Certification Rules

1.         Introduction

The Certification Rules supersede all previous versions and unless otherwise agreed in writing by Atlas Certification Limited (hereinafter referred to as ACL), shall override any client organisation’s terms of business.  ACL reserves the right to amend without notice the Certification Rules.  The latest version of this document shall be posted on the ACL website (www.atlascertification.com).

The Certification Rules are set in accordance with accredited certification requirements referred to by International Accreditation Forum (IAF).  ACL also comply with these conditions.

These Certification Rules apply to Client Organisations seeking audit and certification services from ACL. 

Note: Client Organisations should record the Certification Rules as an ‘external document’ within their management system for document control and compliance obligations.

2.         Scope of Audit and Certification Services

ACL provide independent third-party audit and registration services for Client Organisations which have implemented management systems in accordance with international standards.

3.         Confidentiality

ACL agrees not to disclose any information relating to the Client Organisation’s business or affairs except in the following circumstances:

  • Where information is required to be disclosed to a third party either by law or as is required by international or UK accreditation rules.  Unless prevented by law, the Client Organisation shall be informed about the nature of sharing such information.
  • For the purposes of registration verification, information contained on certificates issued by ACL shall be publicly available when a valid certification registration number is searched for on the ACL website or UKAS’ CertCheck service.

For more information about our privacy policy and processes please see our Privacy Notice displayed on our website, www.atlascertification.com.

4.         General Conditions

ACL general conditions for gaining and maintaining registration:

4.1       All information deemed necessary by ACL in order to complete the registration process shall be made available by the Client Organisation seeking registration.  The Client Organisation shall provide any additional information deemed necessary by ACL for the purposes of granting and maintaining registration.

4.2       All fees must be paid as shown on the Service Agreement, normally in advance of scheduled audits.  Certificates shall not be issued until due fees are paid in full.  ACL reserves the right to suspend subsequently issued certification if fees are not paid in accordance with the Service Agreement.

4.3       Registration Certificates remain the property of ACL at all times and without exception.  Registration Certificates must be returned to ACL without delay when requested by ACL.  Any associated Registration Logo or Mark being displayed by the Client Organisation, must be removed when instructed to do so by ACL (also refer to Use of Logos and Marks Guide which is available on the ACL website).

4.4       ACL are responsible for and retain authority for decisions relating to certification including the granting, maintaining, renewing, extending, reducing, suspending and withdrawing of certification.

4.5       Client Organisations shall keep ACL informed about any changes which may affect certification such as (but not limited to): change of company name, change of key personnel or number of employees, change to products and/or services, changes to geographical locations.  Such changes shall be made in writing to ACL (by email is acceptable) and the Client Organisation agrees that such changes may necessitate additional chargeable audits.

4.6       The Client Organisation shall allow ACL the right of access to their premises and personnel for the purposes of maintenance of audit and certification activities.

5.         Application for Audit and Certification

On receipt of a completed Application Form, ACL will conduct a pre-contract review in order to produce a quotation for Audit and Certification services.  This information shall be presented to the applying organisation in the form of a Service Agreement. 

6.         Contract Acceptance

Prior to any arrangements being made for audits, the Service Agreement must be signed and returned to ACL.  The person signing the Service Agreement must have authority to do so on behalf of the Client Organisation.  The signing of the Service Agreement indicates formal acceptance of these Certification Rules.

7.         Initial Audit and Certification

The initial audit is conducted in two stages, as follows:

7.1       Stage 1 Audit

The Stage 1 audit is carried out at the Client Organisation’s premises.  The Objectives of the Stage 1 Audit are:

  • To audit the management system documentation;
  • To evaluate the location(s), site specific conditions and to undertake discussions with personnel;
  • To collect information related to the scope of application and related statutory and regulatory requirements;
  • To evaluate the planning of internal audits and management reviews in advance of a Stage 2 audit;
  • To produce a process-based audit plan for the Stage 2 audit;
  • To determine the Client Organisation’s readiness for a Stage 2 audit.

Only when it is determined by ACL that the Client Organisation is prepared for a Stage 2 audit can a date be set for the Stage 2 audit.

