UTZ Certified Certification Protocol

Transcription

1 Version 3.0 (previous version 2.0 February 2010)

2 Copies of this document are available for free in electronic format on the UTZ Certified Training Center website: If you are not able to access this document electronically, you may write to us at the following address to get hard copies at a reasonable cost-covering price: UTZ Certified De Ruyterkade AA Amsterdam The Netherlands All stakeholders are invited to send comments and suggestions on the document at any time, which will be included in the next revision process. Please use the feedback form that can be requested via and send your comments or suggestions to: [email protected] Or via regular mail to: UTZ Certified Standards and Certification Department De Ruyterkade 6 bg 1013 AA Amsterdam The Netherlands UTZ Certified 2012 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without full attribution. UTZ Certified

3 TABLE OF CONTENTS 1. Introduction Scope of the UTZ Certified Certification Protocol Key terms of the UTZ Certified Certification Protocol Compliance with the UTZ Certified Certification Protocol Certification options Certificate Holder UTZ Certified Code of Conduct UTZ Certified Chain of Custody Structure and compliance of the Code of Conduct Structure and compliance level of the Code of Conduct Structure and compliance of the Chain of Custody UTZ Certification process: audit process, certification conditions General UTZ Certification process Audit process Certification conditions Determining volume of certified production Changes in certification information Non-compliances: warning, suspension and cancellation Internal Control System and requirements General requirements for an ICS Definition and responsibilities for internal inspectors Complaints, appeals and dispute procedure Surveillance by the CB of certified producers and/or supply chain actors Approval procedure for Certification Bodies and their relationship with UTZ Certified Approval procedure Requirements for approval Approval for UTZ Certified product and standard scopes Communication with UTZ Certified Warnings and withdrawal of approval by UTZ Certified Monitoring of Certification Bodies performance Qualification requirements for lead auditors, auditors and internal inspectors Definition and responsibilities for lead auditor, auditor and internal inspector Qualification requirements for Code of Conduct Qualification requirements for Chain of Custody audits Qualification requirements for internal inspectors Impartiality, independence and confidentiality Certification Bodies and their obligations UTZ Certified

4 9.1 Certificate and Summary Report Unannounced interim audits Annual report Communication on UTZ Certified and the UTZ Certified logo Annex 1: Format Annual Report for approved Certification Bodies Annex 2: Format Overview unannounced interim audits Annex 3: Additional certification procedures for tea UTZ Certified

5 1. Introduction UTZ Certified is a program and label for sustainable farming worldwide. Our mission is to create a world where sustainable farming is the norm. Sustainable farming helps farmers, workers and their families to fulfill their ambitions and contributes to safeguarding the earth s natural resources, now and in the future. A world where sustainable farming is the norm is a world where farmers implement good agricultural practices and manage their farms profitably with respect for people and planet, industry invests in and rewards sustainable production, and consumers can enjoy and trust the products they buy. The core documents of the UTZ Certified certification program are the following: The UTZ Certified Code of Conduct is an internationally recognized set of criteria for economic, social and environmentally responsible agricultural production. It is based on the international ILO Conventions and includes the principles of good agricultural practice. There are product specific Codes of Conduct for Coffee, Cocoa, Tea and Rooibos. Guidance documents are available that further explain how to implement the criteria of the respective Code of Conduct. For some product codes there are also specific group (ICS) guidance documents available. The UTZ Certified Chain of Custody is a set of administrative and technical rules designed to provide high level of confidence that the UTZ Certified product originates from or relates to an UTZ Certified source. The Chain of Custody documents are product specific. The UTZ Certified Certification Protocol explains the structure and process of certification according to the UTZ Certified Code of Conduct and Chain of Custody. It describes the procedures to be followed by the actors in the supply chain in order to obtain and maintain certification against the Code of Conduct and/or Chain of Custody as well as the procedures for Certification Bodies performing UTZ Certified audits. It also includes the main principles that need to be respected for the certification of producer groups. The requirements for the ICS and internal inspectors are also included in this document. This Certification Protocol further explains the approval procedure for Certification Bodies (CBs), the required qualifications of their lead auditors, auditors and the obligations for Certification Bodies. This document is applicable for the UTZ Certified products: coffee, cocoa and tea (and rooibos as part of the tea program). UTZ Certified has the overall authority for the issuing and amendment of the content and requirements stated in this document. In the case that the users of the Certification Protocol (i.e. certification bodies, certificate holders or others) experience difficulties with its implementation, please contact the UTZ Certified head office in Amsterdam. UTZ Certified

