CODE OF ETHICS OF SWISS APPROVAL PERSONNEL INVOLVED IN THE CERTIFICATION PROCESS
1. Commitment: Endeavour to safeguard the welfare, health and safety of the community and its environment and give this priority before sectional or private interest.
2. Integrity: Evaluation and auditing personnel shall
3. Competence: Perform work only within their areas of competence, i.e. within their capability, qualifications, training and experience
4. Performance: Inspection and audit personnel skills and knowledge is guaranteed by the Top Management of Swiss Approval
5. No conflict of interest: To avoid potential conflict between the interests of clients, employers or the public and where this is unavoidable disclose forthwith the circumstances which may cause conflict.
6. Confidentiality: To ensure that confidential or copyright information or material obtained in the course of work, is transferred to other parties only with written authority from a duly authorised person.
7. Reporting: Inspection and audit personnel shall document reports and objective evidences.
8. Improvement: Inspection and audit personnel shall continue to improve their competence (knowledge and skill) to adequately follow standards updates and best practice in the certification activities.
IMPARTIALITY AND NON DESCRIMINATION DECLARATION
Swiss Approval International, its management, employees and external professionals acting by a contractual agreement as administration staff, auditors, inspectors, evaluators e.tc., have identified the importance and value of certification and related activities of the certification body, declare unequivocally their commitment to objective, reliable, independent and impartial certification services.
Swiss Approval Int is responsible for the impartiality of its certification activities and shall not allow commercial, financial or other pressures to compromise impartiality, safeguarding all conditions deriving from EN ISO17021, 17065 restrictions and related international standards for certification activities independency and impartiality.
All Swiss Approval personnel (either internal or external) or committees who could influence the certification activities, act impartially. Impartiality principles and preconditions are explicitly described in the contractual agreements and appointment documents of the staff/ external professionals being involved to the certification process stages.
All personnel involved in the certification process consists of experienced and adequately trained personnel, the adequacy of which is evaluated at regular intervals to ensure continuously that the requirements for the proper functioning of the certification process, is satisfied.
Swiss Approval International services are ensured to be accessible to all applicants whose activities fall within the scope of its certification operations maintaining non-discrimination conditions.
Swiss Approval Int takes action to respond to any risks to impartiality, arising from the actions of other persons, bodies or organizations, of which it becomes aware. All relevant measures are presented and further explained in the impartiality risks’ analysis study and action plan, which is a part of Swiss Approval Int quality management system.
Swiss Approval Int activities shall not be marketed or offered as linked with the activities of an organization that provides consultancy and prohibits any statement or implication that certification granting would be simpler, easier, faster or less expensive for any reason.
The Company’s management determines and assigns the appropriate persons to the required jurisdiction and freedom of maneuver, so they are at any time able to solve problems related to the impartiality of the procedures regarding the certification activities. Meanwhile, Company’s management proposes preventive and corrective actions, confirms corrective actions and finally evaluates the results thereof.
CONFIDENTIALITY AND DATA SECURITY DECLARATION
Swiss Approval International overbidding the importance of data security and confidentiality safeguard of the information handled, therein, as a result of the procedures and requirements of certification services, has adopted the present policy “Confidentiality and Data Security’.
The company’s management ranks the protection of confidentiality, impartiality, integrity, availability and exchange of information as vital- significant and with financial- impacts, including personal information of clients, reports, audit lists and certification documentation, records of bodies stored in databases as primary goal for the smooth and efficient operations and customers’ satisfaction.
The main objectives of Information and Data Security Policy are:
- the full satisfaction and safeguard of customers’ data confidentiality
- the compliance with legislative and regulatory requirements
- the Information security
- the assurance of security of the evaluation, inspection and certification documentation and related material, taking into account the following:
- the locations of the materials (e.g. transportation, electronic delivery, disposal, storage,)
- the nature of the materials (e.g. electronic, paper, testing equipment)
- the steps in the certification process (e.g. application, review, coordination, results’ and evaluation reporting)
- the threats arising from the certification process itself.
Concerning special provisions for personal data protection, the following are ensured:
1. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, the CB shall maintain a Register through its CRM functions.
- Individuals have the right to access their personal data and any such requests made to the CB shall be dealt with in a timely manner.
2. Lawful purposes
- All data processed by the CB must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
- The CB shall note the appropriate lawful basis in the respective agreements / consents with individuals.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the CB’s systems.
3. Data minimisation
- The CB shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- [Add considerations relevant to the CB’s particular systems]
- The CB shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
- [Add considerations relevant to the CB’s particular systems]
5. Archiving / removal
- To ensure that personal data is kept for no longer than necessary, the CB shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- The CB shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the CB shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach the responsible authorities.
