audit requirements for accredited certification bodies for ... · pdf file295 application of...
TRANSCRIPT
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Audit Requirements for Accredited Certification Bodies
for the SA8000 Program
1. Revision History
Revision # Revision Date Revision Description Approved By Version 1 Issued, December 2007 Revision of Procedure 150 Rochelle Zaid
Version 2 Issued, October 2015 Revision of Procedure 200:2007 Rochelle Zaid and Jane Hwang
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 2 of 95
1 2 3 4 5 6 7 8 9 10 11
12
Section 2 13
14
Contents 15
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 3 of 95
2. Contents 36 37 1. Revision History .................................................................................................................................... 1 38
2. Contents ................................................................................................................................................ 3 39
3. List of Tables & Figures ........................................................................................................................ 6 40
4. Foreword ............................................................................................................................................... 8 41
5. Purpose ............................................................................................................................................... 10 42
6. Scope .................................................................................................................................................. 12 43
7. Acronyms and Definitions ................................................................................................................... 14 44
7.1 Acronyms .................................................................................................................................... 14 45
7.2 Definitions .................................................................................................................................... 14 46
8. Reference Documents ........................................................................................................................ 20 47
8.1 Standards .................................................................................................................................... 20 48
8.2 Required References .................................................................................................................. 20 49
9. General Principles ............................................................................................................................... 22 50
9.1 Requirements .............................................................................................................................. 22 51
10. Scope of SA8000 Certification ........................................................................................................ 25 52
10.1 Requirements .............................................................................................................................. 25 53
11. SA8000 Certification Process Requirements .................................................................................. 28 54
11.1 General – (ISO/IEC 17021-1:2015 Clauses 9.1 – 9.9) ............................................................... 28 55
11.2 Audit Disruptions ......................................................................................................................... 31 56
12. General Audit Planning (Excluding Audit Effort) ............................................................................. 34 57
12.1 Audit Plans - (ISO/IEC 17021-1:2015 Clause 9.2)...................................................................... 34 58
13. Pre-Assessment and Initial Research ............................................................................................. 37 59
13.1 Pre-Assessment Audit ................................................................................................................. 37 60
13.2 Initial Research............................................................................................................................ 37 61
14. Stage 1 Audits ............................................................................................................................. 40 62
14.1 Stage 1 Assessment ................................................................................................................... 41 63
14.2 Stage 1 Audit Preparation ........................................................................................................... 41 64
14.3 Stage 1 Audit Outcomes ............................................................................................................. 41 65
15. Stage 2 Audits ............................................................................................................................. 44 66
15.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.3.1.3)............................................ 44 67
15.2 General Audit Steps .................................................................................................................... 45 68
15.3 Opening Meeting - (ISO/IEC 17021-1:2015 Clauses 9.4.2) ....................................................... 45 69
15.4 Organisation Overview Tour ....................................................................................................... 46 70
15.5 Organisation Health & Safety & Working Conditions Tour (OHS) .............................................. 47 71
15.6 Confirmation of Documents & Records for Review..................................................................... 47 72
15.7 Management System Review ..................................................................................................... 48 73
15.8 Interviews .................................................................................................................................... 49 74
15.9 Closing Meeting - (ISO/IEC 17021-1:2015 Clauses 9.4.7) ......................................................... 52 75
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 4 of 95
16. Surveillance Audits .......................................................................................................................... 54 76
16.1 General - (ISO/IEC 17021-1:2015 Clauses 9.6.2) ...................................................................... 54 77
16.2 Unannounced Surveillance Audits .............................................................................................. 58 78
16.3 Monitoring Certified Organisation Performance and Non-Conformity Trends……………………59 79
16.4 Surveillance Audit Worker Interview and Record Review ........................................................... 59 80
17. Recertification Audits ...................................................................................................................... 62 81
17.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.6.3) .................................................. 62 82
18. Transfer Audits (ISO/IEC 17021-1:2015 Clauses 9.5.3.3) .............................................................. 65 83
18.1 General Requirements ................................................................................................................ 65 84
19. Special Audits.................................................................................................................................. 68 85
19.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.6.4) .................................................. 68 86
20. Audit Days – Single Site .................................................................................................................. 70 87
20.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.1.4) ............................................... 70 88
20.2 Single Site Initial Certification Audit Effort ................................................................................... 70 89
20.3 BSCI Audit Days-Reduction ........................................................................................................ 72 90
20.4 Initial Audit Days First CB Certification in a New Country .......................................................... 72 91
20.5 Single Site Surveillance Audit Effort ........................................................................................... 73 92
21. Multi-site Certification Audits ........................................................................................................... 75 93
21.1 Background and Context ................................................................................................................ 75 94
21.2 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.1.5) .................................................. 75 95
21.3 Applicability of SA8000 Multiple-Site Certification .......................................................................... 76 96
21.4 Multi-site Stage 2 Audit Effort – Head Office and Regional Office Audit All Sectors ...................... 77 97
21.5 Multi-site Stage 2 Audit Effort for Sites – Manufacturing Sector and Plantations ........................... 77 98
21.6 Multi-site Stage 2 Audit Effort for Sites – Service Sector ................................................................ 78 99
21.7 Multi-site Surveillance Audit Effort – All Sectors ............................................................................. 80 100
21.8 Multi-site Recertification Audits – All Sectors.................................................................................. 81 101
22. Non-Conformity Classification ......................................................................................................... 83 102
22.1 General - (ISO/IEC 17021-1:2015 Clauses 9.4.5; 9.4.9; 9.4.10 ................................................. 83 103
22.2 Non-Conformity Findings Classification ...................................................................................... 84 104
22.3 Non-conformity definitions .......................................................................................................... 84 105
22.4 Non-conformity Format ............................................................................................................... 85 106
22.5 Closure of Non-Conformities during Audits ................................................................................. 87 107
22.6 Closure of Non-Conformities ....................................................................................................... 87 108
23. Audit Reporting................................................................................................................................ 89 109
23.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.4.8) ............................................... 89 110
23.2 Audit Report Content ................................................................................................................... 89 111
24. Audit Records .................................................................................................................................. 92 112
24.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.9.2) ............................................... 92 113
114
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 5 of 95
115 116 117 118 119 120 121 122 123 124 125
126
Section 3 127
128
List of Tables & Figures 129
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 6 of 95
152
3. List of Tables & Figures 153 154 Table 1 - Shift Pattern Audit Effort .............................................................................................................. 30 155 Table 2 - Audit Plan Details......................................................................................................................... 35 156 Table 3 - Objectives of a Stage 1 Audit ...................................................................................................... 40 157 Table 4 - SA8000 Stage 1 Audit Steps ....................................................................................................... 41 158 Table 5 - SA8000 Stage 2 Audit Steps ....................................................................................................... 45 159 Table 6 – Initial (Stage 2) Audit - No. Of Records to Be Reviewed ............................................................ 48 160 Table 7 - Management System Elements ................................................................................................... 49 161 Table 8 - Photographs Required ................................................................................................................. 49 162 Table 9 – Initial (Stage 2) Audit Number of Workers To Be Interviewed .................................................... 51 163 Table 10 - Mandatory Items to Be Audited During Surveillance Audits ...................................................... 57 164 Table 11 – Targets & Objectives to Be Audited Each Surveillance Audit ................................................... 58 165 Table 12 – Minimum Number and Recommended Timeframe of Unannounced Surveillance Visits - 6 166 Monthly Surveillance ................................................................................................................................... 59 167 Table 13 - Required Number of Worker Files to Be Reviewed Per Surveillance Audit .............................. 60 168 Table 14 - Surveillance Audit Number of Workers to Be Interviewed ......................................................... 60 169 Table 15 - Single Site Initial Certification Audit Effort in Days .................................................................... 71 170 Table 16 - Initial BSCI Allowance Audit Days ............................................................................................. 72 171 Table 17-Single Site Surveillance Audit Effort ............................................................................................ 73 172 Table 18 - Multi-site Manufacturing Sites Full & Limited Audit Effort .......................................................... 77 173 Table 19 -Multi-site Manufacturing Sites Limited Audit Effort ..................................................................... 78 174 Table 20 - Multi-site Service Sector Sites Full & Limited Audit Effort ......................................................... 79 175 Table 21 -Multi-site Service Sector Sites Limited Audit Effort .................................................................... 79 176 Table 22 – Time-Bound Non-conformities .................................................................................................. 85 177 Table 23 - NC Response & Close-Out Timescale ...................................................................................... 86 178 Table 24 - Audit Report Content ................................................................................................................. 90 179 Table 25 - Audit Records ............................................................................................................................ 92 180 181 Figure 1 - Initial Audit Process .................................................................................................................... 28 182 Figure 2 - Surveillance During The SA8000 Certification Cycle ................................................................. 54 183 184 185 186 187 188 189 190 191
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 7 of 95
192 193 194 195 196 197 198 199 200 201
202
Section 4 203
204
Foreword 205
206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 8 of 95
4. Foreword 228
SA8000 is an international standard for improving working conditions around the world. It is based on the 229
principles of thirteen international human rights conventions and is intended to help apply these norms to 230
practical work-life situations and expands on the conventions of the ILO’s Declaration of Fundamental 231
Principles of Rights at Work. The management system requirements of SA8000 move beyond a checklist 232
approach, encouraging sustainable systemic changes in how a workplace is managed. 233
234
Once an organisation has implemented the necessary improvements and systemic changes, it can earn 235
an accredited SA8000 certificate attesting to its conformance with SA8000. Accredited certification 236
demonstrates good practice to consumers, buyers, companies, and other stakeholders interested in 237
working conditions within that organisation. Maintaining and improving the systems put in place to 238
achieve SA8000 certification is an ongoing continuous process and substantive and meaningful worker 239
participation in this process is the best means to ensuring systemic change. 240
241
The SA8000 Standard was last revised and published in 2014. The content of this audit requirements 242
document is based upon input from Social Accountability International (SAI), and feedback from 243
Certification Bodies (CBs), non-governmental organisations (NGOs), employers, buyers, Trade Unions 244
and other stakeholders as well as informed by SA8000 certification audits conducted by SAAS-accredited 245
CBs and SAAS accreditation audits. 246
247
SA8000 is compatible with an integrated management system approach to business improvement and as 248
such could be an aspect of the way that all organisations do business. See 249
www.saasaccreditation.org/accreditation-requirements for a cross-reference matrix. 250
251 252
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 9 of 95
253 254 255 256 257 258 259 260 261 262 263
264
Section 5 265
266
Purpose 267
268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 10 of 95
290 291
5. Purpose 292
This requirements document has been written collaboratively with SAI, at the request of SAI, and has 293
been created for use by SAAS applicant and accredited Certification Bodies to reliably assure consistent 294
application of the SA8000 audit requirements by its audit team members. These specifications have been 295
created in order to: 296
• Establish SA8000 scheme-specific requirements that build upon the general accredited conformity 297
assessment requirements found in implementation of ISO/IEC 17021-1:2015; 298
• Provide documentation to assure continuity and consistency of the SA8000 audit process and 299
resulting certification; and 300
• Establish consistent and reliable SA8000 audit process requirements for accredited Certification 301
Bodies to deliver SA8000 assessment activities in a robust and replicable manner. 302
303
Its primary purpose is to provide an infrastructure for consistent delivery of SA8000 certification audits 304
and is used, along with Procedure 201A, Procedure 201B, and ISO/IEC 17021-1:2015, to provide criteria 305
against which SAAS may evaluate and measure an applicant or accredited CB in delivering SA8000 306
assessment services. 307
308
SAAS has promulgated separate documents, Procedure 201A and 201B, which outline the structure, 309
competence and certification process requirements for the management of SA8000 activities within the 310
CB, as well as detailing the accreditation process and oversight by SAAS. 311
312
The term “SHALL” is used throughout this document to indicate those provisions that are mandatory. 313
Requirements stated in this document SHALL be integrated into the procedures and processes of the 314
CBs. This document SHALL be updated from time to time by SAAS after consultation with appropriate 315
stakeholders and at the request of SAI, and is subject to regular review by SAAS and its Board of 316
Directors, and SAI and its Board. Additional requirements may be promulgated in the form of 317
“Notifications” or “Advisories.” Those documents SHALL be considered requirements for implementation 318
by CBs and SHALL be integrated into the procedures and processes of the accredited CBs. 319
320 321
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 11 of 95
322 323 324 325 326 327 328 329 330 331 332
333
Section 6 334
335
Scope of Procedure 200 336
337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 12 of 95
359
6. Scope 360
This document provides a framework for assurance of the SA8000 audit system and sets out minimum 361
audit criteria for assessing organisations seeking SA8000 certification by accredited and applicant 362
Certification Bodies. Conformance to the requirements in this document, as well as Procedure 201A and 363
Procedure 201B, provides greater assurance that accredited CBs are performing SA8000 audit process 364
requirements in a consistent and effective way. 365
366
Together, the principles found in Procedures 200 and 201 specify requirements for the SA8000 audit, 367
which is an input to the certification process. These documents specify requirements for personnel 368
competence, audit process, systemic impartiality and transparency. The assurance and oversight 369
process defined by SAI and monitored by SAAS are expected to lead to consistent audit outcomes and 370
performance by audit personnel. 371
372
This document supersedes all previous versions of Procedure 200 and related Advisories and prescribes 373
the requirements that a CB must include in carrying out assessment of a client organisation that submits 374
itself for verification of conformance with the SA8000 certification standard. The assessment of such an 375
organisation is purely voluntary. It is the responsibility of any such organisation to provide adequate 376
evidence that SA8000 certification is justified. 377
378
379 380
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 13 of 95
381 382 383 384 385 386 387 388 389 390 391
392
Section 7 393
394
Acronyms and Definitions 395
396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 14 of 95
418 419
7. Acronyms and Definitions 420
The following acronyms and definitions are used within this document. Note: all definitions found 421
in the SA8000:2014 Standard apply to this document and, where they differ, supersede the 422
definitions in ISO/IEC 17021-1:2015 and ISO/IEC 17011:2004. 423
424
7.1 Acronyms 425
7.1.1 CB = SAAS Accredited Certification Body (or applicant Certification Body); equivalent to CAB 426
7.1.2 CBA = Collective Bargaining Agreement 427
7.1.3 IAF = International Accreditation Forum (www.iaf.nu) 428
7.1.4 IEC = International Electrotechnical Commission 429
7.1.5 ISO = International Organisation for Standardisation (www.iso.org) 430
7.1.6 ISO 17021 = ISO/IEC 17021-1:2015 431
7.1.7 ISO 19011 = ISO 19011:2011 432
7.1.8 ISO 17011 = ISO/IEC 17011:2004 433
7.1.9 NGOs = Non-Governmental Organisations 434
