20Product and process certificationArdian MarjaniArdian Marjani & C. Sas, Milan, Italy

Abstract

The schemes of first-party, second-party and third-party certification are discussed.The structure of a third-party certification system is described with comments on therole of companies, certification and accreditation bodies, standardization organiza-tions, and the Public Authority to control the fairness, reliability and transparencyof the whole system. The ISO standards and other standards suitable for the certifi-cation of extra-virgin olive oil are listed. A flowchart describes the activities neededfor implementing a third-party certification system.

20.1 Aims and approaches

Certification is a formal procedure by which an authorized person or organizationassesses that the characteristics of goods or services, procedures or processes con-form to established requirements or standards and attests this by issuing a certificate.Certification is a basic tool of guarantee in supplier-customer relationships.

More precisely, when a business enterprise or an organization is certified, it meansthat a management system has been successfully implemented within the organiza-tion, so that its guarantee of product and process requirements is reliable. In thelanguage of certification, the supplier is called the first party, while the customer isthe second party. Three different ways to certification can be followed:

First-party certification

In this case the supplier guarantees the customer that goods and processes complywith the agreed upon requirements and standards (Figure 20.1).

The Extra-Virgin Olive Oil Handbook, First Edition. Edited by Claudio Peri.© 2014 John Wiley & Sons, Ltd. Published 2014 by John Wiley & Sons, Ltd.

252 CH20 PRODUCT AND PROCESS CERTIFICATION

GUARANTEEThe supplier (for instance,the olive oil producer) hasthe responsibility ofverifying, documentingand guaranteeing that theproduct and/or the processcomplies with the agreed uponstandards

THE SUPPLIER

“FIRST PARTY”

The customer (for instance,the final consumer) truststhe supplier’s assurance andcertification

THE CUSTOMER

“SECOND PARTY”

Figure 20.1 First-party certification.

First-party certification is a company’s self-declaration of conformity. It oftenapplies to small-scale extra-virgin olive oil businesses and very short chain arrange-ments, based on a direct connection between producer and consumer, backed bypersonal knowledge and reputation.

Second-party certification

In this case, the customer verifies, through product analyses and direct inspectioncarried out at the supplier’s site, that the product and/or the process comply with theagreed upon requirements and standards. Such a guarantee is transferred to the finalconsumer (Figure 20.2).

This arrangement is being increasingly applied in the marketing of excellent extra-virgin olive oil. Traceability of the two marketing steps (from the producer to theretailer and from the retailer to the consumer) can be easily documented and properhandling conditions can also be assured ‘from the field to the table’ under the respon-sibility of the intermediate producer-consumer connector.

INSPECTIONCONTROL GUARANTEE

The retailer orrestaurant, acting as aproducer-consumerconnector, verifies anddocuments that theproducer complies withthe agreed uponstandards and transfersthe guarantee to the finalconsumer

THE “DIRECT”CUSTOMER

The olive oilproducercomplies withthe standardsestablished byhis/her customerwho is usually aretailer or arestaurant

THE SUPPLIER

The finalconsumer truststhe retailer’s orrestaurant’sassurance andcertification

THE “INDIRECT”CUSTOMER

Figure 20.2 Second-party certification.

20.2 PRODUCT AND PROCESS CERTIFICATION 253

First- and second-party certifications are very effective systems of guarantee butrequire a high level of trust in the supplier-customer relationship. They can thereforeonly be applied in very short and direct chain arrangements.

In the most common situation, a single producer has many customers and a singleretailer has many suppliers. Furthermore, direct connections are rare; more often achain of several intermediate commercial connectors links the producer to the con-sumer. In this case, which is by far the most common in a global market, a third-partycertification is required.

Third party certification

Third-party certification involves the independent evaluation of conformity byexpert, unbiased organizations. The certification by independent organizations is anacceptable guarantee for all potential customers. In general, third-party certificationis considered as the highest level of assurance and is particularly valuable when thebusiness system is complex and involves international trade. Figure 20.3 shows ageneral scheme of third-party certification.

A suppliercomplies withstandards agreedupon by allpotential customers

Customer A

Customer C

Customer B

MULTIPLEGUARANTEE

INSPECTIONCONTROL

The certifyingorganization verifies,through analyses andaudits, the conformityof products andprocesses to theagreed upon standards– and guarantees suchconformity to interestedcustomers

THE CERTIFYINGORGANIZATION:“THIRD PARTY”

Figure 20.3 Third-party certification.

