Certification Requirements: New Guidance Should Encourage Transparency in Agency Decisionmaking (Letter Report, 09/24/1999, GAO/GGD-99-170). Pursuant to a congressional request, GAO reviewed federal agencies' certification requirements for goods and services, focusing on: (1) the extent and variety of certification activities in the federal government; (2) the extent to which there are policies, procedures, or guidance governing those activities, either governmentwide or within selected agencies; and (3) an agency certification procedure that could serve as an example or best practice for other agencies. GAO noted that: (1) federal agencies engage in a large number and wide variety of certification-related activities; (2) the National Institute of Standards and Technology (NIST) publishes directories listing more than 200 federal government procurement and regulatory programs in which agencies provide or require certification, accreditation, listing, or registration; (3) these directories provide only a partial inventory of agencies' activities because they focus primarily on certifications of products and services and they do not cover individual procurement actions in which agencies require particular certifications; (4) certification activities also vary across multiple dimensions, including the origin of the requirements, their targets, which entities do the certifying, whether the certifications are mandatory or voluntary, and the extent to which there is reciprocity with or recognition of other certifications or requirements; (5) specific guidance regarding the selection of specific requirements or certifying organizations is limited; (6) federal procurement law imposes some limits on agencies' use of certification requirements, restricting the use of certification requirements to instances in which the requirements are specifically imposed by law or the agencies show a particular need and, if possible, allow for alternatives; (7) some agencies have established certification procedures and criteria for individual programs, and agency officials identified some related policies, procedures and guidance that can affect their certification activities; (8) there is no governmentwide guidance, or agencywide guidance in the five agencies that GAO reviewed, regarding all types of certification requirements; (9) NIST has prepared draft guidance on conformity assessment activities, including certification, which it plans to issue for public comment; (10) one best practice that GAO has supported in the regulatory arena, transparency of decisionmaking, also appears applicable to certification requirements, particularly given the complexity and diversity of certification activities and organizations; (11) in the certification actions that GAO examined, the criteria that the agencies used to establish a particular requirement or select a particular certifying organization were very clear in some instances but not clear in others; (12) other agencies' certification actions were not as transparent and certification bodies that were not selected raised questions about the criteria that agencies used; and (13) in each of those cases, agency officials were able to provide the rationale for their actions. --------------------------- Indexing Terms ----------------------------- REPORTNUM: GGD-99-170 TITLE: Certification Requirements: New Guidance Should Encourage Transparency in Agency Decisionmaking DATE: 09/24/1999 SUBJECT: Procurement Product evaluation Reporting requirements Private sector practices Institution accreditation Standards and standardization Federal procurement IDENTIFIER: OSHA Nationally Recognized Testing Laboratory Program NMFS Voluntary Seafood Inspection Program FDA Mammography Certification Program ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO report. This text was extracted from a PDF file. ** ** Delineations within the text indicating chapter titles, ** ** headings, and bullets have not been preserved, and in some ** ** cases heading text has been incorrectly merged into ** ** body text in the adjacent column. Graphic images have ** ** not been reproduced, but figure captions are included. ** ** Tables are included, but column deliniations have not been ** ** preserved. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ** A printed copy of this report may be obtained from the GAO ** ** Document Distribution Center. For further details, please ** ** send an e-mail message to: ** ** ** **** ** ** ** with the message 'info' in the body. ** ****************************************************************** United States General Accounting Office GAO Report to the Chairman, Committee on Small Business House of Representatives September 1999 CERTIFICATION REQUIREMENTS New Guidance Should Encourage Transparency in Agency Decisionmaking GAO/GGD-99-170 United States General Accounting Office General Government Division Washington, D.C. 20548 B-281675 September 24, 1999 The Honorable James M. Talent Chairman, Committee on Small Business House of Representatives Dear Mr. Chairman: Federal agencies use many certification requirements to ensure quality in the goods and services they purchase. For example, before purchasing computer or electrical equipment, an agency may require that prospective sellers obtain a certification from Underwriters Laboratories or another organization that the product is safe.1 An agency may also require that individuals in certain professions meet specific educational standards or be approved as competent by a particular organization before providing a service. There is no official definition of "certification" that is applicable to the activities of all federal agencies. However, the term generally refers to a process of providing written assurance that a product, process, service, organization, or individual conforms to specified requirements or standards for product quality, process reliability, or professional competence. Although certification requirements are intended to provide a measure of quality assurance, they can also engender concern on the part of affected parties. For example, businesses or individuals that wish to provide products or services to the government might need to obtain more than one certification to meet the requirements of different agencies. Also, an agency might select a particular certification organization while not accepting certifications in the same subject area from other organizations with similar qualifications. Because of these kinds of concerns regarding the potential effects of federal certification requirements on small businesses, you asked us to describe (1) the extent and variety of certification activities in the federal government; (2) the extent to which there are policies, procedures, or guidance governing those activities, either governmentwide or within selected agencies; and (3) an agency certification procedure that could 1Underwriters Laboratories, Inc. (UL) is an independent, not-for-profit product safety testing and certification organization. A "UL" mark on a product indicates that UL found that samples of the product met UL's safety requirements. The marks are commonly found on appliances, computer equipment, heaters, fuses, and other products. Page 1 GAO/GGD-99-170 Certification Requirements B-281675 serve as an example or "best practice" for other agencies. We defined certification broadly in this review to include those activities, methods, and programs that agencies use to ensure conformance to standards, even if the agencies did not use the term certification. Therefore, this report also includes certification- related activities, such as accreditation, recognition, and conformity assessment. Federal agencies engage in a large number and wide variety of Results in Brief certification-related activities, which is at least partially because of the number and diversity of the standards upon which they are based. The National Institute of Standards and Technology (NIST) publishes directories listing more than 200 federal government procurement and regulatory programs in which agencies provide or require certification, accreditation, listing, or registration.2 However, these directories provide only a partial inventory of agencies' activities because they focus primarily on certifications of products and services; they do not cover individual procurement actions in which agencies require vendors or contractors to have particular certifications. Certification activities also vary across multiple dimensions, including the origin of the requirements, their targets, which entity or entities do the certifying, whether the certifications are mandatory or voluntary, and the extent to which there is reciprocity with or recognition of other certifications or other organizations' requirements. Specific guidance regarding the selection of specific requirements or certifying organizations is limited. Federal procurement law imposes some limits on agencies' use of certification requirements, restricting the use of certification requirements in solicitations for government contracts to instances in which the requirements are specifically imposed by law or the agencies show a particular need and, if possible, allow for alternatives. Some agencies have established certification procedures and criteria for individual programs, and agency officials identified some related policies, procedures, and guidance that can affect their certification activities. However, there is currently no governmentwide guidance-or agencywide guidance in the five agencies we reviewed-regarding all types of certification requirements. NIST has prepared draft guidance for executive branch agencies on conformity assessment activities, including certification, which it plans to issue for public comment later this year. 2Congress established NIST (formerly the National Bureau of Standards) in 1901 to support industry, commerce, scientific institutions, and all branches of the government. It is an agency of the Department of Commerce, and its primary mission is to promote economic growth in the United States by working with industry to develop and apply technology, measurements, and standards. Page 2 GAO/GGD-99-170 Certification Requirements B-281675 One "best practice" that we have supported in the regulatory arena- transparency of agency decisionmaking-also appears applicable to certification requirements, particularly given the complexity and diversity of certification activities and organizations in the United States.3 In the certification actions that we examined, the criteria that the agencies used to establish a particular requirement or select a particular certifying organization were very clear in some instances but not clear in others. For example, in implementing its mammography program, the Food and Drug Administration (FDA) published detailed procedures and criteria for certification of personnel and facilities providing mammography services, as well as the approval of accreditation bodies. Other agencies' certification actions were not as transparent, and certification bodies that were not selected raised questions about the criteria that the agencies used. However, in each of those cases, agency officials were able to provide us with the rationale for their actions. A fundamental difficulty in discussing federal agencies' certification Background requirements is that there is no official definition of the term in the federal government. In fact, a NIST official told us that there are almost as many definitions of a federal certification program as there are federal agencies. Different organizations may also use other terms to refer to the concept of certification, such as accreditation, registration, approval, or listing. These terms have specific and different meanings in some contexts but are used interchangeably in others. In any case, the nomenclature can be confusing. For example, in 1989 we reviewed laboratory accreditation requirements for 20 different programs and found that these programs used 10 different terms for accreditation, with at least 18 different meanings. 