IQNet SR 10. Social Responsibility Management Systems. RuleBook

Transcription

1 Version 1 1 of 15 IQNet SR 10 s RuleBook Copyright 2012, IQNet, CH-3011 Bern

2 Version 1 2 of 15 Summary 0.INTRODUCTION OBJECTIVE DEFINITIONS IQNet Partner IQNet SR 10 Partner IQNet SR 10 Rulebook IQNet SR 10 Specification: Oversight activity FUNCTIONS AND RESPONSIBILITIES IQNet IQNet SR 10 Partners IQNet SR 10 Technical Advisory Group (IQNet SR 10 TAG) Functions and responsibilities RECOGNITION AND MONITORING OF THE TECHNICAL COMPETENCE OF A PARTNER Initial recognition requirements IQNet ongoing recognition requirements and oversight activities Loss of IQNet recognition Operating system requirements Notice of changes Internal audits IQNet SR 10 Partner contract requirements with the client COMPETENCE REQUIREMENTS Qualification requirements for IQNet SR 10 auditors Qualification requirements for IQNet SR 10 lead auditor Requirements for IQNet SR 10 recognized trainers Maintaining auditor competence and internal monitoring IQNet SR 10 AUDIT PROCESS. GENERAL REQUIREMENTS Audit and certificate cycles Certificate issuing Audit days determination Audit day determination permitted reductions KNOWLEDGE MANAGEMENT Copyright 2012, IQNet, CH-3011 Bern

3 Version 1 3 of 15 0.INTRODUCTION This document has been originated by the IQNet SR 10 Technical Advisor Group, whose members represent several IQNet Partners. Future changes will be proposed by the TAG and approved by the SCH. The IQNet SR 10 Specification defines the requirements for a. It is applicable to all kinds of organizations regardless of their size and scope of activities. 1 OBJECTIVE This document contains the technical specifications to be fulfilled by IQNet and its Partners in the provision of IQNet SR 10 certification services. The IQNet SR 10 certification shall be issued, maintained, renewed and if necessary suspended and withdrawn in accordance with these specifications and other specific procedures and guidance documents issued by the TAG. This document establishes the technical specifications for: The management of the IQNet SR 10 Technical Advisor Group (hereinafter TAG) and its functions and responsibilities under the responsibility of the IQNet Standing Committee Harmonisation (SCH). The certification process (initial certification, surveillance, recertification, suspension and withdrawal) for an organization. The process of recognising and monitoring the technical competence of the Partners by IQNet. The auditors qualification and supervision processes. The knowledge management process. In the IQNet SR 10 certification scheme the IQNet SR 10 Partner will issue the certificate. It also entitles the right to use the IQNet SR 10 Mark associated with the IQNet SR 10 Partner mark, as described in section 8. By issuing the Certificate, the IQNet SR 10 Partner grants its client (the certified organisation) a licence to use the IQNet SR 10 Mark. Under no circumstances may this licence be used by, or transferred to, another third party or applied under any scope other than that stated in the Certificate 2 DEFINITIONS For the purposes of this document, the following definitions will apply: 2.1 IQNet Partner. A full or franchisee Partner of IQNet 2.2 IQNet SR 10 Partner. An IQNet Partner that have signed the IQNet Agreement for the performance of the IQNet SR 10 certification scheme and being qualified under the rules of the IQNet SR 10 RuleBook. 2.3 IQNet SR 10 RuleBook. This document. 2.4 IQNet SR 10 Specification: IQNet SR 10. s. Requirements. Edition 1. Copyright 2012, IQNet, CH-3011 Bern