6 1.1 Scope of the UTZ Certified Certification Protocol This document applies to the following parties: Certificate holders who are responsible for implementing and complying with the requirements and procedures of the UTZ Certified Certification Protocol in order to obtain and maintain certification against the Code of Conduct and/or Chain of Custody. See 2.1 for more information. Certification Bodies (and staff) who audit against the UTZ Certified program. The Certification Body needs to ensure that the certification process (including audit) follows and complies with the UTZ Certified Certification Protocol. In this document Certification Body is abbreviated to CB or CBs. Any Certification Body requesting an approval or extension of their approval needs to follow the procedures set out in this Protocol. Prospective certificate holders and CBs who want to become part of the UTZ Certified Program. The English language version of the certification documents is the official version. Please refer to the English version to clarify any doubts when reading other language versions. 1.2 Key terms of the UTZ Certified Certification Protocol Producer: a producer, group of producers or an entity organizing producers that is a Code of Conduct certificate holder. A Code of Conduct certificate covers all activities in the production, harvest, post-harvest, processing and commercialization of the certified produce. Supply Chain Actor: an entity that operates within the sustainable supply chain and generally takes ownership of the product. All supply chain actors need to be registered and the scope of their activities will determine if they need to be certified against the Chain of Custody requirements. Certificate: the document issued by the Certification Body when an audited producer or supply chain actor complies with the requirements of UTZ Certified. This certificate allows the certificate holder to produce or trade UTZ Certified products. CBs request a license (see below) for every valid certificate they issue. License: this allows the UTZ Certified producer or supply chain actor to access and use the Traceability System in the Good Inside Portal to record their transactions of UTZ products. The information from the license reflects the information on the certificate. 1.3 Compliance with the UTZ Certified Certification Protocol With the launch of the UTZ Certified Good Inside Portal the certification procedures will not change but the reporting will be formalized through the Portal. UTZ Certified reviewed and updated the previous version of the Certification Protocol based on comments received over the past year. The main changes can be found in: Chapter 2 Certification options Chapter 4 UTZ Certified certification process For more information on the changes, a change document version versus February 2010 is available upon request to [email protected]. UTZ Certified

7 The UTZ Certified Certification Protocol version 3.0 substitutes the previous version, UTZ Certified Certification Protocol version 2.0 January Certification according to the updated version of the Certification Protocol comes into effect immediately after release. UTZ Certified reserves the right to ban any prospective producer or supply chain actor or CB from entering the UTZ program if they have misused the UTZ name or in any way participated in fraudulent behavior against the UTZ program and its members. Accordingly, UTZ Certified reserves the right to ban any certified or licensed member from continuing in the UTZ program if they have misused the UTZ name or in any way participated in fraudulent behavior against the UTZ program and its members. UTZ Certified

8 Overview certification documents of Coffee, Cocoa, Tea and Rooibos: The last version of those documents is available in the on-line UTZ certified Training Center. UTZ Certified certification documents Coffee Cocoa Tea and Rooibos Certification protocol Generic Certification Protocol Generic Certification Protocol Generic Certification Protocol Code of Conduct Code of Conduct for Coffee Code of Conduct for Individual Certification for Cocoa Code of Conduct for Group Certification for Cocoa Code of Conduct for Tea Farms Code of Conduct for Tea Factories Code of Conduct for Rooibos Production Code of Conduct for Rooibos Processing Code of Conduct Checklist Code of Conduct for Coffee Checklist Code of Conduct for Individual Certification for Cocoa Checklist Code of Conduct for Group Certification for Cocoa Checklist Code of Conduct for Tea Farms Checklist Code of Conduct for Tea Factories Checklist Code of Conduct for Rooibos Production Checklist Code of Conduct for Rooibos Processing Checklist Chain of Custody Chain of Custody for Coffee Chain of Custody for Cocoa Chain of Custody for Tea and Rooibos Chain of custody checklist Chain of Custody for Coffee Checklist Chain of Custody for Cocoa Chain of Custody for Tea and Rooibos Checklist List of definitions List of Definitions for Coffee List of Definitions for Cocoa List of Definitions for Tea Code of Conduct Annex (Global Guidance) Code of Conduct Annex (Local Guidance) List of Maximum Residue Limits List of Banned Crop Protection products Code of Conduct Annex for Group certification Code of Conduct Annex for Individual certification Code of Conduct Annex for Group certification for: Africa Brazil Colombia Central America Vietnam Code of Conduct Annex for Individual certification for: Africa Brazil Colombia Central America Vietnam List of Maximum Residue Limits for Coffee Generic List of Banned Crop Protection Products Code of Conduct Annex for Group certification for Cocoa Code of Conduct Annex for Individual certification for Cocoa Code of Conduct Annex for Group certification for Cocoa for: Ghana Cote d'ivoire Generic List of Banned Crop Protection Products Code of Conduct Annex for Tea Code of Conduct Annex for Rooibos Production Code of Conduct Annex for Rooibos Processing Generic List of Banned Crop Protection Products List of approved CBs Generic List of approved CBs Generic List of approved CBs Generic List of approved CBs Although the Code of Conduct for Tea Farms and the Code of Conduct for Tea Factories are two separate checklists, factories and farms can be included in the same certificate if they fall under the same management. In this case, two audits take place, one on farm level and one on factory level and one certificate is issued. UTZ Certified