This policy applies to all personal data processed by the CB.
The Responsible Person shall take responsibility for the CB’s ongoing compliance with this policy
COMPLAINS / APPEALS FLOW CHART DIAGRAM, RELATED TO CERTIFICATION BODY [CB] AND CERTIFICATION CENTRES [CC]
For the submission of any complains or appeals against Swiss Approval certification process, use the following email address: firstname.lastname@example.org
CERTIFICATION / INSPECTION / CONFORMITY ASSESSMENT SERVICES TERMS, RELATED TO CERTIFICATION BODY [CB] AND CERTIFICATION CENTERS [CC]
To be informed on Swiss Approval’s Certification / Inspection / Conformity Assessment Services Terms, related to Certification Body [CB] and Certification Centers [CC], please contact email@example.com
CERTIFICATION / INSPECTION/ CONFORMITY ASSESSMENT SERVICES TERMS
A. GENERAL TERMS AND CONDITIONS FOR CONFORMITY ASSESSMENT AND CERTIFICATION SERVICES
1. APPLICATION FIELD.
The following Terms and Conditions:
1.1 Apply to the agreed certification services plus any complementary services provided within the scope of Certification Terms and any other related activity.
1.2 Prevail over any agreements of Business.
2. SCOPE OF SERVICES – CERTIFICATION BODY OBLIGATIONS
2.1 «Swiss Approval International» (hereinafter referred as ‘’Certification Body’’ or SA) divisions evaluate, assess and certify products, systems and processes of manufacturers and service providers according to Private, National or International Standards for which:
- «Swiss Approval International» holds related accreditations, approvals or recognitions so called «accredited certification», either
- As per Private, National or International standards for which ‘’Certification Body’’ does not hold accreditation, so called «typical certification» and also
- Provides own third-party certification services, so called «in-house standards’ certification».
2.2 The agreed services shall be provided in line with the generally accepted rules of art and science, and in compliance with the Regulations applicable at the time of contract conclusion. Unless otherwise agreed in written or unless a certain approach, compulsory on the basis of mandatory regulations, applies, the ‘’Certification Body’’ shall also be authorized, at its reasonable discretion, to make own decision concerning the method and type of assessment.
2.3 The ‘’Certification Body’’ carries out:
- Accredited certification as per the standard agreed in the contract and/or the rules and regulations referred to therein, including the generally applicable accreditation standards pertaining to the specific certification standard, the certification standards plus all relevant application guidelines and the accreditation requirements defined by the competent Accreditation Body. The client shall bear any additional costs incurred thereby, unless the ‘Certification Body’ is supposed to bear these additional costs.
- «Typical certifications» in line with the respective national or international standards.
- Certification procedures to issue in-house certificates, in line with the rules and regulations established by the ‘’Certification Body’’.
2.4 After the successful completion of the certification process, the appropriate certificate will be issued as set forth in Article 4 of this Certification Terms’ document.
2.5 The ‘‘Certification Body’’ assigns approved Auditors/ Assessors to the certification process, selected from its registrar taking into account the specificities of each enterprise/organization.
2.6 The client shall be free to raise objections against the audit plan and the appointment of certain Auditors or technical experts, by submitting to the Certification Body, objective facts and reasons for such an objection.
2.7 Repeated non-acceptance of the dates/ Auditors or continuous applications for postponements or changes in the dates of the audits or composition of the Audit Teams will be considered by the
‘‘Certification Body’’ and may constitute a reason for revoking the certificate.
2.8 In accredited certifications the ‘‘Certification Body’’ is entitled to permit Assessors of the relevant Accreditation Body to witness the audit; therefore, the client shall accept the presence of representatives of the accreditation body during the on-site audits/ assessments.
2.9 The ‘‘Certification Body’’ is required to register the enterprise/organization in the certified companies registrar and to publish the certificates upon request.
2.10 The ‘‘Certification Body’’ is obliged to inform the enterprise/organization for changes of the existing standards under which the certificate was granted in order to plan the upcoming changes in the management system or disclaims the enterprise/organization certificate.
2.11 The Certification Body is obliged to provide the audit report of an organization, in case of a regulatory/public authority request. The organization will be formally notified regarding the matter from SA.
3. CLIENT’S OBLIGATION TO PARTICIPATE AND GENERAL RULES FOR THE CERTIFICATION AUDIT.
3.1 The client shall submit all information required for certification as per the relevant standard. This information can be submitted by completing the «Information Questionnaire» and any other form requested according to the certification procedure per case.
