The Certification Rules supersede all previous versions and unless otherwise agreed in writing by Atlas Certification Limited (hereinafter referred to as ACL), shall override any client organisation’s terms of business. ACL reserves the right to amend without notice the Certification Rules. The latest version of this document shall be posted on the ACL website (www.atlascertification.com).
The Certification Rules are set in accordance with accredited certification requirements referred to by International Accreditation Forum (IAF). ACL also comply with these conditions.
These Certification Rules apply to Client Organisations seeking audit and certification services from ACL.
Note: Client Organisations should record the Certification Rules as an ‘external document’ within their management system for document control and compliance obligations.
ACL provide independent third-party audit and registration services for Client Organisations which have implemented management systems in accordance with international standards.
ACL agrees not to disclose any information relating to the Client Organisation’s business or affairs except in the following circumstances:
For more information about our privacy policy and processes please see our Privacy Notice displayed on our website, www.atlascertification.com.
ACL general conditions for gaining and maintaining registration:
4.1 All information deemed necessary by ACL in order to complete the registration process shall be made available by the Client Organisation seeking registration. The Client Organisation shall provide any additional information deemed necessary by ACL for the purposes of granting and maintaining registration.
4.2 All fees must be paid as shown on the Service Agreement, normally in advance of scheduled audits. Certificates shall not be issued until due fees are paid in full. ACL reserves the right to suspend subsequently issued certification if fees are not paid in accordance with the Service Agreement.
4.3 Registration Certificates remain the property of ACL at all times and without exception. Registration Certificates must be returned to ACL without delay when requested by ACL. Any associated Registration Logo or Mark being displayed by the Client Organisation, must be removed when instructed to do so by ACL (also refer to Use of Logos and Marks Guide which is available on the ACL website).
4.4 ACL are responsible for and retain authority for decisions relating to certification including the granting, maintaining, renewing, extending, reducing, suspending and withdrawing of certification.
4.5 Client Organisations shall keep ACL informed about any changes which may affect certification such as (but not limited to): change of company name, change of key personnel or number of employees, change to products and/or services, changes to geographical locations. Such changes shall be made in writing to ACL (by email is acceptable) and the Client Organisation agrees that such changes may necessitate additional chargeable audits.
4.6 The Client Organisation shall allow ACL the right of access to their premises and personnel for the purposes of maintenance of audit and certification activities.
On receipt of a completed Application Form, ACL will conduct a pre-contract review in order to produce a quotation for Audit and Certification services. This information shall be presented to the applying organisation in the form of a Service Agreement.
Prior to any arrangements being made for audits, the Service Agreement must be signed and returned to ACL. The person signing the Service Agreement must have authority to do so on behalf of the Client Organisation. The signing of the Service Agreement indicates formal acceptance of these Certification Rules.
The initial audit is conducted in two stages, as follows:
7.1 Stage 1 Audit
The Stage 1 audit is carried out at the Client Organisation’s premises. The Objectives of the Stage 1 Audit are:
Only when it is determined by ACL that the Client Organisation is prepared for a Stage 2 audit can a date be set for the Stage 2 audit.
7.2 Stage 2 Audit
The Stage 2 audit is carried out at the Client Organisation’s premises to evaluate the effective implementation of the management system in accordance with the relevant standard including:
All audits are based upon sampling and therefore not a guarantee of 100% conformity with the standard and other applicable requirements. It is critical that the Client Organisation conducts its own effective internal audits on a planned and ongoing basis to ensure confidence in the effective implementation of the Client Organisation’s management system.
For all high-risk sectors where there can be a direct risk to human health, safety and well-being, the audit team may be required to take photographs to provide evidence of effective implementation of safety measures. All photographs shall be retained in accordance with the provision of Clause 3 and ACL’s Privacy Notice displayed on ACL’s website.
8.1 When the on-site audit is completed, the nominated Lead Auditor shall prepare a report and submit it along with his/her recommendations to ACL. The report will be independently reviewed by ACL and a subsequent decision made whether to grant certification or not.
8.2 Ongoing certification shall only be maintained on the basis of continued conformity to the respective standard by the Client Organisation as observed via series of surveillance visits during the period of certification.