9 2. Certification options UTZ Certified has two scopes of certification: Code of Conduct and Chain of Custody. Both scopes are applicable for the products coffee, cocoa and tea (including rooibos). The overall considerations for certificate holders as well as the options on certification are described in this chapter. 2.1 Certificate Holder When the UTZ Certified Code of Conduct and Chain of Custody refer to a certificate holder, this means the entity that is responsible for implementing, complying with and monitoring the requirements of the UTZ Certified Code of Conduct or Chain of Custody. The Code of Conduct certificate holder is a producer or an entity organizing the producers. All producers selling as UTZ Certified need to be certified. The Chain of Custody certificate holder is a supply chain actor. All supply chain actors need to be registered in the UTZ Program and the scope of their activities will determine if they need to be certified or not. The name that appears on the certificate is the same as the name registered by the certificate holder in the Good Inside Portal. UTZ Certified allows two entities to appear on the certificate. For example if an exporter/trader financially supports a producer group's certification, its name can also appear on the certificate. However, UTZ Certified policy requires that the main name is that of the producer group. e.g.: PRODUCER NAME (mandated by exporter/trader). 2.2 UTZ Certified Code of Conduct The option for certification depends on how the certificate holder is structured. The CB certifies the certificate holder under one of four options. The certificate holder needs to understand clearly under which certification option s/he is certified. Under the Code of Conduct the following certification options are available: Option 1: Individual certification Structure Under this certification option, the individual producer is the certificate holder. Compliance The individual producer is responsible for the compliance of its farm plot(s). The individual producer needs to comply with all the applicable control points and corresponding levels and is responsible for the compliance of the farm (for more information on the levels and control points please check section 3.1). The CB annually audits the individual producer. UTZ Certified

10 Option 2: Multi-site certification Structure Under this certification option, several producers work under one central management. In this case the central management is the certificate holder. These producers or units/locations fall under one central management when there is an identified central location where activities and sites are managed. There is also evidence that proves that the central management owns or is contracted to manage these production areas. Compliance The central management is responsible for the compliance of the producers. All the producers under the central management need to comply with all applicable control points and corresponding level (for more information on the levels and control points please check section 3.1). All the producers are covered under one certificate. The CB annually audits all sites and clearly specifies on the certificate the names of the farms which are included in the certificate. Option 3: Group certification Structure Under this certification option, a group of organized producers is certified. The certificate holder is either the group itself or an entity organizing the group of producers. The group of organized producers can be organized in an association or cooperative or managed by a supply chain actor (such as an exporter) or another entity. In order to certify as a group, the certificate holder has to implement an Internal Control System (ICS). An ICS is a documented system for quality management that manages several aspects of the UTZ Certified Code of Conduct and also ensures the producer s fulfillment of the UTZ Certified Code of Conduct according to internally defined procedures. Compliance The certificate holder is responsible for the proper functioning of the ICS as well as the compliance of its group members. The certificate holder needs to comply with the applicable control points and corresponding level and needs to ensure that the group members comply with the control points p (for more information on the levels and control points please check section 3.1). Group members shall have a similar production system and be in geographic proximity. Producers with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with the applicable control points p and c. For producers with significant hired labor, the producer or her/his respective CB is requested to contact UTZ Certified for further guidance on how the social criteria are checked. The minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the group, with a minimum of 5 members, and is also determined by the result of the risk based evaluation of the ICS. For further information see chapter 4. UTZ Certified

11 Option 4: Multi-Group certification Structure Under this certification option, two or more (individual) groups of organized producers are certified. The multi-group is the certificate holder and the certificate includes the names of the groups. The multi-group is the center that manages the two or more (individual) groups with regards to the activities of the group. Compliance From a certification point of view, the multi-group is responsible for the management of the ICS and ensures compliance with the UTZ Certified Code of Conduct of all groups and their members. Usually each group has an ICS coordinator responsible for working together with the ICS manager of the multi-group. The minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the whole multi-group, and also determined by the result of the risk based evaluation of the ICS. If the sub-groups of the multi-group do not have similar production systems and/or there is no central ICS management on multi-group level, then the sub-groups are seen as individual entities (although gathered under one certificate), and the square root for (external) auditing by the CB is taken per group. Group members should have a similar production system, and be in geographic proximity. Producers with a considerably different production system (nature or geography) may be part of the sub-group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with control points p and c. The multi-group certification is chosen in situations where the multi-group exports produce under the name of the multi-group. The multi-group reserves the option to indicate the name of the (individual) group in the sales documentation and in the UTZ Certified Good Inside Portal. Annex 3 to this document contains additional information for certification procedures for Tea. UTZ Certified