3.2 The customer may be requested to forward to the ‘’Certification Body’’ the MANAGEMENT SYSTEM/ CERTIFICATION SCHEME implementation documentation (e.g. operating license, manual and procedures, FSMS: food safety hazards identification and analysis-HACCP study & PRPs-control measures and combinations-legislation-verification and validation-communication, Statement of application–risk assessment, documentation on the design of the ITSMS covering the documentation required in Clause 4.3.1 of ISO/IEC 20000-1 etc.) as requested by each Standard/ Certification Scheme/ Assessment frame for the evaluation of prerequisites and other requirements’ fulfillment.
3.3 Cross-reference matrix (standard elements crossreferenced to the management system documentation of the organization if requested)
3.4 Organizational plan/organizational chart
3.5 Presentation of processes and their interfaces and interactions
3.6 List of controlled management documents
3.7 List of official and legal requirements
3.8 Other documents mentioned in the quotation and the conformity frame criteria.
3.9 The client shall disclose all records/ documents associated with the certification scope of application to the ‘‘Certification Body’’ Audit Team and shall guarantee the access of the Audit Team to the organizational units being involved.
3.10 On request, the client shall be obliged to submit all correspondence and all measures associated with normative documents and the requirements set forth in the applicable certification standard to the Auditor(s) during the audit.
3.11 The client is required to provide accurate and truthful information to Auditors/ Assessors with regards to its management systems and facilitate the audit procedure by taking appropriate organizational measures and taking the obligation to involve representatives and the responsible personnel. The staff will be available throughout the duration of the audit for providing information and explanations to the Audit Team in a common speaking language (at least English in case of foreign Auditors).
3.12 The client shall appoint one or several representatives who shall support the ‘‘Certification Body’’ Auditor(s) in performing the contractually agreed services and act as the client’s contact persons.
3.13 Following to the certificate issuance, the client shall be obliged, throughout the term of the contract, to communicate all changes which significantly affect the management system or the certified service/ product, including in particular:
- Changes in the certified management system.
- Changes associated with the design or specification of the certified service/ product (if applied).
- Changes in the organizational structure and the organization itself.
3.14 The client shall be obliged to record all complaints concerning the compliance of a certified process with the requirements of the certification standard that are addressed to the client, initiate appropriate corrective action, document the implementation of corrective action and, on request, demonstrate them, to the Auditor during the audit.
3.15 The client and the ‘‘Certification Body’’ may agree on the performance of a preliminary audit and jointly define the scope of this audit.
3.16 The effectiveness of the established management system or compliance criteria shall be verified during the audit carried out at the clients’ site(s), during which the client proves that it applies its documented procedures in practice. Standards or standard elements that are not complied with and for which the client must provide corrective action shall be documented in non-conformity reports.
3.17 Following to audit completion, the audit result will be communicated to the client in a meeting or equivalent activity, and subsequently documented in an audit report. Non-conformities will be documented and may lead to a re-audit or submission of revised documentation, if required by the results. The scope of the repeated audit will be determined by the Lead Auditor. The re-audit focuses exclusively on those elements of the standard for which non-conformities were identified.
3.18 After positive review of the certification documentation leading to a positive certification decision, the ‘‘Certification Body’’ will issue the certificate(s). The certificate(s) will be sent to the client in hard copies or electronically. The certificate(s) shall only be issued if all nonconformities have been corrected. The certificate(s) shall be issued for the defined period.
3.19 To maintain validity of the certificate, on-site follow-up audits or equivalent procedures (submission of files, reports etc), shall be carried out depending on the applied standard or the related regulation for certification adopted. Until the follow-up procedure and the relevant decision on certificate maintenance is being successfully completed, the certificate shall become invalid. In this case, all copies of the certificate must be returned to the Certification Body.
3.20 In the follow-up audit, the key elements of the standard shall be verified as a minimum requirement. Additionally, follow-up audits evaluate proper use of the certificate (and the certification seals, where appropriate), complaints related to the management system and the effectiveness of corrective action taken to address nonconformities. Each follow-up audit shall be documented in a report communicated to the client.
3.21 Short notice or unannounced audits may be required when external factors apply such as a) available postmarket surveillance data known to the CAB on the subject product/service indicate a possible significant deficiency in the quality management system b) significant safety-related information becoming known to the CAB c) significant changes occurring which have been submitted as required by the regulations or become known to the CAB, and which could affect the decision on the client’s state of compliance with the regulatory or standard requirements, d) significant health and safety incidents or regulation violation(s). An unannounced or short-notice audit may also be necessary if the CAB has justifiable concerns about implementation of corrective actions or compliance with standard and regulatory requirements.
3.22 Our Certification Body will provide the information about certifications granted, suspended or withdrawn to the Regulatory Authority upon request.