8.3 Should the Client Organisation disagree with the findings from the on-site audit an appeal can be lodged as detailed in Clause 14.
9.1 Following the granting of certification, surveillance audits shall be completed at the Client Organisation’s premises. If significant areas of concern with regards to the Client Organisation’s conformity to the applicable standard, extra chargeable audits may be scheduled at the discretion of ACL. The Client Organisation agrees to meet the costs of such extra audits.
9.2 If surveillance audits are not completed as planned then ACL reserves the right to suspend and/or withdraw certification. At least one surveillance audit must be conducted each year. For initial certification, the first surveillance audit must be completed within 12 months of the Certificate Cycle Start Date Suggestion: date of certification, which appears on the certificate issued.
9.3 Should the Client Organisation disagree with the findings from the on-site audit an appeal can be lodged as detailed in Clause 15.
10.1 A recertification audit shall be planned and completed in advance of the certificate expiry date.
10.2 A recertification audit shall be planned and completed at the client’s premises to evaluate the continued fulfilment of all the requirements of the applicable standard.
10.3 When the on-site audit is completed, the nominated Lead Auditor shall prepare a report and submit this along with his/her recommendations to ACL. The report will be independently reviewed by ACL and a subsequent decision made whether to grant recertification or not. The decision on granting certification shall also take into consideration the effectiveness of completed internal audits, management reviews and associated corrective actions associated with (but not limited to) internal audit findings, complaints, etc.
When certification is granted based on a specific standard, ACL shall permit the Client Organisation to display certain Logos and Marks, which are trademarked, so as to promote the fact of certification.
Rules relating to the correct and incorrect use of Certification Marks and Logos are stated in Use of Logos and Marks Guide, which is available here.
General rules relating to the use of certification Logos and Marks include:
During audits the audit team may identify Mandatory Actions (also known as non-conformities), and these will be communicated to the respective Client Organisation members during the Closing Meeting. The Client Organisation shall respond to all Mandatory Actions within the agreed timescales (normally not exceeding 30 days from the last day of the audit) by providing details to ACL about correction, cause analysis and corrective action. ACL shall review this information and either close the Mandatory Action or request additional information.
Grading of Mandatory Actions
Major:
Based on objective evidence, the absence of, or a significant failure to implement and/or maintain conformance to the requirements of the applicable standard. (i.e. the absence of or failure to implement a complete Management System clause of the standard); or
a situation which would on the basis of available objective evidence, raise significant doubt as to the capability of the Management System to achieve the management system intended outcomes. Also see Clause 14 concerning Major Mandatory Actions.
Minor:
Represents either a management system weakness, an omission or failure or minor issue that could lead to a Major Mandatory Action if not addressed. Each Minor Mandatory Action should be considered for potential improvement and to further investigate any system weaknesses for possible inclusion in a corrective action program.
During audits the audit team may identify Opportunities for Improvement (also known as Observations) and these will be communicated to the respective Client Organisation members during the Closing Meeting.
The reason for identifying and recording OFIs include:
Whilst the client organisation is not obliged to take any action or provide any formal response to ACL about OFIs, it should consider the consequences of not doing so and report back to ACL at the next audit visit.
Following the successful audit and certification of a Client Organisation’s system in accordance with an applicable standard, the following activities may become applicable when deemed necessary by ACL:
14.1 Suspension of Certification
ACL shall formally notify the Client Organisation outlining the suspension conditions and necessary action needed to have the suspension lifted following
14.2 Scope Extension
For all scope extensions, the Client Organisation shall make such a request in writing to ACL. The request shall be reviewed by ACL and a decision made as to any chargeable extra audit time deemed necessary to determine conformity.
14.3 Scope Reduction
Reductions to scope may be at the request of the Client Organisation or imposed by ACL. Any Client Organisation requests shall be made formally to ACL for review and agreement to the changes to certification. Where a scope reduction is imposed by ACL, then the original certificate must immediately be returned to ACL and the revised scope immediately updated by the Client Organisation on all advertising, marketing, letterheads, business cards and websites.
