How it works
We’re with you every step of the way
Appeals and Arbitration Audits

The Appeals and Complaints procedure defines the process undertaken when appeals from clients are received regarding certification decisions or non-conformances that have been generated during the performance of an audit.

The procedure is available to clients. For appeals from interested parties, formal definition does not permit the flexibility that the interested parties demand. However, such appeals are processed within the spirit of the procedure.

The procedure defines AfriCert as being responsible for all decisions made as a result of the appeal. The reviewing arbiter is always different from the auditor or initial reviewer. The procedure does not provide for discrimination against the appellant. These audits are usually not charged to the client in the event that the arbiter determines that AfriCert is at fault. Appeals Audits may be conducted off-site if suitable. Outcomes of these audits is communicated to the Office Administration and reviewed by the Managing Director to implement the necessary actions, corrections, corrective actions and continual improvement.

The procedure includes the following provisions;

  • A description of receipt, investigation and deciding future actions necessary with due regard for the recorded history of the similar appeals
  • Recording and tracking appeals
  • Implementing appropriate corrective and preventive action within AfriCert or AfriCert’s client if this is appropriate
  • Maintaining contact with the appellant and forwarding details of conclusions reached
  • Review of the results of the appeal by persons different from those investigating the appeal
  • Forwarding written details of the finality of the appeal to the appellant
Short Notice Audits

Short Notice Audits may be conducted at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended Certificates. These audits are catered for in the General and Contract Terms and Conditions made available to clients.

Suspension and Withdrawal Audits

The Suspension and Withdrawal Procedure describes the process undertaken to suspend and withdraw certificates. The procedure requires certificate suspension and withdrawal when;

  • When the Office Administration / ClientCare identifies that a client has not confirmed a scheduled surveillance within a month of the normal time,
  • Payment has not been received within a reasonable time for audits already performed,
  • Major non-conformances are not closed or downgraded within defined times,
  • Changes significant enough to place doubt on the confidence of certification occur (such as a significant management system change, a change of physical address not reported to AfriCert, significant process and / or product changes etc. not communicated and subject to Special Audits, review or “Ghosting”)
  • Client cancelling certification services with AfriCert – Voluntary Suspension (Due to closure of their business or Client moving to an alternative certification body for certification services)

Suspension requires that the client does not claim they are Certified. If withdrawal occurs (when the situation that led to suspension have not been resolved) then the client is also required to contact its customers that placed orders on the basis of that certification.

Use of AfriCert’s assurance marks (and any associated markings or information implying certification) are required by AfriCert’s terms and conditions (repeated by the Logo and Marks Use Procedure) to be discontinued.

Audit documentation is updated, specifically the Client Data document and Certificate Database when certificates are suspended and / or withdrawn and the information is made available upon request to interested parties without permission from the client.

In some circumstances, clients can reduce the scope of their current certification to exclude aspects of their operation which do not comply with the certification standard. Such action is only possible if the remaining certified entity can be accurately defined such that the client’s customers and interested parties will not be misled. Reductions are handled in accordance with procedure the Scope Change Audits Procedure.

Special Audits

In the event, either during Stage 2, Re-Certification and / or Surveillance Audits, a Major Nonconformance is identified, a Special Audit will be scheduled to ensure that the associated correction and corrective action is effectively implemented to either close the Major Nonconformance or at the least down-grade the Major- to a Minor Non-conformance.

Guidance is sought from the Audit Schedule Tolerances document on handling Major Non-Conformances.

In the event that the Major Non-Conformance is not closed or down-graded during the Special Audit, the Suspension and Withdrawal Process is initiated. In any event that the Major Non-Conformance is down-graded and up-graded again at the next Surveillance Audit, the Suspension and Withdrawal Process is also initiated.

Short Notice Audits may be conducted at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended Certificates. These audits are catered for in the General and Contract Terms and Conditions made available to clients.

Care is taken of the use of persons for such audits and specific auditor evaluations may not necessarily be necessary.

Extension Audits

Extension Audits shall be conducted as is determined necessary during preceding audits where the outcomes of the audit determined such a need. These audits are agreed to with the client during the current audit to ensure that the audit outcomes are successfully completed prior to finalising the audit report and findings.