3.23 The geographical (e.g. additional branches) and technical (e.g. additional services/products) scope can be extended and/or the certification upgraded to include further standards within the scope of follow-up or re-certification audits and/or separate extension or upgrade audits. The number of Auditors’ days and respective costs required for the extension or upgrade shall depend on the scope of extension or upgrade and shall be clearly defined and mutually agreed prior to the audit.
3.24 Should changes in the details on which the procedure is based (e.g. details of the client operation, accreditation requirements) arise during the term of the contract, these changes must be appropriately considered in the procedures and the other contracting party should be informed without delay.
3.25 The certified client informs the Certification Body, without delay, of matters that may affect the capability of its management system to continue fulfilling the requirements of the applied standard (s). These include, for example, changes relating to: ownership; b) organization and management (e.g. key managerial, decision-making or technical staff); c) contact address and sites; d) scope of operations under the certified management system; e) major changes to the management system and processes, in order for the Certification Body to take appropriate action.
3.26 The client shall comply with the statutory and regulatory requirements applicable to the safety and performance of the medical devices (where applicable). The maintenance and evaluation of legal compliance is the responsibility of the client organization. Swiss Approval is responsible for verifying that the client organization has evaluated statutory and regulatory compliance and can show that appropriate action has been taken in cases of non-compliance with relevant legislation and regulations, including the notification to the Regulatory Authority of any incidences that require reporting. Swiss Approval may release the audit report to the competent authorities upon request.
3.27 The certified client must inform without delay, the occurrence of a serious incident or breach of regulation necessitating the involvement of the competent regulatory authority. The information provided shall also include the identification of the key hazards and occupational health and safety risks associated with processes and any relevant legal obligations coming from the occupational health and safety legislation. The application shall contain details of personnel working in or/and away from the organizational premises.
3.28 Integrated management systems covering various standards and requirements may be certified by means of a combined certification procedure. Depending on the standards and requirements involved, these combined certifications will be offered individually but under a unified procedure and contract.
3.29 In case of critical subcontracted processes (e.g. part of/ the whole production or services’ provisions is conducted by a sub-contractor or sub-contractors of behalf of the company and this is included at the scope of the certification) the audit shall also include an on-site audit visit at the subcontractors’ facilities. This must be recorded in the audit note, prescheduled at the audit plan and documented to the respective audit report. No additional man-days are needed and, the audited facilities of the subcontractor will be treated as a customer’s department and not as separate client. In such cases, the sub contractor’s effective personnel are added to the total employees of the costumer in order to calculate the audit man-days. Subcontractors are recorded by the customer at the questionnaire for offer preparation and reviewed by the contract reviewer. Contract reviewer in cooperation MS Chief officer defined the effective personnel and the subcontractors needed to be audited according the following criteria:
- Product’s / service’s provided by the subcontractor’s significance
- Non-conformities, findings from previous audits
- Sub-contractor’s existing certification according the same auditing standard
- Sub-contractor’s participation in the whole productivity of the company
- Already audited at previous audits by the CB
- Complexity of the processes
- Not audited at all at previous audits
- Sub-contractors’ reputation in the market
3.30 The costs incurred for additional efforts caused by unscheduled audits, scope modification audits or reaudits and the verification of corrective actions to eliminate non-conformities revealed in previous audits shall be borne by, and invoiced to, the client on a time and cost basis.
4. RIGHT USE OF CERTIFICATES, LOGOS AND CERTIFICATION SEALS – MARKS
4.1 Once the agreed certification procedure is completed successfully, the ‘‘Certification Body’’ issues the corresponding certificate and forwards it to the client.
4.2 The certificate shall be valid for the period of three (3) years, by yearly intermediate assessment, submission of documents and/ or follow up audits, unless the respective certification scheme/ conformity frame indicates otherwise.
4.3 Along with the issued certificate as outlined in the previous paragraph, the client shall be granted the simple, non-transferable and non-exclusive right to use the ‘‘Certification Body’s’’ certification mark, throughout the defined certificate validity as outlined in the following Articles. This also applies to certification references in communication media, such as documents, brochures or advertising materials.
4.4 The permission to use the certificate, logos and certification marks issued by the ‘‘Certification Body’’ shall apply exclusively to the areas of the client’s organization quoted in the certificate’s scope of application. Use of the certificate and/or the certification mark for areas not quoted in the scope of application shall be prohibited.
4.5 Certification marks related to the management system certification or conformity assessment for services and processes may only be used by the client in direct connection with the name or logo of the client’s organization.
4.6 The clients are not permitted to attach or use SA logos and certification marks (or other relative seals) in reference to their products or to product packaging, laboratory test reports, calibration notes or first / second party inspection reports.