14.4 Withdrawal of Certification
Such withdrawals could be as a result of:
The certificate shall be returned to ACL when ACL has informed the Client Organisation that the withdrawal of certification is completed. After the completion of the withdrawal of certification, the Client Organisation shall not display any text, images or other references that would mislead any interested parties.
If the Client Organisation does not agree with the Auditor’s recommendation following the completion of an audit then an appeal may be lodged by the Client Organisation by completing the relevant appeals form on the ACL website. Appeals submitted via the ACL website shall be directly distributed to top management and also the Chair of the Impartiality and Governance Committee. When making an appeal, it is important to disclose all relevant facts and information.
Appeals will be heard by a sub-committee of the ACL Impartiality and Governance Committee. The sub-committee may hear evidence from the Client Organisation’s representative and the Lead Auditor. The decision of the sub-committee is final and binding on both the Client Organisation and ACL. No counterclaim will be permitted by either party. No costs for whatever reason, will be allowed for either party as a result of an appeal.
16.1 Complaints about ACL
If a Client Organisation wishes to raise a complaint about ACL it may do so by completing the appropriate complaints form situated on ACL’s website. Such complaints shall be directly distributed to top management and also the Chair of the Impartiality and Governance Committee.
Received complaints shall be logged and an initial response to acknowledge receipt of the complaint sent to the Client Organisation within five working days. ACL shall then initiate its Complaints procedure. Details of which are available upon request.
16.2 Interested Party Complaints about Client Organisations
Complaints received from interested parties about Client Organisations shall be logged and an appropriate acknowledge sent to the complainant. Follow-up and investigation shall then be taken with the Client Organisation.
16.3 Serious incidents and breach of legal requirements
The client must inform, without delay, ACL of any occurrence of a serious incident or breach of legal requirements necessitating the involvement of the competent regulatory authority. Examples of these are:
If ACL becomes aware of the Client Organisation being in breach of a relevant regulatory requirement, it shall contact the Client Organisation without delay to seek further information, which may result in a mandatory action. (See Clause 12).
In such circumstances, ACL may deem it necessary to conduct an extra chargeable audit focussing on the incident or breach and to determine that the management system has not been compromised and certification can continue.
As part of the ongoing monitoring of ACL and in order to maintain its accreditation, the Client Organisation agrees to allow representatives from national accreditation bodies the right to witness ACL personnel conducting audits. The fact that an accreditation body representative attends an audit will not affect the audit or the audit outcome. From time to time, ACL may also need to invite trainee auditors into a Client Organisation’s audit.
If a Client Organisation’s certification has been suspended or a complaint is received about a Client Organisation, then a chargeable short-notice or extra audit may be necessary to conduct an evaluation and verification assessment of the root-cause, correction and corrective action. In such cases, the Client Organisation agrees to co-operate with ACL and allow suitable access.
Payment shall be made by the Client Organisation to ACL in accordance with the Service Agreement and on the presentation of an invoice. Payment of invoices shall normally be made in advance of scheduled audits.
In respect of any claim, loss, damage or expense however arising, ACL’s liability to the Client Organisation shall in no circumstances exceed the amount of ACL’s fees paid by the client during the current three-year certification cycle. Under no circumstances shall ACL be liable for any consequential loss. Please also see the relevant section in the terms of business within the Service Agreement.
The provision of the services by the Company is not a guarantee that the Client will achieve the Certification(s) and the Company shall not be liable for any associated loss should the Client fail to achieve the Certification(s).
ACL and its representatives shall not:
Any threats to impartiality shall be reported to the ACL Impartiality and Governance Committee.
The following documents remain the property of ACL at all times:
ACL licenses all such rights for these documents to the Client free of charge and on a non-exclusive, worldwide basis to such extent as is necessary to enable the Client to make reasonable use of the certification. If ACL terminates the Service Agreement under clause 14, this licence will automatically terminate.
We take privacy and the protection of personal information seriously. The ACL Privacy Notice sets out details about how we gather, use and share information and about individual privacy rights. How we use information depends upon the context in which it is made available to us. The ACL Privacy Notice is publicly available on the ACL website.
Management system procedure reference: OP05
Version: 5
© Atlas Certification Limited 2020-2024