7.2       Stage 2 Audit

The Stage 2 audit is carried out at the Client Organisation’s premises to evaluate the effective implementation of the management system in accordance with the relevant standard including:

  • Collection of information and objective evidence which gives confidence that the management system have been fully implemented in accordance with the relevant standard;
  • Performance monitoring, measuring, reporting and reviewing key performance objectives and targets;
  • The management system performance regarding legal compliance;
  • Operational control of the management system processes;
  • Internal audit and management review;
  • Management responsibility for policies;
  • Links between policy and legal requirements, competence of personnel, operations, procedures and data.

All audits are based upon sampling and therefore not a guarantee of 100% conformity with the standard and other applicable requirements.  It is critical that the Client Organisation conducts its own effective internal audits on a planned and ongoing basis to ensure confidence in the effective implementation of the Client Organisation’s management system.

For all high-risk sectors where there can be a direct risk to human health, safety and well-being, the audit team may be required to take photographs to provide evidence of effective implementation of safety measures.  All photographs shall be retained in accordance with the provision of Clause 3 and ACL’s Privacy Notice displayed on ACL’s website.

8.         Certification

8.1       When the on-site audit is completed, the nominated Lead Auditor shall prepare a report and submit it along with his/her recommendations to ACL.  The report will be independently reviewed by ACL and a subsequent decision made whether to grant certification or not.

8.2       Ongoing certification shall only be maintained on the basis of continued conformity to the respective standard by the Client Organisation as observed via series of surveillance visits during the period of certification.

8.3       Should the Client Organisation disagree with the findings from the on-site audit an appeal can be lodged as detailed in Clause 14.

9.         Surveillance

9.1       Following the granting of certification, surveillance audits shall be completed at the Client Organisation’s premises.  If significant areas of concern with regards to the Client Organisation’s conformity to the applicable standard, extra chargeable audits may be scheduled at the discretion of ACL.  The Client Organisation agrees to meet the costs of such extra audits.

9.2       If surveillance audits are not completed as planned then ACL reserves the right to suspend and/or withdraw certification.  At least one surveillance audit must be conducted each year.  For initial certification, the first surveillance audit must be completed within 12 months of the Certificate Cycle Start Date Suggestion: date of certification, which appears on the certificate issued.

9.3       Should the Client Organisation disagree with the findings from the on-site audit an appeal can be lodged as detailed in Clause 15.

10.       Recertification

10.1     A recertification audit shall be planned and completed in advance of the certificate expiry date. 

10.2     A recertification audit shall be planned and completed at the client’s premises to evaluate the continued fulfilment of all the requirements of the applicable standard.

10.3     When the on-site audit is completed, the nominated Lead Auditor shall prepare a report and submit this along with his/her recommendations to ACL.  The report will be independently reviewed by ACL and a subsequent decision made whether to grant recertification or not.  The decision on granting certification shall also take into consideration the effectiveness of completed internal audits, management reviews and associated corrective actions associated with (but not limited to) internal audit findings, complaints, etc.

11.       Use of Certificates, Certification Logos and Accreditation Marks

When certification is granted based on a specific standard, ACL shall permit the Client Organisation to display certain Logos and Marks, which are trademarked, so as to promote the fact of certification.

Rules relating to the correct and incorrect use of Certification Marks and Logos are stated in Use of Logos and Marks Guide, which is available here.

General rules relating to the use of certification Logos and Marks include:

  • Logos and Marks are not displayed in such a way that could be misleading interested parties about the Client Organisation’s certification;
  • No misleading statements are implied or made regarding certification;
  • Upon suspension, withdrawal and/or cancellation of certification the Client Organisation shall immediately cease to display Logos and Marks on advertising and marketing media such as brochures, letterheads, business cards, websites, etc. and return the Certificate to ACL.
  • Should a scope of certification be reduced, the Client Organisation shall immediately amend all advertising materials, letterheads, business cards, websites, etc. where the certification scope has been published.
  • For all scope reductions and increases the original certificate must immediately be returned to ACL.
  • That certification is implied or an impression is given that it is for elements of the Client Organisation or its goods or services that are not certified and fall outside of the scope of certification.
  • Not to use certification in any way so as to bring into disrepute the credibility of ACL or of accredited certification that could affect public trust and confidence.