Take-Over Audits

Take-Over Audits are conducted when AfriCert is requested to certify a client who is currently certified by another Certification Body. In such an instance, AfriCert shall collect the necessary information and initiate the application process. Where determined appropriate and sufficient, AfriCert shall transition the client via a shorter duration take-over review and in line with international guidance IAF MD2 - 2007 - Transfer of Accredited Certification of Management Systems.

Certification cycle will be maintained.

Scope Change Audits

The Scope Change Audit Procedure describes how these audits are conducted. Changes to scope could include;

  • Additional or removal of sites,
  • Additional or removal of certification standards,
  • Product / process changes,
  • Significant changes to applicable legislation

Scope Change audits are performed during the certification cycle to either change the standard, the scope, and/or the sites that are certified.
This will not apply to the following (These will be done via client care and MD):

  1. Change of name on a legal entity, changes made in terms of Companies and Intellectual Property Commission CIPC or equivalent (Physical Location change). In this case a copy of the legally changed name will be required to update certificate and other client information.
  2. Initial, current and expiry dates on certificates (as version control needs to be applied and reviewed)
  3. Review of use of combined accreditation markings for certificate/s issued.
Re-Certification Audits

The purpose of the Re-Certification Audit is to confirm the continued conformity and effectiveness of the Management System(s) as a whole and its continued relevance and applicability for the Scope of Certification and its related boundaries.

Re-Certification Audits include all the documentation required for initial Certification Audits. Re-Certification shall include a review of the Re-Certification Audit documentation and the performance of the Certified Client over the previous Certification Cycle, including any complaints and Special Audits conducted. Consideration of this information is critical in situations where the Duration Change Document is processed. The Technical Reviewer shall have the exclusive responsibility to accept the Duration Change and the Certificate award.

Surveillance Audits

Surveillance Audits are conducted according to the selected Audit Cycle, being either bi-annual or annual. All Surveillance Audits shall be conducted at the Certified Clients premises and in accordance with the Audit Summary, Audit Plan and Multi-Site Record.

The procedure requires certain mandatory requirements to be audited every time such as;

  • Internal Audits and Management Review,
  • Review of the actions taken to address non-conformities identified during the previous audit,
  • Complaints handling of the Certified Client,
  • Effectiveness of the Management System with regard to achieving the Certified Client’s objectives and other intended results of the respective Management System(s),
  • Progress of planned activities aimed at continual improvement,
  • As required for standards such as ISO/IEC 27001:2013, ISO 14001:2015, ISO 45001:2018 and ISO 22301:2019, the status of risk assessment and treatment, including associated documentation required by such standards, i.e. the latest Statement of Applicability control selection and comparison (ISO/IEC 27001:2013) of which is recorded on the Certificate,

Continuing operational control,

  • Ongoing evaluation and review of compliance with relevant legislation and regulation, as applicable in ISO/IEC 27001:2013, ISO 14001:2015, ISO 45001:2018 and ISO 22301:2019,
  • Review of any changes,
  • Use of marks that reference to Certification

At preceding audits, an Audit Programme is completed which defines the functions, activities, processes and / or procedures subject to audit and the month and updated incrementally with each audit to demonstrate actual and planned audit activities. The procedure requires that all aspects of the client’s management system(s) are re-audited during the three year certification cycle.

Where the client requests a shorter duration contract be processed, the Audit Schedule shall be updated accordingly and the client shall be subject to having the entire management system audited within the period.

Reports generated during a Surveillance Audit are reviewed upon submission to the relevant office in accordance with the Office Review Procedure. When a Surveillance Audit has identified Major Non-conformances, a Special Audit is required to either close or down-grade the Major Non-Conformance to allow certification to continue. Failure to close or down-grade a Major Non-Conformance will result in Certificate Suspension and Withdrawal procedure to be enacted.

Surveillance Audits performed by outsourced offices that contain Major Non-Conformances also submitted to AfriCert’s head-office for additional review.

For standards requiring normative processing of Risk Assessment and Treatment, i.e. ISO/IEC 27001:2013, ISO 14001:2015, ISO 45001:2018 and ISO 22301:2019, auditors shall during Surveillance Audits, compare the results of the changes identified, applied or determined against the previous results and document such changes as being adequate or raise a finding against the matter, as is appropriate.
Normative references to documentation shall be retained as documented evidence on the Audit Plan.