4.7 The use of any statement on product packaging or in accompanying information that the certified client has a certified management system is allowed under certain conditions. Product packaging is considered as that which can be removed without the product disintegrating or being damaged. Accompanying information is considered as separately available or easily detachable. Type labels or identification plates are considered as part of the product. The statement shall in no way imply that the product, process or service is certified by this means. The statement shall include reference to:
— identification (e.g. brand or name) of the certified client;
— the type of management system (e.g. quality, environment) and the applicable standard; — the certification body issuing the certificate.
4.8 The client shall further avoid creating the impression that certification is a public authority or official inspection, and/or that system certification is a form of product testing.
4.9 The client is obliged to comply to the following rules
4.9.1 To demonstrate/claim that it is certified only for the activities and scope (s) for which the certification is awarded
4.9.2 Not to use the certification in such a way which might result to a discredited reputation for SA and not to make any statement concerning the certification, which might be perceived as misleading or unauthorized by SA
4.9.3 To use the certification only for indicating that the certified operations/ products are in compliance to the defined standards or to other standard relative documents and not to use the certification as a declaration of conformity for its product/ services and/or services by SA
4.9.4 Not to use the SA/ certification logo (s) in way as to indicate product/ service’s compliance verification
4.9.5 Not to use any document, indication or reference to the certification in a misleading and improper way
4.9.6 Τo comply with the SA requirements when publishing information related to the certification to the media, as various documents, flyers, advertisements
4.9.7 To bring into SA’s consideration the documents/forms and the locations where the logo is used, as well as the advertising material that refers to the certification and ask for the SA consensus
4.9.8 To inform SA of the cases where the system cannot comply with the requirements of the standard
4.9.9 To inform SA of the critical changes affecting the certified operations (structural change, expanding activities, replacement of the company’s quality representative e.tc.)
4.9.10 To accept the presence of the Assessors of the audit/ assessment process and of any other representatives of the accreditation bodies supervising and monitoring SA services.
4.10 The client shall not be authorized to change the certificate, logos or the certification mark.
4.11 The client undertakes to demonstrate in its advertising and similar materials that certification is voluntary, and carried out on the basis of a civil law contract.
4.12 The client’s right to use the certificate, logos and/or the certification mark shall expire if the client no longer holds a valid certificate, in particular if the certificate’s period of validity has expired or the required follow-up audits have not been carried out. 4.13 The client’s right to use the certificate, logos and/or the certification mark shall expire with immediate effect, without requiring termination, if the client uses the certificate and/or the certification mark in violation of the provisions set forth in Articles above or contrary to other terms of this contract.
4.14 The client’s right to use the certificate, logos and/or the certification mark shall expire with immediate effect upon termination as described in Article «termination of agreement» in the frame of the «Certification Contractual Agreement».
4.15 The right of use shall also expire automatically if maintenance of the certificate is prohibited by administrative regulations or court.
4.16 In cases involving expiry of the «right for use», the client shall be obligated to return the certificate to «Swiss Approval International» without delay.
4.17 In cases involving violation of contractual terms and conditions «Swiss Approval International» reserves the right to claim damages.
4.18 Certification may not be used in a manner which may harm «Swiss Approval International» reputation or the reputation of any other subsidiary of «Swiss Approval International» Group.
4.19 The client shall not be entitled to make statements about certification, which SA may consider unauthorized and misleading.
4.20 If it is foreseeable that the client is temporarily unable to fulfil the certification requirements, the certification can be suspended. During certificate
suspension, the client may not use the certification in its advertising. In the «list of certified organizations» as outlined in the related Article, the status will be updated to «suspended».
4.21 If the reason underlying suspension is not remedied within the agreed timeframe, the certification will be withdrawn.
5. Appeals – Complains
5.1 In case of complaints and appeals against a certification decision, the authorised Boards / Managers of the ‘‘Certification Body’’, are asked to resolve the complaint or appeal and respond to the complainant/ appellant.
5.2 The ‘’Certification Body’’ applies a documented process to receive, evaluate and make decisions on appeals.
5.3 The ‘’Certification Body’’ ensures that the persons engaged in the appeals-handling process are different from those who carried out the audits and made the certification decisions. Submission, investigation and decision on appeals shall not result in any discriminatory actions against the appellant.
5.4 The ‘’Certification Body’’ shall give formal notice to the appellant of the end of the appeals handling process.
5.5 The ‘’Certification Body’’ is responsible for all decisions at all levels of the complaints handling process. Submission, investigation and decision on complaints shall not result in any discriminatory actions against the complainant.
5.6 In case of submitted complaints by the customers of a certified client, the Certification Body shall announce valid complaints to the certified client at an appropriate time.