4 Version 1 4 of Oversight activity activity performed by IQNet including either a monitoring activity, a witness audit or an office assessment. 3 FUNCTIONS AND RESPONSIBILITIES 3.1 IQNet. The functions and responsibilities of IQNet are as follows: a) To promote and market the IQNet SR 10 tool. b) To create, maintain and operate the IQNet SR 10 management database c) To inform the TAG about the claims and appeals received by the Head Office about any IQNet SR 10 certification service. d) To supervise the use of the IQNet SR 10 Mark. e) To ensure the compliance of IQNet SR 10 Partners with this RuleBook through oversight activities. f) To assist the TAG in the development of the functions which have been assigned to it 3.2 IQNet SR 10 Partners The functions and responsibilities of the IQNet SR 10 Partners are as follows: a) To promote and market the IQNet SR 10 certification. b) To receive, analyse and review certification applications. c) To provide training for auditors. d) To maintain auditor s qualifications. e) To ensure that its auditors regularly attend the forums and continuous training. f) To conduct IQNet SR 10 audits in compliance with all applicable requirements, including those derived from ISO g) To make the decisions regarding the issuance, maintenance, renewal, withdrawal and suspension of certificates. h) To issue the certificates and the IQNet SR 10 Mark. i) To keep IQNet informed of its activities, including sending all the necessary info to keep IQNet SR 10 worldwide database up-to date j) To conduct all activities and actions required by IQNet to ensure that the IQNet SR 10 Partner is skilled to carry out the functions entrusted therein within the field of IQNet SR 10 certification. k) To cooperate with IQNet in the resolution of complaints addressed to IQNet. l) To observe the TAG decisions when performing the functions which have been assigned to it. Copyright 2012, IQNet, CH-3011 Bern

5 Version 1 5 of 15 m) To invoice their clients and pay the agreed royalties to IQNet. 3.3 IQNet SR 10 Technical Advisory Group (IQNet SR 10 TAG) Components of the TAG and frequency of meetings The TAG has been created by IQNet under the responsibility of the SCH with initial convenorship of AENOR. The TAG will be open to specialist from all IQNet SR 10 Partners. The TAG shall meet, by request of the TAG Convenor or of at least three TAG members, physically or by electronic means (e.g. videoconference), when necessary Functions and responsibilities The functions of the TAG are as follows: a) To create and propose the subsequent reviews of the RuleBook. b) To update the IQNet SR 10 Specification. c) To provide, at the request of one or more IQNet SR 10 Partners, common interpretation of the RuleBook and IQNet SR 10 Specification (see 3.3.4) d) To ensure the technical competence of the IQNet SR 10 Partners, by deciding on initial recognition of the Partners as IQNet SR 10 Partners, reviewing customer s files, as per par 4.2 of these Rulebook, and to confirm the ongoing recognition of IQNet SR 10 Partners, and recommending the de-recognition of an IQNet SR 10 Partner to the IQNet Board of Directors (BoD) e) To supervise, when necessary, the qualification of auditors, lead auditors and trainers managed by IQNet SR 10 Partners. f) To manage aspects related with Knowledge Management and exchanging experiences (may include organising auditor forums) g) To supervise stakeholders complaints, received directly by IQNet, or those of special public relevance TAG convenorship The functions of the TAG convenorship are as follows: a) To lead the TAG. b) To prepare, call and chair TAG meetings. c) To manage and ensure that the functions which have been assigned to the TAG are properly developed d) To prepare, run and update the IQNet SR 10 official training courses, seminars and additional info for IQNET SR 10 recognized Trainers (see 3.3.2) Common interpretations and Frequently Asked Questions Common interpretations (CI) and answers to Frequently Asked Questions (FAQ) are issued by the TAG on request of one or more IQNet SR 10 Partners or the IQNet HO; Copyright 2012, IQNet, CH-3011 Bern