20.2 Product and process certification

Product certification is based on product conformity to voluntary or compulsorystandards. It usually entails the analysis of samples of the product obtained fromthe factory and / or the open market. Process certification is based on conformityof the supplier’s process and the supplier’s management system with voluntary orcompulsory standards.

254 CH20 PRODUCT AND PROCESS CERTIFICATION

However, it can be assumed that an effective guarantee of product quality canonly derive from a system simultaneously certifying the quality of the product, theprocess and the management system. Product quality assurance is trustworthy only ifthe process is under control through an effective, documented management system.

In conclusion, the quality certification (or assurance or guarantee) of a foodproduct or, in particular, an extra-virgin olive oil, entails the definition, implementa-tion, testing, inspection and documentation of product standards, process standardsand management system standards.

The structure of a third-party certification system

Since publication of Certification – Principles and Practice in 1980 (ISO 1980) theISO committee concerned with certification has elaborated on the ‘principles’ andmore specifically defined acceptable practices by issuing a number of guiding docu-ments covering not only the major aspects of certification, but also the major aspectsof a number of related activities by which verification of conformity of products andprocesses may appropriately be judged.

The International Organization for Standardization (ISO) is a voluntary federa-tion of standards setting bodies of some 130 countries. Founded in 1946–47 inGeneva as a UN agency, it promotes development of standardization and relatedactivities to facilitate international trade in goods and services, and coopera-tion on economic, intellectual, scientific and technological aspects. It coversstandardization in all fields including computers and data communications, butexcluding electrical and electronic engineering and telecommunications.

Despite the great complexity and detail of the ISO standards, the structure of athird party certification system can be very simply represented as in Figure 20.4.With reference to the five points, the process of certification can be described asfollows:

Companies pursuing certification operate according to standards agreed upon bytheir customers. Standards are relative to the product, process and managementsystem. Certification bodies verify and certify that the company operates in con-formity to the product, process and management system standards. An accredi-tation body verifies and certifies that the certification procedures are carried outaccording to agreed upon standards. A public authority at a suitable national orinternational level guarantees the fairness of the overall certification system withregard to the responsibility of the companies, of the certification and of the accred-itation bodies and, most of all, with regard to the consumer’s rights. A standard-ization organization provides the standards and guarantees their approval by allparties involved in the process. ISO is the most important and authoritative organiza-tion providing international standards but other organizations also define standardsfor special duties or marketing needs or supplier-customer relationships. The ISO

20.2 PRODUCT AND PROCESS CERTIFICATION 255

3. ACCREDITATION BODIES

2. CERTIFICATION BODIES

1. CERTIFIED COMPANIES

4. A public authorityguarantees the reliability

and trustworthiness ofthe overall system

5. STANDARDIZATIONBODIES

Figure 20.4 The structure of the third-party certification system (Source: Reproduced by per-mission of Hoepli, Milano).

organization and the ISO principles, however, remain the basic and inspiring sourceof standards.

An essential point of the effectiveness and reliability of the system is that all theactors in the system are required to implement an internal management system bywhich they control and constantly improve their ability to carry out their duties.Thus, a company must implement a management system to control the product andprocess. A certification body must apply a management system for the control ofthe certification procedure. An accreditation body must apply a management sys-tem for the control of the accreditation procedure. The public authority controllingthe system must apply standard and transparent operating procedures. Finally, verystrict procedures must be applied by ISO or other standardization bodies in the stan-dardizing duty, because of the relevance and impact of standards on business andthe importance of a general agreement of public and private organizations.

A point to be underlined is that ISO does not certify or carry out accreditationduties. Certification bodies are usually private organizations, while accreditationbodies are usually national and public organizations. However they both operateaccording to the certification and accreditation standards set up by ISO.

Figure 20.5 presents a five-level scale of the standards available for regulating thecertification system according to ISO. A five-level scale of standards is as follows:

• At level 1, the supplier’s self-declaration can be considered as the simplestcertification system, which is suitable for first-party certification. In this case,

256 CH20 PRODUCT AND PROCESS CERTIFICATION

5

4

3

2

1

COMPANY-ORGANIZATION-SUPPLIER, ISO 9001

LaboratoriesISO/IEC 17025

Inspection bodiesEN ISO/IEC 17020

Certification bodyof productsEN ISO/IEC 17065

Productcertification

Quality systemscertification

Personalcertification InspectionsAnalyses

Accreditation bodiesof certification bodiesEN ISO/IEC 17020

ISO - International Organization for StandardizationEN - European standards issued by CEN, the European Committee for StandardizationIEC - The International Electrotecnical Commission (all fields of electrotechnology)