7.1.10 Proc. 201 = SAAS Procedure 201A 435
7.1.11 SA = Social Accountability 436
7.1.12 SAI = Social Accountability International (www.sa-intl.org) 437
7.1.13 SAAS = Social Accountability Accreditation Services (www.saasaccreditation.org) 438
7.1.14 SPT = Social Performance Team 439
7.1.15 TU = trade union 440
441
7.2 Definitions 442
443
7.2.1 Breach of Ethical Standards = Verified intentional attempts to corrupt or defraud the 444
SA8000 audit process. See also the definition of Critical Non-conformity and the section in 445
this document for Audit Disruptions. 446
447
7.2.2 Certification Cycle = The certification cycle for the SA8000 client begins with the certification 448
or recertification decision. The length of the cycle is limited to three years. The audit program 449
for the SA8000 client SHALL be determined for the full three year certification cycle. 450
451
7.2.3 Certification Country Risk Assessment Process = SAAS coupled the risk ranking of the 452
Worldwide Governance Indicators (WGI) with strategies to provide a greater level of 453
assurance as part of the SA8000 certification process. The application of certification 454
process requirements vary based on the country risk assessment and affect the frequency of 455
SA8000 surveillance audits, unannounced audits, application of multi-site certificates and 456
worker interviews, as identified in this document. See also 457
www.saasaccreditation.org/accreditation-requirements. 458
459
7.2.4 Company = SA8000:2008 refers to “Company” throughout the text of the Standard. 460
SA8000:2014 refers to “Organisation” throughout the text of the Standard. In this procedure, 461
the term “organisation” is synonymous with “company” as defined in SA8000:2008. “Facility” 462
and “workplace” SHALL refer specifically to a physical site, location or building in which the 463
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 15 of 95
company resides. 464
465
7.2.5 Contractor = An organisation or person that enters into a contract. Note: commonly a 466
CONTRACTOR is a person or entity that agrees to provide services (example: The party 467
responsible for the overall job is a "general contractor," and those he/she/it hires to undertake 468
specific jobs on behalf of the contractor are "subcontractors," who are responsible to the 469
general contractor.) 470
471
7.2.6 Corrective action = Action taken to eliminate the cause of a non-conformity upon 472
undertaking a root cause analysis. It includes the action taken to prevent recurrence of a non-473
conformity whereas preventive action is taken to prevent initial occurrence of a non-474
conformity. In the SAAS-accredited system, corrective action is undertaken to impact the 475
entirety of the CB’s accredited management system for performing SA8000 audits. Note: 476
There is a distinction between correction and corrective action. Correction is action 477
undertaken immediately to eliminate the detected non-conformity but not necessarily the 478
cause. 479
480
7.2.7 Critical Non-Conformity (CNC) = A grievous breach of the SA8000 Standard that results in 481
severe impact to individual rights, life, safety and/or SA8000, SAAS or SAI’s reputation. 482
SA8000 certificates may be denied, cancelled or suspended when CNCs are confirmed. 483
484
7.2.8 Exclusive supplier = A supplier that produces product(s) or supplies a process(es) 485
exclusively for a single customer. In the context of this document, exclusive supplier refers to 486
a supplier that supplies only to one customer and is to be considered a part of the 487
organisation that is being certified. Therefore, it SHALL be included in the scope of the 488
certificate and audit day calculation, rather than the control of suppliers clause of SA8000. 489
490
7.2.9 Full-Time Equivalent (FTE) = Full-time equivalent employees equal the number of 491
employees on full-time work plus the number of employees on part-time work converted to a 492
full-time basis. FTE is sometimes referred to as Effective Number of Personnel. The use of 493
FTE for audit effort calculations is not permitted for SA8000 certification. 494
495
7.2.10 Grievous and Intentional Violations of Human Rights = Intentional egregious violations of 496
human rights. See also Critical Non-Conformity. 497
a) As the aim of the audit process is to evaluate conformity with the SA8000 Standard, efforts 498
SHALL be made by the applicant or certified organisation to rapidly bring about the necessary 499
changes to address these violations. 500
b) If there is a clear determination shown by management and immediate action is taken to 501
remediate the violations, this will be considered as an acceptable corrective action. 502
503
7.2.11 Immediate Threats to Worker Lives = Verified immediate threats to worker lives or safety. 504
See also Critical Non-Conformity. 505
a) New certificates may be issued and suspensions may be lifted when the threat(s) is 506
remedied. 507
508
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 16 of 95
b) The organisation may apply for certification when they have: 1) received sign-off by a CB 509
on a corrective and preventive action plan; and 2) completed all required actions in the 510
corrective and preventive action plan according to their proposed timeframe. 511
c) Certificates SHALL be withdrawn if the organisation is unable to meet the proposed 512
timeframe in their remediation/corrective and preventive action plan. 513
514
7.2.12 Indirect Workers = Workers of a subcontractor working on-site of the applicant or certified 515
organisation and/or off-site but under direct control of the certified organisation. 516
517
7.2.13 Maritime Activities = Those involving seafarers, i.e. any persons employed or engaged or 518
working in any capacity on board a ship. See also SAI’s SA8000:2014 Certification Exclusion 519
List. 520
a) Maritime Activities are further broken down into those excluded from SA8000 certification 521
and those that are not. 522
b) Maritime Activities excluded from certification are those covered by the ILO Maritime 523
Labour Convention, 2006 (NO. 186), (MLC). 524
c) Maritime Activities that may be eligible for certification are those that relate to seafarers on 525
vessels that navigate exclusively in inland waters or waters within, or closely adjacent to, 526
sheltered waters or areas where port regulations apply. 527
d) The determination as to whether a ship is a certifiable workplace will depend on several 528
factors, including definitions supplied by local regulations. 529
530
7.2.14 Micro-enterprises = In the context of this document, a micro-enterprise SHALL be defined 531
as having 10 or fewer personnel. 532
533
7.2.15 Multi-Site organisation = An organisation with an identified central management function 534
(central office or headquarters or head office) at which organisational activities are planned, 535
controlled, and/or managed with a network of offices, branches or sites at which activities are 536
carried out. A multi-site organisation need not be a unique legal entity, but all sites shall have 537
a legal or contractual link with the central office and be subject to a common management 538
system. See also Site. 539
540
7.2.16 Non-Conformity (NC) = If fulfilment of specified requirements have not been demonstrated, 541
a finding of non-conformity SHALL be reported. In the SAAS-accredited system, identification 542
of NCs initiate a corrective action request (CAR). A CAR is the initial stage in the corrective 543
action process. A corrective action SHALL be initiated as a result of a non-conformity. This 544
process includes containment/correction, root cause analysis, corrective action and follow-up. 545
NCs SHALL be logged using a nonconformance report (NCR) to log and track occurrence 546
and reoccurrence of NCs. 547
548
7.2.17 On-Site Supplier/Sub-supplier/Subcontractor = Organisation or person that provides a 549
product or a service produced on one (or more) sites of the client/certified organisation. 550
551
7.2.18 Organisation headquarters = The controlling location (central office or headquarters or 552
head office) of the management system, as utilized in defining a multi-site audit scheme. See 553
also Multi-Site organisation. 554
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 17 of 95
555
7.2.19 Permanent Site = Location where a CB’s client performs work or provides workers to 556
perform a service on a continuing basis. 557
558
7.2.20 Risk Assessment = Process to identify potential hazards and analyze what could happen if 559
a hazard occurs. 560
561
7.2.21 Risk Management Approach = The process of identifying risk, assessing risk, and taking 562
steps to reduce risk to an acceptable level. The risk management approach determines the 563
processes, techniques, tools, and team roles and responsibilities for a specific activity. 564
565
7.2.22 Root Cause Analysis = Method of problem solving used for identifying the root causes of 566
faults or problems. Certified organisations are expected to use Root Cause Analysis to 567
address NCs to look deeper into problems and find out why they're happening 568
569
7.2.23 Service Sector = Sector of business that is made up of companies that primarily earn 570
revenue through providing intangible products and services. Service industry companies are 571
involved in retail, transport, distribution, food services, cleaning, banking, education, as well 572
as other service-dominated businesses. 573
574
7.2.24 Shell Company or Shell Organisation = In the context of this document, “shell” companies 575
subcontract the vast majority of the end product or service. These companies often seek 576
certification as a means of obtaining contracts through government tenders but do not 577
perform the service for which the tender has been created. A shell company SHALL not be 578
approved for SA8000 certification. 579
580
7.2.25 Should = The term “should” is used in this document to indicate recognized means of 581
meeting the requirements. A CB can meet these in an equivalent way if it can be 582
demonstrated to SAAS. The term “SHALL” is used to indicate those requirements that are 583
mandatory. 584
585
7.2.26 Site = Location where an organisation carries out work or a service. See also Multi-Site 586
organisation. 587
a) A temporary site is one set up in order to perform specific work or service for a finite 588
and limited period of time. 589
b) Additional sites include a new site or group of sites that are to be added to an 590
existing multi-site organisation. 591
592 7.2.27 Stage 1 Audit = The first of two audits that a CB conducts for an organisation’s SA8000 593
management systems certification. The stage 1 SA8000 audit includes a document review to 594 confirm that the organisation has established procedures and processes, is knowledgeable of 595 legal requirements, and is ready for a Stage 2 SA8000 certification audit. It also involves a 596 Social Fingerprint Independent Evaluation conducted by the SA8000 Lead Auditor. 597
598 7.2.28 Stage 2 Audit = the second of two audits that a CB conducts for an organisation’s SA8000 599
management systems certification. The Stage 2 SA8000 audit confirms that the organisation is 600 effectively implementing a management system and conforming to the requirements of the 601 SA8000 Standard. It also involves a Social Fingerprint Independent Evaluation of the 602
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 18 of 95
organisation’s Social Fingerprint Self-Assessment, conducted by the SA8000 Lead Auditor. 603
604
7.2.29 Sub-supplier = Organisation or person that provides a product or a service to a supplier. 605
606
7.2.30 Subcontractor = Organisation or person who takes a portion of a contract from the principal 607
contractor or from another subcontractor. 608
609
7.2.31 Supplier = Organisation or person that provides a product or a service. 610
611
7.2.32 Zero Tolerance = Violations observed during an SA8000 audit that, in the opinion of the CB’s 612
audit team, require immediate action by the CB’s client SHALL require the CB’s SA8000 613
auditor to raise a Critical or Major Non-Conformity at the time of observing the violation. This 614
kind of violation observed during an SA8000 audit requires the CB’s SA8000 auditor to 615
immediately contact their CB to seek advice as to whether the audit should be aborted. May 616
also be known as a critical or immediately reportable issue. 617
618
Note: For additional terms and definitions, please refer to SA8000:2014, Procedure 201A:2015, 619
ISO/IEC 17021-1:2015 and ISO/IEC 17000:2004. For terms and definitions specific to the 620
Social Fingerprint process, please refer to SAI’s SA8000:2014 Social Fingerprint Glossary. 621
622
623
624
625 626 627
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 19 of 95
628 629 630 631 632 633 634 635 636 637 638
639
Section 8 640
641
Reference Documents 642
643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 20 of 95
665 666
8. Reference Documents 667
In all cases, the current edition of a certification standard, normative document or guidance SHALL be the 668
reference document in this procedure, per the standard’s published rollout schedule. SAI’s documents 669
can be found on their website at: www.sa-intl.org. SAAS documents can be found at: 670
www.saasaccreditation.org/document-library. 671
672
8.1 Standards 673
8.1.1 SAAS Procedure 201A (Normative Reference) 674
8.1.2 SAAS Procedure 201B (Normative Reference) 675
8.1.3 ISO/IEC 17011:2004 (Normative Reference) 676
8.1.4 ISO/IEC 17021-1:2015 (Normative Reference) 677
8.1.5 SA8000:2014 (Normative Reference) (SA8000:2014 will replace SA8000:2008 for required 678
implementation by all SA8000-certified organisations. Please see the SAAS Notification 4A 679
for implementation timeline.) 680
681
8.2 Required References 682
8.2.1 SA8000:2014 Certification Exclusion List 683
8.2.2 SA8000:2014 Performance Indicator Annex 684
8.2.3 SA8000:2014 Drafters’ Notes 685
8.2.4 SA8000:2014 Guidance Document 686
8.2.5 SA8000:2014 Auditor Guidance for Social Fingerprint 687
8.2.6 SA8000:2014 Social Fingerprint Glossary 688
8.2.7 SA8000:2014 Social Fingerprint Rating Chart 689
8.2.8 IAF MD 1:2007 Certification of Multiple Sites Based on Sampling 690
8.2.9 IAF MD 2:2007 Transfer of Accredited Certification of Management Systems 691
8.2.10 IAF MD 5: 2013 Duration of QMS and EMS Audits 692
8.2.11 ISO/IEC TS 17022:2012 693
694
695
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 21 of 95
696 697 698 699 700 701 702 703 704 705 706
707
Section 9 708
709
General Principles 710
711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 22 of 95
733
9. General Principles 734 9.1 Requirements 735
736
9.1.1 This document specifies procedures and CB audit process requirements with regard to the 737
assessment of organisations to SA8000. 738
739
a) These requirements are binding for CBs accredited for SA8000 by SAAS. Breach of these 740
requirements in any part by an accredited CB SHALL initiate the issuance of non-conformities 741
potentially leading to suspension and the de-accreditation process. Cancellation of SAAS 742
accreditation may result if the breach is not resolved in a timely manner. 743
744
b) An accredited CB may exceptionally deviate from the requirements in this document under 745
the condition that it is able to produce relevant and documented justifications. These 746
justifications shall, under evaluation by SAAS, demonstrate confidence in the accredited CB’s 747
management system and delivery of accredited SA8000 certification services. 748
749
c) Only clients certified to SA8000 by organisations accredited by SAAS have valid 750
certificates. Any other SA8000 certificates are considered unaccredited and not recognized 751
by SAI and other stakeholders in the process. 752
753
d) All SA8000 certificates issued by accredited CBs shall contain the following disclaimer: 754
“Social Accountability International and other stakeholders in the SA8000 process only 755
recognize SA8000 certificates issued by qualified CBs granted accreditation by SAAS and do 756
not recognize the validity of SA8000 certificates issued by unaccredited organisations or 757
organisations accredited by any entity other than SAAS.” 758
759
Additionally, all SA8000 certificates shall contain the address of the SAAS website 760
(www.saasaccreditation.org/certification) where stakeholders can confirm the validity of an 761
accredited SA8000 certificate. 762
763
e) An SA8000 Certificate Template is available at: www.saasaccreditation.org/accreditation-764
requirements 765
766
9.1.2 SAAS requires accredited and applicant CBs to conform to ISO/IEC 17021 requirements. 767
These requirements form the basis for the accredited certification process. SAAS assesses 768
CB’s conformance to ISO/IEC 17021 requirements as part of the accreditation and 769
surveillance process, in addition to conformance to requirements within this document. 770
771
a) This SA8000 audit requirements document builds upon the basic requirements found in 772
ISO/IEC 17021 to make them specific to the SA8000 scheme. 773
774
b) In general, this document focuses solely on the SA8000 audit process requirements and in 775
particular expands on the Clause 9.1 to 9.9 requirements of ISO/IEC 17021-1:2015. The 776
other requirements of ISO/IEC 17021-1:2015 that SHALL be met by SAAS-accredited CBs 777
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 23 of 95
are described further in other SAAS procedures, specifically SAAS Procedure 201A and 778
201B. 779
780
c) If there is any conflict between SAAS requirements and ISO/IEC 17021 requirements, 781
SAAS requirements SHALL take precedence over ISO/IEC 17021. For further clarification, 782
the CB SHALL contact SAAS when needed. 783
784
9.1.3 Accredited CBs SHALL have a documented, structured management system defining the 785
CB’s SA8000 certification processes. Such systems SHALL conform to the requirements in 786
ISO/IEC 17021, SAAS Procedure 200, SAAS Procedure 201A and Procedure 201B and any 787
other requirements disseminated by SAAS. 788
789
9.1.4 The CB’s SA8000 certification assessment process SHALL address all SA8000 elements 790
according to the requirements described in this procedure. 791
792
9.1.5 All requirements in this procedure which relate to SA8000 clients SHALL be written into the 793
contract with the SA8000 client so that the client clearly understands what is required and 794
accepts those terms upon signing the client contract. For additional details, reference 795
Procedure 201A. 796
797
9.1.6 SAAS Advice and Interpretation: SAAS maintains regular contact with CBs and their SA8000 798
Program Managers. CBs SHALL have designated one staff person (the SA8000 Program 799
Manager, as defined in Procedure 201A and 201B) and a Deputy to interface with SAAS. 800
801
802
803
804
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 24 of 95
805 806 807 808 809 810 811 812 813 814 815
816
Section 10 817
818
Scope of SA8000 Certification 819
820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 25 of 95
842 843
10. Scope of SA8000 Certification 844 10.1 Requirements 845
846
10.1.1 SA8000 certification is generally permitted in all countries and is applicable in all industries 847
except as designated in the exclusions below and/or as described in other documents. SAI 848
has developed an SA8000:2014 Certification Exclusion List which can be found on their 849
website at www.sa-intl.org. 850
851
10.1.2 The People’s Republic of China and its Special Administrative Regions of Macau and Hong 852
Kong, as well as Taiwan, SHALL be treated as separate countries for the purposes of 853
SA8000 Certification. 854
855
10.1.3 Excluded Countries: None. Reference SAI’s SA8000:2014 Certification Exclusion List for the 856
most up to date exclusions. Note: Care should be taken when granting SA8000 certification where 857
certain issues are made illegal by country law. 858
859
10.1.4 Excluded Activities: Reference SAI’s SA8000:2014 Certification Exclusion List for the most up 860
to date exclusions. SA8000 certification SHALL not be permitted in Maritime Activities 861
covered by the MLC sector. See the definition for Maritime Activities. 862
863
10.1.5 Organisations without active operations [i.e. Shell Companies] are prohibited from being 864
certified to SA8000. 865
866
a) Therefore any organisation that applies for SA8000 certification SHALL have been 867
engaged in its stated business for at least 6 months prior to its application for SA8000. 868
869
b) The organisation that is to be certified SHALL have active contracts with its customer(s). 870
871
c) The CB SHALL maintain evidence in the client file to demonstrate that the client 872
organisation is still active. 873
874
10.1.6 SA8000 certification SHALL be valid for a single organisation within a single site or location, 875
or a commonly owned and managed (multi-site) group of facilities at multiple locations within 876
a single country. Multi-site certification across multiple countries SHALL NOT be permitted. 877
878
10.1.7 Scope of certification: Details on the development and agreement of the scope of an SA8000 879
organisation are defined below with additional guidance provided at 880
www.saasaccreditation.org/accreditation-requirements 881
882
a) The geographic boundaries of the scope SHALL be clearly defined. 883
884
b) The scope of a single SA8000 certificate SHALL cover all processes, properties and 885
operations of a continuous process or premises. 886
887
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 26 of 95
Note: For example, in a situation with several assembly lines, all must be audited for certification. 888
Similarly, in a continuous process of fabrication and finishing and packaging, the entire process must be 889
compliant in order for certification to be granted. 890
891 c) The scope SHALL be clearly identified on the SA8000 certificate and include the nature of 892 the organisation in terms of the products and/or services it provides, exactly the business 893 information for which a client is certified, as well as its physical address(es). If a multi-site 894 certificate is involved, all addresses SHALL be defined on the certificate, be publicly 895 available, and reported to SAAS. 896
897
d) The scope SHALL include the entire legal entity’s structure and processes. In cases 898
where a subcontractor is used by the certified organisation to deliver parts of its activities, the 899
scope statement shall clearly specify that some processes are delivered by subcontractors 900
and those parts are excluded from the scope. 901
902
e) Public information on the certification of an organisation SHALL be clear and 903