6 Version 1 6 of 15 A CI changes the interpretation of a rule or a requirement which itself then becomes the basis for a nonconformity. A FAQ is an explanation or a clarification of an existing rule or requirement. As a result the respect of a CI is mandatory and IQNet SR 10 Partners clients shall be informed accordingly. Common Interpretations and Frequently Asked Questions are posted on the IQNet web site. 4. RECOGNITION AND MONITORING OF THE TECHNICAL COMPETENCE OF A PARTNER 4.1 Initial recognition requirements Initial recognition requirements are: Being a Partner of IQNet Having Signed the IQNet SR 10 Agreement. Having provided IQNet proof of having at least 1 (one) IQNet SR 10 lead auditor qualified through the IQNet train-the-trainers course. Once fulfilled the initial recognition requirements the Partners receives from the IQNet a preliminary recognition to start recognized IQNet SR 10 certification activities. The audit report of the first and the second audit carried out shall be sent for approval to the TAG before issuing the certificate. Within three (3) weeks the TAG will provide the Partner with a report on the adequacy to the SR 10 requirements of the audits conducted and the relevant reporting. Should it be necessary, appropriate corrective action shall be taken by the Partner before issuing the certificate. After the second certification the TAG decides about the approval of the Partner. Provided that no major concerns are open and, if applicable, appropriate corrective action was taken, the Partner will receive a confirmation of its recognition and will become an IQNet SR 10 Partner. The list of IQNet SR 10 Partners will be available through the IQNet website. 4.2 IQNet ongoing recognition requirements and oversight activities The ongoing recognition shall be verified by IQNet and will be ensured by, among others, programmed oversight activities. Oversight activities include witness audits, peer evaluations and monitoring of IQNet SR 10 Partner s activities (file reviews). The costs related to oversight activities (including also translation, where needed) shall be fully borne by the IQNet SR 10 Partner. IQNet oversight activities will ensure the conformity of the IQNet SR 10 Partner processes with the RuleBook Witness audits and monitoring of SR 10 Partner s activities On a yearly basis IQNet, in cooperation with the SCPM and the TAG, shall schedule oversight activities in accordance with the following table (Table 1): Number of IQNet SR 10 certificates, as recorded in the IQNet database (as of December the 31st) Monitoring activities and witness audits to be performed during the next calendar year < 20 2 file reviews on a sampling basis witness audit + 1 file reviews on a sampling Copyright 2012, IQNet, CH-3011 Bern

7 Version 1 7 of 15 basis > 100 > witness audit + 2 file reviews on a sampling basis 2 witness audit + 3 file reviews on a sampling basis Table 1: Monitoring activities to be developed according to the number of IQNet SR 10 certificates issued by the IQNet SR 10 Partner. Witness audits shall be conducted (i.e. at the organization premises) during the performance of a programmed SR 10 audit by one or more IQNet SR 10 qualified auditors, to ensure the competence of the IQNet SR 10 Partner and its auditors. Clients of the IQNet SR 10 Partners shall be informed in due time of the presence of the IQNet auditors and shall not be entitled to refuse their presence, unless major justification is provided in writing. During the witness audits the IQNet auditors shall act strictly as observers. The inobservance of this rule may result in the expulsion of the auditors from the audit process. The global distribution of witness audits will be proportionate with IQNet SR 10 Partner activities developed by region. The IQNet SR 10 Partner shall provide a schedule of programmed IQNet SR 10 audits upon request by IQNet Peer evaluations The IQNet SR 10 Partners office assessment shall be conducted every 3 years, as part of the regular peer evaluations by IQNet at the IQNet SR 10 Partner s main premises. During the office assessments, the IQNet audit team shall assess the conformity of the IQNet SR 10 Partner s processes with the requirements of the SR 10 RuleBook. If a IQNet SR 10 Partner has multiple offices responsible for certification decisions, those offices should be considered during the audit Non-conformities Should any non-conformity arise during an oversight activity, the IQNet SR 10 Partner shall submit appropriate corrective actions and evidence of its implementation to IQNet for approval within a maximum of ninety (90) calendar days from the communication of the non-conformity to the IQNet SR 10 Partner. HO shall verify the effective implementation of the corrective actions taken. Verification may occur by document review or during the next IQNet oversight activities. When a IQNet SR 10 Partner cannot provide evidence of implemented corrective actions within ninety (90) calendar days, IQNet may perform special oversight activities. Should a major nonconformity remains open after ninety (90) calendar days, the IQNet SR 10 Partner derecognition (see: 4.3) process shall begin. IQNet reserves the right to undertake additional activities in response to corrective action follow up or based upon performance. 4.3 Loss of IQNet recognition The de-recognition process of a IQNet SR 10 Partner shall be initiated upon: a) Violation of any provision of the IQNet SR 10 Agreement, b) Violation of the RuleBook c) Inadequate performance as identified by IQNet, d) Repetitive lack of diligence in updating IQNet SR 10 database, including providing uncompleted, inaccurate or delayed information. Copyright 2012, IQNet, CH-3011 Bern