Without prejudice to specific statutory or regulatory requirements, the ‘’Certification Body’’ shall determine, along with the certified client and the complainant, whether and, if so to what extent, the subject of the complaint and its resolution shall be made public.
6.1 «Confidential information» is hereby defined to include all information, documents, images, drawings, know-how, data, samples and project documentation which one party (disclosing party) hands over, transfers or otherwise discloses to the other party (receiving party). Confidential information also includes hardcopies or electronic files of such information.
6.2 The disclosing party shall mark all confidential information disclosed in written form as confidential before passing it on to the receiving party. The same applies to confidential information transmitted by email. If confidential information is disclosed orally, the receiving party shall be appropriately informed in advance.
6.3 All confidential information which the disclosing party transmits or otherwise discloses to the receiving party:
- May only be used by the receiving party for the purposes defined above, unless expressly otherwise agreed in written with the disclosing party;
- May not be copied, distributed, published or otherwise disclosed by the receiving party. An exemption from the above rule applies to confidential information, which must be passed on to supervisory and/or accreditation bodies within the scope of an accreditation procedure;
- Must be treated by the receiving party with the same level of confidentiality as the receiving party uses to protect its own confidential information, but never with less than the objectively required due diligence.
6.4 The receiving party shall disclose any confidential information received from the disclosing party only to those of its employees who need this information to perform services required for the subject matter of the certification and conformity assessment services. The receiving party undertakes to place these employees under the obligation to observe the same level of confidentiality as that set forth in this non-disclosure clause.
6.5 Information for which the receiving party can furnish proof that:
- it was generally known at the time of disclosure or has become general knowledge without violation of this agreement, or
- it was disclosed to the receiving party by a third party entitled to disclose this information, or
- the receiving party already possessed this information prior to disclosure by the disclosing party, or
- the receiving party developed it itself, irrespective of disclosure by the disclosing party; is exempted from the above confidentiality rules.
6.6 All confidential information shall remain the property of the disclosing party. The receiving party hereby agrees to immediately:
- Return all confidential information, including all copies, to the disclosing party, and/or, on request by the disclosing party,
- Destroy all confidential information including all copies, and confirm the destruction of this confidential information to the disclosing party in written, at any time if so requested by the disclosing party but at the latest and without special request after termination or expiry of this contract. Excluded from the above shall be all reports and certificates, which the ‘Certification Body’, in performance of its contractual obligations hereunder, prepared exclusively for, and which remain with, the client. The ‘Certification Body’ is entitled, however, to retain copies of these reports and certificates and of any underlying confidential information to furnish proof that our results are correct and to fulfil general documentation purposes.
6.7 From the start of the initial certification of the client and for a period of five years after termination or expiry of the certification, the receiving party shall maintain as strictly undisclosed, all confidential information and shall not disclose this information to any third parties.
7. TERMINATION OF CERTIFICATION TERMS
7.1 Both parties shall be entitled to terminate the certification contract observing a period of 6 months to the end of the contract.
7.2 The ‘Certification Body’ is also entitled to terminate the certification contract without notice for important reason as described in the current contract and its related regulatory documents.
7.3 For the purpose of this contract «important reason» for the Certification Body shall be defined as follows:
- The client fails to notify the ‘Certification Body’ without delay of any changes or indications of changes in the organization which are relevant for certification,
- The client misuses a certificate and/or certification mark or uses them contrary to the present Terms,
- Insolvency proceedings are opened in respect of the client’s assets or an application for such insolvency proceedings is rejected due to lack of assets.
7.4 In addition to the above, the ‘Certification Body’ shall be entitled to terminate the contract without notice, should the client be unable to comply with the time periods the ‘Certification Body’ scheduled for auditing/service provision as applicable to a certification procedure and should withdrawal of the certificate consequently be necessary (e.g. conducting of follow-up audits).
8. LIST OF CERTIFIED ENTERPRISES AND ORGANIZATIONS
8.1 The ‘Certification Body’ maintains a list of certified organizations and their scopes of application.
8.2 Suspended certifications and withdrawn certificates, as well as withdrawn certificates in the case of failure to comply with the required timeframe for auditing / service provision (e.g. performing of follow-up audits), are also incorporated into this list.
8.3 The ‘Certification Body’ is entitled to communicate upon request such information about the client’s certification, as it is required that the “Certification Body” make publicly accessible information about certifications granted, suspended or withdrawn.
9. CERTIFICATE REPLACEMENT
9.1 Observing a period of 1 month of notice, the ‘Certification Body’ is entitled to replace issued certificates by new certificates (replacement certificates) at any time in the event of a change in the accredited certification body name/ data on the certificate, provided that the replacement has not caused a change in the certification scope.