understandable and specific as it relates to the scope of the certificate. 904
905
f) The CB SHALL certify an entire organisation and SHALL NOT certify personnel in only one 906
department of a multi-department organisation and not the other(s). Departments are 907
interrelated and personnel might move from one department to another. 908
909
g) On-site and off-site exclusive suppliers SHALL be treated as part of the organisation’s 910
operation and included in the scope of the audit and audit day calculation. See definition of 911
Exclusive Supplier. 912
913
h) With respect to SA8000 certification, working conditions for all personnel working on-site of 914
the organisation seeking certification (including those employed by supplier organisations) 915
are required to also comply with the requirements of SA8000. 916
917
i) Employment agencies SHALL include their contracted workers in their scope of 918
certification. 919
920
921
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 27 of 95
922 923 924 925 926 927 928 929 930 931 932
933
Section 11 934
935
SA8000 Certification Requirements 936
937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 28 of 95
959 960
11. SA8000 Certification Process Requirements 961 11.1 General – (ISO/IEC 17021-1:2015 Clauses 9.1 – 9.9) 962 963 11.1.1 The initial certification audit SHALL generally be conducted in three stages as described in 964
Figure 1. 965 966
967 968
Figure 1 - Initial Audit Process 969
970
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 29 of 95
971
11.1.2 Audit planning and execution SHALL take into account all personnel both on-site and off-site, 972
including temporary and contract labour and homeworkers. 973
974
a) The CB audit program SHALL address all elements of the standard at each location and 975
assess all shifts (crews) covered by the scope of the SA8000 certificate. 976
977
b) The rounding down to full-time equivalents is not permitted for SA8000 Certification. Every 978
individual SHALL be taken as one person for audit effort planning irrespective of what hours 979
they work per week and whether full or part-time. 980
981
11.1.3 Stakeholder engagement SHALL be performed as part of the SA8000 certification process. 982
See Section 20 of this document to determine the calculation of audit days and inclusion of 983
stakeholder engagement in the audit day calculation. 984
985
a) Stakeholder engagement provides guidance, informed decision-making and a way to 986
engage in meaningful dialogue with those parties with the most knowledge and stake in 987
SA8000 activities. Stakeholder engagement allows auditors to engage with the community 988
prior to the audit to do fact finding and assist in the assessment of the organisation. Formal 989
and informal consultations are an effective means of both gathering information on possible 990
problem areas and also encouraging local organisations to monitor an SA8000-certified 991
organisation’s continual compliance. Such consultations reduce the risk that auditors will 992
overlook a nonconformity, help encourage a constructive feedback loop and build confidence 993
in the reliability of certification. 994
995
b) The CB SHALL have a documented and implemented process to effectively obtain and 996
maintain information about working conditions regularly gathered from regional interested 997
parties, NGOs, trade unions, community organisations and workers. This information SHALL 998
be used in audit planning and throughout the audit process. 999
1000
c) The steps in stakeholder engagement SHALL include: defining stakeholders, interacting 1001
with stakeholders, performing consultations, developing profiles, and ongoing and regular 1002
updates. 1003
1004
d) Stakeholder engagement SHALL be conducted in a common sense approach for auditors 1005
to understand common concerns in a given geographic region. At minimum, annual 1006
consultation with stakeholders SHALL be conducted, with evidence of information collected. 1007
1008
e) Auditors SHALL conduct local intelligence gathering while on-site or in a specific area for 1009
audits. This may include checking with the local community in the early morning of the Stage 1010
1 audit and/or in the evening between audit days and at the time of an unannounced audit. 1011
1012
f) CBs SHALL maintain records including notes and minutes from stakeholder consultations 1013
and other pre-audit research. Client files SHALL NOT contain a generic boiler plate 1014
statement about stakeholder consultation but SHALL include actual recorded evidence of 1015
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 30 of 95
stakeholder consultation. 1016
1017
11.1.4 The initial certification (Stage 2) and recertification audits SHALL include the auditing of all 1018
shifts (crews). In addition to the Stage 2 audit, all shifts (crews) SHALL be seen at least once 1019
throughout the certification cycle through the use of surveillance audits. 1020
1021
a) Table 1 generally indicates the time of day and audit effort when at least one member of 1022
the audit team should audit the appropriate shift. Audits of night shifts SHALL include a focus 1023
on worker interviews and health and safety issues. 1024
1025
b) The basis of this table is to permit the audit day to be split to ensure that night and other 1026
shifts are audited at the appropriate time. 1027
1028
c) To enable an efficient audit at a site with multiple shifts, the auditor SHALL be authorized 1029
to shorten the daytime hours in an audit in order to perform the remaining hours for the audit 1030
during the night shift. The auditor SHALL NOT be required to audit eight hours during the 1031
day and also audit during the night shift. 1032
1033 1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
Table 1 - Shift Pattern Audit Effort 1046
1047
11.1.5 The entire management system and associated performance elements for SA8000 SHALL be 1048
assessed at every certification (Stage 2 site audit) and recertification. The entirety of the 1049
management system SHALL also be assessed throughout the certification cycle through the 1050
use of surveillance audits. 1051
1052
11.1.6 The certification cycle SHALL be based upon the dates of the initial certification decision. The 1053
time interval between initial certification and recertification or between two recertification 1054
audits SHALL NOT exceed three years from issue of the certification decision. There SHALL 1055
be no gaps before the new certification cycle (recertification) commences. 1056
1057
Shift TypeNominal Working
HoursWhen To Audit
Morning 06.00 to 14.00 During Normal Audit Day Of 09.00-17.00
Afternoon 14.00 to 22.00 During Shortened Audit Day & 3 Hours of 19.00-22.00
Night 22.00 to 06.00 During Shortened Day & 3 Hours of 00.00-03.00
Twi-light 17.00 to 21.00 During Shortened Audit Day & 3 Hours of 18.00-21.00
Day 1 06.00-16.00 During Normal Audit Day Of 09.00-17.00
Day 2 08.00-18.00 During Normal Audit Day Of 09.00-17.00
Day 3 09.00-17.00 During Normal Audit Day Of 09.00-17.00
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 31 of 95
1058
11.1.7 Through the use of surveillance audits, the SAAS-accredited CB SHALL monitor the ongoing 1059
performance of its SA8000 Certified Clients against the requirements of SA8000 as per 1060
Section 16 and Table 12 – Minimum Number and Recommended Timeframe of 1061
Unannounced Surveillance Visits - 6 Monthly Surveillance in this document. 1062
1063
11.1.8 Each CB SHALL have documented procedures for selecting and appointing the audit team for 1064
each audit, including the requirements and attributes of the audit team leader and the overall 1065
competence needed to achieve the objectives of the audit. If there is only one auditor, the 1066
auditor shall have the competence to perform the duties of an audit team leader applicable for 1067
that audit. 1068
1069
11.1.9 SA8000 auditor and allied expert personnel appointed to audit teams, between them, SHALL 1070
reflect the totality of competencies, location-specific knowledge, language skills and cultural 1071
knowledge required to conduct all SA8000 audits performed by the CB (see Procedure 201B 1072
for explicit requirements, details and team composition). These skills SHALL include: 1073
1074
a) knowledge of issues applicable to the location (laws/regulation and other demands/norms 1075
applicable to a specific location - including industry rules or norms); 1076
1077
b) knowledge of applicable language(s)/dialect(s) - written and spoken; 1078
1079
c) knowledge of prevailing cultural norm(s) of management and workers - this would 1080
include gender (as a subset of culture) and other potential differences (such as caste, 1081
immigrant workers and many other broadly or narrowly applicable issues). 1082
1083
11.1.10 Social Fingerprint SHALL be fully integrated into the SA8000 audit process as described in 1084
the Procedure 200 Annex (SA8000:2014 Auditor Guidance for Social Fingerprint). 1085
1086
1087
11.2 Audit Disruptions 1088
1089
11.2.1 Each CB SHALL develop and maintain a general procedure that addresses issues that can 1090
occur during an audit such as, but not limited to: attempted bribery; power outage; fire; 1091
serious accident; denied access to any part of the premises; denied access to records; 1092
denied access during an unannounced audit; and other such matters. This procedure SHALL 1093
address auditor process and the circumstances under which an audit SHALL be terminated. 1094
1095
11.2.2 This procedure SHALL delineate the action that the CB auditor(s) SHALL be required to take 1096
if such a disruption occurs. All disruptions and/or disturbances during audits SHALL be 1097
documented and records kept in the client file. 1098
1099 11.2.3 This procedure SHALL detail the steps to report, investigate and address situations of 1100
attempted bribery. Please also see the definition of Breach of Ethical Standards in this 1101 document and additional CB process requirements found in Procedure 201A. 1102 1103
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 32 of 95
a) Process requirements: If the attempt occurs during an SA8000 audit, SA8000 auditors 1104 SHALL follow the CB’s policies and issue a Critical Non-Conformity to the organisation. 1105
1106 b) As a general rule, if the Critical Non-Conformity leads to withdrawal of the SA8000 1107 certificate, an organisation may re-apply for certification after a period of three years from the 1108 date when a Critical Noncompliance Non-Conformity associated with audit integrity is issued. 1109
1110
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 33 of 95
1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121
1122
Section 12 1123
1124
General Audit Planning 1125
(Excluding Audit Effort) 1126
1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 34 of 95
1151 1152
12. General Audit Planning (Excluding Audit Effort) 1153 12.1 Audit Plans - (ISO/IEC 17021-1:2015 Clause 9.2) 1154
1155
12.1.1 Every audit SHALL have an audit plan. 1156
1157
a) For announced audits, the audit plan SHALL be sent to the client at least 3 weeks prior to 1158
the audit and SHALL include the name of and summary of background information on each 1159
member of the audit team. 1160
1161
b) For unannounced audits, the CB SHALL develop an audit plan and maintain it, 1162
confidentially, until the auditor arrives on-site and presents it at the opening meeting of the 1163
audit. In order to facilitate the unannounced audit, the CB SHALL provide information on the 1164
expected audit plan to the client at the end of the previous audit or at a later date, but 1165
absolutely not in any way that might inform the client as to when the unannounced audit will 1166
take place. 1167
1168
c) The audit SHALL be planned so as to fully evaluate the effectiveness of the SA8000 1169
management system and related performance criteria through evidence-based assessment. 1170
1171
12.1.2 The audit plan SHALL be adapted to the processes and working environment of the 1172
organisation being assessed and SHALL include all requirements of the organisation's social 1173
management system (for initial and recertification audits) and associated performance 1174
elements and cover all shifts within the audit cycle. 1175
1176
12.1.3 The plan SHALL be developed in light of information gathered from local and regional 1177
experts, stakeholders, community members, NGOs and Trade Unions, information which 1178
SHALL be gathered and recorded in advance of the audit. 1179
1180 12.1.4 The audit plan SHALL indicate the need for the certified organisation to provide their 1181
calculations of living wage, minimum wage and lowest wage in the organisation, adjusted to 1182 gross or net. 1183
1184 12.1.5 Relevant records of internal communication of audit team members, the client and external 1185
stakeholders related to the individual client and audit SHALL be maintained. 1186 1187
12.1.6 Audit records SHALL contain a copy of the AS AUDITED plan that confirms the paths and 1188 sequence of each audit. This can be a hand-marked copy of the audited plan as presented at 1189 the opening meeting. 1190
1191
12.1.7 In addition to the requirements in ISO 17021-1:2015, 9.2.3.2: Audit plans SHALL include the 1192
following information in Table 2, as applicable, as a minimum: 1193
1194 1195 1196 1197 1198 1199 1200 1201
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 35 of 95
a) Auditors Names. b) Experts Names.
c) Translators Names. d) Other persons attending the audit, e.g. CB, SAAS, or others.
e) Client contact details including organisation name; address; main contact.
f) SA8000 management representative; SA8000 workers representative; Trade Union representative.
g) Other reps as appropriate (such as OHS rep; HR manager; Payroll manager).
h) Locations to be audited (except in the case of multi-site sampling).
i) Shifts operated and to be audited. j) Approximate time of each audit activity and date.
k) Audit site demographics related to number, gender and language spoken for: workers and managers, contract services suppliers and direct and indirect labor.
l) Travel time to sites as appropriate.
m) Indication of the expected number of worker and manager interviews.
n) Language of audit.
o) Statements on bribery policy, confidentiality and impartiality, both general statements and policies specific to the audit and audit team.
p) List of documents to prepare for the audit.
q) Statement on the need for senior management and workers representatives to be present at the opening and closing meetings.
Table 2 - Audit Plan Details 1202
1203 12.1.8 A series of template documents are available from SAAS and also downloadable from 1204
www.saasaccreditation.org/accreditation-requirements 1205 1206 12.1.9 See www.saasaccreditation.org/accreditation-requirements for guidance on percentage of 1207
time spent per audit activity for SA8000 on-site audits. 1208 1209 1210 1211
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 36 of 95
1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222
1223
Section 13 1224
1225
Pre-Assessment and Initial Research 1226
1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 37 of 95
1254 1255
13. Pre-Assessment and Initial Research 1256 13.1 Pre-Assessment Audit 1257
1258
13.1.1 Pre-Assessment audits are an optional service that can be provided by a CB. The CB SHALL 1259
have procedures for managing the pre-assessment process so as to reduce conflicts of 1260
interest and so as not to provide consulting during the pre-assessment audit. 1261
1262
13.1.2 Pre-assessment audits can be performed at the request of the client by the contracted CB. 1263
This request SHALL be documented in the client audit file. 1264
1265
13.1.3 A pre-assessment audit SHALL ONLY be performed prior to the initial Stage 1 audit and 1266
SHALL NOT be performed in lieu of a Stage 1 audit. The pre-assessment SHALL be formally 1267
documented in an audit report and SHALL consist of non-binding findings with no 1268
recommended solutions. The time spent on a pre-assessment audit SHALL NOT be 1269
considered part of the Stage 1 and/or Stage 2 process. 1270
1271
13.1.4 Arranging training and participating as a trainer at a client’s organisation SHALL NOT be 1272
considered consultancy provided that, where the course relates to management systems or 1273
auditing, it is confined to the provision of generic information that is freely available in the 1274
public domain; i.e. the trainer SHALL NOT provide organisation-specific solutions. 1275
1276 1277
13.2 Initial Research 1278 1279
13.2.1 All CB’s SHALL have a documented procedure that describes the criteria for accepting a 1280
client based on various risk factors including any geographical, ethical, and/or commercial 1281
basis. These criteria may include countries and business sectors from which they may 1282
choose to refuse applications. 1283
1284
13.2.2 Prior to accepting a client organisation for SA8000 certification, the CB SHALL check that the 1285
applicant does not have a recent or pervasive history of major unaddressed violations in any 1286
element of the SA8000 standard (including freedom of association) for at least six months 1287
before the Stage 1 audit. 1288
1289
a) The process to obtain this information can include web-based research. 1290
1291
b) The CB SHALL search diligently for local intelligence from within the CB and from external 1292
bodies such as regulatory agencies, trade unions, local stakeholders and community 1293
members. 1294
1295
c) The results of this research process SHALL be documented and maintained in the client 1296
file and include justification as to why clients were taken on if they have a previous pervasive 1297
history of major unaddressed violations in any elements of the SA8000 standard. 1298
1299
13.2.3 The research process by the CB SHALL include, at a minimum: 1300
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 38 of 95
1301
a) A determination of sufficient wage levels for the client location, as defined by SA8000 1302
Element 8.1. 1303
1304
b) A determination of present or past legal actions against the organisation. 1305
1306
c) Consultation to gather information about working conditions gathered from regional and 1307
local interested parties, NGOs, trade unions and workers. This process SHALL be included 1308
in the calculation of audit days as part of the preparation of the Stage 1 and Stage 2 audit for 1309
initial and recertification audits and, at minimum, 1 time per year for surveillance audits. See 1310
also section 11.1 in this document. 1311
1312
d) A determination of the languages spoken by personnel at the organisation, and the 1313
proportion speaking each. The CB SHALL record this information before accepting a client 1314
organisation for SA8000 Certification to ensure it has the capacity to communicate effectively 1315
with the majority of personnel. 1316
1317
e) A determination as to whether or not the client is currently or previously has been certified 1318
to SA8000 and, if so, reviews of those SA8000 audit and non-conformity reports. If the CB 1319
cannot make this determination, they SHALL confer directly with SAAS. 1320
1321
f) A determination as to whether or not the client organisation has had audits against other 1322
social codes of conduct and, if so, reviews of those audit reports. 1323
1324
g) An investigation of grievances, legal proceedings and other complaints for a period of time 1325
of at least six months before the Stage 1 Audit. 1326
1327
13.2.4 The CB SHALL have a documented procedure that describes how it undertakes the initial 1328
research process as described above. 1329
1330 1331 1332 1333 1334
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 39 of 95
1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345
1346
Section 14 1347
1348
Stage 1 Audit 1349
1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 40 of 95
14. Stage 1 Audits 1379 14.1 Stage 1 Assessment 1380
1381 14.1.1 The objective of a Stage 1 audit is as described below in Table 3. 1382
1383
Table 3 - Objectives of a Stage 1 Audit 1384
14.1.2 CBs SHALL have a documented procedure that describes how they perform an SA8000 1385
certification Stage 1 audit that generally follows the steps as outlined in above and ISO 1386
17021-1:2015 Clause 9.3.1.2 and includes the Social Fingerprint Independent Evaluation. 1387
1388
14.1.3 The Stage 1 audit SHALL be conducted during an on-site visit to the organisation. In the 1389
case of micro-enterprises (as defined in this document), an on-site Stage 1 audit may not be 1390
necessary. In such cases, the justification for not doing an on-site visit SHALL be recorded in 1391
the client file. Details SHALL be recorded describing the conduct of the remote Stage 1 audit. 1392
1393
14.1.4 The Stage 1 audit SHALL be normally of one to two audit day duration. If a Stage 1 audit 1394
goes beyond the maximum identified in the audit days table found in this document, the CB 1395
SHALL justify and record why the additional days for Stage 1 audit was found to be 1396
necessary. See Section 20 for audit day calculation. 1397
1398
14.1.5 The category of findings raised during a Stage 1 audit SHALL be: 1399
a) Risk of non-conformance. 1400
b) Observations. 1401
a) Review accuracy of the pre-audit questionnaire returned by the client organisation.
b) Familiarize the CB Lead Auditor with the issues pertinent to the client organisation.
c) Gain an understanding of the client’s SA system and its state of development.
d) Determine client’s awareness and recognition of the local norms, regulatory and legal requirements.
e) Review the client organisation’s method of determining a local Living Wage and the wages paid to workers.
f) Review and assess the client’s SA8000 management system documentation.
g) Agree to the list of documentation that must be made available by the client organisation for the Stage 2 Audit.
h) Evaluate the client’s location and site-specific conditions.
i) Undertake discussions with the client’s personnel to determine the preparedness for the Stage 2 audit.
j) Identify all parts of the organisation so the CB understands the structure of the organisation for proper determination of scope of the certificate.
k) Review the proposed allocation of resources for the Stage 2 audit against the draft audit plan and agree with the client on the details of the Stage 2 audit.
l) Evaluate if internal audits and management review are being planned and performed.
m) Review previous labor, ethics, and other similar second and third party audit reports that are in the possession of the SA80000 certified or applicant organisation. The client SHALL make available any such audit reports within the previous three years and all SA8000 audit reports, if ever previously certified.