8 Version 1 8 of 15 De-recognition process shall be initiated by the TAG. Both IQNet and the involved IQNet SR 10 Partner will be asked by TAG to provide, within 30 calendar days, all the information that might be considered relevant to clarify the facts that led to the de-recognition process. After the reception of all the documents, and within 60 calendar days, the TAG will prepare a draft of decision about the de-recognition, which will be sent through SCH to IQNet BoD (Board of Directors) for ratification by correspondence or during its next meeting. De-recognition results in cancellation of the IQNet SR 10 Agreement. 4.4 Operating system requirements The IQNet SR 10 Partner shall define its procedures to carry out the certification activities according to the IQNet SR 10 Agreement and the RuleBook. 4.5 Notice of changes Should any changes occur in the requirements of The SR 10 Specification, or in the The RuleBook, or a new Common Interpretation is approved by TAG, or modified, the IQNet SR 10 Partner shall inform its clients in due time and shall verify that each client complies with the new requirements to keep its certification. 4.6 Internal audits The IQNet SR 10 Partner shall have a process for internal audits to verify the effective implementation of the defined key processes and operating procedures. IQNet shall include the SR 10 certification scheme in its internal audit processes. 4.7 IQNet SR 10 Partner contract requirements with the client The IQNet SR 10 Partner shall have a legally enforceable agreement for the provision of the SR 10 certification activities to its client. That contract (or the accepted business conditions) between the IQNet SR 10 Partner and its client shall address the following items: a) all the (applicable) ISO 17021:2011 requirements b) the IQNet SR 10 Partner shall notify the client that the SR 10 certification scheme is overseen by IQNet. IQNet shall treat any information gathered during this activity as strictly confidential. c) the client shall notify, without delay, the IQNet SR 10 Partner of any changes that may affect the capability of its to continue to fulfil the SR 10 Specification requirements, including any incidents that could endanger the effectiveness of the certified management system. d) the client shall have a in place since at least three months. e) Before starting the certification process the client can be requested by the IQNet SR 10 Partner to provide the IQNet SR 10 Responsibility Statement (Annex A) duly signed. This document can also be requested before commencing the renewal audits. Copyright 2012, IQNet, CH-3011 Bern

9 Version 1 9 of 15 f) If considered necessary, and to ensure the transparency of the certification process, the audit team may hold interviews with representatives from the different stakeholders identified by the organisation to this end the client shall: 1. Provide the IQNet SR 10 Partner a list of the identified stakeholders 2. Identify the contact person or persons for each stakeholder and their contact details. 3. Notify these contact persons that they may be interviewed by the auditors during the audit g) The client shall not refuse an IQNet witness audit of the IQNet SR 10 Partner, unless major justification is provided in writing. h) The client shall authorize the IQNet SR 10 Partner to provide the final report(s) to IQNet i) The IQNet SR 10 Partner shall notify the client that the Client s certification data shall be published into the IQNet Worldwide database of certified organisations, obtaining the necessary consent if any applicable Privacy Act requires it. 5. COMPETENCE REQUIREMENTS The IQNet SR 10 Partner is responsible for the determination of the competence required for each function involved in the SR certification activities. The IQNet SR 10 Partner shall ensure that its personnel have appropriate knowledge relevant to the geographic areas in which it operates. The IQNet SR 10 Partner shall be responsible of ensuring that all its SR 10 auditors fulfil the established qualification requirements and have the appropriate competence to carry out the activities which will be assigned to them within the SR 10 certification process. All the auditors within a team shall be qualified according to 5.1 and the audit team leader shall be qualified according to Qualification requirements for IQNet SR 10 auditors IQNet SR 10 auditor candidates shall fulfil all of the following requirements: a) Be qualified as auditor in at least two of the following certification schemes: ISO 9001, ISO 14001, OHSAS 18001, SA8000, EFQM or other management systems related to environmental management, legal issues, operational health and safety issues or social accountability. b) Have at least two (2) years experience performing management system audits (among those abovereferenced). c) Have conducted a minimum of 20 third-party audits in any of the aforementioned management systems. d) Have attended and successfully passed the Official IQNet SR 10 Trainer s course or the equivalent IQNet SR 10 Partner s course, held by an IQNet SR 10 trainer. The internal training shall have a minimum duration of 24 hours (at least 8 hours in classroom) and shall reflect the content of the IQNet SR 10 Trainer s course. Evidence of the successful conclusion of the internal training shall be sent to IQNet for the inclusion into the approved auditor data base. It is recommended also to have attended at least four (4) full IQNET SR audits, the first two as an observer and the other two as trainee auditor. Copyright 2012, IQNet, CH-3011 Bern