4 Certification, accreditation, recognition, conformity assessment, and related terms all refer to types of standards-related activities, so a definition of "standards" can serve as a useful starting place. The International Organization for Standardization (ISO) defines standards as documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics to ensure that materials, products, processes, and 3See, for example, Regulatory Reform: Changes Made to Agencies' Rules Are Not Always Clearly Documented (GAO/GGD-98-31, Jan. 8, 1998); and Dietary Supplements: Uncertainties in Analyses Underlying FDA's Proposed Rule on Ephedrine Alkaloids (GAO/HEHS/GGD-99-90, July 2, 1999). 4Laboratory Accreditation: Requirements Vary Throughout the Federal Government (GAO/RCED-89- 102, Mar. 28, 1989). Page 3 GAO/GGD-99-170 Certification Requirements B-281675 services are fit for their purpose.5 ISO defines certification as the procedure by which a third party gives written assurance that a product, process, or service conforms to specified requirements or standards. Accreditation, according to ISO, refers to the procedure by which an authoritative body gives formal recognition that a body or person is competent to carry out specific tasks. In the context of certification, an accreditation body might accredit a certification body, such as a testing laboratory, as competent to carry out certification activities-in a sense, certifying the certifiers. Recognition is a term that is relatively new to conformity assessment activities in the United States, and it refers to designation by a government entity that an accreditation program is competent. Conformity assessment is the broadest term for these types of activities. According to the National Academy of Sciences, conformity assessment is the determination of whether a product or process conforms to particular standards or specifications. It may include such activities as sampling, testing, inspection, certification, registration, accreditation, and recognition. There are a great many standards or criteria for product quality, process Numerous Standards reliability, or professional competence. NIST estimated that in the United Underlie Certifications States alone, approximately 49,000 voluntary standards have been developed by more than 620 organizations. The agency said this estimate does not include "a much greater number of procurement specifications. . . as well as mandatory codes, rules, and regulations containing standards developed and adopted at federal, state, and local levels." NIST also pointed out that numerous foreign, regional, and international organizations produce standards of interest and importance to American businesses. For example, ISO has issued more than 10,000 international standards. Agency officials told us that use of these and other international standards has become increasingly common in the United States. The standards underlying certifications cover a wide range of products, processes, and professions. Some are product quality or safety standards, such as the American National Standards Institute (ANSI) standard for manually operated gas valves or the UL standard for communications cables. There are also standards for the performance and reliability of particular processes, as in ISO standards for quality management systems. Professional standards, such as the American Medical Association's standards in medical practice, research, and education, are used to assure 5 ISO is an international organization that writes standards. Established in 1947, ISO is a nongovernmental federation of national standards bodies from about 130 countries. Its work results in international agreements that are published as International Standards. Page 4 GAO/GGD-99-170 Certification Requirements B-281675 the qualifications and competence of individuals in specific disciplines or fields. The preceding examples also illustrate that standards can come from many sources. They can be established by industry or professional consensus standard-setting bodies, by governments through statutes or regulations, or by international standard-setting bodies. Certifications of products, processes, and services provide information on Certifications Reflect whether they can meet certain levels of quality, safety, or performance. Diversity of Standards However, certifications of people or organizations focus on an evaluation and designation of competence and qualifications. In professional and technical fields, certifications confirm the skills and knowledge of individuals who meet specific requirements (e.g., a certified public accountant). The professional certification process typically involves passing examinations and meeting other educational and/or experiential requirements. The choice of standards, the type of certification program, and the certification methodology used to assess conformity all have a significant impact on the validity and value of the information provided by a given certification. The total number of certification programs in the United States is unknown, but NIST has identified at least 178 private sector organizations that have product certification programs. In addition, the National Organization for Competency Assurance (NOCA) has identified at least 1,700 organizations based in the United States with programs for the certification or accreditation of individuals.6 The National Academy of Sciences and NIST have each noted that there is no central coordination of conformity assessment and related activities in the United States. Perhaps as a result, certification requirements can be duplicative and costly for those who must be certified or accredited. The fees for each certification exam can range from a few hundred dollars to over a thousand dollars, and the associated costs for annual fees and recertification in future years may be substantial. NIST officials told us that some laboratories must obtain multiple different accreditations-which often evaluate many of the same common elements in their evaluation processes-in order to provide testing services. NIST had found that laboratories desiring to be accredited or designated nationwide to conduct electrical safety- related testing of construction materials had to gain the acceptance of at least 43 states, over 100 local jurisdictions, the International Conference of Building Officials, the Building Officials and Code Administrators, the Southern Building Code Congress International, a number of federal agencies, and several large corporations. 6NOCA is a private sector national umbrella organization in the area of certification. Page 5 GAO/GGD-99-170 Certification Requirements B-281675 Congress has attempted to address some of the concerns about redundant certification requirements. For example, the Technology Transfer and Advancement Act of 1995 requires greater coordination of conformity assessment activities and attempts to facilitate mutual recognition among conformity assessment programs. Also, in June 1999 Congress amended the Fastener Quality Act in part to address concerns about potentially burdensome, costly, and duplicative testing and certification procedures that would have been imposed on industry. The amended law no longer requires NIST to approve organizations that accredit fastener testing laboratories. The amendments also exempt those fasteners already subject to the Federal Aviation Administration's (FAA) regulation. However, despite such concerns, it also should be recognized that some certification programs and requirements foster opportunities for small businesses. For example, the Nationally Recognized Testing Laboratory (NRTL) Program implemented by the Occupational Safety and Health Administration (OSHA) recognizes private sector laboratories that meet the necessary qualifications specified in program regulations. OSHA officials pointed out that this program has given a number of small testing laboratories in the United States the opportunity to provide types of services that only a few organizations provided before the program went into effect. Our objectives in this review were to describe (1) the extent and variety of Objectives, Scope, and certification activities in the federal government; (2) the extent to which Methodology there are policies, procedures, or guidance governing those activities, either governmentwide or within selected agencies; and (3) an agency certification procedure that could serve as an example or "best practice" for other agencies. To address these objectives, we interviewed officials and obtained documentation from five federal agencies in which the Committee had expressed an interest: the Departments of Transportation (DOT) and Veterans Affairs (VA); and, within the Department of Health and Human Services, the Centers for Disease Control and Prevention (CDC), FDA, and the National Institutes of Health (NIH). We also contacted officials in the Office of Management and Budget's (OMB) Office of Information and Regulatory Affairs, NIST, and the Office of Government Ethics (OGE) because of their responsibilities related to the issue of certification. We also interviewed and obtained documents from officials of NOCA and its related accreditation body, the National Commission for Certifying Agencies (NCCA). There are some important scope limitations to our review. Although we defined the term certification broadly to include such issues as Page 6 GAO/GGD-99-170 Certification Requirements B-281675 accreditation, recognition, and conformity assessment, the report does not cover those Federal Acquisition Regulation certifications (e.g., the Certification of Final Indirect Costs and the Certification of Nonsegregated Facilities) that might be included as standard solicitation provisions and contract clauses but are not related to conformity with technical or professional standards.7 The scope of our first objective was governmentwide. However, as agreed with the Committee, it was not our intention to develop a comprehensive listing of every possible certification-related activity and requirement of federal agencies. Our intent was to illustrate the extent and variety of such activities in the federal government. As agreed with the Committee, our review of agency- specific policies, procedures, or guidance under the second objective was limited to selected agencies, including CDC, DOT, FDA, NIH, and VA. To address our third objective, we again focused primarily on specific certification examples from the five selected agencies. The examples cited in agencies other than the five selected for more in-depth review were limited to ones cited in published reports or suggested by persons we interviewed. We obtained only limited information on the certification requirements in agency procurement actions. Our choices of examples to highlight as best practices represent subjective decisions based on our observations and work in the regulatory arena. We conducted this review between November 1998 and August 1999 at the headquarters offices of the above-mentioned agencies in the Washington, D.C., area in accordance with generally accepted government auditing standards. We provided a draft of this report to the Secretaries of Commerce, Health and Human Services, Transportation, and Veterans Affairs and the Director of OMB for their review and comment. Their responses are presented at the end of this letter, along with our evaluation. Federal agencies engage in both a large number and a wide variety of Agencies Engage in a certification-related activities. The certifications differ across several Wide Variety of dimensions, including the origins of the requirements, their targets, which entity or entities do the certifying, whether the certifications are Certification-Related mandatory or voluntary, and the extent to which there is reciprocity with Activities or recognition of other certifications or other organizations' requirements. The extent of agency involvement in the process can also vary, ranging from instances in which an agency might simply apply a certification requirement established by other entities to cases in which the agency is actively involved in developing and enforcing a specific requirement. 