12.       Mandatory Actions

During audits the audit team may identify Mandatory Actions (also known as non-conformities), and these will be communicated to the respective Client Organisation members during the Closing Meeting.  The Client Organisation shall respond to all Mandatory Actions within the agreed timescales (normally not exceeding 30 days from the last day of the audit) by providing details to ACL about correction, cause analysis and corrective action.  ACL shall review this information and either close the Mandatory Action or request additional information.

Grading of Mandatory Actions


Based on objective evidence, the absence of, or a significant failure to implement and/or maintain conformance to the requirements of the applicable standard. (i.e.  the absence of or failure to implement a complete Management System clause of the standard); or

a situation which would on the basis of available objective evidence, raise significant doubt as to the capability of the Management System to achieve the management system intended outcomes.  Also see Clause 14 concerning Major Mandatory Actions.


Represents either a management system weakness, an omission or failure or minor issue that could lead to a Major Mandatory Action if not addressed.  Each Minor Mandatory Action should be considered for potential improvement and to further investigate any system weaknesses for possible inclusion in a corrective action program.

13.       Opportunities for Improvement (OFI)

During audits the audit team may identify Opportunities for Improvement (also known as Observations) and these will be communicated to the respective Client Organisation members during the Closing Meeting.

The reason for identifying and recording OFIs include:

  • Insignificant problem or an instance where there an opportunity for better practice;
  • Suspicions that may need audit trailing at a later audit;
  • Feedback or prompt to the auditor to review at a later date;
  • A practice that is compliant now, but if not adjusted could become non-compliant.

Whilst the client organisation is not obliged to take any action or provide any formal response to ACL about OFIs, it should consider the consequences of not doing so and report back to ACL at the next audit visit.

14.       Suspension, Scope Extension, Scope Reduction and Withdrawal of Certification

Following the successful audit and certification of a Client Organisation’s system in accordance with an applicable standard, the following activities may become applicable when deemed necessary by ACL:

14.1     Suspension of Certification

ACL shall formally notify the Client Organisation outlining the suspension conditions and necessary action needed to have the suspension lifted following

  • Continued mis-use of a certification logo or mark;
  • Failure to implement corrective action within specified timescales as a result of a concern identified at audit visits;
  • Any breach of ACL Certification Rules, including non-payment of fees;
  • When a Major Mandatory Action is raised (also see Clause 12 about Mandatory Actions).

14.2     Scope Extension

For all scope extensions, the Client Organisation shall make such a request in writing to ACL.  The request shall be reviewed by ACL and a decision made as to any chargeable extra audit time deemed necessary to determine conformity.

14.3     Scope Reduction

Reductions to scope may be at the request of the Client Organisation or imposed by ACL.  Any Client Organisation requests shall be made formally to ACL for review and agreement to the changes to certification.  Where a scope reduction is imposed by ACL, then the original certificate must immediately be returned to ACL and the revised scope immediately updated by the Client Organisation on all advertising, marketing, letterheads, business cards and websites.

14.4     Withdrawal of Certification

Such withdrawals could be as a result of:

  • Failure to respond to requests/timescales made by ACL after suspension of a certificate;
  • Failure of a Client Organisation to settle an account with ACL within one month of formal notification of an overdue payment;
  • Voluntary withdrawal by the Client Organisation which would be required in writing;

The certificate shall be returned to ACL when ACL has informed the Client Organisation that the withdrawal of certification is completed.  After the completion of the withdrawal of certification, the Client Organisation shall not display any text, images or other references that would mislead any interested parties.

15.       Appeals

If the Client Organisation does not agree with the Auditor’s recommendation following the completion of an audit then an appeal may be lodged by the Client Organisation by completing the relevant appeals form on the ACL website.  Appeals submitted via the ACL website shall be directly distributed to top management and also the Chair of the Impartiality and Governance Committee.  When making an appeal, it is important to disclose all relevant facts and information.

Appeals will be heard by a sub-committee of the ACL Impartiality and Governance Committee.  The sub-committee may hear evidence from the Client Organisation’s representative and the Lead Auditor.  The decision of the sub-committee is final and binding on both the Client Organisation and ACL.  No counterclaim will be permitted by either party.  No costs for whatever reason, will be allowed for either party as a result of an appeal.