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 41 of 95
1402
14.2 Stage 1 Audit Preparation 1403
1404
14.2.1 Prior to the Stage 1 audit being performed, a pre-audit questionnaire SHALL be sent to the 1405
client organisation for completion. The questionnaire SHALL be returned to the CB and 1406
reviewed prior to the Stage 1 Audit taking place. (See also 1407
www.saasaccreditation.org/accreditation-requirements.) 1408
1409
14.2.2 For all Stage 1 audits, an audit plan SHALL be developed and sent to the client at least two 1410
weeks prior to the audit. 1411
1412
14.2.3 The Stage 1 audit SHALL be performed by the proposed Stage 2 Lead Auditor. 1413
1414
14.2.4 The Stage 1 audit steps SHALL generally be as described in Table 4 . 1415
1416 Audit Step
Audit Activity
1 Opening Meeting
2 Overview Tour (Including Canteen, Dormitory, Clinic, and Crèche, as appropriate)
3 Meeting with Workers Representative(s)
4 Meeting with Management to Confirm Understanding of SA8000, Confirm scope, Review Answers to SAAS Pre-Audit Questionnaire
5 Confirmation of Subcontract Labor on Site (Such As Cleaners, Canteen Staff, Refuse Collectors, Clinic Nurses And Doctors, Dormitory And Security Guards)
6 Availability of Documents
7 Review of Management System Documentation Including Management Review And Internal Audits
8 Confirm Stage 2 Audit Plan And Logistics for Audit
9 Closing Meeting
1417 Table 4 - SA8000 Stage 1 Audit Steps 1418
1419 14.3 Stage 1 Audit Outcomes 1420
1421
14.3.1 Stage 1 audit findings SHALL be documented using the standard SAAS report template. 1422
1423
14.3.2 In determining the interval between Stage 1 and Stage 2 audits, consideration SHALL be 1424
given to the need for the client organisation to resolve areas of concern identified during the 1425
Stage 1 audit. 1426
1427
14.3.3 The CB SHALL justify the time period between the Stage 1 and Stage 2 audits with a 1428
documented explanation of how the client can move from Stage 1 to Stage 2. 1429
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 42 of 95
1430
14.3.4 No more than 6 months SHALL be allowed to pass between the end of the Stage 1 audit and 1431
the first day of the Stage 2 audit. If more time is required, the CB SHALL conduct an 1432
additional Stage 1 audit. 1433
1434
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 43 of 95
1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445
1446
Section 15 1447
1448
Stage 2 Audits 1449
1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 44 of 95
1481 1482
15. Stage 2 Audits 1483 15.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.3.1.3) 1484
1485
15.1.1 The evaluation of the effectiveness of the SA8000 management system and associated 1486
performance elements SHALL include an assessment of how effectively the management 1487
system(s) is deployed, as evidenced by workplace policies and supporting evidence, 1488
including whether or not it is implemented within the organisation’s overall objectives. 1489
1490
15.1.2 An important part of the Stage 2 audit process is the conduct of interviews with workers and 1491
other personnel, as detailed in the Interview (15.8) section of this document. 1492
1493
15.1.3 CBs SHALL have a documented procedure that describes how it performs an SA8000 1494
Certification (Stage 2) Audit that SHALL follow ISO/IEC 17021 clause 9.3.1.3 and generally 1495
follow the guidelines as outlined in Table 5, below. Please see Procedure 200 Annex for 1496
integration of Social Fingerprint (SA8000:2014 Auditor Guidance for Social Fingerprint) into 1497
the Stage 2 audit process. 1498
1499 Audit Step
Stage 2 Audit Activity
1 Opening Meeting
2 Quick Overview Tour - including canteen, dormitory, clinic and crèche as appropriate
3 Confirmation of records required for interviews
4 Management Interviews
5 Management System Elements Review (including: Policies, Procedures and Records, Social Performance Team, Identification and Assessment of Risks, Monitoring, Internal Involvement and Communication, Complaints Management and Resolution, External Verification and Stakeholder Engagement, Corrective and Preventive Actions, Training and Capacity Building, Management of Suppliers and Contractors.)
6 Workers Representative Interview & Social Performance Team Interviews
7 Health & Safety & Working Conditions Tour - including in situ worker interviews and selection of production records
8 Subcontractor Interviews such as - cleaners, canteen staff, clinic nurses, doctors, dormitory managers and security guards
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 45 of 95
9 Employee Interviews - including staff, junior managers, first aiders, emergency response team members
10 Worker Interviews
11 Document & Record Review - Working Hours, Payroll, Living Wage, Cost Accounting
12 Pre-Closing Meeting Preparation
13 Closing Meeting
1500 Table 5 - SA8000 Stage 2 Audit Steps 1501
1502
15.1.4 CBs SHALL undertake a full and fair evaluation of the client’s management system and its 1503
performance by determining the effectiveness of the client’s policies and procedures to 1504
demonstrate conformance to SA8000 requirements. The CB SHALL document evidence to 1505
show conformance to the elements beyond the policies and procedures created. 1506
1507
15.1.5 In extreme circumstances, an audit SHALL be terminated for lack of proper or adequate 1508
system implementation. In this case, a report SHALL be produced that covers the activities 1509
performed until the audit was terminated. If a Stage 2 audit is terminated, the audit SHALL be 1510
repeated from the very beginning of the Stage 2 process, if the applicant continues to seek 1511
certification. 1512
1513
15.2 General Audit Steps 1514
1515
15.2.1 General - (ISO/IEC 17021-1:2015 Clauses 9.4.) - The processes described in ISO/IEC 1516
17021-1:2015 Clauses 9.4. SHALL be followed. The following offers some guidance on the 1517
audit steps of an SA8000 Stage 2 audit and also contains some mandatory requirements that 1518
all CBs SHALL follow. 1519
1520
15.3 Opening Meeting - (ISO/IEC 17021-1:2015 Clauses 9.4.2) 1521
1522
15.3.1 See www.saasaccreditation.org/accreditation-requirements for guidance on managing the 1523
opening and closing meeting. 1524
1525
15.3.2 Senior Management of the client organisation SHALL be requested to attend the Opening 1526
Meeting. As applicable, this SHALL include management representatives for health and 1527
safety; payroll; production schedules; time and attendance monitoring and labor & 1528
ethics/social accountability compliance. 1529
1530
15.3.3 Workers Representatives SHALL be requested to attend the Opening Meeting. 1531
1532
15.3.4 An attendance sheet SHALL be completed by all those who attend the Opening Meeting. 1533
1534
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 46 of 95
15.3.5 The CB’s Code of Ethics/Anti-bribery Statement SHALL be signed at the Opening Meeting by 1535
the organisation’s senior management. 1536
1537
15.3.6 The list of documents that are required to be submitted by the organisation for review by the 1538
CB SHALL be tabled. 1539
1540
15.3.7 The client SHALL be reminded of the need to take pictures and copies of documents and 1541
photographs of the premises for evidence of conformance. 1542
1543
15.3.8 It SHALL be stated that workers will be selected at random to be interviewed and those who 1544
are SHALL be compensated in the same manner as if working at their regular job and will not 1545
be otherwise disadvantaged by being chosen for interview. 1546
1547
a) It SHALL also be stated that all those interviewed will be given a contact card with contact 1548
details for the auditors, CB and SAAS and that the organisation SHALL not require the 1549
interviewee to return the contact details to the organisation. Contact information SHALL also 1550
be available on all SA8000 information accessible to workers. 1551
1552
b) It SHALL be explained that the aim of distributing the contact cards is to provide additional 1553
assurance and communication means for the workers. 1554
1555
c) Cards will also be distributed randomly to workers during the organisation walkthrough. 1556
1557
15.3.9 It SHALL be stated that the CB team will choose an area during the overview tour where they 1558
will undertake confidential interviews of workers and no management may be present at the 1559
time of the interview. 1560
1561
15.3.10 If the organisation has retained a consultant to help it achieve SA8000 certification, the 1562
consultant may attend the Opening and Closing Meetings but may not represent the 1563
management of the organisation during the audit. If in attendance, they SHALL be silent 1564
observers. 1565
1566
15.4 Organisation Overview Tour 1567
1568
15.4.1 Auditors SHALL have access to all parts of the facility and SHALL confirm all buildings and 1569
locations that the organisation operates. 1570
1571
15.4.2 All areas of the organisation are to be briefly toured (including canteen, dormitory, clinic and 1572
crèche and all other employer-provided worker service facilities as appropriate). This SHALL 1573
include any areas under construction or renovation and any temporary work areas to verify: 1574
1575
a) Any changes from the Stage 1 Audit 1576
1577
b) Identification of potentially Hazardous Areas of Work 1578
1579
c) Identification of any major structural problems that are clearly evident 1580
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 47 of 95
1581
d) Potential Candidates for Interview. 1582
1583
15.4.3 The organisation SHALL provide a simple layout drawing/plan of their premises that includes 1584
all buildings and floors and canteen, dormitory, clinic and crèche and all other employer-1585
provided worker service facilities as appropriate, including any areas under construction or 1586
renovation. This plan SHALL be filed as a hard or soft copy in the client file. 1587
1588
15.4.4 The CB’s SA8000 Lead Auditor SHALL identify and note the location of the posted copies of 1589
the SA8000 Standard during this tour to demonstrate that the organisation has openly 1590
displayed the SA8000 Standard. 1591
1592
15.4.5 The CB’s SA8000 Lead Auditor SHALL give contact cards randomly to workers during the 1593
organisation tour so workers may be in contact with the CB directly after the audit, as not all 1594
workers will be interviewed. 1595
1596
15.5 Organisation Health & Safety & Working Conditions Tour (OHS) 1597
1598
15.5.1 This SHALL be the detailed tour where ALL areas of the organisation are viewed, particularly 1599 with respect to the need to comply with the SA8000:2014 Performance Indicator Annex. 1600
1601 15.5.2 In order for an organisation to be certified to SA8000, all facility and building areas must be 1602
accessed by auditors. This includes any areas under construction or renovation, in which 1603 case auditors SHALL be provided with protective equipment as necessary. 1604
1605 15.5.3 During the OHS tour, it is expected that some workers will be chosen for a brief interview 1606
about general issues. The interviewees SHALL be taken to an area out of earshot of others 1607 but preferably still near to their workstation. 1608
1609 15.5.4 It is recommended that notes not be taken during these interviews but be made immediately 1610
after each interview. If notes are taken during the interview, the auditor SHALL explain to the 1611 worker the purpose of the notes, assure confidentiality to the interviewee and get their 1612 permission to take notes before the interview commences. 1613
1614 15.5.5 Production/process documents SHALL be copied for further review (a digital picture of the 1615
document is an acceptable alternative) for issues such as rest day working, overtime, etc. 1616 1617
15.5.6 Interviews of subcontractors may also be performed during the OHS tour. 1618
1619
15.6 Confirmation of Documents & Records for Review 1620
1621
15.6.1 The CB’s SA8000 audit team SHALL review the list of required documents and records given 1622
to the organisation and ascertain when they can expect to receive these so as to be of 1623
maximum use during the audit. The CB SHALL use the SAAS Standard Documentation 1624
Template see www.saasaccreditation.org/accreditation-requirements for this purpose or their 1625
own equivalent document. 1626
1627
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 48 of 95
15.6.2 The personnel files, time and attendance and remuneration records SHALL be checked for all 1628
the interviewees chosen, as well as additional personnel as indicated in column 2 and 3 of 1629
Table 6, below. 1630
1631
15.6.3 The minimum number of personnel/worker records to be reviewed at Initial (Stage 2) and 1632
Recertification Audits SHALL be at least as per Table 6, below. 1633
1634
1635 Table 6 – Initial (Stage 2) Audit - No. Of Records to Be Reviewed 1636
1637 15.7 Management System Review 1638 15.7.1 SA8000 requires a management system approach to implementing social accountability with 1639
performance indicators to show the organisation meets the SA8000 standard consistently and 1640 that non-conformities are identified internally and corrected effectively. 1641
1642 15.7.2 The management system established by the organisation must follow the classic Plan-Do-1643
Check-Act [PDCA] principle. The PDCA approach is relevant and applies to social, 1644 environmental, health and safety management systems. 1645
1646 15.7.3 If non-conformities are found through evaluation of performance criteria, those CARs SHALL 1647
be issued relative to gaps in the organisation’s management system. 1648 1649 15.7.4 An SA8000 Stage 2 certification audit SHALL fully evaluate the effectiveness of the SA8000 1650
management system, its linkages, its requirements and its performance. This is facilitated 1651 through the use of the Social Fingerprint Independent Evaluation. 1652 1653
15.7.5 The review of the management system of the client organisation SHALL be based on a 1654 process and risk management approach and include a review of the items in Table 7, below. 1655
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 49 of 95
1656 a) Policies, Procedures and Records b) Social Performance Team
c) Identification and Assessment of Risks
d) Monitoring
e) Internal Involvement and Communication
f) Complaint Management and Resolution
g) External Verification and Stakeholder Engagement
h) Corrective and Preventive Actions
i) Training and Capacity Building j) Management of Suppliers and Contractors
1657 Table 7 - Management System Elements 1658
1659 15.7.6 Photographs 1660
a) To provide supporting evidence of audit outcomes, photographs SHALL be taken as a 1661 record of the audit. 1662 1663 b) The photographs SHALL provide positive reporting showing conformance (or non-1664 conformance) to the elements of the Standard. 1665
1666
c) Photographs SHALL be taken of the following, as applicable and described in Table 8. 1667
1668 1. SA8000 Standard (s) 2. Evacuation Exits
3. Organisation Building/ Premises
4. Evacuation Drills
5. Work Floor(s) 6. Warehouse
7. Dormitory 8. Supporting Facilities (e.g. sewage treatment, boiler, generator)
9. Canteen 10. Attendance Record System
11. Chemical Storage Area 12. Work-In-Progress
13. Personal Protective Equipment
14. H&S Non-compliances
15. Fire Fighting Equipment 16. Best Practice
17. All Organisation’s documents reviewed as a part of the management systems
1669 Table 8 - Photographs Required 1670
Note: Other than identified above, photographs should be kept to a minimum and not include 1671 those of proprietary processes or individual workers. If the client organisation refuses 1672 permission to take photographs this SHALL be clearly stated in the audit report. 1673
1674 1675
15.8 Interviews 1676 15.8.1 Management interviews 1677 1678
a) Discussions will be held to establish the general thoughts of the management of the 1679 organisation with respect to the implementation by the organisation of their SA8000 1680 management system. 1681
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 50 of 95
1682 b) The Pre-Audit Questionnaire will be reviewed with the management of the organisation to 1683 ensure that all information is current and accurate. 1684
1685 c) The CB SHALL use the SAAS Standard Interview Template see 1686 www.saasaccreditation.org/accreditation-requirements for this purpose or their own 1687 equivalent document. 1688
1689 15.8.2 General personnel interviews (including staff and junior managers, first aiders, firemen) 1690
1691 a) Discussions will be held to establish the general thoughts and awareness of the personnel 1692 of the organisation with respect to the implementation by the organisation of their SA8000 1693 management system. 1694 1695 b) A representative number of personnel will be chosen by the CB Audit Team. 1696 1697 c) The CB SHALL use the SAAS Standard Interview Template or their own equivalent 1698 document for this purpose. 1699
1700 15.8.3 Workers representative(s) interview 1701 1702
a) Discussions will be held to establish the thoughts of the Workers representative(s) with 1703 respect to the implementation by the organisation of its SA8000 management system, 1704 general working conditions, Freedom of Association (FOA), and other elements of the 1705 Standard within the organisation. 1706
1707 b) The Workers representative(s) SHALL be asked to describe any Collective Bargaining 1708 Agreement (CBA) in place in the organisation. 1709
1710 c) The CB SHALL use the SAAS Standard Interview Template for this purpose or their own 1711 equivalent document. 1712
1713 15.8.4 Confidential Worker Interviews - it SHALL be remembered at all times that the purpose of 1714
worker interviews is to obtain information that may act as a signpost to issues that require 1715 further examination by the SA8000 auditor. 1716
1717 a) The results of discussions from worker interviews are generally anecdotal. 1718
Information obtained from worker interviews SHALL be noted and brought forward for 1719 further investigation throughout the current and future audits. If significant 1720 corroborating testimony or other evidence does not support information obtained 1721 during worker interviews, the CB SHALL institute off-site worker interviews and/or 1722 unannounced audits to identify further evidence to see if a non-conformity exists. 1723
1724 b) Workers SHALL be interviewed in a confidential setting without any supervision or 1725
management personnel present. If a trade union exists, the trade union 1726 representative shall be permitted to attend the interview at the request of the 1727 interviewee. 1728
1729 c) The CB SHALL maintain a list of interviewees. This list SHALL NOT be shared with 1730
the client organisation/management. This list SHALL be used to ensure that different 1731 individuals are interviewed during subsequent audits or to do follow-up interviews at 1732 future audits, and the list of those interviewed SHALL be provided to the auditor prior 1733 to each audit. 1734
1735
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 51 of 95
d) All interviews conducted by the SA8000 auditor SHALL include a verification of 1736 information regarding how the workers can communicate with the CB and SAAS 1737 regarding their concerns, or any additional information related to the audit. The 1738 auditor SHALL provide workers with the necessary contact information or 1739 alternatively, ensure that such information is made available to the workers by the 1740 CB’s client through appropriate methods. 1741