7See 41 U.S.C. 425(c) for limitations on the use of requirements for certification by offerors or contractors in the Federal Acquisition Regulation. Page 7 GAO/GGD-99-170 Certification Requirements B-281675 We did not attempt to develop a compendium of every federal agency Federal Certification certification or certification-related activity and requirement, and it would Activities Are Numerous be difficult to do so given the absence of a common understanding and and Diverse definition of the term "certification requirement" in the federal government. However, it is clear that federal agencies engage in a large number of certification-related activities. For example, NIST publishes directories that list more than 200 federal procurement and regulatory programs in which agencies provide or require some form of certification. The NIST directories provide only a partial inventory of agencies' activities, though, because they primarily focus on certification of products and services. Also, the directories do not cover individual procurement opportunities in which agencies require a vendor or contractor to have a particular certification, accreditation, or registration in order to participate. Agencies' certification requirements also vary in a number of ways, reflecting the variety of the underlying standards. One such dimension is the scope of the certification programs and requirements. For example, FAA's comprehensive system of certifications for the civil aviation system is quite broad, covering numerous categories of equipment, personnel, and facilities. On the other hand, one of the Environmental Protection Agency's (EPA) requirements (pursuant to section 609 of the Clean Air Act) is very specific, focused solely on operators who service motor vehicle air conditioners and requiring them to be certified under an EPA-approved program before offering their services. Another narrowly focused certification requirement is in FDA regulations that are designed to prevent botulism. The regulations require that a "processing authority" must certify the competency of "low-acid canned food retort operators" (i.e., the operators of heating and pressure cookers). Federal agencies' certification- related activities also vary with regard to the extent of agency involvement in the certification process. For example, an agency might be deeply involved in developing and/or enforcing a specific certification requirement. On the other hand, the agency might simply apply a requirement established by other entities, such as when an agency incorporates technical or professional certification requirements by reference in solicitations for specific products or services. Other ways that certification requirements vary include the following. * The target of certification. * Product * Profession Page 8 GAO/GGD-99-170 Certification Requirements B-281675 * Process * Facility or organization * Who does the certification. * Federal government * State or local governments * Joint commissions * Private sector, professional, or trade organizations * Self- certification * The origin or basis of the certification requirement. * Statutory requirements * Agency regulatory actions * International agreements * Industry consensus or nonconsensus requirements * Procurement actions * The degree of compulsion on those being certified. * Voluntary * Mandatory * Required for program participation * Whether other certifications are accepted or recognized. * Only the specified certification is accepted * Other certifications accepted or recognized According to NIST officials, the risk associated with a particular regulatory action or procurement can be an important factor influencing choices within these various dimensions. If the perceived risk is low, for instance, an agency might determine that certification is voluntary and accept a manufacturer's self- certification. However, if the risk associated with failure to meet standards is serious, the agency might choose to make certification mandatory and accept certification from only a federally recognized laboratory. Appendix I describes a number of specific agency certification programs and requirements that illustrate these kinds of differences. Some of the requirements differ on multiple dimensions. For example, the National Marine Fisheries Service within the Department of Commerce has a program for the inspection and certification of seafood products and processing operations. The Seafood Inspection Program is a voluntary program carried out pursuant to the Agricultural Marketing Act of 1946, as Page 9 GAO/GGD-99-170 Certification Requirements B-281675 amended; involves inspection by licensed federal and state agents; and provides certification recognized by other federal, state, and foreign government agencies as well as some private and international organizations. In contrast, a provision in an NIH procurement solicitation stated that a prospective contractor's supervisors responsible for inspection of the agency's biohazard cabinets "must be NSF accredited biohazard cabinet field certifiers."8 This provision is based on an industry consensus standard, targets professional competence, involves accreditation by a private sector third party, represents a mandatory requirement for prospective contractors, and recognizes only one source for the certification. Federal procurement law establishes some legal boundaries on the Little Guidance Exists certification requirements used in federal procurement. In addition, agency on Agency officials pointed out that their general procedures and practices for rulemaking and procurement can serve a useful role in notifying the public Certification and soliciting feedback on proposed certification requirements. However, Requirements there is little in the way of general policies, procedures, or guidance governing how agencies should establish certification requirements or select certification bodies, except at the level of some individual agency programs. Agency officials told us that they primarily viewed certification as an industry or professional concern rather than as a federal issue, and therefore they tended to rely on the "industry standard" or "nationally recognized" requirements. NIST has prepared draft guidance for federal agencies on conformity assessment activities, including certification. This guidance is currently under review at OMB, and NIST expects to publish it for public comment later this year. The Competition in Contracting Act of 1984 provides that a solicitation for Procurement Law Sets a government contract may include a restrictive provision only to the Some Boundaries on extent that the provision is authorized by law or is necessary to satisfy the Certification Requirements agency's needs. Some agency-specific acquisition regulations mirror the Competition in Contracting Act's limitations on the use of unnecessarily restrictive certification requirements. For example, VA's regulations allow requirements that offerors conform to technical standards that are generally recognized and accepted in the industry involved. However, if there is a choice of laboratories available to certify the quality of the 8NSF refers to NSF International, founded in 1944 as the National Sanitation Foundation. NSF is an independent, not-for-profit organization active in standards development and certification programs related to public health safety and protection of the environment. Page 10 GAO/GGD-99-170 Certification Requirements B-281675 product involved, the regulations also say that the requirements must not indicate that only one laboratory's certificate will be acceptable.9 In our bid protest decisions, we have generally not objected to a requirement that an item conform to a set of standards adopted by a nationally recognized organization in the field or a requirement for independent laboratory certification that such standards are met. However, we have found requirements unduly restrictive if they require approval by specific organizations without recognition of equivalent approvals.10 The absence of an endorsement by a particular private organization should not automatically exclude offers that would otherwise meet a procuring agency's needs. These procurement provisions notwithstanding, there is little in the way of Certification Guidance Is general policies, procedures, or criteria governing how agencies should Currently Limited to proceed in establishing certification requirements or selecting certifying Specific Programs bodies. Neither the agency officials we interviewed nor agency documents we reviewed identified any governmentwide guidance or, for the selected agencies we reviewed, agencywide guidance focused specifically on certification activities. The only specific certification guidance that we could identify was limited to particular programs. In some of these programs-such as FDA's Mammography Program; the Coast Guard's requirements for vessel design, inspection, and certification; and OSHA's NRTL Program-the agencies have established detailed procedures and criteria governing their certification requirements and/or the selection of certifying bodies. In general, however, officials in the five agencies that we contacted tended to view certification as an industry or professional issue rather than a federal one. Consequently, the agencies' selection of specific certification requirements or certifying organizations were driven more by the particular profession, industry, or market sector involved than by federal considerations. For example, officials from VA and NIH said that their agencies commonly rely on national consensus bodies and their "nationally recognized" or "industry standard" certifications for a given sector. NIST officials said that a common finding from their meetings and workshops is that people tend to use the certification or accreditation program with which they are most familiar. 9 48 C.F.R. 852.211-75. 