12 2.3 UTZ Certified Chain of Custody The UTZ Certified Chain of Custody requirements have been designed to provide a high level of confidence that UTZ Certified products are physically and/or administratively related to UTZ Certified producers. These requirements are a set of chain-wide administrative and technical requirements ensuring the traceability of UTZ Certified products. Therefore, the standard includes above all criteria for physical and/or administrative separation of UTZ Certified products and non-utz Certified products. Please check the UTZ Certified Chain of Custody documents for coffee, cocoa and tea for the specific product requirements and which supply chain actor in the supply chain needs to be certified. For the Chain of Custody certification, the following certification options are applicable: Option 1: Individual certification Under this certification option, the certificate holder is an individual supply chain actor. The individual supply chain actor can apply for certification against the UTZ Certified Chain of Custody. The individual supply chain actor is responsible for the compliance of its unit(s). The CB annually audits the individual supply chain actor. Option 2 Multi-site certification: Under this certification option, several units/locations belong to one central management. This central management is the certificate holder. These units/locations fall under one central management when there is an identified central location where activities and sites are managed. There is also evidence that proves that the central management owns or is contracted to manage these processing areas. All the sites can be covered under one certificate. The CB makes an annual risk assessment before the audit to assess how many sites of the multi-site need to be physically audited (the risk assessment includes but is not limited to: traceability model, complexity of processing at sites, homogeneity of processing activities within the multi-site operation). The number of sites to be audited by the CB needs to be at least the square root of the total number of sites. For sites that are not physically audited, the CB may require documentation for a documentation check. The CB specifies on the certificate which units/locations are included in the certificate. All sites mentioned on the certificate need to comply with all the applicable control points. UTZ Certified

13 3. Structure and compliance of the Code of Conduct Each product (coffee, cocoa and tea) has Code of Conduct and Chain of Custody requirements. The generic aspects of these documents can be found in this chapter. The structure of the Code of Conduct for Coffee, Cocoa and Tea (including Rooibos) is based on a continuous improvement concept allowing producers to demonstrate that they are maximizing positive impact on production each year. The four year improvement system encourages and supports the producer to implement the Plan-Do- Check-Act (PDCA) cycle. 3.1 Structure and compliance level of the Code of Conduct The structure of the Code of Conduct includes the following aspects: Type of control points: there are two types of control points: mandatory control points (shaded in green) additional control points (not shaded) To obtain certification, the certificate holder has to comply with the mandatory control points and a defined number of additional points in each indicated part/chapter/year. Levels of audit - compliance check level. Control points are in general applicable to the whole production system. However, in order to make it easier for the auditor to check, the Level of Audit column indicates on what level to assess the control point. Each control point has its own level of audit clearly defined in the Code of Conduct. (C) indicates the requirement is checked at certificate holder level, (P) is producer, (N) indicates points to be checked at the nursery, (S) refers to storage and (E) are control points that also need to be checked with an external information source. Year of Compliance: There is a separate column for each year from 1 to 4. It is clearly indicated which mandatory control points need to be complied with in which year, e.g. there is a separate column to assess compliance for year 1 to year 4. The certificate holder can clearly see the control points that become mandatory in the next year. When compliance is reached, the respective box is ticked. Mandatory control points: From year 1 to year 4 the number of mandatory control points increases. This means that the number of total control points required for certification increases per year per part (group of chapters). This is clearly indicated in the columns year 1 to 4. E.g. Part 1 (Chapters 1-2) in the Code of Conduct for Coffee: 1 st year of certification - 12 mandatory control points 2 nd year of certification 13 mandatory control points 3 rd year of certification 15 mandatory control points 4 th year of certification 16 mandatory control points Additional control points: the certificate holder chooses which additional control points he wishes to comply with. It is most useful to choose the additional control points which become mandatory in the next year of certification. UTZ Certified

14 If a mandatory control point is not applicable for the certificate holder in question, then this is indicated in the self-assessment in the comments column (see the Checklist). The number of mandatory control points that are not applicable for certification also needs to be indicated in the calculation section below the criteria. If an additional control point is not applicable for the certificate holder in question, then this is indicated in the comments column (see the Checklist). The additional control point can then NOT be counted in or deducted from the number of additional control points complied with. A new certificate holder starts in the 1 st year of compliance of the Code of Conduct. Certificate holders who recertify move on to the following year of certification 1. E.g. from year 2 to 3, from year 3 to 4 2. For a certificate holder that quits UTZ Certification (i.e. is not re-certified or stops her/his UTZ certification) but at a later stage applies again to become UTZ Certified, the following rules apply: If the non-certified period has been 12 months or less, the certificate holder needs to comply with the subsequent year of compliance following her/his last certification. If the non-certified period was longer than 12 months but less than 36 months, the certificate holder may be assessed again with the year of compliance that was used in her/his last certification. If the noncertified period was longer than 36 months, the producer is considered as a new producer (for the timing of the audit see 4.3) 3. E.g. 1: the certificate holder was certified against year 2 and after that did not apply for recertification for 10 months. When the certificate holder decides to re-apply for recertification, the certificate holder has to comply with year 3 requirements. E.g. 2: the certificate holder was certified against year 2 and after that did not apply for recertification for 30 months. When the certificate holder decides to re-apply for recertification, the certificate holder may be assessed with year 2 requirements. In any case, the certificate holder must consult with her/his Certification Body. Certificate holders can always request to be assessed against requirements of a higher year (e.g. producer groups with producer members in different years of compliance). Harmonization of internal procedures and documentation can lead to a positive effect where time and resources are used effectively. 1 For further details please see the respective Code of Conduct. Exceptions to this requirement can be granted after consultation with the Standards and Certifications Department. 2 When a certificate holder is certified conforming the 4 th year, upon the next year the certificate holder is again certified conforming the 4 th year requirements, until further notice by UTZ Certified. 3 Exceptions to this requirement can be granted after consultation with the Standards and Certifications Department UTZ Certified