1742 e) The number of workers interviewed is as per Table 9 – Initial (Stage 2) Audit Number 1743
of Workers To Be Interviewed. 1744 1745
f) The format for the number of workers interviewed is, at minimum, as per Table 9 – 1746 Initial (Stage 2) Audit Number of Workers To Be Interviewed below. If the auditor has 1747 reason to vary from the table provided, this SHALL be documented in the client file. 1748
1749
1750 Table 9 – Initial (Stage 2) Audit Number of Workers To Be Interviewed 1751
1752
g) The total of personnel interviewed can be by a mixture of off and on-site interviews. 1753 1754
h) Off-site interviews SHALL be undertaken, at minimum, for clients based in highest 1755 risk countries. In this case, at least a minimum of 2 workers to a maximum of 10 1756 workers SHALL be interviewed off-site. Off-site interviews should be at a location 1757 where workers feel comfortable to share their opinions about work conditions. 1758 Dormitories without security guards present, apartments shared by workers, and 1759 entertainment facilities such as a karaoke center or billiards room can be good places 1760 to conduct interviews. Auditors can consult with local organisations trusted by 1761 workers for good locations. 1762
1763
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 52 of 95
15.8.5 Interview of on-site subcontract labour and suppliers 1764 1765
a) Discussions SHALL be held to establish the general thoughts and awareness of the 1766 personnel of on-site subcontractors and suppliers (such as cleaners, canteen staff, 1767 construction crews, clinic nurses and doctors, dormitory and security guards). 1768
1769 b) Auditors SHALL identify the existence of migrant, temporary, contract and homeworker 1770 labourers and maintain interview questions particular to those labour situations. 1771 1772 c) A confirmation of understanding of their own employer’s SA8000 management system 1773 SHALL be confirmed. 1774
1775 d) Subcontract labour personnel and suppliers SHALL also be asked about the organisation’s 1776 working hours. Corroborating evidence can be be obtained from clinic and security guard 1777 logs. 1778
1779 e) A representative number of personnel SHALL be chosen by the CB Audit Team from each 1780 subcontractor; working hours, remuneration, discrimination, and employment contracts 1781 SHALL be examined. 1782
1783 f) The CB SHALL use the SAAS Standard Interview Template for this purpose or their own 1784 equivalent document. 1785
1786 15.9 Closing Meeting - (ISO/IEC 17021-1:2015 Clauses 9.4.7) 1787 1788 15.9.1 See www.saasaccreditation.org/accreditation-requirements for guidance on opening and 1789
closing meeting. 1790 1791 a) Senior Management SHALL be requested to attend the Closing Meeting. This SHALL 1792 include those responsible for health and safety; payroll; production schedules; time and 1793 attendance monitoring and Labor & Ethics/Social Accountability compliance. 1794 1795 b) Workers Representatives SHALL be requested to attend the Closing Meeting. If the 1796 Workers Representative is not in attendance, this SHALL be noted in the audit report. 1797
1798 c) An attendance sheet SHALL be completed by all those that attend the Closing Meeting. 1799 For those attending virtually, the auditor SHALL record their names. 1800
1801 d) If a consultant has been retained to help the organisation achieve SA8000 certification, the 1802 consultant may attend the Closing Meeting as an observer only. 1803
1804 e) The result of the audit, including the outcome of the Social Fingerprint Independent 1805 Evaluation (as applicable), SHALL be verbally summarized with translation into the 1806 language(s) of the workers representative(s) present if different from the language used. 1807
1808 f) Best practice demonstrated by the organisation SHALL be highlighted by the auditor. 1809
1810 g) The auditor SHALL leave a copy of any NCRs raised during the audit with the organisation. 1811
1812 1813
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 53 of 95
1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824
1825
Section 16 1826
1827
Surveillance Audits 1828
1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 54 of 95
1862
16. Surveillance Audits 1863 16.1 General - (ISO/IEC 17021-1:2015 Clauses 9.6.2) 1864
1865
16.1.1 The CB SHALL have a documented procedure that describes how it undertakes surveillance 1866
audits. 1867
1868
16.1.2 Unless otherwise described in this document, surveillance audits of SA8000 certified 1869
organisations SHALL be planned as described in Figure 2. The Social Fingerprint Independent 1870
Evaluation SHALL be implemented a different points within the certification cycle, as per the table in 1871
the Annex. 1872
1873 1874
1875 1876
Figure 2 - Surveillance during the SA8000 Certification Cycle 1877
16.1.3 All SA8000 certified organisations SHALL undergo periodic surveillance audits. The 1878
surveillance scheduling SHALL include at least those issues defined in ISO/IEC 17021-1879
1:2015 clause 9.6.2. 1880
1881
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 55 of 95
1882 16.1.4 The amount of time required for the SA8000 audit effort SHALL be as described in Table 17 1883
in section 20.5. 1884 1885
16.1.5 As per ISO/IEC 17021, clause 9.1.3.2, the certification cycle SHALL begin with the 1886
certification or recertification decision. The frequency of the surveillance audits SHALL be 1887
determined as per the requirements in this section. 1888
1889
a) The date of the first surveillance audit following the initial certification or recertification 1890
decision SHALL be not more than 6 months from the last day of the initial Stage 2 or 1891
recertification audit. 1892
1893
b) If a CB takes more than 6 months to make a certification or recertification decision after the 1894
last day of the initial stage 2 or recertification audit, the CB SHALL undertake an on-site audit 1895
of the client no later than 12 months from the last day of the Stage 2 audit. The CB SHALL 1896
also provide an explanation for the delay in rendering a certification decision. 1897
1898
16.1.6 Within the initial certification cycle, the frequency of surveillance SHALL be determined as 1899
follows: 1900
1901
a) All SA8000 certified organisations SHALL undergo a surveillance audit every six months, 1902
excepting those qualifying under 16.1.6b) below. 1903
1904
b) An exception to this policy, and only at the request of the certification client within the 1905
initial certification cycle: after the first six month audit and the second [twelve month 1906
(unannounced)] audit, micro-enterprises (as defined in this document) may be allowed to 1907
move to an annual surveillance schedule in lower risk countries only (see note below). If the 1908
number of personnel increases to more than ten within the initial certification cycle, the 1909
frequency of the required SA8000 surveillance audits SHALL revert to a 6 monthly semi-1910
annual surveillance schedule for that client. All moves to Annual Surveillance SHALL be 1911
documented and justified in the client file. 1912
1913
Note: This exception SHALL ONLY be applied to organisations in the lower risk category as 1914
identified in the SA8000 Certification Country Risk Assessment Process (see 1915
www.saasaccreditation.org/accreditation-requirements and Certification Country Risk 1916
Assessment Process in the Definitions section of this document). 1917
1918
16.1.7 For recertification applicants, at the request of their client, prior to undertaking recertification, 1919
the CB SHALL conduct an analysis of the SA8000 client in order to determine whether or not 1920
the organisation could be a candidate for less frequent surveillances. Based upon that 1921
analysis, the CB SHALL determine whether or not the SA8000-certified organisation is 1922
eligible for annual surveillances or must continue with semi-annual surveillances in the new 1923
certification cycle. 1924
1925
a) This analysis SHALL include a review of the organisation’s performance history throughout 1926
its previous certification cycle and the associated risk with reducing semi-annual 1927
surveillances. 1928
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 56 of 95
1929
b) At minimum, the CB SHALL evaluate the history of effectiveness of the organisation’s 1930
social accountability management system(s) as it considers moving the client to an annual 1931
surveillance schedule. 1932
1933
c) In addition to an effective management system, the client SHALL have demonstrated and 1934
documented improvement in that system and/or associated performance over the course of 1935
previous audits. 1936
1937
d) Only those clients in the lower risk countries may be a candidate for less frequent 1938
surveillances. Risk level is identified in the SA8000 Certification Country Risk Assessment 1939
Process (see www.saasaccreditation.org/accreditation-requirements and Certification 1940
Country Risk Assessment Process in the Definitions section of this document). 1941
1942
16.1.8 The CB SHALL document evidence of the analysis undertaken for each client and the 1943
conclusion reached based on this evidence. This evidence and subsequent conclusions 1944
SHALL be available for review by SAAS during accreditation audits. 1945
1946
a) For clients in their second and above certification cycle whose audits indicate continual 1947
improvement and who are in lower risk countries, as per 1948
www.saasaccreditation.org/accreditation-requirements, their surveillance audits may be 1949
reduced BUT the interval between each surveillance audit SHALL never be more than 365 1950
days. 1951
1952
b) The process for this analysis and resultant decision on frequency of audits SHALL be 1953
documented in the CB’s certification procedures, including the identification of the 1954
person/position authorized to take this decision and the required qualification criteria for this 1955
person to take this decision. 1956
1957
c) Any reductions utilised by the CB regarding surveillance frequency as described in this 1958
document SHALL BE part of a documented risk analysis. Records of this risk analysis SHALL 1959
be maintained. 1960
1961 d) All decisions to move clients to Annual Surveillance SHALL be documented and justified 1962
in the client file. 1963
1964
16.1.9 At least one surveillance audit per year SHALL be scheduled to include an assessment of the 1965
organisation during “high season or rush” activities. 1966
1967
16.1.10 Each surveillance audit SHALL re-examine, in addition to the items mentioned in Table 10 1968
below, additional SA8000 elements, so that all elements of the SA8000 Standard SHALL 1969
have been re-examined within each three year cycle. Although not all clauses of SA8000 will 1970
usually be audited during each surveillance audit, the items in Table 10 SHALL be audited on 1971
each surveillance audit. See the Procedure 200 Annex for integration of the Social Fingerprint 1972
Independent Evaluation into the surveillance process. 1973
1974
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 57 of 95
1975
a) Verification of the number of personnel covered by the scope.
b) The review of the management system elements of management review, internal audits and corrective action.
c) Response to any complaints received. d) Worker training and worker awareness and understanding of the client’s SA8000 system in place.
e) Effectiveness of the root cause analysis, corrective and preventive action taken as a result of non-conformities raised during the previous audit (s) by the CB.
f) Effectiveness of the health and safety management system in place, including number of incidents since the previous audit and analysis of any fatalities, any serious accidents, and any potentially hazardous events including fires, spills of toxic chemicals, explosions.
g) Activities of the Worker Representative(s) since the previous audit.
h) Analysis of working hours and remuneration (including during high season, if any) since the previous audit.
i) Comparison between in the CB’s calculated current living wage and the process and number that is calculated by the certified organisation.
j) Use of claims made by the client about their SA8000 certified status including the use of CB and SAAS SA8000 mark.
k) Update of the client’s SA8000 audit records.
l) Confirmation that the SA8000 Standard is posted in prominent location(s) including in field offices.
m) A site tour of facilities SHALL be mandatory on every on-site audit.
1976 Table 10 - Mandatory Items to Be Audited During Surveillance Audits 1977
16.1.11 The client organisation’s social accountability target objectives and performance indicators as 1978
described in Table 11 SHALL be identified and maintained with the client’s records so as to 1979
show improvement in conformance over time. 1980
1981 Item Each On-Site Surveillance Audit SHALL As A Minimum
Include An Audit Of:
1 Changes to the Organisation’s SA8000 Management System
2 Changes to the Organisational Structure
3 Progress Made Against Any Time-Bound Non-conformities
4 Close Out of Non-conformities Raised At Previous Audit Including Review of Corrective Action Verification
5 Management Systems Including Management Review, Internal Audit, Corrective Action
6 Complaints And Grievances and the Organisation’s Response
7 Worker Training and Awareness of Health and Safety And the SA8000 Management System
8 Overall Health and Safety Risk Assessment Including Review of Incidents and Accidents
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 58 of 95
9 Worker Representative Role And Activities
10 Working Hours
11 Living Wage Calculation By The Organisation
12 Use of SA8000 Certification Logo
1982 Table 11 – Targets & Objectives to Be Audited Each Surveillance Audit 1983
1984 16.2 Unannounced Surveillance Audits 1985
1986
16.2.1 All CBs SHALL conduct unannounced audits during every three-year certification cycle. The 1987
minimum and typical timeframe is detailed in Table 12 below. These audits SHALL be strictly 1988
unannounced, with no advanced notice to the organisation and all feasible precautions taken 1989
to avoid the organisation being aware in advance. 1990
1991
16.2.2 The CB SHALL maintain a procedure for determining the frequency of the unannounced 1992
audits, including criteria for increasing the number of unannounced audits, criteria for 1993
scheduling unannounced audits, the process for developing the audit plan and information for 1994
planning and undertaking the unannounced audit. See 1995
www.saasaccreditation.org/accreditation-requirements for further guidance. 1996
1997
16.2.3 The frequency for unannounced surveillance audits is based on the country risk indicators as 1998
per the definition of Certification Country Risk Assessment Process in this document and 1999
information found at: www.saasaccreditation.org/accreditation-requirements. Additional 2000
consideration SHALL be based upon the ongoing performance of the certified organisation. 2001
The frequency of unannounced audits SHALL be increased as a result of complaints and 2002
reoccurring non-conformities. See also ISO/IEC 17021-1:2015 element 9.6.4.2. 2003
2004
16.2.4 At minimum, the CB SHALL use the country risk assessment criteria and unannounced 2005
guidance provided by SAAS at www.saasaccreditation.org/accreditation-requirements as the 2006
basis for developing the frequency of unannounced audits for each country where they have 2007
SA8000 certified organisations. 2008
2009
a) The CB will generate an unannounced surveillance audit plan for each client [using Table 2010
12 as guidance on the spacing of these audits based upon the risk ranking of the country]. 2011
Consideration SHALL also be based upon the CB’s knowledge of their client’s business and 2012
judgment as to when the unannounced audit is the most effective. 2013
2014
b) A Critical or Major CAR (or persistent issues) or the receipt of a complaint may necessitate 2015
the need for additional unannounced audits during the period of certification. 2016
2017
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 59 of 95
2018 2019
2020 Table 12 – Minimum Number and Recommended Timeframe of Unannounced Surveillance Visits - 6 Monthly 2021
Surveillance 2022
2023
2024 2025
Minimum Number of Unannounced Surveillance Visits – Annual Surveillance 2026
2027 16.3 Monitoring Certified Organisation Performance and Non-Conformity Trends Each 2028
Surveillance Audit 2029 2030
16.3.1 The performance of the client organisation to the requirements of SA8000 SHALL be 2031
monitored during each surveillance audit over the certification cycle. 2032
2033
16.3.2 The CB SHALL have a method by which to highlight to each auditor the issues that have 2034
occurred at all previous visits to enable that auditor to monitor trends. An example of a simple 2035
overview matrix can be found at www.saasaccreditation.org/accreditation-requirements 2036
2037
16.3.3 The CB SHALL also maintain a record of the client’s progress toward improvement in 2038
performance for each SA8000 element. These records SHALL be used as part of the process 2039
to decide whether or not the client can have their surveillance visits reduced to a 365 day 2040
cycle. 2041
2042 2043
16.4 Surveillance Audit Worker Interview and Record Review 2044 2045
16.4.1 The number of worker files to be reviewed at each surveillance audit SHALL be as Table 13 - 2046
Required Number of Worker Files to Be Reviewed Per Surveillance Audit below. 2047
2048
+6 Months +12 Months +24 Months
Country Risk
Type
Ranking
Index Surveillance 1 Surveillance 2 Surveillance 4
Highest 0-35 Unannounced Unannounced
High 36-65 Unannounced Unannounced
Lower 66-99 Unannounced
± 1.5 Month ± 1.5 Month ± 1.5 Month
Permitted
Variance On
Audit Date
Months After Stage 2 Audit
Months After Stage 2 Audit
- 365 Day Surveillance
+12 Months
Country Risk
Type
Ranking
IndexSurveillance 1
Lower 66-99 Unannounced
± 1.5 MonthPermitted Variance On
Audit Date
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 60 of 95
16.4.2 The format for the number of workers interviewed is, at minimum, as per Table 14 below. If 2049
the auditor has reason to vary from the table provided, this SHALL be documented in the 2050
client file. 2051 2052
2053 Table 13 - Required Number of Worker Files to Be Reviewed Per Surveillance Audit 2054
2055
2056 Table 14 - Surveillance Audit Number of Workers to Be Interviewed 2057
2058
Column 1 Column 2 Column 3 Column 4 Column 5
Number Of
Employees
No. Of
Individual
Interviews
No. Of Group
Interviews
Total
Employees
Interviewed
**Effective Time
Spent On Interviews
In Hours
1-10 * * * 30 mins
1-25 1 [1 Group of 2] 3 30 mins
26-100 2 [1 Group of 2] 4 45 mins
101-250 3 [1 Group of 2] 5 1.5
251-500 4 [1 Group of 3] 7 2.5
501-800 5 [1 Group of 3] 8 4.0
801-1200 5 [1 Group of 2] & [1 Group of 3] 10 5.0
1201-2000 6 [1 Group of 2] &[1 Group of 4] 12 5.5
2001-3000 6 [2 Groups of 2] & [1 Group of 3] 13 6.0
3001-6000 8 [2 Groups of 2] & [1 Group of 3] 15 6.5
6001-10000 8 [1 Group of 2] & [1 Group of 3] & [1 Group of 4] 17 6.5
10000-15000 9 [1 Group of 2] & [1 Group of 3] & [1 Group of 4] 18 7.0
15001-20000 10 [2 Groups of 2] & [2 Groups of 3] 20 8.0
Surveillance Audit - Workers To Be Interviewed & Hours To Be Spent On Interviews
* Note:
* As decided appropriate by the CB Lead Auditor.
