obstructing the auditor will be classed as a serious noncompliance. Information regarding any obstruction will be reported back to the
Scheme Manager.
All ATTMA auditors are bound by the UK Bribery Act of 2010 and will not be subject to bribery of any kind. It is a criminal offence to bribe an auditor which can lead to prosecution.
Any complaints regarding an audit or auditor should made following the standard process as defined within scheme document ‘PUA013 – Complaints & Appeals’.
Any form of abuse or threating behaviour (be it physical, emotional, or otherwise) against an auditor will result in instant withdrawal from ATTMA.
Please refer to the NOS and MTC which show the areas the auditor is looking to find evidence of compliance.
Ref: QMA012 – Issue 1.4