15 3.2 Structure and compliance of the Chain of Custody The structure of the Chain of Custody includes the following aspects: The control points in the Chain of Custody are all mandatory. From the first year of certification, all control points need to be complied with. The Chain of Custody documents for coffee, cocoa and tea contain further information on the type of activities covered. The scope of the Chain of Custody certificate is per country, with the exception of EU-27 4 countries where the scope can be EU-27 wide. 4 For a full list please visit UTZ Certified

16 4. UTZ Certification process: audit process, certification conditions It is UTZ Certified s goal to have a timely and orderly audit and certification process. This chapter describes the procedure and timing for arranging and conducting the audit (for either Code of Conduct or Chain of Custody). 4.1 General UTZ Certification process In order to maintain UTZ Certified Code of Conduct and/or Chain of Custody certification, an annual audit must be performed each calendar year (1 January to 31 December). When a new producer or supply chain actor wants to become UTZ Certified, they must complete the following process: 1. A new producer or supply chain actor must first register in the UTZ Certified Good Inside Portal. 2. UTZ Certified provides the producer or supply chain actor with a confirmation of the registration. The confirmation contains the member ID, username and password and it is sent to all registered users in the UTZ Certified Good Inside Portal account. 3. It is recommended that the producer or supply chain actor makes sure that her/his organization complies with the requirements of the Code of Conduct or Chain of Custody (according to the latest versions). In case of a recertification, the certificate holder will already be registered in the Good Inside Portal. It is the responsibility of the certificate holder request an audit on time with the CB before her/his certificate expires. The following steps apply to both new members and those being recertified. UTZ Certified

17 4. The producer or supply chain actor chooses the Certification Body. It is recommended that the producer or supply chain actor requests quotes from several CBs. It is not mandatory to stay with the same CB. 5. There must be a contract between the producer or supply chain actor and the CB where at least the fee, timeframe and scope of the UTZ Certified audit are established. 6. When a producer or supply chain actor applies for an audit with the CB, the CB starts its application procedure by providing the latest version of all the relevant documents (e.g. Certification Protocol, Code of Conduct and/or Chain of Custody). 7. In order to save time, the certificate holder provides the CB with the self-assessment prior to the physical audit. 8. A mutually accepted audit date must be arranged by the CB and the producer or supply chain actor. 9. The audit (physical audit, interviews, documentation checks) takes place before the original or the extension certificate expires. 10. When completing the certification process, the CB must fill in the Summary Report in the UTZ Certified Good Inside Portal and upload the UTZ certificate (certification decision) within 20 working days (4 weeks) of completing the audit. UTZ Certified reserves the right to request additional documentation (e.g. UTZ Certified Checklist signed by the lead auditor and auditor). The CB must comply with this request. 11. When the information in the UTZ Certified Good Inside Portal is reviewed and confirmed by the UTZ Standards and Certification Department, the license will become active and the producer or supply chain actor will be able to record transactions in the Good Inside Portal. The CB needs to ensure the certificate holder receives a copy of the certificate and summary report. UTZ Certified

18 4.2 Audit process This section describes the steps of the audit process for Code of Conduct audits and Chain of Custody audits. Producers and supply chain actors certified against the Code of Conduct and/or Chain of Custody must be annually recertified (each calendar year: 1 January to 31 December). If translators are used during the audit, they should be independent from the producer or supply chain actor being audited. If this is not possible, translators must play a neutral role and the auditor needs to record the name of the translator and her/his affiliation to the organization in the audit report. In order to enhance efficiency of audits and reduce costs, the CB carries out a desk review before the actual audit of the producer or supply chain actor against the Code of Conduct and/or Chain of Custody. Producers and supply chain actors applying for certification must submit the results of the annual self-assessment, the results of the previous audit, and other records demonstrating they are complying with the applicable requirements. The UTZ Certified Checklists facilitate this desk review. The CB reviews the submitted documents and clarifies any issues or areas of concern with the producer or supply chain actor to determine if it makes sense to plan the audit. The CB must ensure the certificate holder receives a copy of the final certificate and summary report General audit process for Code of Conduct The Code of Conduct audit differs depending on the year the certificate holder is complying with. The certificate holder has to comply with a defined number of mandatory control points as well as a defined number of additional points. A new certificate holder starts in the 1 st year of compliance of the Code of Conduct. Certificate holders who recertify, move on to the following year of certification 5. E.g. from year 2 to 3, from year 3 to 4. The desk review serves to establish which year the certificate holder is in and therefore which mandatory control points are applicable. As for the defined number of additional control points, the certificate holder chooses which additional control points they comply with 6. For the certificate holder it is most useful to choose the additional control points which become mandatory in the next year of certification. For a first audit, the auditor will verify the requested records in the Code of Conduct for the 3 months prior to the date of audit in order to have an overview over the record keeping on the farm. The records have to meet the Code of Conduct requirements from the beginning of the validity of the certificate on. For a subsequent audit (recertification) the auditor will verify all the requested records in the Code of Conduct going back to the previous audit. For the audit, UTZ Certified strongly recommends that all points, when applicable, are verified in order to raise awareness with the certificate holder on which control points are coming up and/or which need further improvement for compliance. The certificate holder can request that the CB focus on the mandatory and chosen additional control points only (e.g. in order to save time), provided (1) the self-assessment contains all information regarding the applicability of control points and which additional control points the certificate holder wants to comply with and (2) the certificate holder has clear evidence of the non-applicability of any control point. 5 For further details please see the respective Code of Conduct. 6 Additional control points which the certificate holder did not choose (yet) to comply with, do not have to be included in the summary report as being a non-compliance. It is optional to mention these points, or some of them, as points which need to be addressed in future certifications. UTZ Certified