** Approximate time.
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 61 of 95
2059 2060 2061 2062 2063 2064 2065 2066 2067
2068
Section 17 2069
2070
Recertification Audits 2071
2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 62 of 95
2105 2106
17. Recertification Audits 2107 17.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.6.3) 2108
2109
17.1.1 The CB SHALL have a documented procedure that covers the performance of recertification 2110
audits, including the Social Fingerprint Independent Evaluation process. 2111
2112
17.1.2 The process as described in Stage 2 Audits above SHALL be followed for all Recertification 2113
Audits. 2114
2115
17.1.3 Every recertification audit SHALL reassess the effectiveness of the entirety of the policies and 2116
actions defined in the client organisation’s social management system and the overall 2117
effectiveness of that management system in its entirety, taking into consideration internal and 2118
external changes which may have affected the social management system. 2119
2120
17.1.4 The CB SHALL document the process used and outcome for deciding whether a Stage 1 2121
audit is necessary for the recertification client. A Stage 1 audit may be deemed necessary if 2122
the certified organisation underwent a major change since the last certification audit such as 2123
a relocation, addition or deletion of locations of the organisation or the addition of business 2124
processes, shifts and/or number of personnel. 2125
2126
17.1.5 A new pre-audit questionnaire SHALL be sent to the client for completion and review at least 2127
one month before the recertification audit. The client SHALL also complete the Social 2128
Fingerprint Self-Assessment prior to the on-site recertification audit. 2129
2130
17.1.6 The audit effort for recertification SHALL be recalculated based on updated information to 2131
take into account changes to personnel numbers and other factors. Significant factors to 2132
consider SHALL include: the number of personnel, size and geographic spread of facilities, 2133
technology in the business services, shift patterns, labour sourcing, and/or a move from 2134
dormitories to living outside the factory. 2135
2136
a) In cases where there has been no significant change within the client organisation, the 2137
amount of audit effort SHALL be no less than 70% of that that used for the initial (Stage 2) 2138
Audit (see Table 15). The organisation may then be seen as a candidate for moving to annual 2139
surveillance. Refer to the Surveillance Audits section in this document. 2140
2141
b) In the case of a significant change, the CB SHALL recalculate the number of audit days 2142
required based on 70% of what the initial audit should be with the new and updated changes 2143
(see Table 15). Six-month surveillance audit periodicity SHALL be maintained in such cases. 2144
2145
c) The recertification audit SHALL BE performed at least 3 months before the expiry of the 2146
client’s SA8000 certificate. Due to seasonal and other matters, this period may be reduced 2147
but in no cases SHALL there be a gap between the old and new certification cycles. 2148
2149
17.1.7 If an organisation has its SA8000 certificate withdrawn by a SAAS-accredited CB for any 2150
reason and the client decides, within 6 months, to re-establish its SA8000 certification with 2151
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 63 of 95
the same CB, then this may be affected in line with the Recertification Audit requirements 2152
found in this section of the document. Any requests to re-establish its SA8000 certification 2153
after 6 months, or with a new CB, SHALL be treated as a new application and an initial Stage 2154
1 and Stage 2 certification audit shall be required. 2155
2156
17.1.8 If an organisation voluntarily decides to cancel its SA8000 certification and then decides 2157
within 6 months to re-establish its SA8000 certification with the same CB, then this may be 2158
affected in line with the Recertification Audit requirements found in this section of the 2159
document. Any requests to re-establish its SA8000 certification after 6 months, or with a new 2160
CB, SHALL be treated as a new application and an initial Stage 1 and Stage 2 certification 2161
audit shall be required. 2162
2163
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 64 of 95
2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176
2177
Section 18 2178
2179
Transfer Audits 2180
2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 65 of 95
2212
18. Transfer Audits (ISO/IEC 17021-1:2015 Clauses 9.5.3.3) 2213
[For further reference and guidance See - IAF MD 2:2007 - IAF Mandatory Document for the Transfer of 2214
Accredited Certification of Management Systems – Clauses 2.2 & 2.3] 2215
2216
18.1 General Requirements 2217
18.1.1 From time to time an organisation certified to SA8000 by a SAAS-accredited CB may decide 2218
to change its chosen CB. Although the preferred time of such a change is at the end of the 3-2219
year certification cycle, if an organisation elects to change its CB and to continue certification 2220
to SA8000 at any point, then the steps as below SHALL be followed. 2221
2222
18.1.2 All SAAS-accredited CBs SHALL have a documented procedure that describes how they 2223
affect transfers of SA8000 certification. 2224
2225
18.1.3 In all cases, the new CB SHALL obtain a copy of, at minimum, the last 2 SA8000 audit 2226
reports produced by the previous CB for review. If these reports are not available (from either 2227
the client or the former CB, or with assistance from SAAS) then a transfer CANNOT take 2228
place and the client SHALL be considered a new client and an initial certification Stage 1 and 2229
Stage 2 audit SHALL be conducted. 2230
2231
18.1.4 SAAS-accredited CBs SHALL provide a copy of their last two audit reports of a client that 2232
wishes to transfer to another SAAS-accredited CB at the request of that CB. 2233
2234
Note: It is an accreditation requirement (See SAAS Procedure 201A) that upon the transfer of 2235
SA8000 certification from one SAAS-accredited CB to another, that the former CB provides copies 2236
of their last two audit reports to the new CB along with any concerns that they may have about that 2237
client’s ability to meet the requirements of SA8000 in a consistent manner. 2238
2239
18.1.5 For transfer during or at the end of the certification cycle (i.e. a live and current SA8000 2240
certificate exists), the steps as detailed below SHALL be followed in sequence, before any 2241
transfer can occur: 2242
2243
a) The new CB SHALL be accredited by SAAS for the country of the transferee. 2244
2245
b) The existing client certificate SHALL be valid, with no open critical or major non-2246
conformities. If open critical or major NCs exist, no transfer audit may be undertaken. If 2247
the client is currently suspended with its existing CB, a transfer may not take place. 2248
2249
c) Any open minor non-conformities SHALL be addressed by a corrective action plan. 2250
2251
d) The new CB SHALL formally notify SAAS (and have received an affirmative reply in 2252
writing) of the transfer activity upon scheduling and prior to the on-site audit so SAAS 2253
may provide input on any known issues or outstanding complaints and/or concerns about 2254
the client. 2255
2256
2257
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 66 of 95
e) The new CB SHALL perform and document a review of, at minimum, the 2 most recent 2258
SA8000 audit report(s) and all non-conformity findings issued by the former CB, including 2259
those previously closed out. 2260
2261
f) The new CB SHALL perform and document a basic document review that includes the 2262
key indicators of the social management system performance. 2263
2264
g) The new CB SHALL perform and document an on-site audit equivalent to a recertification 2265
audit to effect a transfer of certificate; a Social Fingerprint Independent Evaluation shall 2266
be conducted as per the recertification requirements. 2267
2268
h) A new certification cycle shall commence with the issuance of a new SA8000 certificate 2269
to a transfer client. 2270
2271
18.1.6 Clients certified by organisations not accredited by SAAS are not considered recognized, 2272
valid SA8000 certificate holders. Therefore, those clients SHALL NOT be considered eligible 2273
to undergo the transfer process and initial certification audits SHALL be conducted. 2274
However, the CB SHALL read any and all social audit reports available. The accredited CB 2275
SHALL also report to SAAS any such clients that have received unaccredited SA8000 2276
certificates so SAAS may investigate the organisation issuing unaccredited SA8000 2277
certificates. The only exception to this prohibition SHALL be applicant CBs undergoing the 2278
accreditation process with SAAS. See Procedure 201A for details on the issuance of 2279
unaccredited SA8000 certificates by applicant CBs. 2280
2281
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 67 of 95
2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294
2295
Section 19 2296
2297
Special Audits 2298
2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 68 of 95
2331
19. Special Audits 2332 19.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.6.4) 2333
2334
19.1.1 The CB SHALL have a documented procedure that covers the performance of special audits 2335
with the possible need for access to the CB client’s premises (that may be announced or 2336
unannounced) included in the contractual agreement between the CB and their client. 2337
2338
19.1.2 The CB SHALL document in the client file the reason for the Special Audit, the process used 2339
and the outcome of the decision of the Special Audit. 2340
2341
19.1.3 Types of Special Audits. Special audits are typically performed for the following reasons: 2342
2343
a) Extension/expansion of a client organisation’s scope of SA8000 certification. 2344
2345
b) To investigate possible auditor bribery. 2346
2347
c) To investigate a complaint, whether generated internally, from a stakeholder, from a client 2348
organisation or from SAAS. 2349
2350
d) As part of a calibration/duplicate audit process. 2351
2352 2353
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 69 of 95
2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366
2367
Section 20 2368
2369
Audit Effort – Single Site 2370
2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 70 of 95
2403 2404
20. Audit Days – Single Site 2405
20.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.1.4) 2406
20.1.1 The overall audit time expressed in auditor days taken to audit an organisation against the 2407
requirements of the SA8000 Standard includes time to ensure adequate stakeholder 2408
engagement, remote auditing activities (including planning of the audit, review of the 2409
preparatory documents, writing the report and managing the general aspects of the job) as 2410
well as performing the on-site audit. 2411
2412
20.1.2 The CB SHALL calculate the time to spend on the audit by factoring in the sector complexity, 2413
perceived risk, country risk category (as determined by the SAAS Certification Country Risk 2414
Assessment Process), number of personnel, and off-site worker interviews to be conducted, 2415
where appropriate. The IAF/ISO approach is useful and CBs SHALL review IAF MD 5:2013 2416
for guidance on risk assessment and audit duration. However, the document itself cannot be 2417
fully adopted when certifying organisations to SA8000 as it is not possible to use the full-time 2418
equivalent approach for social audits. 2419
2420
20.1.3 Particular attention SHALL be paid when calculating the auditor days for the on-site audit as 2421
this is the most critical phase in the entire certification process and allows the auditor to 2422
assess full compliance to the SA8000 Standard elements and Performance Indicator Annex. 2423
2424
20.1.4 Table 15 defines the MINIMUM audit days for the stages of the initial audit. In some cases 2425
more audit days will be allocated by the CB. 2426
2427
20.1.5 The number of personnel in the organisation for use with the audit day table SHALL be 2428
calculated considering the total number of personnel (including seasonal, part-time and 2429
temporary workers, indirect workers, and subcontractors and on-site suppliers) paid by the 2430
client, either directly or through an employment agency or an on-site subcontractor. 2431
2432
a) Calculation of personnel SHALL be based on totals during the high season. 2433
2434
b) Calculation of personnel SHALL not be reduced by converting part-time personnel into full-2435
time equivalents. 2436
2437
20.2 Single Site Initial Certification Audit Effort 2438
2439
20.2.1 The audit effort used for SA8000 Initial Certification Audits SHALL be as Table 15. 2440
2441 20.2.2 When using Table 15, the following should be taken into account. 2442
2443 a) All activities (excluding preparation, remote auditing activities and audit reporting) are 2444 performed on-site. 2445
2446 b) Stage 2 preparation time includes research, audit Planning, living wage calculations and 2447 stakeholder consultation. 2448
2449
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 71 of 95
2450
Standard Audit Days
Column 1 Column 2 Column 3 Column 4
Number Of Employees
Stage 1 Audit & Social Fingerprint Review
& Stage 2 Preparation
Stage 2 Audit & Social Fingerprint Review &
Reporting Audit Days
Total Audit Days
1-25 1.5 2 3.5
26-100 2 3 5
101-250 2 4 6
251-500 2 6 8
501-800 2 7 9
801-1200 2 9 11
1201-2000 2 11 13
2001-3000 2 12 14
3001-6000 2 13 15
6001-10,000 3 14 17
10,001-15,000 3 15 18
15,001-20,000 3 16 19
Table 15 - Single Site Initial Certification Audit Effort in Days 2451
2452
c) The use of translators and interpreters, in most cases, SHALL necessitate additional time 2453
(See ISO 17021:2015 Clause 9.1.4.4). If a translator is used, then the CB SHALL justify the 2454
number of audit days used. 2455
2456
d) An audit performed for the first time in a new country for the CB may necessitate additional 2457
time. The CB SHALL justify the number of audit days used for the certification of an 2458
organisation in a new country. 2459
2460
e) Fractionalization of prescribed audit days resulting in half days may occur as per the audit 2461
day tables found in this document. As a result, half day audits are allowed at those SA8000 2462
certified organisations under the SAAS Procedure 200. 2463
2464
20.2.3 No reductions in audit days are permissible for any reason except for organisations that have 2465
progressed from the BSCI Code of Conduct Program to SA8000 certification, as described in 2466
Table 16. This exception is applicable due to the oversight activities performed by of the BSCI 2467
system. 2468
2469
20.2.4 An audit day SHALL be defined as a full normal working day of 8 hours, excluding meals and 2470
breaks and travel time to and from the audit, and travel time between facilities, if the 2471
organisation has for example two or more locations. 2472
2473
a) The number of audit days SHALL not be reduced by scheduling longer hours per work day. 2474
The only exception is on days when shift work is being covered (see Table 1). 2475
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 72 of 95
2476
b) A hard copy of the CB’s audit plan SHALL be marked up by hand with the arrival times and 2477
departure times of the SA8000 audit team and to show any changes to the planned audit 2478
paths. This marked up copy SHALL be kept by the CB as an audit record. 2479
2480
2481
20.3 BSCI Audit Days-Reduction 2482
2483
20.3.1 The reduction in audit effort as described in Table 16 MAY be used if an organisation has 2484
been subject to a BSCI Code of Code Audit in the 6 months preceding the initial Stage 2 2485
SA8000 certification audit and has achieved an overall “A” [Outstanding] or “B” [Good] rating 2486
for all performance areas under the BSCI Code Of Conduct audit rating system. 2487
2488
20.3.2 Audit days undertaken at a BSCI audit within the previous 6 months SHALL be allocated and 2489
applied to the SA8000 Stage 2 certification audit, resulting in reducing the amount of days 2490
required for the initial Stage 2 on-site SA8000 audit. 2491
2492
Standard Audit Days-BSCI Allowance
Column 1 Column 2 Column 3 Column 4
Number Of Employees
Stage 1 Audit & Social Fingerprint Review
& Stage 2 Preparation
Stage 2 Audit & Social Fingerprint Review &
Reporting Audit Days
Total Audit Days
1-25 1.5 1.5 3
26-100 2 1.5 3.5
101-250 2 1.5 3.5
251-500 2 3 5
501-800 2 3.5 5.5
801-1200 2 5 7
1201-2000 2 6.5 8.5
2001-3000 2 7.5 9.5
3001-6000 2 8.5 10.5
6001-10,000 3 9.5 12.5
10,001-15,000 3 10.5 13.5
15,001-20,000 3 11.5 14.5
2493 Table 16 - Initial BSCI Allowance Audit Days 2494
20.3.3 In order to apply this reduction, the CB SHALL have access to and SHALL review the BSCI 2495
audit report. 2496
2497 20.4 Initial Audit Days for CB’s First Certification in a New Country 2498
2499
20.4.1 Prior to performing any SA8000 audit activity in a new country, the CB must apply for and be 2500
granted an Expansion to Scope. See Procedure 201A for process details. 2501
2502
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 73 of 95
20.4.2 When performing the first SA8000 audit in a new country, the CB SHALL increase the audit 2503
days described in Table 15 by 20%. 2504
2505 2506
20.5 Single Site Surveillance Audit Effort 2507 2508
20.5.1 Surveillance audits SHALL be scheduled as per the details in Section 16 above. 2509
2510
20.5.2 The number of days allocated to a surveillance audit SHALL be based on the Stage 2 initial 2511
certification audit days. In the case where an organisation has been the subject of a 2512
recertification audit and there were significant changes in the number or personnel or 2513
activities, then the surveillance audit effort SHALL be based on the new recalculated value. 2514
2515
20.5.3 A contract review SHALL be performed prior to each audit to understand changes in 2516
employment during the audit cycle and, as necessary, adjust the audit day effort. This 2517
SHALL be performed and documented as part of the audit planning at least 4 weeks ahead of 2518
the audit date (except for unannounced audits). 2519
2520
20.5.4 Table 17 provides the number of audit days required on-site per individual audit with 2521
fractionalization of the prescribed audit days being permitted. 2522
2523
2524 Table 17-Single Site Surveillance Audit Effort 2525
2526 2527
Column 1 Column 2 Column 3
Number Of
Employees
*Annual Surveillance
Effort Excluding
On Site Reporting
*6 Monthly
Surveillance
Effort Excluding
On Site Reporting
1-25 2.0 1
26-100 2.0 1
101-250 2.0 1
251-500 3.0 2
501-800 4.0 2
801-1200 4.0 2
1201-2000 4.0 2
2001-3000 5.0 3
3001-6000 5.0 3
6001-10,000 6.0 3
10,001-15,000 6.0 3
15,001-20,000 6.0 3
Single Site Annual & Six Monthly Surveillance
Note:
*Including a Social Fingerprint evaluation when appropriate.