10 See, for example, Aegis Analytical Laboratories, Inc., B-252511, July 2, 1993. Page 11 GAO/GGD-99-170 Certification Requirements B-281675 NIST Has Developed Draft NIST has taken a first step toward developing governmentwide Certification Guidance certification guidance. In response to requirements in the National Technology Transfer and Advancement Act of 1995 and OMB Circular A- 119, and with input from the Interagency Committee on Standards Policy (ICSP), NIST has prepared draft guidance for issuance by the Secretary of Commerce on conformity assessment activities, including certification.11 This draft guidance is currently under review at OMB, and NIST expects to publish it in the Federal Register for public comment later this year. NIST officials explained that the guidance would apply to all agencies that set policy for, manage, operate, or use conformity assessment activities and results, both domestic and international, except for activities carried out pursuant to international treaties. In addition to suggesting common terminology and definitions for agencies to use, NIST expects the guidance to define agency responsibilities in a number of areas, including the following: * identifying private sector conformity assessment practices and programs and considering use of the results of such practices or programs in new or existing regulatory and procurement actions, * using relevant guides or recommendations for conformity assessment practices published by domestic and international standardizing bodies, and * working with other agencies to avoid unnecessary duplication and complexity in federal conformity assessment activities. However, NIST officials also pointed out that the guidance would not preempt the agencies' authority and responsibility to make regulatory or procurement decisions authorized by statute or required to meet programmatic objectives and requirements. They also said the guidance would not suggest that agencies explain why they selected one certification requirement or organization over other possible candidates. Although there is currently no governmentwide guidance specifically on Related Policies and certification requirements, agency officials noted several related policies Procedures Also Affect and procedures that can affect those requirements. Those policies and Certification Requirements procedures include OMB Circular A-119, federal ethics and conflict-of- 11ICSP consists of representatives from each federal executive agency and advises the Secretary of Commerce and other executive branch agencies on standards policy matters. The committee reports to the Secretary through the Director of NIST. The publication of the guidance is in response to requirements in the National Technology Transfer and Advancement Act of 1995 as well as OMB Circular A-119. Page 12 GAO/GGD-99-170 Certification Requirements B-281675 interest laws, and agencies' rulemaking and procurement procedures and regulations. OMB Circular A-119 says that all federal agencies must use voluntary consensus standards in lieu of government- unique standards in their procurement and regulatory activities, except where inconsistent with law or otherwise impractical. 12 If an agency uses government-unique standards, it must explain why it did so in a report to OMB through NIST. The circular also says that agencies must consult with voluntary consensus standards bodies, both domestic and international, and must participate with such bodies in the development of voluntary consensus standards "when consultation and participation is in the public interest and is compatible with their missions, authorities, priorities, and budget resources." Agency officials from each of the selected agencies we reviewed noted that employees of their agencies commonly participate in such consensus bodies, including ones that help to establish certification requirements. Agency employees who, at government expense, participate in such activities on behalf of the agency must do so as specifically authorized agency representatives and are subject to ethics laws regarding participation by federal employees in activities of outside organizations. However, according to the Office of Government Ethics, there is no conflict of interest if an authorized agency representative participated in developing a voluntary consensus standard and the agency subsequently selected that standard as a requirement.13 Circular A-119 does caution, however, that agency participation in voluntary consensus bodies does not necessarily connote agency agreement with, or endorsement of, decisions reached by such organizations. The circular does not apply to conformity assessment activities carried out pursuant to treaties, which may impose their own obligations on federal agencies. NIST officials pointed out that the World Trade Organization (WTO) Agreement on Technical Barriers to Trade, in particular, includes conformity assessment obligations that apply to federal agencies. According to WTO, the intent of this agreement is to ensure that regulations, standards, testing, and certification procedures do not create 12OMB revised the circular on February 10, 1998, in part to make the terminology consistent with the National Technology Transfer and Advancement Act of 1995. That act codified existing policies in A- 119, established reporting requirements, and authorized NIST to coordinate conformity assessment activities of agencies. 13 The Office of Government Ethics is a small independent agency that has as its mission exercising leadership in the executive branch to prevent conflicts of interest on the part of government employees and to resolve those conflicts of interest that do occur. Page 13 GAO/GGD-99-170 Certification Requirements B-281675 unnecessary obstacles to trade. The agreement includes articles regarding procedures for assessment of conformity and recognition of conformity assessment by central government bodies. For example, the agreement encourages countries to recognize each other's testing procedures. Members of WTO are also encouraged to permit conformity assessment bodies located in the territories of other members to participate in their conformity assessment procedures under conditions no less favorable than those accorded to bodies within their own territories or the territories of any other countries. Agency officials also said that their general procedures and regulations governing rulemaking and procurement play an important role in certification activities. In particular, they noted that such procedures and regulations provide valuable opportunities for an agency to inform the public and solicit feedback on proposed certification requirements. FDA officials said their agency's procedural rules and regulations require them to use rulemaking in order to establish an enforceable certification requirement. DOT and FDA used the rulemaking process in developing or implementing several of the agencies' certification requirements. Although DOT and FDA officials acknowledged that rulemaking procedures take considerable time and effort, they noted that those procedures could also help the agencies obtain informed comments and document certification decisions. DOT officials said the use of the rulemaking process was particularly valuable in the establishment of certification requirements for subjects that are new to the department or in which DOT has little expertise. For example, proposed departmental regulations intended to reduce alcohol misuse by employees in DOT- regulated transportation industries included important roles for substance abuse professionals (SAPs). In response to public comments on the proposed rule, DOT refined and expanded its definition of SAPs in the final regulations and said alcohol and drug abuse counselors certified by the National Association of Alcoholism and Drug Abuse Counselors (NAADAC) Certification Commission could serve as SAPs.14 However, agency officials also emphasized that rulemaking may not always be a necessary or appropriate procedure for making certification decisions. In particular, NIH and CDC officials distinguished their research- oriented agencies from regulatory agencies, noting that they tend 14Subsequently, DOT recognized another certifying organization that petitioned to be recognized and asked for comment on a proposed requirement that certification organizations obtain NCCA accreditation for inclusion in the SAP definition. See 64 FR 29831. Page 14 GAO/GGD-99-170 Certification Requirements B-281675 to act through nonmandatory guidance or recommendations, not through rulemaking. DOT officials said that they generally do not use rulemaking procedures if certification requirements are part of a one-time procurement or contract. However, they said rulemaking might be the appropriate approach if the requirements are part of a recurring procurement. Agency officials also noted that procurement procedures can play a role in their agencies' choice of certification requirements and certifying organizations. Contracting officials emphasized the opportunities provided throughout the procurement process for prospective bidders to question proposed certification requirements and to suggest changes or other equivalent certifications that might meet the agency's needs. NIH officials noted that in addition to responding to the solicitation itself, bidders can comment on the draft request for proposal (published to see if there are enough sources) and the announcement of forthcoming solicitations to the market that appears in the Commerce Business Daily. Officials from CDC, FDA, and NIH pointed out that any solicitation could be the subject of bid protests if their agencies used procurement provisions that some entities believed were too restrictive. As noted previously, agency certification actions are numerous and vary Transparency of substantially. Therefore, specification of a particular certification "best Certification practice" would likely depend on the context of the certifications. Rather than attempting to develop criteria for selecting among these procedures, Decisionmaking Is a we focused on one practice that we have supported in the regulatory "Best Practice" arena-transparency, or clearly describing the basis for agency decisionmaking. Transparency in certification decisionmaking is important because those decisions can have significant implications for affected parties, but they are sometimes made with little public explanation. An agency's certification decisions can be transparent either retrospectively (explaining why a decision has been made) or prospectively (explaining the criteria it will use in making future decisions). As noted previously, OMB Circular A-119 requires agencies that develop government-unique standards to explain why they did not use voluntary consensus standards. However, we are not aware of any statutory or regulatory provisions requiring agencies to disclose why they selected one voluntary standard, certification, or certifying organization over another, or to describe the criteria they will to use to make those decisions in the future. Page 15 GAO/GGD-99-170 Certification Requirements B-281675 The transparency of the agency certification actions that we reviewed Transparency of Agency varied dramatically. In some instances, the agencies clearly documented Certification Requirements the criteria that they used or planned to use to select particular Varies requirements or certifying organizations. Other certification decisions were not as transparent, with the criteria less clear or well documented. However, agency officials were able to provide us with justifications for their actions in these instances during our review. FDA's certification requirements in its previously mentioned Mammography Program are very transparent. The program's regulations published in the Federal Register provide detailed procedures and criteria for certification of personnel and facilities providing mammography services, as well as the procedures and criteria that FDA uses to approve accreditation bodies. FDA has developed and publicized the regulations through a series of public rulemaking notices, building on procedures and criteria promulgated in earlier regulations issued by the Department of Education and the Health Care Financing Administration within the Department of Health and Human Services. The agency also provides ongoing guidance on the implementation of this program and its requirements, notifying the public of any updates in the guidance through quarterly Federal Register notices that announce the availability of and changes in FDA guidance documents. DOT has also clearly explained in several of its rulemaking documents how it made or planned to make decisions on the selection of particular certifying organizations. For example, in a 1997 final rule, the Coast Guard allowed an alternative inspection compliance method to fulfill requirements for vessel inspection and certification.15 Previously, these inspections and certifications had to be performed by the Coast Guard. Under the alternative, the Coast Guard can issue a certificate of inspection based upon reports by a "recognized, authorized classification society" that a vessel complies with United States and international safety rules, conventions, or other specified requirements. In order to receive recognition from the Coast Guard, the regulation requires a classification society to meet 23 specific criteria.16 15See 62 FR 67525 (Dec. 24, 1997). This change was made in response to concerns raised by the U.S. maritime industry in comments on an earlier notice of proposed rulemaking regarding the cost burden-and perceived competitive disadvantage to U.S. merchant vessels-of redundant inspection requirements. 