19 Code of Conduct audit of an individual or multi-site certification The audit will be undertaken at the farm and central office, using the latest document of the Certification Protocol and Code of Conduct. The audit will include: 1) opening meeting with management 2) review of the results of the previous external audit and annual self-assessment done by the producer 3) review of all relevant documentation 4) evaluation of records 5) product flow control calculations 6) discussions / interviews with key staff 7) physical audit: In case of an individual certification, the auditor will audit the individual farm. If the farm has several plots, the minimum number of plots to be audited will be based on the square root of the number of plots belonging to the farm. The CB can increase this number at its own discretion and based on justifiable criteria. Every year a different sample group of plots should be audited. The individual farm is audited against all the applicable control points of the Code of Conduct. In case of a multi-site certification, the CB annually audits each of the sites/units which are applying for certification, and clearly specifies on the certificate which sites/units are included in the certification. All sites/units are audited against all the applicable control points of the Code of Conduct. 8) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed) Code of Conduct audit of a group and multi-group certification The audit of a group will be undertaken at the central office or administrative center of the group, using the latest document of the Certification Protocol and Code of Conduct. This is the place where the Internal Control System (ICS) of the group is managed, where all documentation can be found and where control over key decision making is. A group of farmers can be considered one farm unit if all farmers demonstrably follow the same farming practices and have a joint management system. The audit will include: 1) opening meeting with management of the group 2) evaluation of the structure and functioning of the ICS, checking: the list of the members of the group the contract or agreement between the producer and the group or ICS management, specifying the rights and obligations of both the internal standard of the group, which is an adapted interpretation of the Code of Conduct applicable for the specific situation of the group, indicating the applicable control points UTZ Certified

20 the risk assessment: the auditor shall carry out a risk assessment of all steps in the production chain and its immediate environment, as well as in the ICS, to identify risks to the integrity of production. The risk assessment shall function as a basis for the audit and certification activities. 3) review of all relevant documentation, including the self-assessment 4) evaluation of records 5) review of the annual internal audit done by the ICS 6) review how non-compliances are dealt with by the ICS 7) product flow control calculations 8) discussions / interviews with key staff 9) physical audit: In case of group certification, the auditor audits the square root of the number of members/producers belonging to the group with a minimum of 5 members. The number will also be determined by the result of the risk based evaluation of the ICS. The farms to be audited must be selected in a way that represents the whole group, based on a combination of risk-based evaluation and random selection. The CB can increase the number of farms to audit at its own discretion and based on justifiable criteria. Members/producers with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with the applicable control points p and c. In case of a multi-group certification, the minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the whole group, and also determined by the result of the risk based evaluation of the ICS. If the sub-groups of the multi-group don t have similar production systems and/or there is no central ICS management on multi-group level, then the sub-groups are seen as individual entities (although gathered under one certificate), and the square root for (external) auditing by the CB is taken per group. As with group certification, multi-groups with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB and comply with applicable control points p and c. 10) witness audits of a representative sample of internal inspectors: Assessment of the competence and performance of internal inspectors 11) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed) General audit process for Chain of Custody The control points in the Chain of Custody are all mandatory. From the first year of certification, all control points need to be complied with. Please check the respective UTZ Certified Chain of Custody documents for coffee, cocoa and tea for the specific requirements and which supply chain actor in the supply chain needs to be certified. UTZ Certified