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 74 of 95
2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540
2541
Section 21 2542
2543
Multiple Sites 2544
2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 75 of 95
2576 2577
21. Multi-site Certification Audits 2578 21.1 Background and Context 2579 2580
21.1.1 The rationale of a multi-site certification audit program is to reduce audit costs without notably 2581
increasing risk. A client organisation SHALL only be offered a multi-site certification if it is in 2582
full conformance with the requirements of Section 21.2. 2583
2584
21.1.2 Within the SA8000 system, the scope of SA8000 certificates can be divided into three sector 2585
types, each requiring a specific approach for multi-site auditing. These being: 2586
I. Manufacturing 2587
II. Service 2588
III. Farms and Plantations 2589
2590
21.1.3 The decision to apply a multi-site certification process SHALL be instigated by the CB’s client 2591
by making a request to the CB. Should the CB be satisfied that the requirements of Section 2592
21.2 are met in full by their client, then a multi-site certification approach may be adopted and 2593
the client notified formally in writing. 2594
2595
21.2 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.1.5) 2596
21.2.1 A multi-site organisation SHALL be defined as an organisation having an identified central 2597
function (central office or headquarters or head office) at which activities are planned, 2598
controlled, and/or managed with a network of offices, branches or sites at which activities are 2599
carried out. The organisation SHALL have a common management system which has 2600
established policies and procedures to manage all sites. The sites SHALL be subject to 2601
internal audits and surveillance by the head office. Multi-site SA8000 certificates SHALL be 2602
allowed except as defined in Section 10.1 Requirements. 2603
2604
21.2.2 The IAF/ISO approach to multiple sites is useful and CBs SHALL review IAF MD 1:2007 and 2605
IAF MD 5:2013 for guidance on sampling. However, the documents themselves cannot be 2606
fully adopted when certifying organisations to SA8000. In a social accountability context 2607
where every worker and every location is important, it is not credible to certify an organisation 2608
if only some selected sites and work locations have been audited within the certification cycle, 2609
especially as regional laws in some countries vary from state/province. The full-time 2610
equivalent concept is also not relevant to SA8000 certification when planning audit effort. 2611
2612
21.2.3 The CB SHALL have a documented procedure for determining the sampling to be taken 2613
when auditing sites as part of the certification and surveillance of a multi-site organisation. 2614
2615
21.2.4 A multi-site audit scheme can be applied in SA8000 where multiple sites are assessed 2616
together in order to provide a group or country certificate (see IAF MD 1:2007 for further 2617
definitions). The following requirements apply before a CB can issue a multi-site certificate 2618
and audit program to SA8000 for a client organisation: 2619
2620
a) A multi-site organisation has a Head Office and 2 or more sites at which the same kinds of 2621
activities take place and where all sites operate under the same centrally managed system. 2622
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 76 of 95
2623
b) The certification scope SHALL be similar for all sites. The scope of the certificate SHALL 2624 be transparent and clear for all stakeholders to understand exactly what is included in the 2625 certification. Multi-site certification SHALL NOT apply to organisations where the sites have 2626 fundamentally dissimilar or unrelated processes or activities, even though they may be under 2627 the same management system. It is not acceptable that, in order to overcome the obstacle 2628 raised by non-conformities identified by a CB with respect to a particular site, that the 2629 organisation seek to exclude this site from the scope of the multi-site certification process. 2630
2631 c) The CB SHALL maintain a matrix listing all of the sites within the scope of the certificate, 2632 the locations, the schedule of auditing those sites and the plan to audit the sites as well as a 2633 record of all the nonconformities raised at each site. Development of this matrix SHALL 2634 include a risk analysis for assigning sampling of locations and number of days. 2635
2636 d) All sites that are to be included in the scope of a multi-site certificate SHALL be visited 2637 during the Stage 2 and Recertification audits and subsequently visited at least once during 2638 the 3 year certification cycle. 2639
2640 e) All sites in a “multi-site” audit scheme SHALL be located within the same country and they 2641 SHALL be certified by the same accredited CB that has certified the organisation’s 2642 headquarters. If the CB utilizes subcontractors to deliver certification services for the client, 2643 the same subcontracted body SHALL audit the client’s entire system. 2644 2645 f) The client SHALL clearly understand that, in the case of multi-site certificates, if the 2646 organisation fails to meet the requirements of SA8000 over subsequent audits, then the entire 2647 multi-site certificate SHALL be cancelled and each site SHALL be required to be certified 2648 autonomously. 2649
2650
21.3 Applicability of SA8000 Multiple-Site Certification 2651
2652
21.3.1 Multi-site certification to SA8000 SHALL only be offered if there is a centralized management 2653
system responsible for functions pertinent to specific SA8000 criteria. 2654
2655
21.3.2 The organisation SHALL have one designated and formally nominated SA8000 management 2656
representative and deputy at the organisation headquarters for the whole group of sites, as 2657
well as local management representatives at the additional sites, and the following SA8000 2658
requirements SHALL be MANAGED CENTRALLY at a designated organisation 2659
headquarters. The following activities SHALL be performed at the nominated Head Office: 2660
a) Authorisation and Control of the SA8000 Management System Documentation; 2661
b) Evaluation and control of corrective actions, including root cause analysis, correction and 2662
preventive action; 2663
c) Centralised Management Review that addresses all sites; 2664
d) Centralised Hazard Analysis and Risk Assessment activities; 2665
e) Centralised internal audit planning, delivery and evaluation of internal audit results. [Due 2666
to the reliance of the CB on the client’s own internal audit process to assess the sites 2667
within its own organisation, the CB Client’s Lead Internal Auditor SHALL have taken and 2668
passed the SAI-approved 3-day and 2-day Basic SA8000 Auditor Course.] 2669
f) Control of suppliers; 2670
g) Centralised management systems addressing HR function; 2671
h) Identification and management of training needs. 2672
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 77 of 95
2673
21.3.3 The client organisation SHALL conduct internal audits of ALL sites, at minimum annually. 2674
The results of these internal audits SHALL be available for review by the CB during the 2675
headquarters audit. 2676
2677
21.4 Multi-site Stage 2 Audit Effort – Head Office and Regional Office Audit All Sectors 2678
21.4.1 The organisation’s head office and regional offices Stage 2 initial certification audit SHALL be 2679
performed as normal and fully in line with the requirements of Section 20.2 Single Site Initial 2680
Certification Audit Effort. Please see the Procedure 200 Annex for integration of Social 2681
Fingerprint into all stages of the multi-site certification process. 2682
2683
21.4.2 The audit effort calculation for the initial Stage 2 certification audit for the Head Office and any 2684
Regional Offices SHALL be based on that as described in Table 15. 2685
2686
21.5 Multi-site Stage 2 Audit Effort for Sites – Manufacturing Sector and Plantations 2687
2688
21.5.1 Every site SHALL be visited during the Stage 2 audit but some in a limited manner. 2689
2690
21.5.2 The number of sites subject to a full audit are indicated in Table 18 Column 2. 2691
2692
21.5.3 The number of sites subject to a limited audit are indicated in Table 18 Column 3. 2693
2694
21.5.4 For sites requiring a full audit, as described in Column 2 in Table 18: 2695
a) The number of audit days SHALL be calculated separately per site based on the number of 2696
personnel per site. 2697
b) This calculation SHALL be based on that as described in Table 15 for each site. 2698
c) The only exception to this requirement is for sites that are less than 5km apart, in which 2699
case the number of employees may be added together (clubbed) for audit planning purposes. 2700
2701
2702 Table 18 - Multi-site Manufacturing Sites Full & Limited Audit Effort 2703
Column 1 Column 2 Column 3
Number
Of SitesFull Audit
Limited
Scope
Audit
1 1 0
2 2 0
3 3 0
4 2 2
5 2 3
6 2 4
7 3 4
8 3 5
9 3 6
10 3 7
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 78 of 95
2704
21.5.5 For sites requiring a limited audit, as described in Column 3 in Table 18: 2705
a) The number of audit days SHALL be calculated separately per site based on the number of 2706
personnel per site. 2707
b) This calculation SHALL be based on that as described Table 19 for each site. 2708
c) The only exception to this requirement is for sites that are less than 5km apart, in which 2709
case the number of employees may be added together (clubbed) for audit planning purposes. 2710
2711
2712 Table 19 -Multi-site Manufacturing Sites Limited Audit Effort 2713
2714
21.5.6 Except as described in the above paragraphs, audit day calculations for each site SHALL be 2715
calculated separately based upon the number of personnel at each individual site. Full-time 2716
equivalence is not permitted. 2717
2718
21.5.7 The Column 3 audits SHALL be of limited scope as and focus on health and safety, worker 2719
interviews and worker environment. 2720
2721
21.5.8 For more than 10 sites, the value in Table 18, Column 2 SHALL be the rounded square root 2722
of the Column 1 value. The Column 3 value = Column 1 – Column 2. 2723
2724 2725 21.6 Multi-site Stage 2 Audit Effort for Sites – Service Sector 2726
21.6.1 Every Regional Office/Site SHALL be visited during the Stage 2 audit but some in a limited 2727
manner. 2728
2729
21.6.2 The number of sites subject to a full audit are indicated Table 20 Column 2. 2730
2731
21.6.3 The number of sites subject to a limited audit are indicated in Table 20 Column 3. 2732
2733 2734
Number Of
Workers
Audit Days
Required
Number Of
Workers
Audit Days
Required
1-25 1 1201-2000 2.5
26-100 1 2001-3000 2.5
101-250 1.5 3001-6000 2.5
251-500 1.5 6001-10,000 3
501-800 2 10,001-15,000 3
801-1200 2 15,001-20,000 3.5
Multisite Companies - Stage 2 Site Audit - Days Per Site
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 79 of 95
2735 Table 20 - Multi-site Service Sector Sites Full & Limited Audit Effort 2736
2737
21.6.4 For sites requiring a full audit, as described in Column 2 in Table 20: 2738
a) The number of audit days SHALL be calculated separately per site based on the number of 2739
personnel per site. 2740
b) This calculation SHALL be based on that as described in Table 15 for each site. 2741
c) The only exception to this requirement is for sites that are less than 5km apart, in which 2742
case the number of employees may be added together (clubbed) for audit planning purposes. 2743
2744
21.6.5 For sites requiring a limited audit, as described in Column 3 in Table 20: 2745
a) The number of audit days SHALL be calculated separately per site based on the number of 2746
personnel per site. 2747
b) This calculation SHALL be based on that as described Table 21 for each site. 2748
c) The only exception to this requirement is for sites that are less than 5km apart, in which 2749
case the number of employees may be added together (clubbed) for audit planning purposes. 2750
2751
2752 Table 21 -Multi-site Service Sector Sites Limited Audit Effort 2753
2754
21.6.6 Except as described in the above paragraph, audit day calculations for each site SHALL be 2755
calculated separately based upon number of personnel at each individual site. Full-time 2756
Column 1 Column 2 Column 3
Number
Of SitesFull Audit
Limited
Scope
Audit
1 1 0
2 2 0
3 3 0
4 2 2
5 2 3
6 2 4
7 2 5
8 2 6
9 2 7
10 2 8
Number Of
Workers
Audit Days
Required
Number Of
Workers
Audit Days
Required
1-25 1 1201-2000 2.5
26-100 1 2001-3000 2.5
101-250 1.5 3001-6000 2.5
251-500 1.5 6001-10,000 3
501-800 2 10,001-15,000 3
801-1200 2 15,001-20,000 3.5
Multisite Companies - Stage 2 Site Audit - Days Per Site
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 80 of 95
equivalence is not permitted. 2757
2758
21.6.7 The Column 3 audits SHALL be of limited scope as and focus on health and safety, worker 2759
interviews and worker environment. 2760
2761
21.6.8 For more than 10 sites, the value in Table 20, Column 2 is the rounded cube root of the 2762
Column 1 value. The Column 3 value = Column 1 – Column 2. 2763
2764
21.6.9 During the Stage 2 Audit, at least 2% or 2 (whichever is the larger value) of work locations 2765
[premises not owned by the CB Client but at which work is performed by their workers] 2766
SHALL be audited per regional office. The audit SHALL be of 0.5 days minimum. 2767
2768
21.6.10 If the scope of an SA8000 certificate includes workers that work at permanent sites not 2769
owned and not controlled by client organisation [such as those workers employed by a 2770
staffing or cleaning agency] for the multi-site certification: 2771
a) These activities can ONLY be added to the Client’s SA8000 multi-site certification if the CB 2772
Client formally audits the site and maintains records of such audits. 2773
2774
b) A sample of these permanent sites SHALL be subject to internal audits each year by the 2775
CB’s Client as well as site audits by the CB. The on-site audits by the CB will be chosen by 2776
the CB at random throughout the certification cycle. 2777
2778
c) Should the CB not be permitted access to any of these permanent sites at any time for 2779
whatever reason, the Client’s multi-site certification SHALL be cancelled and withdrawn. 2780
2781 2782
21.7 Multi-site Surveillance Audit Effort – All Sectors 2783 2784
21.7.1 Because of the sampling required, multi-site certifications can never be considered for 2785
annual surveillance audits. The CB SHALL produce a surveillance plan/matrix that covers the 2786
complete 3-year certification cycle. 2787
2788
21.7.2 The Client’s Head Office SHALL be audited at least every six months. The audit day 2789
calculation for these audits SHALL be calculated as per Table 17. 2790
2791
21.7.3 The Client’s Regional Offices SHALL be audited at least once every 3 year certification cycle. 2792
The audit day calculation for these audits SHALL be as Table 17. 2793
2794
21.7.4 In the service sector, where work is undertaken at permanent sites not owned by the certified 2795
organisation, the CB SHALL perform a risk assessment to develop a surveillance strategy for 2796
those permanent sites. The remoteness of location or expense of travel SHALL not have an 2797
effect as to whether a location should be visited or not. This risk assessment SHALL result in 2798
identifying and adding the appropriate permanent sites to be visited to the CB’s surveillance 2799
plan/matrix for the client’s 3 year certification cycle. 2800
2801
2802
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 81 of 95
21.8 Multi-site Recertification Audits – All Sectors 2803
2804
21.8.1 Recertification Audits SHALL be performed in the manner as for STAGE 2 initial certification 2805
audits using the same audit effort and full and limited audits. 2806
2807
2808
2809 2810 2811 2812
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 82 of 95
2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826
2827
Section 22 2828
2829
Non-Conformity Classification 2830
2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 83 of 95
2859
22. Non-Conformity Classification 2860 22.1 General - (ISO/IEC 17021-1:2015 Clauses 9.4.5; 9.4.9; 9.4.10 2861
22.1.1 As per the SA8000 Standard, the client organisation SHALL comply with national and other 2862
applicable laws. When such applicable laws and the SA8000 Standard address the same 2863
issue, the provision which affords the highest level of protection to workers SHALL apply. 2864
Please reference the SA8000 Standard, Performance Indicator Annex, SA8000 Guidance 2865
and other related documents for guidance and interpretation. 2866
2867
22.1.2 The SA8000 Certification is management systems based and all findings with respect to 2868
individual matters (such as the height of a fire extinguisher) SHALL be raised as examples of 2869
a weakness in a particular management system element of the certified organisation. The 2870
NC (or Corrective Action Request – CAR) as written by the SA8000 auditor SHALL identify 2871
the non-conformance with that element of the management system (e.g., the health and 2872
safety risk assessment performed by the organisation was inadequate as it did not ensure 2873
that fire extinguishers were mounted at the correct height). 2874
2875
22.1.3 SAI has issued an SA8000 Performance Indicator Annex (PIA) to support implementation of 2876
the SA8000:2014 and assessment of compliance against the requirements found in the 2877
Standard. It is a list of compliance indicators expected to be met by every organisation 2878
complying with the SA8000 Standard. The requirements in the PIA may be fully or partially 2879
required by local or national law and SHALL be used as a guide in identifying potential client 2880
non-conformity throughout the SA8000 audit process, although evaluation of every indicator 2881
during every audit is not mandatory. 2882
2883
22.1.3.1 Each performance indicator in the PIA constitutes a secondary reference, providing 2884
a quantitative or qualitative measure of performance directly related to one or more 2885
of the requirements of the SA8000 Standard itself. The PIA is not a standalone or 2886
normative document; it requires simultaneous reference to the related 2887
requirement(s) of the SA8000 Standard. 2888
2889
22.1.3.2 CB auditors SHALL use these indicators to evaluate the extent to which an 2890
organisation's activities/controls and social performance conform to each of the 2891
SA8000 Standard requirements. Therefore, the assessment planning and on-site 2892
audit shall include a process to review conformance with the indicators included in 2893
the PIA. 2894
2895
22.1.3.3 CB auditors shall use the information in the PIA to create and execute an audit plan 2896
in order to ensure that reviews of appropriate SA8000-related performance 2897
expectations are incorporated into the audit and determine conformance/non-2898
conformance with respect to SA8000 requirements. 2899
2900
22.1.4 NCs SHALL be written as a management system NC against the appropriate element of the 2901
SA8000 Standard and/or the relevant section of the organisation’s management system 2902
procedures. 2903
2904
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 84 of 95
2905
22.2 Non-Conformity Findings Classification 2906
22.2.1 Types of Non-Conformity: There are four types of audit non-conformity findings that may be 2907
raised as the result of an SA8000 Stage 2, Surveillance, Transfer, Recertification or Special 2908
Audit. These are as follows: 2909
a) Critical Non-Conformity 2910
b) Major Non-Conformity 2911
c) Minor Non-Conformity 2912
d) Time-Bound Non-Conformity 2913
2914
22.2.2 Violations observed during an SA8000 audit that, in the opinion of the CB Audit Team, 2915
require immediate action by the CB client are known as critical issues, zero tolerances or 2916
immediately reportable issues and SHALL require the CB Auditor to raise a Critical Non-2917