16For example, one of the standards was that the classification society must maintain an internal quality system based on ANSI standard ANSI/ASQC Q9001 or an equivalent quality standard. Page 16 GAO/GGD-99-170 Certification Requirements B-281675 In DOT's previously mentioned substance abuse-prevention program, the department's rulemaking notices clearly documented the department's reasons for selecting or rejecting particular certifying bodies. Although DOT did not describe the specific criteria it would use to accept or reject professional certifications at the time it issued the proposed rule, the department's response to public comments in the final rule clearly described why it accepted certification by NAADAC and rejected state certifications. DOT noted that NAADAC was a national organization and that commenters provided information showing that the training and experience needed to meet NAADAC standards and certification requirements were sufficient for participation as a SAP in DOT's alcohol misuse prevention programs. DOT said it rejected suggestions that the SAP definition include state- certified counselors because qualification standards varied dramatically by state and did not always result in state- certified counselors having the experience or training DOT deemed necessary to implement the objectives of its rules. However, the reasoning behind some other agency certification requirements that we examined was not as clearly documented or otherwise explained. These specific cases involved the selection of particular certification bodies, and organizations that were not selected raised questions about the criteria that the agencies used. One such example was VA's implementation of new procedures, effective July 1, 1997, generally requiring that newly hired physicians be board-certified in the clinical specialty in which they will practice. The VA Undersecretary for Health later specified that the only certifying bodies recognized by VA for this purpose would be the American Board of Medical Specialties (ABMS) for allopathic physicians and the Bureau of Osteopathic Specialists (BOS) for osteopathic specialists. Although the subsequent announcement indicated that the two organizations were "umbrella organizations for approving medical specialty boards in the United States" and described the importance of board certification, the announcement did not indicate why these organizations were selected.17 Another certifying organization (the American Association of Physician Specialists, Incorporated) and the House Committee on Veterans' Affairs then questioned why VA recognized only ABMS and BOS certifications. The Committee requested that VA provide the criteria used to evaluate and select those two organizations. In its response to the Committee, VA stated that certifying groups vary widely in their requirements and that ABMS and 17VA noted that certification of physicians ensures that medical specialists have successfully completed an approved educational program and an evaluation designed to assess their possession of knowledge, experience, and skills needed to provide high quality patient care within the specialty. VA also said that board certification is a widely accepted measure of physician qualifications. Page 17 GAO/GGD-99-170 Certification Requirements B-281675 BOS are "the standard certifying organizations recognized throughout American medicine." However, VA did not further describe why it selected these two certifying organizations. VA officials told us during this review that they rely on consensus practices and standards of the health care profession in establishing certification requirements. They said VA's use of ABMS and BOS certifications can be traced back to a 1980 decision by the Chief Medical Director to accept ABMS and BOS physician board certifications for Incentive Special Pay purposes. In 1997, VA extended those same certifications that were required for special pay purposes to employment, "grandfathering" currently employed physicians. VA officials also noted that they had canvassed other federal agencies involved in health care issues-including the Department of Defense, the Public Health Service, NIH, CDC, and the Bureau of Prisons-and found that essentially all recognized ABMS and BOS as the two accepted organizations for board certification purposes. The officials also described to us some of their expectations of a health professional certification program-in essence, informal selection criteria. These included (1) accreditation for educational requirements (undergraduate, medical school, and residency program); (2) accreditation for post-residency experience; and (3) certifying exams in the area of specialty. Finally, they pointed out that by law, the Secretary for Veterans Affairs has special authority to make personnel decisions. Although the description that VA officials provided explains how ABMS and BOS were selected, it was not contained in any published document and did not explain what criteria other organizations would need to meet to be accepted by VA. Another agency certification decision that was not transparent to affected entities involved a 1996 NIH solicitation for the maintenance, certification, and decontamination of certain types of facilities and equipment, including biological safety cabinets. NIH implicitly designated NSF International as the sole certifying organization by including a requirement in the solicitation that the full-time on-site supervisor for specific locations be an NSF- accredited biohazard cabinet field certifier. NIH did not explain why only NSF accreditation was acceptable. As in the VA example, other certifying organizations that were not designated raised questions about the restriction to NSF's program. NIH officials told us during our review that NSF had the only accreditation program that was nationally recognized. The officials also pointed out that they applied the restrictive provision as narrowly as possible-requiring accreditation only for supervisors-while still addressing the agency's primary need to protect the safety of NIH personnel. Page 18 GAO/GGD-99-170 Certification Requirements B-281675 Agencies can make clear the criteria they used or plan to use to select a Common Criteria Used to particular certification requirement or certifying organization in any Select Certifying number of ways. However, those cases that we reviewed in which agencies Organizations clearly documented the criteria they used to select certifying organizations appeared to have certain common elements. For example, in most of these cases the agencies included discussions of elements such as the following: * the structure, purpose, and other characteristics of the organization (e.g., its legal status and composition of the governing board); * the resources and qualifications of the organization (e.g., technical competence of the staff, adequacy of management and quality control systems, and appropriate experience); * the certification procedures or mechanisms used by the organization (e.g., public documentation, use of valid test or evaluation methods, enforcement of certification requirements, and appeals or due process procedures regarding certification decisions); and * other factors (e.g., compatibility with or recognition of related certifications and the costs and fees associated with certification). However, transparency is not free. The Director of CDC's Procurement Transparency Is Not Free or and Grants Office told us that a governmentwide requirement for complete a Panacea documentation of each agency certification action would carry with it certain costs, including possible delays in procurement and the issuance of agency rules. The Director pointed out that the relative infrequency of concerns expressed about agency certification requirements could mean that those costs could exceed the benefits derived from documentation requirements. He also noted that mechanisms are already in place to address concerns about restrictive solicitation provisions and said that agencies will probably hear from affected entities if the requirements are considered unreasonable and/or restrictive of competition. Finally, both he and DOT officials emphasized that no one uniform approach is appropriate in the varied conditions in which certifications are used. Also, transparency in an agency's certification requirements does not guarantee that the process will result in the best (or even a good) decision. Conversely, lack of transparency does not necessarily mean that an agency's certification decision will not be good or appropriate. At a minimum, however, the opportunities for alternative certification organizations or requirements to be put forward are improved if agencies are transparent in establishing their requirements and vetting their decisions with the public. Page 19 GAO/GGD-99-170 Certification Requirements B-281675 Federal agencies' certification requirements are an invaluable tool in Conclusions helping to ensure product quality, process reliability, and professional competence in a variety of venues. Without those requirements, federal agencies would have to independently evaluate the safety of products, whether certain procedures will yield the desired results, and whether individual workers possess the skills required to perform a given task. Federal agencies have broad latitude in the selection of certification requirements and certifying organizations, which can result in what appear to be inconsistencies of application. For example, five agencies might each require a different certification for the same type of product or service. Businesses that want to provide that product or service to each of the agencies would therefore have to incur the expense associated with obtaining five certifications. Also, an agency can accept certifications from one certifying organization while not accepting certifications in the same subject area from other organizations with what appear to be similar qualifications. Organizations that are not selected would then have to forgo any income associated with providing certifications for that agency. These apparent inconsistencies are exacerbated when the reasons behind the agencies' certification decisions are unclear. Transparency of these decisions could improve their perceived legitimacy, particularly when more than one certification option is available to an agency. The means by which agencies' certification decisions can be made transparent will depend on the context in which the requirements are imposed. For example, if an agency's certification requirement is part of a procurement action, the agency can make clear the basis of that requirement in the request for proposals. Some agencies have also used the rulemaking process to delineate the rationale behind their certification requirement decisions. However, although contracting and rulemaking processes are convenient mechanisms for certification transparency, they are not always available because some certification requirements do not arise in either environment. The extent to which agencies' certification