The Appeals and Complaints procedure defines the process undertaken when appeals from clients are received regarding certification decisions or non-conformances that have been generated during the performance of an audit.
The procedure is available to clients. For appeals from interested parties, formal definition does not permit the flexibility that the interested parties demand. However, such appeals are processed within the spirit of the procedure.
The procedure defines AfriCert as being responsible for all decisions made as a result of the appeal. The reviewing arbiter is always different from the auditor or initial reviewer. The procedure does not provide for discrimination against the appellant. These audits are usually not charged to the client in the event that the arbiter determines that AfriCert is at fault. Appeals Audits may be conducted off-site if suitable. Outcomes of these audits is communicated to the Office Administration and reviewed by the Managing Director to implement the necessary actions, corrections, corrective actions and continual improvement.
The procedure includes the following provisions;
Short Notice Audits may be conducted at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended Certificates. These audits are catered for in the General and Contract Terms and Conditions made available to clients.
The Suspension and Withdrawal Procedure describes the process undertaken to suspend and withdraw certificates. The procedure requires certificate suspension and withdrawal when;
Suspension requires that the client does not claim they are Certified. If withdrawal occurs (when the situation that led to suspension have not been resolved) then the client is also required to contact its customers that placed orders on the basis of that certification.
Use of AfriCert’s assurance marks (and any associated markings or information implying certification) are required by AfriCert’s terms and conditions (repeated by the Logo and Marks Use Procedure) to be discontinued.
Audit documentation is updated, specifically the Client Data document and Certificate Database when certificates are suspended and / or withdrawn and the information is made available upon request to interested parties without permission from the client.
In some circumstances, clients can reduce the scope of their current certification to exclude aspects of their operation which do not comply with the certification standard. Such action is only possible if the remaining certified entity can be accurately defined such that the client’s customers and interested parties will not be misled. Reductions are handled in accordance with procedure the Scope Change Audits Procedure.
In the event, either during Stage 2, Re-Certification and / or Surveillance Audits, a Major Nonconformance is identified, a Special Audit will be scheduled to ensure that the associated correction and corrective action is effectively implemented to either close the Major Nonconformance or at the least down-grade the Major- to a Minor Non-conformance.
Guidance is sought from the Audit Schedule Tolerances document on handling Major Non-Conformances.
In the event that the Major Non-Conformance is not closed or down-graded during the Special Audit, the Suspension and Withdrawal Process is initiated. In any event that the Major Non-Conformance is down-graded and up-graded again at the next Surveillance Audit, the Suspension and Withdrawal Process is also initiated.
Short Notice Audits may be conducted at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended Certificates. These audits are catered for in the General and Contract Terms and Conditions made available to clients.
Care is taken of the use of persons for such audits and specific auditor evaluations may not necessarily be necessary.
Extension Audits shall be conducted as is determined necessary during preceding audits where the outcomes of the audit determined such a need. These audits are agreed to with the client during the current audit to ensure that the audit outcomes are successfully completed prior to finalising the audit report and findings.
Take-Over Audits are conducted when AfriCert is requested to certify a client who is currently certified by another Certification Body. In such an instance, AfriCert shall collect the necessary information and initiate the application process. Where determined appropriate and sufficient, AfriCert shall transition the client via a shorter duration take-over review and in line with international guidance IAF MD2 - 2007 - Transfer of Accredited Certification of Management Systems.
Certification cycle will be maintained.
The Scope Change Audit Procedure describes how these audits are conducted. Changes to scope could include;
Scope Change audits are performed during the certification cycle to either change the standard, the scope, and/or the sites that are certified.
This will not apply to the following (These will be done via client care and MD):
The purpose of the Re-Certification Audit is to confirm the continued conformity and effectiveness of the Management System(s) as a whole and its continued relevance and applicability for the Scope of Certification and its related boundaries.