Conformity at the time of observing the violation. The CB auditor SHALL report the matter to 2918
the organisation immediately. In the case of such an issue, the CB Auditor SHALL 2919
immediately contact their CB to seek advice as to whether the audit should be aborted or 2920
continue. Lost revenue SHALL not be considered as to whether the audit should continue or 2921
not. 2922
2923
22.3 Non-conformity definitions 2924
2925
22.3.1 A CRITICAL non-conformity [CNC] SHALL be issued in the case of: 2926
2927
a) A grievous breach of the SA8000 Standard that results in severe impact to individual 2928
rights, life, safety and/or SA8000, SAI or SAAS’ reputation. That includes: 2929
1. a breach of ethical standards; 2930
2. immediate threats to workers lives; and/or 2931
3. grievous and intentional violations of human rights. 2932
2933
b) See also the Definitions section of this document for further clarification. 2934
2935 Note: In the case of an SA8000 certified organisation: the raising of a CNC by a CB results in 2936 the immediate suspension of the organisation’s SA8000 Certificate. 2937
2938
22.3.2 A MAJOR non-conformity is one or more of: 2939
2940
a) The absence or total breakdown of a system to meet an SA8000 requirement. A number of 2941
minor non-conformities against one requirement can represent a total breakdown of the 2942
system and thus be considered a major non-conformity; 2943
2944
b) A non-conformity that the judgment and experience of the SA8000 Lead Auditor indicates 2945
is likely either to: 2946
1. result in the failure of the social management system in meeting its goals and 2947
expectations or 2948
2. to materially reduce its ability to reliably assure control of its policies and 2949
directives in the workplace to protect its workers. 2950
2951
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 85 of 95
c) A MINOR non-conformity that has not been addressed, or for which no significant 2952
improvement has been made by the time of a follow-up audit, in spite the organisation’s 2953
commitment to resolve the issue. 2954
2955
d) A non-conformity that poses an imminent and immediate but not life-threatening threat to 2956
the health and safety of workers [in which case a Critical NC SHALL be raised]. 2957
2958
e) A Major non-conformity may be raised after the audit ONLY in the case where an auditor is 2959
concerned for their personal safety and the possible consequences that might arise if they 2960
raised the Major NC at the time of the audit. 2961
2962
f) A MAJOR non-conformity that has not been addressed or for which no significant 2963
improvement has been made by the time of a follow up audit, in spite of the organisation’s 2964
commitment to resolve the issue, SHALL lead to the organisation being issued a warning and 2965
moved toward suspension. 2966
2967
22.3.3 A Minor non-conformity is one or more of: 2968
2969
a) A failure or oversight in some part of the organisation's social management system relative 2970
to SA8000 that is not systemic in nature; 2971
2972
b) A single observed lapse in following one item of an organisation's social management 2973
system. 2974
2975
22.3.4 A Time-Bound Non-Conformity [TB NC]: 2976
Special non-conformities that can only be raised as a result of audit evidence and findings that show 2977
that the client organisation meets the local law BUT NOT the higher requirements of SA8000:2014 or 2978
vice versa. TB NCs CAN ONLY be raised for the findings as described in Table 22. 2979
2980
2981 SA8000 Element Time-Bound Non-
conformity Nominal Corrective Action Timeline
Maximum Corrective Action Timeline
Remuneration The client organisation pays workers the legal minimum wage but not a living wage
18 Months 24 Months
2982 Table 22 – Time-Bound Non-conformities 2983
2984 22.4 Non-conformity Format 2985
22.4.1 Each audit non-conformity finding SHALL have four distinct parts: 2986
a) The statement of non-conformity; 2987
2988
b) The grading of the non-conformity (critical, major, minor or time-bound); 2989
2990
c) Reference to the specific requirement in SA8000 audit criteria (including a summary of that 2991
requirement), AND additional reference to the applicable law, regulation, or other normative 2992
document, where appropriate; 2993
2994
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 86 of 95
d) The objective evidence observed that supports the statement of non-conformity. 2995
2996
22.4.2 The CB SHALL specify a time frame in which responses to critical, major, minor and time-2997
bound NCs must be addressed as per Table 23. The time frame refers to the number of days 2998
from the last day of the on-site audit. 2999
3000
a) TB NCs SHALL be addressed as per the Table 22. 3001
3002 Critical NC Major NC Minor NC
Corrective Action Plan Sent To CB Within
Corrective Action Completed Within
Corrective Action Plan Sent to CB Within
Corrective Action Completed Within
Corrective Action Plan Sent to CB Within
Corrective Action Completed Within
1 Week 1 Month 1 Month 3 Months 2 Months 6 Months
3003 Table 23 - NC Response & Close-Out Timescale 3004
b) The CB and client organisation shall agree on the timing for the organisation’s response 3005
for the NCs. In general, this will be as per Table 23. 3006
3007
c) Organisations shall not be issued an SA8000 certificate if there are any open CRITICAL 3008
or MAJOR NCs to SA8000. 3009
3010
d) Minor NCs may remain open for a specified period, not longer than 6 months, to allow 3011
sufficient time to close them effectively with on-site follow up at the next surveillance audit. 3012
3013
e) Corrective actions not completed within the allocated timing SHALL result in upgrading 3014
the NC and/or suspension or loss of the SA8000 certificate, depending on the nature of the 3015
lapse of the social accountability management system. 3016
3017
22.4.3 The CB is also encouraged to raise other categories of findings to provide added value to the 3018
organisation being audited. These categories of findings may include some combination of 3019
those listed below, with appropriate terminology and definition. 3020
3021
a) Observation (Obs) – this is where the CB can comment on best practice and ensure a 3022
value added component to each audit. 3023
3024
b) Opportunity For Improvement (OFI) – these are intended to indicate where practice is a 3025
little slack or inconsistent or systems may be improved. OFIs SHALL not be used where 3026
Minor NCs should have been raised and SHALL not constitute telling the client organisation 3027
what to do (i.e. consultancy). 3028
3029
c) CB Eyes Only Comments - Anecdotal, undocumented or unconfirmed statements or 3030
information that are relevant to the process SHALL be recorded by the CB but NOT included 3031
in the audit report to the CB’s client. These comments are then used to prepare the CB Audit 3032
Team for the next audit. 3033
3034
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 87 of 95
22.5 Closure of Non-Conformities during Audits 3035
3036
22.5.1 All non-conformities SHALL be recorded. Non-conformities SHALL NOT be closed by the CB 3037
during the audit in which they were issued. The CB SHALL require the organisation to submit 3038
root cause analysis (see ISO 17021-1:2015 Clause 9.4.9) and evidence of containment and 3039
systemic corrective action, along with evidence of effective implementation, for each non-3040
conformity issued. 3041
3042
22.6 Closure of Non-Conformities 3043
3044
22.6.1 As per ISO 17021-1:2015 Clause 9.4.10 the CB SHALL verify the effectiveness of correction 3045
and corrective actions taken prior to closing an NC. 3046
3047
a) On-site verification of effectiveness SHALL be required for closure of all Critical and Major 3048
NCs. There may be very limited circumstances when a Critical or Major can be closed via 3049
documentation review. The CB SHALL maintain records detailing this deviation and under what 3050
circumstances it was allowed. 3051
3052
b) The special audit to confirm effectiveness of corrective actions addressing Critical NCs 3053
SHALL take place within 30 days of issuance of the Critical NC. The audit to confirm 3054
effectiveness of corrective actions addressing Major NCs SHALL take place within 90 days of 3055
issuance. 3056
3057
c) The CB SHALL have procedures to determine when an on-site visit is required to confirm 3058
effective closure of a Minor or Time-Bound NC. 3059
3060
d) Evidence of verification of effectiveness SHALL be documented and maintained in the client’s 3061
file. 3062
3063 3064
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 88 of 95
3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077
3078
Section 23 3079
3080
Audit Reporting 3081
3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 89 of 95
3111 3112
23. Audit Reporting 3113
23.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.4.8) 3114
23.1.1 The CB audit team SHALL provide a full report on the client’s audited activities and 3115 operations within 1 month after the last day of each Stage 1, Stage 2, Surveillance, Transfer, 3116 Unannounced, Special, and Recertification audit. 3117
3118 23.1.2 The audit report SHALL clearly show the parts of the system that were audited. 3119 3120
a) The report SHALL include evidence of positive reporting showing conformance to the 3121 elements of the Standard. Positive reporting with supporting details provides value 3122 added information to the client and the CB technical reviewer and decision-makers. 3123 3124
b) The context, findings and issues against each part of the audit SHALL be included and 3125 set out a description of the current situation, how specific requirements are managed, 3126 with supporting evidence and information to substantiate any findings. 3127 3128
c) See Procedure 200 Annex (SA8000:2014 Auditor Guidance for Social Fingerprint) for the 3129 integration of the Social Fingerprint Independent Evaluation in the audit report. 3130
3131 23.1.3 As part of the SAAS accreditation audit, following a SAAS witness audit, the CB SHALL 3132
provide a copy of their audit report to SAAS [identical to that as provided to their client] within 3133 10 working days after the last day of the on-site audit. 3134
3135 23.1.4 The SA8000 Lead Auditor SHALL be responsible for ensuring that comprehensive reporting 3136
notes and checklists are completed by all auditors and that these are kept as a record of the 3137 audit as hard or soft copies in the client file. 3138
3139 23.1.5 Unconfirmed statements or information reported by managers, workers, worker 3140
representatives or other stakeholders that are relevant to the process SHALL be recorded 3141 and kept as audit notes [maintaining confidentiality of sources] and not be included in the 3142 report. 3143
3144 23.1.6 The report SHALL NOT include reference to the root cause analysis, corrective and 3145
preventive action proposed by the client organisation as this is part of the audit follow-up 3146 activity. 3147
3148 23.1.7 At the end of each on-site audit, the CB auditor SHALL leave a copy of any NCs raised during 3149
the audit with the client so the client may begin the process of identifying containment 3150 actions, root cause and corrective actions. 3151
3152 23.1.8 SAAS will issue an SA8000 Certification Audit Report Template at 3153
www.saasaccreditation.org/accreditation-requirements as guidance for the CB. The CB’s 3154 SA8000 audit report SHALL, at minimum, contain all the fields in the Audit Report Template. 3155
3156
23.2 Audit Report Content 3157
3158 23.2.1 The CB’s SA8000 Audit Report SHALL ensure that positive reporting of each SA8000 3159
element is addressed in the report as a macro-area of assessment, with more specific and 3160 descriptive notations consistently provided for those issues (single requirements) that are 3161 relevant to the specific organisation/area. Typically the report SHALL contain the items in 3162 Table 24. 3163 3164
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 90 of 95
Note: All management and worker interview records SHALL BE treated as confidential and NOT included in 3165 the report. 3166
3167 a) A brief overall description of the organisation
being evaluated with some information on the nature of the business, the size, number of employees, shift patterns and makeup of the organisation, and attach the CB’s regional background research materials.
b) NCs are referenced to the appropriate clause and reflect the violation expressed from a management system perspective.
c) Most importantly- describe where the team proposes accepting a deviation from the wages provision of the standard and raised TB Non-Conformities. This is intended to provide the CB’s Certification Decision Maker(s) with adequate information to decide on certification.
d) Working hours- e.g. if there is no overtime problem, auditors SHALL report the evidence supporting compliance with the working hours criteria of SA8000, for example that the organisation has adequate equipment and staff to fill the orders it has accepted. The method that the organisation uses for time and attendance recording SHALL also be described e.g. biometric finger print.
e) Status of control of suppliers- Include a brief summary on the status of “control of supplier” programs and risk mapping exercise e.g. a brief description of the plan and current results in terms of approved suppliers, demonstrated compliance or pending certifications.
f) Wages- Provide basic wage information as an example of wages paid. This could be accomplished with a payroll sheet and a brief explanation of wage utilized.
g) Home work- Include a brief description of home work if/when it is encountered, with an emphasis on the method of control and number of workers involved.
h) Freedom of association- Provide a description of the presence of a trade union on site if there is one, or note what trade unions are prevalent or simply recognized in the sector and in the region, the common practice in the industry for representation, and how the employer demonstrates employees’ freedom to form a union of desired.
i) Worker Representative – Provide a brief description of how any SA8000 worker representatives or committees were elected and when. Include any evidence of meetings, minutes, negotiations, and whether workers know their representative.
j) Health and Safety- Confirm that conditions in the organisation are compliant with local laws and SA8000 minimum standards and SA8000 PIA and Guidance Documents.
k) A description of any grievances or complaints received by the organisation since the last audit. The process as to how they were investigated and how the identification of the complainant was kept confidential. Include examples if there are many, and any that have remained unresolved for a long period of time.
l) Description of how previous NCs and the organisation’s corrective action from previous NCs has been monitored and closed.
m) Note ‘interview formats’ used- along with reports of information (i.e. number of interviewees per group, number of groups, on or off site).
n) The SA8000 audit report SHALL NOT reference buyers or customers of the organisation.
o) Photographs that are taken as evidence as part of the audit shall be included in the audit report.
p) Social Fingerprint Self-Assessment and Independent Evaluation scores and correlation to NCs as appropriate.
Table 24 - Audit Report Content 3168 3169 3170 3171 3172 3173 3174 3175
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 91 of 95
3176 3177 3178 3179 3180 3181 3182 3183 3184 3185
3186
Section 24 3187
3188
Audit Records 3189
3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 92 of 95
3222
24. Audit Records 3223 24.1 General Requirements - (ISO/IEC 17021-1:2015 Clauses 9.9.2) 3224
24.1.1 Each CB SHALL maintain, as a minimum, the records in Table 25 with respect to all on-site 3225
audits performed. 3226
3227
a) These records may be kept as either hard or soft copies in the client file for the length of 3228
the certification cycle plus 3 years. 3229
3230
b) Copies of all audit plans, audit reports, and non-conformities SHALL be available in soft 3231
copy at the CB’s Head Office (as defined in SAAS Procedure 201A). 3232
3233 3234
a) Copies of scheduled audits showing time and assigned auditors.
b) Calculation of audit effort.
c) Signed copies of Code of Ethics/ Anti-bribery Form. d)Opening and Closing Meeting Attendee Lists.
e) Notes/minutes from stakeholder consultations and other pre-audit research.
f) Explanation of living wage calculation of both CB and client organisation.
g) Client’s completed application form. h) Pre-assessment reports, if conducted.
i) Document reviews performed for initial and transfer audits.
j) Stage 1 readiness review report, including the evidence that all requirements of SA8000 are addressed by the certification applicant’s process.
k) The audit plan (agenda) for each audit demonstrating auditor itinerary details, time frames, subjects (processes) covered, and personnel involved.
l) The final audit report, including the opening and closing meeting attendance records, photographs, positive reporting notes and checklists completed by each auditor and the audit team, and their recommendation regarding granting or continuation of certification.
m) Copies of all non-conformities issued, audit reports, follow up reports, and other documentation leading to the verification of the effectiveness of the correction of the non-conformities.
n) Audit logs/notes as maintained by each audit team member.
o) The audit team members’ initial assignment approval by the CB and acceptance of each team member by the client organisation.
p) Social Fingerprint Self-Assessment and Independent Evaluation scores.
3235 Table 25 - Audit Records 3236
24.1.2 Records SHALL be maintained in a language common to the local offices and auditors and 3237
the SA8000 head office for the CB. ALL certification records SHALL be made available, via 3238
translation if necessary, for review by the SAAS accreditation auditor upon request. 3239
3240 3241
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 93 of 95
3242
Annex 3243
3244
Annex: SA8000:2014 Auditor Guidance for Social Fingerprint 3245
3246
This Annex SHALL be used for integration of the Social Fingerprint Independent Evaluation into the 3247
SA8000 Audit Process. 3248
3249 This annex will be prepared by SAI and released for use by the CBs. 3250
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 94 of 95
3251 3252
Legend 3253
SA: Self-Assessment 3254
IE: Independent Evaluation 3255
3256
*Companies that transition during Surveillance 2 and Surveillance 3 will be certified if they meet the requirements of SA8000:2014, but still need 3257
to conduct an additional IE anytime during their second recertification cycle. 3258
** Companies that transition during Surveillance 4 and Surveillance 5 will be certified if they meet the requirements of SA8000:2014, but still 3259
need to conduct 2 additional IEs anytime during their second recertification cycle. 3260
Type Stage
1
Stage
2 Surv. 1 Surv. 2 Surv. 3 Surv. 4 Surv. 5
Stage 2
(Recertification)
Surv. 1 through
Surv. 5
Stage 2
(Recertification)
New SA +
IE IE IE IE SA + IE
SA + IE
Recertification
SA +
IE IE IE SA + IE
SA + IE
Transition
occurs in
Surveillance 1
SA + IE IE IE SA + IE
SA + IE
Transition
occurs in
Surveillance 2
SA + IE IE SA + IE*
IE
SA + IE
Transition
occurs in
Surveillance 3
SA + IE IE SA + IE*
IE
SA + IE
Transition
occurs in
Surveillance 4*
SA + IE SA + IE**
IE
IE SA + IE
Transition
occurs in
Surveillance 5*
SA + IE SA + IE**
IE
IE SA + IE
Cycle Timeline to SA8000:2014
Authors: L. Bernstein & P. Scott Social Accountability Accreditation Services Issue: 2
Approval: R. Zaid & J. Hwang SAAS Procedure 200:2015 Effective: October 7, 2015
Copyright © 2015 Social Accountability Accreditation Services. All rights reserved. Page 95 of 95
3261 3262 3263 3264 3265
----------End of SAAS Procedure 200---------- 3266