ISO certification of management systems
ISO certification of management systems

General conditions for certification

General conditions D 041

1 Introduction

These provisions govern activities related to independent third-party audit services and certifications.

Content

General conditions D 041. 1

1 Introduction. 1

2 Services covered. 2

3 Obligations and rights of the contracting authority/certificate holder. 2

3.1 Certification and conduct of audits. 2

3.2 What the certification body expects from the holder of a valid certificate (certificate holder). 3

3.3 Payment. 3

3.4 Disclaimer. 3

3.5 Termination of agreement. 3

4 Obligations and rights of the certification body. 4

4.1 Scandinavian Certification AS's obligations. 4

4.2 Scandinavian Certification AS's rights. 4

4.3 Reduction of the scope of the certificate. 4

4.4 Suspension. 5

4.5 Withdrawal 5

4.6 Special revisions. 5

5 Complaints. 6

6 Appeal 6

7 Changes in regulations and standards. 6

8 Register of certificate holders. 6


2 Services covered

Audit and certification of management systems:

  • ISO 9001:2015 Quality management systems
  • ISO 14001: 2015 Environmental management systems
  • ISO 22000:2018 Food safety management systems
  • ISO 27001:2017 & :2022 Information Security Management Systems
  • ISO 37001:2016 Anti-corruption management systems
  • ISO 39001:2012 Road Safety Management System
  • ISO 45001:2018 Occupational health and safety management system

Other independent services:

- Scrutiny and review of sustainability reports according to GRI standards

  • - Independent audit services against an organization's own requirements.

3 Obligations and rights of the contracting authority/certificate holder.

3.1 Certification and conduct of audits

General requirements for management system and documentation

  • The management system must be documented and put into operation and incorporated with a minimum of 3 months of operational history.
  • Internal audits must be implemented and document their effectiveness.
  • At least one management review must be completed and document the effectiveness of the management system.
  • Relevant documentation of management systems shall be available to Scandinavian Certification AS no later than 4 weeks before the audit. The requirement may be waived if both parties agree to this.

The contracting authority/certificate holder shall facilitate the implementation of the certification process and audits by:

  • Contribute to Scandinavian Certification AS being able to plan (to comply with its obligations) no later than 3 months before the deadline for the next audit.
  • Designate a person designated by management who will be the contact person during the certification.
  • Ensure key personnel are available during the audit.
  • Inform about all relevant conditions in connection with the certification.
  • Provide satisfactory feedback and documentation on completed corrective measures for deviations in Scandinavian Certification AS's reporting tool, within a given deadline (usually three months). If it goes beyond six months from the last day of the step 2 audit, a new step 2 audit must be carried out.
  • Give Scandinavian Certification AS access to premises and facilities where work within the framework of the certification is carried out.
  • Actively inform Scandinavian Certification AS and its auditors about health, safety and environmental aspects relevant to the conduct of audit activities and the health and safety of the auditors. This includes necessary precautions, training and personal protective equipment when necessary.
  • Document that the company has access to a validly licensed version of the standards for which certification is sought.

3.2 What the certification body expects from the holder of a valid certificate (certificate holder)

The certificate holder shall:

  • Keep the Management System operational and documented.
  • Inform Scandinavian Certification AS of any changes in the system that may necessitate re-verification of conformities.
  • Notify Scandinavian Certification AS of changes in scope
  • Notify Scandinavian Certification AS if the certificate holder is taken over by another company, by change of ownership or if the certified area is wound up / moved.
  • Notify Scandinavian Certification AS of changes of key personnel, addresses and geographical locations.
  • Ensure that certificate(s) are only used according to specified validity
  • Ensure that the enterprise complies with the requirements when it refers to its certification status in communication through the media, internet, brochures, announcements or other documents and in this context allows any form of misleading statements regarding certification.
  • Failing to refer for certification after the certificate is withdrawn or the scope reduced.
  • Do not refer to certification outside of geographic locations or scope that is approved.
  • Do not use the certification in such a way that it would bring disrepute to the certification body or weaken market confidence.
  • Register all customer complaints regarding the certified system.

The certificate holder has the right to use the logo of the certification body in its activities. Terms of use of certificates and logos will always be available on our website www.scancert.no.

If Scandinavian Certification AS is wound up or goes bankrupt, the certificate holder has the right, without further disclosure obligation, to choose another certification company.

3.3 Payment

The contracting authority/certificate holder is obliged to pay all costs associated with the certification process according to the agreement, regardless of whether the certificate is issued/maintained. If the client/certificate holder cancels or postpones an already agreed audit less than two weeks before implementation, Scandinavian Certification AS reserves the right to invoice part of the agreed audit amount to cover already used working hours.

3.4 Disclaimer

Audit services from Scandinavian Certification AS are based on spot checks of available information. Accordingly, there will always be an element of uncertainty associated with audit evidence, which can be reflected in the audit results.

Scandinavian Certification AS's liability for breach of its obligations in this agreement is limited upwards to the agreed economic value of the service delivery.

3.5 Termination of agreement.

The validity of the agreement is stated in the agreement. Termination of the agreement must, in order to avoid financial burden, be received by Scandinavian Certification AS no later than 3 months before the deadline for the next audit. Costs incurred at the time of termination will be invoiced. Upon termination of agreement, associated certificates are withdrawn.