Re-Certification Audits include all the documentation required for initial Certification Audits. Re-Certification shall include a review of the Re-Certification Audit documentation and the performance of the Certified Client over the previous Certification Cycle, including any complaints and Special Audits conducted. Consideration of this information is critical in situations where the Duration Change Document is processed. The Technical Reviewer shall have the exclusive responsibility to accept the Duration Change and the Certificate award.
Surveillance Audits are conducted according to the selected Audit Cycle, being either bi-annual or annual. All Surveillance Audits shall be conducted at the Certified Clients premises and in accordance with the Audit Summary, Audit Plan and Multi-Site Record.
The procedure requires certain mandatory requirements to be audited every time such as;
Continuing operational control,
At preceding audits, an Audit Programme is completed which defines the functions, activities, processes and / or procedures subject to audit and the month and updated incrementally with each audit to demonstrate actual and planned audit activities. The procedure requires that all aspects of the client’s management system(s) are re-audited during the three year certification cycle.
Where the client requests a shorter duration contract be processed, the Audit Schedule shall be updated accordingly and the client shall be subject to having the entire management system audited within the period.
Reports generated during a Surveillance Audit are reviewed upon submission to the relevant office in accordance with the Office Review Procedure. When a Surveillance Audit has identified Major Non-conformances, a Special Audit is required to either close or down-grade the Major Non-Conformance to allow certification to continue. Failure to close or down-grade a Major Non-Conformance will result in Certificate Suspension and Withdrawal procedure to be enacted.
Surveillance Audits performed by outsourced offices that contain Major Non-Conformances also submitted to AfriCert’s head-office for additional review.
For standards requiring normative processing of Risk Assessment and Treatment, i.e. ISO/IEC 27001:2013, ISO 14001:2015, ISO 45001:2018 and ISO 22301:2019, auditors shall during Surveillance Audits, compare the results of the changes identified, applied or determined against the previous results and document such changes as being adequate or raise a finding against the matter, as is appropriate.
Normative references to documentation shall be retained as documented evidence on the Audit Plan.
Stage 2: Certification Audits:
The time between the Stage 1: Document Review and Stage 2: Certification Audit is procedurally limited to six months but are preferably done within 3 Months of the document review(see Audit Schedule Tolerances document). Exceeding this time requires a second document review to be performed. The second document review can reasonably be performed off-site. The Certification Audit procedure describes the performance of on-site certification audits. The procedure includes the following provisions;
AWARDING INITIAL CERTIFICATION (ORIGINAL CERTIFICATION)
The Technical Reviewer shall have the exclusive responsibility to determine if Certification shall be awarded or not.
Where Certification is not awarded, the reasoning for this shall be documented to the Client Data Document, at which point the Managing Director will request input from the Lead Auditor and request the Risk and Compliance committee to determine the actions to be implemented, including final communication to be presented to the client. Outcomes of such instances shall be maintained as complaints and reviewed as a risk for assessment and treatment to ensure that internal control measures have not failed.
Where Major-Conformances are identified, guidance shall be sought from the Audit Schedule Tolerances document to determine the duration requirement for correction and corrective action of Major-Non-conformances.
Where the client was able to successfully complete the Certification Audit, the following shall be provided for on the Certificate;
The document review audit has the following objectives;
Audit purpose:
Preliminary audits are performed to identify nonconformances that may prevent certification, both with the documented quality management system and with its implementation.
During a preliminary audit, the auditor will not seek to impose solutions to nonconformances that are identified, or to provide advice. The client can request as many preliminary audits as is thought necessary.
Gap analysis purpose:
A gap analysis is performed to identify the work required to develop a working, comprehensive management system(s) that complies with the requirements of the relevant certification standard(s).
During a gap analysis, the auditor(s) will not seek to impose solutions to gaps between practice, existing documentation and the standard’s requirements that are identified, or to provide advice. The client can request as many gap analysis visits as is thought necessary, but as a system emerges preliminary audits should be substituted.