21 For a first audit, the auditor will verify the requested records in the Chain of Custody for the 3 months prior to the date of audit in order to have an overview over the record keeping on the organization. The records have to meet the Chain of Custody requirements from the beginning of the validity of the certificate. For a subsequent audit (recertification) the auditor will verify all the requested records in the Chain of Custody going back to the previous audit. Chain of Custody audit of an individual or multi-site certification The audit will be undertaken at the location of the supply chain actor, using the latest document of the Certification Protocol and UTZ Certified Chain of Custody. The audit will include: 1) opening meeting with management 2) review of all relevant documentation, self-assessment and results of the previous external audit 3) evaluation of records 4) discussions / interviews with key staff 5) physical audit: In case of an individual certification, the auditor will audit the individual supply chain actor against all the applicable control points of the Chain of Custody. In case of a multi-site certification, the CB makes an annual risk assessment before the audit to assess how many sites of the multi-site need to be physically audited (the risk assessment includes but is not limited to: traceability model, use of subcontractors, complexity of processing at sites, homogeneity of processing activities within the multi-site operation). The number of sites to be audited by the CB needs to be at least the square root of the total number of sites. For sites that are not physically audited, the CB may require documentation for a documentation check. The CB specifies on the certificate which units/locations are included in the certificate. 6) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed). 4.3 Certification conditions This section describes the conditions for certification which need to be adhered to by certificate holders (producers, supply chain actors) and CBs for the Code of Conduct and Chain of Custody audits General certification conditions for Code of Conduct and Chain of Custody certification The following conditions are applicable for all products and their respective Code of Conduct and Chain of Custody certifications. Further conditions for the Code of Conduct for Tea certification are given in annex 3. a. The certificate is valid for a period of 365 days. There cannot be a time gap between the certificates 7. b. The certificate holder has to have a signed contract with the CB latest at the date of the certificate is issued 7 Exception to this requirement is only granted when the certificate holder changes CB (at the end of the certificate validity), and when in this case the contract with the new CB has not been established at the time of expiration of the previous certificate. UTZ Certified

22 c. If the certificate holder changes CB for its certification process, the CB with whom the member has a valid contract is the one who is able to make an extension of the (current) certificate. A CB can always decline an extension if the certificate holder does not provide enough evidence that the extension is justified. d. Extension of a certificate can be granted up to 3 months after the original certificate expires. However, there always has to be an annual audit, each calendar year (1 January to 31 December). The certificate holder must request the extension with the CB. An extension can only be allowed if a re-audit has been planned and confirmed. UTZ Certified is informed of the extension of a certificate with the respective reason, date of the next audit and attached certificate including the extension, before the current certificate/license expires. e. In case of extension, the audit can be done at any time up to 3 months after the expiry date of the original certificate. The certificate is then issued for the remaining period of the new certification period. For example, if a 3 month extension is granted, the new certificate will be valid for the next 9 months. f. During subsequent audits, CBs can audit the certificate holder at any time of the year, provided it is before the expiration date of the certificate. This enables the CB to audit on different stages of production which is highly recommended by UTZ Certified. g. UTZ Certified strongly recommends carrying out the audit at the latest 1 month before the expiration of the certificate to ensure a smooth process. h. The UTZ Certified certificate for Code of Conduct and Chain of Custody can only be issued when all the noncompliances which inhibit the certification are resolved. In case of a subsequent audit (recertification), the validity dates of the certificate will be aligned with the validity dates of the previous certificate, since the certification is a continuous process. i. In the case of a subsequent audit (recertification), if the certificate holder decides to not receive the yearly audit, the CB cancels the contract Certification conditions for Code of Conduct The following conditions only apply for a Code of Conduct certification: a. The first audit (for a new producer) should be 3 months before or up to 3 months after the beginning of the harvest. Harvest refers to main/big or mid/small harvest. If the certificate holder decides at a later stage to request the first audit (at the end or after the harvest), this harvest cannot be certified. If there is a continuous harvest, the first audit can take place at any moment in time. b. The validity of the certificate starts at the beginning of the harvest of the certificate holder (so that the entire harvest period is covered by the certificate). If the first audit has taken place during the harvest, the validity of the certificate still starts at the beginning of the harvest, implying that the CB has to check the requirements retrospectively for the period passed from the beginning of harvest to the audit date. In case of a continuous harvest, the validity of the certificate can start at any moment in time (i.e. when the certificate holder is in compliance and at the earliest 3 months before the audit - the latter than requiring a retrospective check). c. As mentioned above, the UTZ Certified certificate for Code of Conduct can only be issued when all the corrective actions of the non-compliances which inhibit certification have been addressed. In the case that UTZ Certified