10 Version 1 10 of 15 Once an auditor has been qualified by an IQNet SR 10 partner his/her qualification shall be regarded as accepted by any other IQNet Partner. To keep the IQNet SR 10 auditor qualification, the auditor will act as auditor in at least one full SR 10 audit every two years. Failing to comply with this requirement will result in losing the IQNet SR 10 auditor qualification, which could be re-obtained by assisting as an observer to at least one complete IQNet SR 10 audit. 5.2 Qualification requirements for IQNet SR 10 lead auditor To be qualified as IQNet SR 10 lead auditor, the candidates shall fulfil all of the following requirements: a) Be qualified as IQNet SR 10 auditor, and b) Be qualified as lead auditor in at least one management system including ISO 9001, ISO 14001, OHSAS 18001, SA8000 and EFQM Evidence of the successful fulfilling of the requirements shall be sent to HO for the inclusion into the approved auditor data base. 5.3 Requirements for IQNet SR 10 recognized trainers To become an IQNet SR 10 recognized trainer, candidates must fulfil all of the following requirements: a) Have attended and successfully pass the Official IQNet SR 10 Trainer s Course, including its final exam. b) Have participated in at least 4 full IQNet SR audits as lead auditor. Note: Clause b) will not be applicable for the first two trainers of each IQNet SR 10 Partner. Once passed the exam and checked the fulfilment of the experience requirement, IQNet will issue an IQNet SR 10 Trainer certificate to formally allow the trainer to give IQNet SR 10 courses for auditors at any IQNet SR 10 Partner premises. To maintain the recognition as IQNet SR 10 recognized trainer, trainers must attend the updating courses, seminars and whichever other initiatives for trainers approved by TAG. 5.4 Maintaining auditor competence and internal monitoring The IQNet SR 10 Partner shall assure the ongoing competence of its SR 10 auditors and shall implement a process for the continuing approval and rejection of its auditors and lead auditors as well as a process for monitoring them. 6. IQNet SR 10 AUDIT PROCESS. GENERAL REQUIREMENTS 6.1 Audit and certificate cycles The audit program and the certificate have a three (3) year cycle. The first audit cycle shall include a two stage (stage 1 and stage 2) initial audit, at least 2 surveillance audits and a recertification audit in the third year. No more than 3 months should pass between stage 1 and 2. The certificate is issued on the date of the certification or recertification decision (which must follow the end of the stage 2 certification audit) and shall be valid for three (3) years that is until the end of the 36th month since its issue date. Copyright 2012, IQNet, CH-3011 Bern

11 Version 1 11 of 15 A new three (3) year certification cycle begins with the date of the recertification decision which must take place before the end of the validity of the certificate. This date shall be the issue date of the certificate. The existing certificate is therefore superseded on this date. A certificate once issued remains valid until it expires or is superseded, cancelled or withdrawn. 6.2 Certificate issuing After the successful conclusion of the certification process the IQNet SR 10 Partner issues its own IQNet SR 10 certificate. The IQNet SR 10 Partner certificate shall contain the IQNet social responsibility logo as well as the IQNet SR 10 registration number. The certificate shall not contain a statement about compliance with ISO but may include a statement that the certified management system considers the principles and core subjects of the international guidance ISO 26000: Guidance on Social Responsibility. SR 10 IQNet social responsibility Mark The IQNet SR 10 Partner shall include in the certificate the certificate number provided by IQNet at partner s request. Validity of certificates can be verified through the IQNet website. Pending the outcomes of an SCH review of BD 309, an IQNet SR 10 certificate may also be issued. 6.3 Audit days determination The IQNet SR 10 Partner shall establish, within its organization, a process to determine the minimum number of audit days for each client and audit. Calculation will take into account the days needed to plan and successfully accomplish a complete and effective audit of the client s Social Responsibility Management System. Table 2 shall be used to determine the minimum audit days for each audit, including initial certification, surveillance and recertification audits. The number of man days of the table correspond to on-site auditing time, excluding off site activities such as preparation and report writing and may be increased for several reasons (e.g. travelling and visiting remote sites). The total number of audit days determined and the justification for the determination shall be recorded. In determining the number of audit days, the IQNet SR 10 Partner shall consider, among others, the following aspects: Complexity of activities and total number of employees, including permanent, part time, contract, and temporary employees. Copyright 2012, IQNet, CH-3011 Bern