9.2 In the event of replacement, the client will be obligated, as stated in the related Article, to return to the Certification Body the certificate to be replaced, without delay.
B. SPECIFIC TERMS AND CONDITIONS FOR ACCREDITED CERTIFICATION
10. CERTIFICATION VALIDITY PERIOD
10.1 The certificate shall be valid for a period of 3 years, upon condition of successful yearly intermediate assessments, submission of documents and/ or follow-up audits.
11. CERTIFICATION AUDIT
11.1 Certification audits consist of obtaining an overview of the management system and its maturity (status of implementation) as well as of the establishment and compliance with the defined management system or conformity criteria (as described in detail in Article 2).
12. FOLLOW UP AUDIT
12.1 To maintain validity of the certificate, on-site follow-up audits and/ or documents’ submission and review shall be carried out at least annually, at 12-month intervals if possible. The due date is calculated from the day of the certification decision. Follow-up audits may be carried out up to 3 months before, but at the latest exactly on, the due date. It might be necessary to adjust the frequency of surveillance audits to accommodate factors such as seasons or management systems certification of a limited duration (e.g. temporary construction site).
12.1 Surveillance audits shall be conducted at least once a calendar year. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.
12.2 To ensure these deadlines are observed even if dates have to be postponed at short notice, follow-up audits should be scheduled at the beginning of the above 3-months tolerance period if possible.
13. AUDIT FINDINGS AND MANAGEMENT OF NON-CONFORMITIES
During an audit the various findings are classified into the following categories:
13.1 Proposals for Improvement: Proposals for Improvement:
- Those define the fields/sectors where the auditors/ assessors identify weak points or potentials for improvement and which if are not corrected may cause a future failure or inefficiency of the system or refer to systemic goals that can help the continued improvement of the management system.
13.2 Non-Conformities: The findings that are notified as “Non- Conformity” -“NC” indicate the points where the requests of the standard are not satisfied.
13.3 Depending on the severity and the certification scheme, non-conformance can be classified as follows:
- Major: Systemic deficiencies such as omission of a quality system element or gross non-conformance with elements – A significant number of minor deficiencies occurring in an element. Note: If the deficiency can lead to a massive product recall, or is safety-related such as food poisoning in a food industry, and in means can affect safety and security issues – In such a case the audit could be terminated.
- Minor: Isolated occurrences – A single deficiency found that does not affect the capability of the management system to achieve the intended results.
13.4 If during the initial audit/ assessment serious issues such as significant number of Major nonconformities are identified, (i.e. the enterprise/organization’s operation does not comply in a great extent with the requirements of the standard), the Auditor shall communicate with the technical reviewer in order to decide if the audt team may continue as a preliminary audit/ assessment or to interrupt the process in order to give to the customer essential time to restore the “NonConformity”.
13.5 If during the surveillance assessment a Major nonconformities are identified, the Lead Auditor shall communicate with the technical reviewer in order to initiate a review and determine whether certification can be maintained (e.g. decide if a reaudit is required). The approval of the non-conformities is done through the company’s information system.
A. Numerous similar minor deficiencies in any one area or function may become a major deficiency.
B. Especially for <energy management systems> classifying nonconformities as major, in addition to the above cases, could be the existence of the following:
- audit evidence that energy performance improvement was not achieved;
- a significant doubt that effective process control is in place.
13.7 Non-Conformities are consequently documented on the “Non Conformity Form’’. Non-Conformities form is issued and announced (if applicable) in the frame of the Closing Meeting. In specific, it is compulsory that the non-conformities report is co-signed by the Management representative of the company and the lead auditor/ assessor.
14. SUSPENDING, WITHDRAWING OR REDUCING THE SCOPE OF CERTIFICATION
14.1 The Certification Body shall suspend certification in cases when, for example the enterprise/organization’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system; the certified enterprise/organization does not allow surveillance or recertification audits to be conducted at the required frequencies; the certified enterprise/organization has voluntarily requested a suspension; the contract’s financial terms are not fulfilled by the enterprise/organization; the certified enterprise/organization has caused a serious health and safety incident or regulation violation necessitating the involvement of the competent regulatory authority.
14.2 Under suspension, the enterprise/organization’s management system certification is temporarily invalid.
14.3 The Certification Body shall restore the suspended certification if the issue that has resulted in the suspension has been resolved. Failure to resolve the issues that have resulted in the suspension in a time established by the Certification Body shall result in withdrawal or reduction of the scope of certification.
14.4 In most cases, the suspension should not exceed six months.
14.5 The Certification Body shall reduce the scope of certification to exclude the parts not meeting the requirements, when the certified enterprise/organization has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. Any such reduction shall be in line with the requirements of the standard used for certification.