Stage 2: Certification Audits

Stage 2: Certification Audits:
The time between the Stage 1: Document Review and Stage 2: Certification Audit is procedurally limited to six months but are preferably done within 3 Months of the document review(see Audit Schedule Tolerances document). Exceeding this time requires a second document review to be performed. The second document review can reasonably be performed off-site. The Certification Audit procedure describes the performance of on-site certification audits. The procedure includes the following provisions;

  • Information and evidence of conformance to the standard(s) requirements, including other mandatory normative documentation requirements,
  • Conformance to the client’s defined performance criteria, these may include links and performance against normative requirements, i.e. policies, objectives and targets, applicable legal requirements, responsibilities, competence, operations, procedures, performance data and internal audit findings and conclusions,
  • In the case of multiple standard(s) being applied, that the above is catered for, for each standard,
  • Legal compliance,
  • Operational control of the processes,
  • Internal auditing and management review,
  • Management responsibility for the clients policies,
  • In the event that risk assessment forms a mandatory part of the relevant standard, that risk assessment and treatment produce consistent, valid and comparable results if repeated, i.e. ISO/IEC 27001:2013
  • Confirmation of the latest processed Statement of Applicability, i.e. ISO/IEC 27001:2013 and the application of the controls determined,

AWARDING INITIAL CERTIFICATION (ORIGINAL CERTIFICATION)

The Technical Reviewer shall have the exclusive responsibility to determine if Certification shall be awarded or not.

Where Certification is not awarded, the reasoning for this shall be documented to the Client Data Document, at which point the Managing Director will request input from the Lead Auditor and request the Risk and Compliance committee to determine the actions to be implemented, including final communication to be presented to the client. Outcomes of such instances shall be maintained as complaints and reviewed as a risk for assessment and treatment to ensure that internal control measures have not failed.

Where Major-Conformances are identified, guidance shall be sought from the Audit Schedule Tolerances document to determine the duration requirement for correction and corrective action of Major-Non-conformances.

Where the client was able to successfully complete the Certification Audit, the following shall be provided for on the Certificate;

  • Original Certificate Date; is based on the original date on which Certification was awarded (this Original Date),
  • This Certificate Date; is based on the day the decision to award the Certification was made,
  • Expiry Date; is based on a +3 year expiry date from the award date for current Certificate,
Stage 1: Document Review Audit

The document review audit has the following objectives;

  • Determine if the client’s documented management system(s) contains errors, omissions and / or conflicts, including information on the design of the management system, i.e. methodologies utilised for risk assessment,
  • To determine the readiness of the client for the certification audit,
  • To determine the client’s understanding of the certification standard(s), legal and regulatory requirements, hazards (safety), impacts (environmental) and risks (information security) have been identified, policies objectives and targets (all standards) as well as the general operation of the management system(s), have been determined and addressed,
  • Confirm the documented information from the application,
  • Review of the quotation, the allocated resources and the ability of AfriCert to conduct a comprehensive, impartial and objective audit,
  • Preparation of a detailed audit plan for the certification audit,
  • Determining that the client has performed internal audits and management reviews or has adequate plans to do so before the certification audit is performed Whilst almost all document reviews are performed on site, in a very few exceptional circumstances an off-site document review can occur. These instances are usually limited to instances where the auditor or a trusted industry expert has sufficient knowledge to substitute for on-site document reviews and / or where a previous document review has occurred and the AfriCert auditor is familiar with the Certified Client.
Preliminary Audits

Audit purpose:

Preliminary audits are performed to identify nonconformances that may prevent certification, both with the documented quality management system and with its implementation.

During a preliminary audit, the auditor will not seek to impose solutions to nonconformances that are identified, or to provide advice. The client can request as many preliminary audits as is thought necessary.

Gap Analysis Audits

Gap analysis purpose:

A gap analysis is performed to identify the work required to develop a working, comprehensive management system(s) that complies with the requirements of the relevant certification standard(s).

During a gap analysis, the auditor(s) will not seek to impose solutions to gaps between practice, existing documentation and the standard’s requirements that are identified, or to provide advice. The client can request as many gap analysis visits as is thought necessary, but as a system emerges preliminary audits should be substituted.

Copyright 2024
All rights reserved.