12 Version 1 12 of 15 A translator shall be used in case the auditor is not fluent in the language(s) spoken on the client s site. Translator man-days shall be excluded from the calculation of total audit days. The stage 1 readiness review is part of the calculated audit days as defined in table 5. Additional pre-audit days, if performed, shall not be included as part of the total audit days There shall be at least one surveillance audit every twelve (12) months (± 2 months). The only audit day reductions permitted are listed in section 6.3; exceptions are only allowed with prior approval of the TAG 6.4 Audit day determination permitted reductions A reduction of the number of audit days may be applied for the following situations: Existing accredited certifications: ISO 9001: 15% ISO 14001: 15% OHSAS 18001: 15% SA8000: 15% Other existing social responsibility management system certification: 15% Certification of multiple sites: Certification of multiple sites based on sampling is allowed. In those cases, the rules contained in IAF Mandatory Document for the Certification of Multiple Sites Based onsampling (IAF MD1) shall apply. Sampling shall only be allowed within plants located in the same country Maximum permitted reduction The maximum permitted reduction in the calculated man days, including all possible reductions included in and 6.4.2, shall not exceed 40%. Copyright 2012, IQNet, CH-3011 Bern

13 Version 1 13 of 15 Number of effective employees From Minimum number of audit days for initial certification (stages 1 and 2) Minimum number of audit days for surveillance audits Minimum number of audit days for recertification audits , , , Follow progression above Table 2: Minimum audit days for on-site initial certification (stage 1 + stage 2), surveillance audits and re-certification. NOTE: an audit day is typically a full normal working day of eight (8) hours. Copyright 2012, IQNet, CH-3011 Bern

14 Version 1 14 of KNOWLEDGE MANAGEMENT The TAG shall be responsible for knowledge management and ensuring that best practices are exchange among the IQNet SR 10 Partners. TAG will establish mechanisms for, where appropriate: Exchanging best practices Sectoral criteria Geographical criteria Requirements criteria Public criteria Approval of materials Copyright 2012, IQNet, CH-3011 Bern

15 Version 1 15 of 15 ANNEX A STATEMENT OF RESPONSIBILITY I, Mr./Mrs. (full name), (nationality), legally of age, with ID number (number) and address for the purposes of this statement at (number, street), (city, postcode), (province), (country), in my capacity as (position) of (name of legal entity), with tax code (number), assert that I possess sufficient legal capacity to act in the name and representation of this entity by virtue of a power of attorney granted before notary public in (city), on (day) (month) (year) under number (number) of the protocol, in accordance with which I, H E R E B Y C E R T I F Y That, in the last two years, the entity I represent, its directors and management staff, comply and, therefore, have not been sanctioned or sentenced by Administrative or Legal Authorities jointly and finally, on serious or very serious grounds, for any of the followings: a) Illicit association, corruption in economic transactions, trafficking of influence, bribery, fraud, illegal exaction, offense against the Inland Revenue or the Social Security; offences against the State or against individuals; offences against freedom, against freedom of opinion, against religious or sexual orientation or expression; corporate or IT offences; offences against private property, patents or copyright; offences against the fundamental rights of persons; embezzlement and crime of receiving or similar conducts; offences or sanctions relating to environmental protection; special disqualification from a profession, job, industry or trade. b) Prohibition to act as Director/Manager or similar. c) Sanction pertaining to market discipline, competition or antitrust laws; unfair competition, illegal advertising, data protection or professional protection; offences or sanctions in the employment area, against fundamental workers rights. d) Fraudulent bankruptcy or winding-up by the court. e) Ban from public contracting laws due to an administrative sanction. In (city), on (day) (month) (year) Signed (full name and signature)