16.       Complaints

16.1     Complaints about ACL

If a Client Organisation wishes to raise a complaint about ACL it may do so by completing the appropriate complaints form situated on ACL’s website.  Such complaints shall be directly distributed to top management and also the Chair of the Impartiality and Governance Committee.

Received complaints shall be logged and an initial response to acknowledge receipt of the complaint sent to the Client Organisation within five working days.  ACL shall then initiate its Complaints procedure. Details of which are available upon request.

16.2     Interested Party Complaints about Client Organisations

Complaints received from interested parties about Client Organisations shall be logged and an appropriate acknowledge sent to the complainant.  Follow-up and investigation shall then be taken with the Client Organisation.

16.3     Serious incidents and breach of legal requirements

The client must inform, without delay, ACL of any occurrence of a serious incident or breach of legal requirements necessitating the involvement of the competent regulatory authority.  Examples of these are:

  • Serious accident, injury or death
  • Pending prosecution by an interested party
  • Adverse findings by a relevant authority
  • A breach of a relevant regulatory requirement
  • Suspension or withdrawn of a “licence to operate” by an interested party

If ACL becomes aware of the Client Organisation being in breach of a relevant regulatory requirement, it shall contact the Client Organisation without delay to seek further information, which may result in a mandatory action. (See Clause 12).

In such circumstances, ACL may deem it necessary to conduct an extra chargeable audit focussing on the incident or breach and to determine that the management system has not been compromised and certification can continue.

17.       Witnessed Audits

As part of the ongoing monitoring of ACL and in order to maintain its accreditation, the Client Organisation agrees to allow representatives from national accreditation bodies the right to witness ACL personnel conducting audits.  The fact that an accreditation body representative attends an audit will not affect the audit or the audit outcome.  From time to time, ACL may also need to invite trainee auditors into a Client Organisation’s audit.

18.       Short Notice and Extra Audits

If a Client Organisation’s certification has been suspended or a complaint is received about a Client Organisation, then a chargeable short-notice or extra audit may be necessary to conduct an evaluation and verification assessment of the root-cause, correction and corrective action.  In such cases, the Client Organisation agrees to co-operate with ACL and allow suitable access.

19.       Terms of Payment

Payment shall be made by the Client Organisation to ACL in accordance with the Service Agreement and on the presentation of an invoice.  Payment of invoices shall normally be made in advance of scheduled audits.

20.       Indemnification

In respect of any claim, loss, damage or expense however arising, ACL’s liability to the Client Organisation shall in no circumstances exceed the amount of ACL’s fees paid by the client during the current three-year certification cycle.  Under no circumstances shall ACL be liable for any consequential loss.  Please also see the relevant section in the terms of business within the Service Agreement.

The provision of the services by the Company is not a guarantee that the Client will achieve the Certification(s) and the Company shall not be liable for any associated loss should the Client fail to achieve the Certification(s).

21.       Impartiality

ACL and its representatives shall not:

  • Provide management system consultancy which includes: preparation or production of manuals or procedures, or give specific advice, instructions or solutions towards the development, structure and implementation of a management system.
  • Allocate auditor(s) to conduct certification audits where the auditor has provided management system consultancy services (including but not limited to internal audits, hazard analysis) to the Client Organisation within the last two years.
  • Certify a management system on which it provides any consultancy; or grant certification when relationships that threaten impartiality cannot be eliminated or minimised.
  • Certify another certification body for its quality management system.

Any threats to impartiality shall be reported to the ACL Impartiality and Governance Committee.

22.       Intellectual Property

            The following documents remain the property of ACL at all times:

  • ACL audit reports
  • ACL registration certificates

ACL licenses all such rights for these documents to the Client free of charge and on a non-exclusive, worldwide basis to such extent as is necessary to enable the Client to make reasonable use of the certification.  If ACL terminates the Service Agreement under clause 14, this licence will automatically terminate.

23.       Privacy Notice

We take privacy and the protection of personal information seriously.  The ACL Privacy Notice sets out details about how we gather, use and share information and about individual privacy rights.  How we use information depends upon the context in which it is made available to us.  The ACL Privacy Notice is publicly available on the ACL website.

Management system procedure reference: OP05
Version: 5