4 Obligations and rights of the certification body.

4.1 Scandinavian Certification AS's obligations.

Scandinavian Certification AS shall:

  • Perform professional audits according to own quality system.
  • Only use audit managers who satisfy the requirements specified in their own quality system and the professionals/specialists used must have relevant experience from the industries the client represents.
  • Conduct audits according to the agreed schedule.
  • Submit the audit report within 14 days of the closing meeting.
  • Immediately notify of the results of audits and changes related to the certification.
  • Treat all information obtained or prepared before, during and after the audit confidentially.
  • Provide accurate information on the validity and scope of certifications, upon direct request.
  • Obtain written approval from the enterprise before information about the enterprise or persons is published.
  • If the certification body is required to release confidential information pursuant to law or regulation, or as required by the relevant authority, the customer or the person concerned shall be informed unless prevented by law or regulation.
  • Treat information from other sources that appeal decisions made by the certification body or from the authorities as confidential in accordance with our policy.
  • Only use auditors with a valid non-disclosure agreement.
  • Use only unbiased auditors and provide the client/certification holder with relevant information.
  • Notify the client/certificate holder if Scandinavian Certification AS is taken over by another company, upon change of ownership, if the current accreditation is wound up or lost, or if Scandinavian Certification AS is wound up or goes bankrup.

4.2 Scandinavian Certification AS's rights.

If the certificate holder:

  • Fails to correct identified deficiencies in a timely manner.
  • Does not facilitate the implementation of audits according to deadlines,
  • Conceals significant changes to the management system or provides untrue information during audits,
  • Abusing the certificate,
  • Not fulfilling their contractual obligations
  • Goes bankrupt or liquidates the business
  • Terminate the current certification agreement

Scandinavian Certification AS can take the following measures depending on the nature of the breach:

  • Reduce the scope of the certificate.
  • Suspend the certificate.
  • Revoke the certificate.

4.3 Reduction of the scope of the certificate

Reductions can be, for example, omissions of a unit/department or a work process, which are then removed from the certification scope. Reduction of scope cannot be done to avoid identified nonconformities.

4.4 Suspension

Suspension means that the certificate is temporarily revoked, but the company retains its certificate number and the validity period can be restored. Under a suspension, certificate holders may not market, use or refer to their certificates. Suspension may be requested voluntarily from the certificate holder or may be required from Scandinavian Certification AS.

The duration of the suspension can be up to 6 – six – months. After this time, the certificate will be withdrawn if the requirements for the certification are not met.

It will normally be necessary to conduct an audit to lift a suspension.

4.5 Withdrawal

Withdrawal may take place with immediate effect if it is discovered that the certificate holder does not meet the requirements and regulations on which certification is based. Upon withdrawal, all reference to the certificate must be removed from marketing, websites, letterheads, envelopes, brochures, articles, etc.

4.6 Special audits

Scope extensions

When applying for an extension of an existing certification, the certification body shall review the application and, based on risk considerations, plan the activities necessary for an extension to be approved.

Short notice or unannounced audit

In some cases, it may be necessary to conduct an audit with a certified customer at short notice or unannounced to investigate complaints, major changes in the organization or to follow up suspended customers. Then the certification body shall;

  • Describe and disclose to the certified customer in advance how such an audit will be carried out, e.g. through a written notice/audit plan.
  • Special emphasis shall be placed on the selection of audit teams as in such a case the customer will not be able to reject members of the team.

Additional audit

Scandinavian Certification AS reserves the right to conduct additional follow-up audits if:

  • Significant organisational changes are being implemented in the business
  • A change of ownership is carried out that may have an impact on the company's business area and validity
  • Significant deficiencies and changes in the Management System are identified, where further audit activities are required to confirm that deficiencies and changes have been adequately corrected.

5 Complaints

Complaints about Scandinavian Certification AS's personnel or their procedure for audits should be sent to Scandinavian Certification AS, by the general manager. Feedback to the complainant shall be given stating that the complaint has been received.

The general manager and/or technical manager assess the case and consider it and report back to the complainant about the outcome of the complaint. If the complaint affects the impartiality of the general manager and technical manager, the complaint shall be considered by the certification manager or by the board.

Complaints against certified customers shall be handled accordingly. The enterprise covered by the complaint must be contacted and necessary information about the case obtained. In some contexts, it may be necessary to make an unannounced visit. All parties to the case shall be kept informed.

6 Appeal

The client or certificate holders can appeal any decision made by Scandinavian Certification AS. Such an appeal is made to Scandinavian Certification AS by the general manager. The general manager assesses the case and processes it and reports back to the customer about the outcome of the appeal. If the appeal case affects the impartiality of the general manager, the appeal shall be considered by the management's representative.

7 Changes in regulations and standards

Scandinavian Certification AS reserves the right to change the content of this document. For certificates issued before such changes are implemented, the certificate holder is required to undertake to comply with the amended provisions.

When the relevant standard is changed, the certificate holder is required, before the next renewal, to bring its Management System into compliance with the changed requirements. However, the certificate holder shall be given a reasonable amount of time before the necessary adjustment.

8 Register of certificate holders

A register of certificate holders shall be maintained by Scandinavian Certification AS. Information from this register about the scope of each holder's certificate will be available to the public upon request.