15.1 To renew certification for another three-year period, a Re-Certification audit shall be held at the client’s organization prior to expiration period of certificate validity.
15.2 The procedure is similar to that of a certification audit but information enquiry is essential in order to re-determine the certification project elements. A respective offer and contract is agreed and signed.
15.3 Following expiration of certification, the Certification Body can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 shall be conducted. The effective date on the certificate shall be on or after the recertification decision and the expiry date shall be based on prior certification cycle.
16. MULTI – SITE CERTIFICATIONS
16.1 Multi-site certifications may be applied to organizations maintaining multiple production sites or branches functioning exclusively as field offices.
16.2 Multi-site certification is possible if the following criteria are additionally fulfilled:
- All sites maintain a legal or contractual relationship with the organization’s headquarters.
- Services/processes are basically identical at all sites and are produced using identical methods and procedures.
- Uniform management system/conformity criteria compliance has been defined for, and is established and maintained in, all branches/production facilities.
- The entire management system is monitored centrally under the direction of the Management Representative at the organization’s central office, who is authorized to issue management system related instructions to all branches/offices / production sites.
- Internal audits and management reviews have been carried out at all branch/offices / production sites.
- Certain areas carry out centralized activities on behalf of all branch offices/production sites, e.g. product and process design and development, purchasing, human resources (HR), etc.
16.3 In cases of multi-site certification, the auditing of sites may be spread over certification and follow-up audits period. Headquarters must be audited annually in addition to the sampled sites.
17. CLIENT’S OBLIGATION TO PRELIMINARY AGREE AND GENERAL RULES FOR MYSTERY AUDITS (IF APPLICABLE)
17.1 Mystery Audits are applied in the Service Industry only.
17.2 Mystery Audits can be part of a typical certification process or be a service “stand-alone” for conformity assessment.
17.3 Client agreement on number of audits/year should be obtained.
17.4 Client agreement on checklist applied should be obtained.
17.5 Audit costs, including consummation of services and products, will be totally charged to the Client, after the end of Mystery Audit process.
18. UNANNOUNCED – SPECIAL AUDIT
18. 1 The “Certification Body” maintains the right to execute a special audit whose costs are undertaken by the customer:
- When within the system of a certified enterprise/organization there have been structural changes (change in ownership, changes in personnel or equipment) but without changes to the scope of certification.
- If there is documented evidence or indications that the certified enterprise/organization no longer meets the requirements of the certification standard and legislation (e.g. after complaints or other information brought to the attention of “Certification Body”). It may be necessary for the Certification Body to conduct audits of certified clients as short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients.
- To check the compliance of the business to changes of the standard or the relevant legislation after agreed by the customer.
- When corrective actions for closing NCs are required. The possibility of a short notice on site visit also applies.
18.2 Both SA and AB have the right to perform an unannounced audit to the customer in case of:
– complaints and appeals towards either SA or the client
– monitoring SA’s performance
APPENDIX (REGULATION 11-41-001-A002)
CODE OF ETHICS OF SWISS APPROVAL CERTIFIED CLIENTS:
Certified customers are required to:
- Act in ethical manner and professionally.
- Comply with the relevant provisions of the certification scheme under which they are assessed and certified for.
- Comply with the certification requirements and supply any information needed for the assessment.
- Make claims regarding certification only with respect to the scope for which certification has been granted.
- Help to increase the prestige of the certificate and not to use it in a misleading manner.
- In the event of suspension or withdraw of Certification, the below signed Certified Enterprise, shall refrain from: a) the use of all references (stamps, logos, certificates, etc.) to a certified status, b) any further promotion of the certification.
- In the event of suspension or withdraw of Certification, the Certified Enterprise, agrees to return any certificates issued dy the certification body or stamps or other material, to the Certification Body, by own expenses.
- Not to disseminate false or misleading information that may compromise the integrity of the certificate or the certification process.
- Not to use the certification in such manner as to bring the certification body into disrepute and not to make any statement regarding the certification that SA considers as misleading or unauthorized.
- Not to release confidential/business information or materials of “Certification Body” or engage in subterfuge practices.
- Act in a manner that would not adversely affect the name of the “Certification Body”.
- Cooperate with the “Certification Body”, fully investigated an accident where a possible violation of this Code is detected.
- Inform the “Certification Body” about any complaints that are made against relating to the adequacy of the certificate.
- Inform the “Certification Body” about issues that may affect the ability of the certified enterprise to continue to meet certification requirements.
- Inform the “Certification Body” about the conflicts that may be exist between its scopes, employees, and the certification process involved personnel.
- Bond its employees by the current code and its principles.
- Keep and comply with the present Code of Ethics for SA Certified customers.