requirements need to be explained will also depend on the circumstances surrounding the certification requirement. For example, only a brief explanation should be necessary when an agency picks a certifying organization that is generally acknowledged to be the only such organization available. On the other hand, a more elaborate explanation may be necessary when an agency selects one organization over others with what appear to be similar qualifications. In that case, transparency can also help organizations not Page 20 GAO/GGD- 99-170 Certification Requirements B-281675 selected to understand what they must do to meet the agency's requirements. The forthcoming guidance being developed by NIST for the Secretary of Commerce may help bring more uniformity to the certification process, thereby making that process more intelligible to contractors, regulated parties, and other entities affected by the requirements. However, NIST officials said that the draft guidance does not directly address the issue of certification transparency. Although it would probably be unwise to recommend a single transparency approach, the guidance could generally advocate the concept of transparency in agencies' certification decisions and suggest alternative mechanisms by which those decisions could be explained to the public. We recommend that the Secretary of Commerce include a section in the Recommendation conformity assessment guidance being developed that specifically addresses the transparency of agencies' certification decisionmaking. Specifically, we believe that the guidance should encourage agencies to publicly explain why particular certification decisions were made or how certification decisions in the future will be made. The guidance should present alternative approaches for the agencies to consider in making their certification decisions more transparent, but it should not advocate that a single approach be used in all circumstances. We provided a draft of this report to the Secretaries of Commerce, Health Agency Comments and and Human Services, Transportation, and Veterans Affairs and the Director Our Evaluation of OMB for their review and comment. Officials from HHS, DOT, and OMB informed us that their agencies did not have comments on our draft report. VA did not provide comments. On September 13, 1999, the Secretary of Commerce provided written comments on the draft report. The Secretary said that the Department would address our recommendation on the issue of transparency in agencies' certification decisionmaking during the public comment period for the conformity assessment guidance being prepared by NIST. The Secretary noted that NIST would work with ICSP on the most effective way to address the issues of transparency for both regulatory and procurement agencies. The Department of Commerce also provided some technical comments and suggestions, which we incorporated as appropriate. To ensure that we had accurately characterized the examples of agency certification programs and requirements presented in an appendix to this report, we also provided the relevant portions of our draft report to officials in the Departments of Agriculture, Housing and Urban Page 21 GAO/GGD-99-170 Certification Requirements B-281675 Development, and Labor and the Environmental Protection Agency. They provided technical comments and suggestions, which we included in this report as appropriate. We are sending copies of this report to Representative Nydia M. Velazquez, Ranking Minority Member of the House Committee on Small Business. We are also sending copies to the Honorable William M. Daley, Secretary of Commerce; the Honorable Donna E. Shalala, Secretary of Health and Human Services; the Honorable Rodney E. Slater, Secretary of Transportation; the Honorable Togo D. West, Jr., Secretary of Veterans Affairs; and the Honorable Jacob Lew, Director of OMB. Copies will also be made available to others on request. Major contributors to this report are acknowledged in appendix II. If you have any questions about this report or would like to discuss it further, please contact me on (202) 512- 8676. Sincerely yours, L. Nye Stevens Director, Federal Management and Workforce Issues Page 22 GAO/GGD-99-170 Certification Requirements Page 23 GAO/GGD-99-170 Certification Requirements Contents 1 Letter 28 Appendix I Department of Agriculture 28 Examples of Federal Department of Commerce 29 Department of Health and Human Services 30 Agencies' Certification Department of Housing and Urban Development 32 Requirements Department of Labor 32 Department of Transportation 33 Department of Veterans Affairs 36 Environmental Protection Agency 36 38 Appendix II GAO Contacts and Staff Acknowledgments Page 24 GAO/GGD-99-170 Certification Requirements Contents Abbreviations AAR Association of American Railroads ABMS American Board of Medical Specialties AHA American Heart Association AMS Agricultural Marketing Service ANSI American National Standards Institute APHIS Animal and Plant Health Inspection Service ASME American Society of Mechanical Engineers BOS Bureau of Osteopathic Specialists CAP College of American Pathologists CDC Centers for Disease Control and Prevention CLIA Clinical Laboratory Improvement Amendments CPR Cardiopulmonary resuscitation DOT Department of Transportation EPA Environmental Protection Agency FAA Federal Aviation Administration FDA Food and Drug Administration HCFA Health Care Financing Administration HUD Department of Housing and Urban Development ICSP Interagency Committee on Standards Policy ILO International Labor Organization ISO International Organization for Standardization NAADAC National Association of Alcoholism and Drug Abuse Counselors NCCA National Commission for Certifying Agencies NIH National Institutes of Health NIST National Institute of Standards and Technology NMFS National Marine Fisheries Service NOAA National Oceanic and Atmospheric Administration NOCA National Organization for Competency Assurance NRTL Nationally Recognized Testing Laboratory NSF NSF International (formerly the National Sanitation Foundation) NSSP National Shellfish Sanitation Program NVCASE National Voluntary Conformity Assessment System Evaluation Program NVLAP National Voluntary Laboratory Accreditation Program NWS National Weather Service OGE Office of Government Ethics OMB Office of Management and Budget OSHA Occupational Safety and Health Administration RSPA Research and Special Programs Administration (Transportation) SAP Substance abuse professional SSCA Shellfish Sanitation Control Authority UL Underwriters Laboratories, Inc. Page 25 GAO/GGD-99-170 Certification Requirements Contents USDA United States Department of Agriculture VA Department of Veterans Affairs WTO World Trade Organization Page 26 GAO/GGD-99-170 Certification Requirements Page 27 GAO/GGD-99- 170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements This appendix briefly describes selected certification or certification- related programs and requirements. Although not intended to provide a compendium of all such federal agency programs or requirements, the appendix illustrates both the number of federal certification requirements and the dimensions by which they vary. To compile this appendix, we relied primarily on examples identified by officials within the agencies that we contacted during this review and information provided in the National Institute of Standards and Technology (NIST) Directory of Federal Government Certification and Related Programs.1 * The U.S. Department of Agriculture's (USDA) Agricultural Marketing Department of Service (AMS) provides voluntary on-site grading and certification of Agriculture meats and meat products through physical examination of product characteristics during the production process. The required tests are performed in government labs by AMS personnel, and approved USDA stamps and roller brands are applied to products that are considered in compliance with applicable standards or specifications. The grading system provides a common language to facilitate trading, and the certification assists large-scale buyers by providing impartial evaluation and certification that meat purchases meet their contract specifications. An AMS official also pointed out two related services provided under the agency's regulations. The Contract Verification Service provides wholesale buyers of noncertified commodity products a method of determining whether procurements meet contractually specified requirements. The Quality Systems Certification Program provides meat packers, processors, producers, or other businesses in the livestock and meat trade the ability to have special processes or documented quality management systems verified. * USDA's AMS also issues certificates regarding the quality of other agricultural products, including fresh fruits, vegetables, nuts, and related products. All of these certifications are voluntary, except for commodities that are regulated for quality by a marketing order or marketing agreement, or that are subject to import or export requirements. AMS also issues grade certificates for raw cotton, which are mandatory for cotton delivered on futures contracts. * To assist in the export of plants and unprocessed plant products, USDA's Animal and Plant Health Inspection Service (APHIS) issues phytosanitary (plant health) certificates to exporters certifying conformity with the receiving country's plant quarantine import regulations. The inspections 1 NIST SP739, 4th Edition (Office of Standards Services, July 1999). NIST also publishes a separate directory on laboratory accreditation programs, Directory of Federal Government Laboratory Accreditation/Designation Programs (NIST SP808). Page 28 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements are conducted by federal and state cooperators, and testing is done in federal and recognized state and university labs. APHIS also provides export certificates, stamp endorsements, or letterhead certification to indicate the class, quality, and condition of animal by-products to assist exporters in the United States to comply with import requirements in foreign countries. * The National Marine Fisheries Service (NMFS) within the Department of Department of Commerce's National Oceanic and Atmospheric Administration (NOAA) Commerce inspects seafood products and processing operations on a voluntary, fee- for-service basis. The inspections are performed by licensed federal and state agents and involve vessel and plant sanitation, product inspection, grading, certification, label review, and laboratory analysis. Federal, state, and federally recognized private laboratories perform testing and analysis, and NMFS lists approved suppliers and graded/certified products. Other federal and state agencies, private organizations, foreign government agencies, and international organizations recognize the NMFS seafood certifications. * The National Weather Service (NWS) within NOAA administers a mandatory program to certify weather observers and approve weather stations. NWS certifies weather observers by examination and experience for acceptable vision, adequate training, and demonstrated ability to take and record accurate and timely weather observations. The stations are approved on the basis of appropriate instrumentation use, installation of automated sensors, maintenance programs, and certification of the observers. The program ensures consistent, minimum performance expectations for manual weather observations used for the preparation of forecasts and warnings and the support of aviation operations. * The National Institute of Standards and Technology (NIST) administers the National Voluntary Laboratory Accreditation Program (NVLAP). NVLAP accredits laboratories on the basis of an evaluation of their technical qualifications and