Evaluation ofcertification bodiesEN ISO/IEC 17020

Accreditation bodiesof inspection bodiesEN ISO/IEC 17020

Evaluation ofinspection bodiesEN ISO/IEC 17020

Accreditation bodiesof laboratoriesISO/IEC 17025

Evaluation oflaboratoriesISO/IEC 17025

Certification bodyof personelEN ISO/IEC 17024

Certification bodyof quality systemsEN ISO/IEC 17021

Supplier’s declarationEN ISO/IEC 17050-1EN ISO/IEC 17050-2

Figure 20.5 The ISO standards of the third-party certification system (Source: Reproduced by permission of Hoepli, Milano).

20.3 THE SELECTION OF A CERTIFICATION SYSTEM 257

ISO suggests a standard format that gives an official character to the declarationand underlines the declarant’s responsibility.

• At level 2, the standards of quality management systems are indicated. Thesestandards should be applied by companies aiming at product and process cer-tification, laboratories aiming at analyses certification and inspection bodiesaiming at certified inspections and audits.

• At level 3, the standards to be applied to the certification process are reported.Certification can be applied to people or (quality system management) or prod-uct as well as to analyses and inspections or audits.

• At level 4, the standards for the evaluation of certification bodies, laboratoriesand inspection bodies are reported.

• At level 5, the standards regulating the accreditation processes are reported.

20.3 The selection of a certification system

A company should not consider certification as an objective but as a tool for meetingits objectives; nor should it consider it as a mere formality but rather as a challenge toits willingness to improve. A wide choice of standards and procedures is availableto satisfy the different and complex supplier-customer relationships in the globalmarket.

Table 20.1 presents some examples of standards available to companies in seekingproduct-process certification in the extra-virgin olive oil sector.

Point 1 presents the most common sources of product standards for extra-virginolive oil. A company may decide to adopt the extra-virgin olive oil standard definedby the laws or it may choose to apply the standards of a Protected Designation ofOrigin (PDO) or those of excellent olive oil presented in Annex 18.1 of this hand-book. Or, finally, a company can decide to apply its own standards for its privatebrand, within the limits of the legal definition of extra-virgin olive oil.

Point 2 presents some sources of process standards, in particular the PDO processstandards or those applicable to organic agriculture. The company can obviouslychoose its own processing standards, provided that they comply with the legal defi-nition of extra-virgin olive oil.

Point 3a presents the main sources of standards for the management system. Anumber of options are available for the quality and safety management system,which represents the basic management requirement of a food factory.

Point 3b suggests the standards in the case that the company wants or needs toactivate a system for the management of environmental or social or workers’ safetyrequirements. In this case, a good solution would be to adopt an integrated manage-ment system as suggested in Chapter 18 of this handbook.

After choosing the product, process and system management standards, the com-pany should define its certification system. It can choose to adopt a first-party certifi-cation or it can agree with its customer on a second-party certification. In these cases,wide and discretionary space is available for establishing the most suitable formal

258 CH20 PRODUCT AND PROCESS CERTIFICATION

Table 20.1 Some sources of product, process and system management standards for thecertification of extra-virgin olive oil companies.

Company’sdecision about

References Options available

1. Product standards The EuropeanCommission

1.1 Regulation (EC) no. 1019/2002 onmarketing standards for olive oil

1.2 Regulation (EC) no 702/2007amending Commission Regulation(EEC) No 2568/91 on thecharacteristics of olive oil and on therelevant methods of analysis

1.3 Regulation (EC) No 510/2006 on theprotection of geographical indicationsand designations of origin foragricultural products and foodstuffsand Regulation (EC) No 1898/2006laying down detailed rules ofimplementation of Council Regulation(EC) No 510/2006

This handbook 1.4 The standards of excellence in olive oilgiven in Annex 18.1

The company 1.5 A brand choice of analytical andsensory standards within the legaldefinition of extra-virgin olive oil

2. Process standards The EuropeanCommission

2.1 Regulation (EC) No 510/2006 on theprotection of geographical indicationsand designations of origin foragricultural products and foodstuffsand Regulation (EC) No 1898/2006laying down detailed rules ofimplementation of Council Regulation(EC) No 510/2006

2.2 Regulation (EC) No 834/2007 onorganic production and labelling oforganic products

The company 2.3 Choice of technological solutions,plants, operations and operatingconditions