competence to carry out specific calibrations or tests. NVLAP accreditation is available to commercial; manufacturers' in-house; university; and federal, state, and local government laboratories and is formalized through issuance of a Certificate of Accreditation and Scope of Accreditation. * NIST also administers the National Voluntary Conformity Assessment System Evaluation (NVCASE) program. The program's primary objectives are to provide a basis for the United States government to assure foreign governments that qualifying conformity assessment bodies in the United States (e.g., accreditors of laboratories) are competent to satisfy their regulatory requirements and to facilitate the acceptance of American products in foreign markets. The NVCASE program can also be applied in Page 29 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements support of domestic regulatory programs at the request of another federal agency. The NVCASE program includes activities related to laboratory testing, product certification, and quality system registration. After NVCASE evaluation, NIST provides recognition to qualified organizations in the United States that effectively demonstrate conformance with established criteria. NIST maintains listings of all recognized bodies, as well as listings of qualified bodies that are currently accredited by bodies recognized by NIST. * In various procurement documents prepared by the Centers for Disease Department of Health Control and Prevention (CDC), the agency included certification and Human Services requirements for persons providing specific services. For example, a medical officer had to be board-certified in one relevant primary care area (such as internal medicine or surgery) and licensed to practice in the United States or be board-eligible in both occupational medicine and internal medicine. A physician's assistant had to be certified or licensed as a physician assistant by the appropriate national or state recognized organization. A chief nurse, in addition to being registered as a registered nurse in the state of Georgia, had to have annual certification in basic cardiac life support. CDC also required that cardiopulmonary resuscitation (CPR) instructors have American Heart Association (AHA) certification as providers of basic and advanced cardiac life support or American Red Cross Association certification plus AHA certification as (1) Instructor in Basic Cardiac Life Support, (2) Instructor-Trainer in Basic Cardiac Life Support, and (3) Instructor in Advanced Cardiac Life Support. * The National Shellfish Sanitation Program (NSSP) is a federal-state cooperative program recognized by the Food and Drug Administration (FDA) and the Interstate Shellfish Sanitation Conference for the sanitary control of shellfish (oysters, clams, mussels, and scallops) produced and sold for human consumption. Most of the regulation, inspection, investigations, and control measures are done at the state level. However, FDA conducts an annual review of each state shellfish control program to determine its degree of conformity with the NSSP. Annually, the state Shellfish Sanitation Control Authority (SSCA) issues number certificates to shellfish dealers who comply with sanitary standards and forwards copies of the interstate certificates to FDA. FDA publishes a monthly list of all shellfish shippers that have been certified by states that maintained satisfactory control programs. Shellfish plants certified by SSCA are required to place their certificate numbers on each container or package of shellfish shipped. Separate from NSSP, FDA also issues certificates for other fish and fishery products, including Certificates of Free Sale, Certificates of Export, Certificates to Foreign Governments, and European Union Health Certificates for Fishery Products. Page 30 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements * FDA also has a mandatory certification program that lists approved color additives and the conditions under which they may be safely used in foods, drugs, cosmetics, and medical devices. Each batch of color must be tested and certified in an FDA laboratory before it can be used, unless the color additive is specifically exempted by regulation. Other federal agencies, state agencies, and private sector organizations recognize FDA's certifications. However, under the provisions of the Federal Food, Drug, and Cosmetic Act, FDA cannot accept certification of a color by a foreign country as a substitute for its own certification. * FDA's Center for Devices and Radiological Health is responsible for the setting and enforcement of performance standards to control radiation emissions from electronic products, such as television receivers, microwave ovens, X-ray equipment, and lasers. A manufacturer of an electronic product for which there is an applicable federal performance standard is required to affix a certification label stating that the product conforms to the standard. Certification is based on a test prescribed by the standard or a testing program that is in accord with good manufacturing practices as determined by the Center. Manufacturers' or third-party laboratories perform the testing. * Under the Mammography Quality Standards Act of 1992, FDA was authorized to implement the act's requirements for the certification and inspection of all mammography facilities.2 Only certified facilities that are in compliance with uniform federal standards for safe, high quality mammography services may lawfully operate. These requirements apply to all facilities producing, processing, or initially interpreting mammograms, whether for screening or diagnostic purposes, except for facilities of the Department of Veterans Affairs, which developed its own quality assurance program. To become certified, facilities must first be accredited by an FDA-approved accreditation body. FDA published regulations to establish the requirements and standards for accrediting bodies and application procedures for such bodies. The FDA regulations also established the quality standards for mammography facilities and procedures for facility certification. Accreditation and certification must be renewed every 3 years. * The Health Care Financing Administration (HCFA) regulates all laboratory testing (except research) performed on humans in the United States through the Clinical Laboratory Improvement Amendments (CLIA) program. CLIA certification is mandatory for all facilities that perform laboratory testing on specimens derived from the human body for the purpose of providing information for the diagnosis, prevention, or 2 The Mammography Quality Standards Reauthorization Act of 1998 extended this program until October 2002. Page 31 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements treatment of disease, or impairment of or assessment of health. CLIA regulations are based on the complexity of the test method-the more complicated the test, the more stringent the requirements. Upon determining compliance with regulatory requirements, HCFA issues the appropriate certificate(s) for the type(s) of testing the laboratory performs. Those certificates are effective for a 2- year period. Those laboratories that must be surveyed routinely (those performing moderate- or high-complexity testing) can choose whether to be surveyed by HCFA or by a private accrediting organization. Approved accrediting organizations under CLIA include the American Association for Blood Banks, the American Osteopathic Association, the American Society for Histocompatibility and Immunogenetics, the College of American Pathologists, the Commission of Laboratory Accreditation, and the Joint Commission on Accreditation of Healthcare Organizations. In addition, certain laboratories are licensed under CLIA-exempt state programs in New York, Oregon, and Washington. * HCFA also has a survey and certification program covering providers and suppliers of health care services to Medicare and Medicaid beneficiaries. The aim of HCFA's program is to ensure that these providers (such as participating hospitals, home health agencies, and nursing home providers) meet federal health, safety, and program standards. Hospitals accredited by the Joint Commission on Accreditation of Healthcare Organizations or the American Osteopathic Association are deemed to participate in the program and meet federal requirements. * The Department of Housing and Urban Development (HUD) has a Department of Housing voluntary program for validation of private sector certifications of building and Urban products for construction (i.e., that building products comply with Development designated standards). After testing by government accredited, third-party validating, state/local, or manufacturers' laboratories and inspection by third parties, products that meet standards must have an authorized mark or label affixed by the manufacturer or a third-party administrator. Currently, 33 third- party administrators participate in the HUD Building Products Certification program for such products as solid fuel-type heaters, fireplace stoves, plastic bathtub units, aluminum windows, storm doors, wood window units, carpet, and lumber, among others. * HUD also has a mandatory program requiring third-party certification of manufactured housing designs and quality assurance manuals, as well as in-plant inspection to ensure compliance with standards. HUD issues lists of approved third- party agencies. * The Occupational Safety and Health Administration (OSHA) implements Department of Labor the Nationally Recognized Testing Laboratory (NRTL) Program. This Page 32 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements program recognizes private sector organizations (third-party laboratories) that meet the necessary qualifications specified in program regulations as NRTLs. An NRTL determines that specific equipment and materials meet consensus-based standards of safety to provide the assurance, required by OSHA, that these products are safe for use in United States workplaces. To obtain initial NRTL recognition, an applicant must complete an application and resolve any deficiencies found during an on-site assessment. A preliminary notice is then published in the Federal Register announcing the application for recognition, a 60-day comment period ensues, and (absent compelling reasons to the contrary), a final notice is published formally recognizing the applicant as an NRTL. * In another program, OSHA also accredits independent third-party certification agencies for the purpose of certifying maritime vessels' cargo gear lifting and handling gear and shore-based cargo handling equipment. OSHA maintains a list of accredited certification agencies and surveyors. The certifications are intended to ensure that all covered equipment is in a safe material condition, properly tested, and in compliance with regulatory requirements. Through this program, the United States fulfills its responsibilities under International Labor Organization (ILO) Convention No. 152. * Regulations on substance abuse prevention that cover employees in Department of Department of Transportation (DOT)-regulated transportation industries Transportation (including aviation, highway, rail, and other transit industries, such as pipelines) include provisions requiring face-to-face evaluation by substance abuse professionals. DOT defines these professionals as including, among others, a licensed or certified psychologist or an addiction counselor certified by the National Association of Alcoholism and Drug Abuse Counselors Certification Commission or by the International Certification Reciprocity Consortium/Alcohol & Other Drug Abuse. * Testing and/or inspection by a Coast Guard accredited laboratory is mandatory for some equipment required for use on recreational boats and commercial vessels (e.g., equipment used for lifesaving, fire protection, and pollution prevention, as well as other electrical and engineering equipment). Manufacturer self-certification is allowed for selected items. * The Coast Guard issues certificates of approval to certain providers of merchant marine courses. Obtaining a certificate is mandatory where required by regulations (in areas such as radar observation, fire fighting, and first aid), but it is otherwise voluntary. Training organizations seeking approval must submit course packages to the Coast Guard's National Maritime Center, the proposed training facility is inspected by a Coast Page 33 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements Guard Regional Examination Center, and instructor qualifications are reviewed. * The Coast Guard issues certificates of inspection for certain vessels following satisfactory completion of an inspection by a government body or an organization recognized by the Coast Guard. A 1997 final rule provided for the alternative to Coast Guard inspection by permitting the Coast Guard to issue a certificate of inspection based upon reports by a "recognized, authorized classification society." The Coast Guard generally establishes the procedures and standards used in inspections, but some are also established by statute or through international conventions and treaties for certain vessels. Other federal agencies, foreign government agencies, and international organizations recognize these certificates. * The Coast Guard also enforces requirements to ensure the safety of shipping containers used for the international transport of cargo. A third party must certify these containers before they enter into international traffic. The certifications are mandatory under the International Safe Container Act and signify that the containers conform to the International Convention for Safe Containers. Foreign governments and international organizations recognize this certification. Containers must display a Safety Approval Plate from the approval authority in the country of registry. * The Federal Aviation Administration (FAA) has a comprehensive system of certifications for the civil aviation system, with coverage ranging across equipment, personnel, and facilities. For example, FAA issues Type Certificates for makes and models of aircraft, aircraft engines, or propellers and grants Airworthiness Certificates for specific aircraft that meet approved type designs and are in condition for safe operation. FAA provides certification for pilots, flight instructors, crew members, mechanics, control tower operators, and other aviation-related personnel. FAA also provides for certification of repair stations, parachute lofts, and schools for pilots and mechanics. FAA operates an Airport Safety and Certification Program and an Airport Lighting Equipment Certification program. It issues certificates of designation and certificates of authority to, among others, aviation medical examiners, examiners of pilots and technical personnel, designated engineering representatives, and manufacturing inspection representatives. Compliance with the FAA certification system is mandatory for civil aviation, and the Department of Defense and the Coast Guard also require that some of their aircraft and equipment be FAA-certified. Most of the applicable design, performance, and quality requirements are specified in the Code of Federal Regulations. The International Civil Aviation Organization also sets general guidelines for airworthiness certification systems that FAA implements in the United States. In addition, FAA accepts some nongovernment standards, such as ones developed by the Society of Automotive Engineers, the Radio Page 34 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements Technical Commission for Aeronautics, and the Aerospace Industries Association. * The Federal Railroad Administration has a number of safety-related certification programs. One mandatory program covers safety glazing of windows for locomotives, passenger cars, and cabooses. Testing of glazing materials to demonstrate compliance with regulatory requirements is done by either manufacturers in their labs or independent labs that meet specified qualifications. Each individual unit of glazing material is permanently marked to indicate certification. * A voluntary program administered by DOT's Research and Special Programs Administration (RSPA) covers packaging of hazardous materials for export. Shippers and container manufacturers can demonstrate conformance of their packaging designs with United Nations' standards through third- party testing agencies designated by RSPA's Office of Hazardous Materials Technology. These third-party approval agencies evaluate and issue approval certificates for intermodal portable tanks and certificates of conformance for other types of packaging. * RSPA also has a mandatory requirement for third- party certification of railway tank cars used for the transport of hazardous materials. The third parties must be acceptable to the Association of American Railroads (AAR) and the Bureau of Explosives. AAR provides design approval of couplers, which is accepted by DOT. RSPA issues certificates of construction. * Another RSPA mandatory program requires registration of all persons or organizations engaged in the manufacture, assembly, inspection and testing, certification, or repair of cargo tanks or cargo tank motor vehicles. Manufacturers of special cargo tanks and cargo tank motor vehicles must also obtain an American Society of Mechanical Engineers (ASME) Certificate of Authorization for the use of the ASME "U" stamp. Repairs that are not verified to the ASME Code must have a National Board or ASME Certificate of Authorization. ASME or ASME-designated bodies perform the required testing or inspection. Other federal agencies, state agencies, private sector organizations, and the Canadian government recognize reciprocity with this registration. * RSPA requires third-party certification of welders and plastic pipe assemblers to ensure the safety of pipelines for gas and hazardous liquids. The agency also requires manufacturers' self- certification for valves, pressure-limiting services, and overall installation to specified standards. Certification of welders is usually conducted by the American Welding Society, but a comparable program by the installing contractor may be acceptable to RSPA. The agency adopts the standards of national standards organizations. Page 35 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements * The Department of Veterans Affairs (VA) requires certification of Department of automotive driving aids and automatic wheelchair lifts for purchases Veterans Affairs funded by the Department. VA publishes a compliance list that delineates certified suppliers of wheelchair lift systems and hand controls (driving aids). Certification is by a VA-sponsored Automobile Adaptive Equipment Committee. Government testing and inspection, third party government- approved certification (Society of Automotive Engineers), and manufacturers' self-certification are used to ensure compliance with VA's standards. VA also accepts certification by other agencies when current standards are applied. * VA has similar mandatory requirements for self- propelled and motorized wheelchair purchases funded by the department, again listing suppliers of these products. Certification is by a VA-sponsored Prosthetic Technology Equipment Committee. Government testing and inspection, third party government-approved certification (Rehabilitation Engineering and Assistive Technology Society of North America/ANSI), and manufacturers' self-certification are used to ensure compliance with VA's standards. VA also accepts certification by other agencies when current standards are applied. * In order to ensure standardization and uniformity in laboratory test performance throughout the VA system's clinical, nuclear medicine, and special purpose ancillary testing laboratories, the department requires third-party certification by the College of American Pathologists (CAP) and the Joint Commission on Accreditation of Healthcare Organizations. The standards applied are those of the CAP Laboratory Accreditation Program, but VA also recognizes certification by the Joint Council of American Hospitals. * VA established board certification requirements that, with some exceptions, applied to physicians hired on or after July 1, 1997. Unless they have written approval of the Chief Patient Care Services Officer prior to appointment, these physicians must be board-certified in the clinical specialty area in which they will practice. VA's Undersecretary for Health specified that the certifying bodies for these purposes are the American Board of Medical Specialties (ABMS) for allopathic physicians and the Bureau of Osteopathic Specialists (BOS) for osteopathic physicians. * An Environmental Protection Agency (EPA)- accredited, third-party Environmental laboratory must conduct emissions testing for certification of new Protection Agency residential wood heaters and submit the results to EPA. EPA certifies a representative wood heater from the model line, granting certificates valid for 5 years. * In another mandatory program, laboratories performing drinking water analysis to demonstrate compliance with regulations must be certified as Page 36 GAO/GGD-99-170 Certification Requirements Appendix I Examples of Federal Agencies' Certification Requirements capable of delivering acceptable performance. States seeking to operate a drinking water regulatory program must implement a laboratory certification program based on federal standards. EPA's regional offices serve as the certifiers in situations where there is no approved state program. Certified laboratories are issued certificates identifying areas of competency. * To ensure that pesticides posing relatively high risk, or that are difficult to use, are used only by or under the direct supervision of competent persons, EPA oversees state programs to certify applicators. EPA serves as the certifier of applicators in Colorado. An applicator may not apply restricted-use pesticides until he or she demonstrates competency and receives certification. * Under section 609 of the Clean Air Act Amendments of 1990, operators who service motor vehicle air conditioners must be certified under an approved 609 program prior to offering services. EPA restricts the sale of small containers of Class I and Class II substances appropriate for use in motor vehicle air conditioners to certified personnel. Personnel testing is done by private industry programs approved by EPA. Also, recovery and recycling equipment must be approved by EPA and must meet the requirements of the SAE standards for approval. EPA maintains a list of technician certification programs and approved equipment. Page 37 GAO/GGD-99-170 Certification Requirements Appendix II GAO Contacts and Staff Acknowledgments Curtis Copeland, (202) 512-8101 GAO Contacts Tim Bober, (202) 512-4432 In addition to those named above, Alan Belkin, John Brosnan, and Victor Acknowledgments B. Goddard made key contributions to this report. Page 38 GAO/GGD-99-170 Certification Requirements Page 39 GAO/GGD-99- 170 Certification Requirements Page 40 GAO/GGD-99-170 Certification Requirements Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Order by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touch- tone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send e-mail message with "info" in the body to: [email protected] or visit GAO's World Wide Web Home Page at: http://www.gao.gov United States General Accounting Office Bulk Rate Washington, D.C. 20548-0001 Postage & Fees Paid GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested (410364) *** End of document. ***