3a. Standards ofquality and safetymanagement

ISO 3.1 ISO 9001: 2008 on qualitymanagement system

3.2 ISO 22000:2005 on food safetymanagement system

3.3 ISO 22005:2007 on feed and foodtraceability system

(continued overleaf )

20.3 THE SELECTION OF A CERTIFICATION SYSTEM 259

Table 20.1 (continued)

Company’sdecision about

References Options available

FSSC 22000 3.4 Food Safety System Certification22000. Certification scheme for foodsafety systems in compliance with ISO22000:2005 and technicalspecifications for sector PRPs

BRC food 3.5 British Retail Consortium (BRC)global standards for food safety,products, packaging, storage anddistribution

IFS food 3.6 International Featured Standard.Standard for auditing quality and foodsafety of food products

This handbook 3.7 Chapter 18 on management systems3b. Standards of

integratedmanagementsystem

ISO 3.8 ISO 14001:2004 on environmentalmanagement system

3.9 ISO is developing an ISO 26000standard providing voluntary guidanceon social responsibility (SR)

3.10 The ISO 31000 standard on riskmanagement can be adapted forintegrated system of risk management

3.11 The ISO 9001 standard on qualitysystem management can be adaptedfor an integrated system of qualitymanagement

Various standardand certificationbodies

3.12 OHSAS 18001 on occupational healthand safety

3.13 SA 8000, on social accountabilityThis handbook 3.14 Chapter 18 of this handbook on

process management system

requirements. In general, first- and second-party certification is based on reciprocalknowledge and trust; formalities are minimized. In case the company wants or needsa third-party certification, it does not have the right to establish the certification rulesbecause they must comply with the ISO standards. However, there is space for freedecision regarding the choice of the certification organization. In this choice, thecompany should consider not only the cost of certification but also, and foremost,the effectiveness and reliability of inspections and audits.

Finally, the accreditation step is out of the company’s control: accreditation andcontrol of the certification bodies must be carried out according to the ISO stan-dards. However, it must be remembered that accreditation is not an obligation andif a certifying organization is not accredited it does not necessarily mean it is notreputable. It may be concluded that companies are fully responsible for the choiceof a suitable and effective certification system.

260 CH20 PRODUCT AND PROCESS CERTIFICATION

20.4 The certification procedure

Figure 20.6 presents a flowchart of activities for implementing a third-partycertification. The flowchart is self-explanatory. It should be pointed out that accessto third-party certification is a very demanding task, often implying changes andadaptation of operating and documentation procedures. A two-year period fromthe decision to the routine implementation of certification may be considered as areasonable period of time.

The certification body verifiesrequired conditions

6. START experimental implementation of the system

The certification body examines thequality system documentation

The certification body inspects thecompany’s quality system

The certification body issues acertificate of conformity to thechosen ISO standard model

10. The company continues applying and improving the quality system

The certification body carries outregular inspections to verify theeffective, systematic applicationof control and management activities

2. Choice of the reference standards for product, process and the management system

1. Top management decides to implement management system certification

3. Define the goals of the system

4. Define the activities of the system

5. Set up suitable documentation: a management manual, written procedures,…

7. Send an application to a certification body

8. Send the management manual and other documents to the certification body

9. Further adjustments of the system activities and/or of documentation that may be required

Continuing andimproving phase

The starting upphase

The study andexperimentalphase

The decision

Figure 20.6 The flowchart of activities for implementing a third party certification system.

FURTHER READING 261

Reference

ISO (1980) Certification: Principles and Practice, ISO, Geneva.

Further reading

ISO 9000:2005 (2005) Fundamentals and Vocabulary – Quality ManagementSystems, ISO, Geneva.

ISO 22000:2005 (2005) Food safety management systems– Requirements for AnyOrganization in the Food Chain, ISO, Geneva.

ISO 9001:2008 (2008) Quality Management Systems – Requirements, ISO, Geneva.ISO 9004:2009 (2009) Managing for the Sustained Success of an Organization – A

Quality Management Approach, ISO, Geneva.ISO/IEC 17021:2011 (2011) Requirements for Bodies Providing Audit and Certifi-

cation of Management Systems – Conformity Assessment, ISO, Geneva.ISO 19011:2012 (2012) Guidelines for Auditing Management Systems, ISO,

Geneva.Peri C. (2005) Oltre i sistemi qualità, Hoepli, Milano.Peri, C., Lavelli, V. and Marjani, A. (2006) Qualità nelle aziende e nelle filiere

agroalimentari, Hoepli, Milano.