23 non-compliances are directly related to that year s harvest and are of a serious nature, the harvest cannot be certified 8. d. As mentioned above, in case of a subsequent audit (recertification), if the certificate holder decides to not receive the yearly audit, the CB cancels the contract. If the certificate holder decides at a later stage (i.e. more than 3 months after the beginning of the harvest) to request the audit, the harvest of that year cannot be certified. Example case: a new producer will receive an audit for the first time for the UTZ Certified Code of Conduct certification. The harvest starts in November 2012 and, according to the Protocol, the auditor can audit shortly before (not more than 3 months) or during the harvest (first 3 months), i.e. between the period of to February The auditor performs the audit in October 2012 and issues the certificate with a validity starting on the 20 th November The certificate is now valid until the 19 th November In 2013, the CB issues an extension of 3 months. The certificate is extended until the 19 th February This is only possible if the auditor does the audit before the 31 st December The new issued certificate will then be valid from the 20 th February 2014 to 19 th November First certificate: 20 th November th November 2013 Extended certificate: 20 th November th February 2014 Audit performed before 31 st of December 2013 Second certificate: 20th February th November Certification conditions for Chain of Custody The following conditions only apply for a Chain of Custody certification: a. In case of a Chain of Custody certification, a new supply chain actor has 3 months to receive the audit from the moment the supply chain actor starts the certified activities (e.g. processing). b. The certificate will be issued with a validity date which is the same as when the supply chain actor started processing the certified produce (in Mass Balance Cocoa Chain of Custody: 3 months from the moment the certified cocoa has been received). 4.4 Determining volume of certified production CBs are required to estimate the volume of produce from a certificate holder that may be sold as UTZ Certified. This volume must be mentioned on the Code of Conduct certificate. The certified quantity of produce must be determined based on historical production records and forecasts of the current crop. If the harvested volume is higher than the forecasted volume (and to the certified volume), the producer may decide to certify the extra volume. The CB can report the change in certified volume in one of the following ways: - The CB reports to UTZ Certified the change in certified volume by requesting a volume extension in the Good Inside Portal before the expiration date of the certificate/license. The CB includes the extra volume as carryover in the new certificate after the extra volume is assessed during the recertification audit If the certificate holder (i.e. the producer or the group of organized producers) still has certified produce from the previous year s certification in stock, the auditor assesses the quantity which is still available to be 8 For consultation, the CB can contact the UTZ Standards and Certification team. UTZ Certified

24 sold as UTZ Certified product. This quantity is then included as carry-over volume in the Code of Conduct certificate and the certificate holder can still sell the quantity as certified produce. Volumes delivered to the warehouse and announced in the Good Inside Portal cannot be taken as carryover in the new certificate. 4.5 Changes in certification information The certificate holder must inform the CB of all changes concerning the certification information (production area, volume, new members, and sites). The CB can then follow up in accordance with the Certification Protocol and request an extension of the current certificate via the Good Inside Portal. The CB will issue a new certificate containing the changes and report the extension from UTZ Certified. If an additional audit has been performed, the certificate and the audit report need to be sent to UTZ Certified. CBs can request a Summary Report template for additional audits to: [email protected] Up to 10% of new production area and/or volume for a certified producer may be added to the certificate annually by registering the additional area with the CB without further verification by the CB. If the increase in the production area and/or volume of a certified producer is more than 10% in one year, an additional audit will be required during that year before the extension may be added to the existing certificate. Up to 10% of new members of a producer group may be added to the certificate annually by registering the additional members with their production area and volume with the CB without further verification by the CB. If the increase in the number of members of a producer group is more than 10% in one year, an additional audit of the ICS and of the square root of the number of new members will be required during that year before the extension may be added to the existing certificate. Regardless of the number of new members of a producer group in one year, if the group as a whole increases the production area and/or volume by more than 10% in one year, an additional audit of the ICS and of the square root of the number of new members will be required during that year before the extension may be added to the existing certificate. These changes in certification information refer to changes occurred during the validity of a certificate, i.e. after the producer or supply chain actor have received the certificate and before the expiry date of the certificate. 4.6 Non-compliances: warning, suspension and cancellation a. If there are non-compliances preventing certification, the CB and the certificate holder need to agree on the period within which the certificate holder has to address these non-compliances. The recommended period for resolving non-compliances is up to 12 weeks (maximum of 60 working days). The CB must set a new, mutually acceptable date for re-audit if applicable depending on the corrective action plan set up. The certificate is only issued when all mandatory and the necessary number of additional control points are complied with, and non-compliances (if applicable) have been resolved. If a certificate holder does not comply with the Code of Conduct certification, the CB cannot certify that harvest and the certificate holder needs to apply for a new audit for the following year s harvest. UTZ Certified

25 In the case of a Chain of Custody certification, a certificate holder needs to apply for a new audit (no specific time frame is indicated). b. If one of the previous years non-compliances is repeated in the new certification, the corrective action has to be more stringent than in the previous certification decision. c. If the certificate holder changes CB for its certification process, the previous CB is required to inform the new CB on the results of the previous external audit. In the case of certification against the Code of Conduct, the certificate holder continues with the following year of compliance based on the last certification. Certificate holders cannot stay an additional year on the same level because they decided to change CBs. d. The complaints procedure for complaints by the certificate holder to a CB about its performance is described in chapter 6 of this document. CBs must have systems in place to identify non-compliance with the Code of Conduct or the Chain of Custody as described below. A certificate holder may be warned, suspended or her/his certificate could be withdrawn for noncompliance with mandatory and/or additional control points, and/or with the UTZ Certified Certification Protocol Non-compliance with a mandatory control point The certificate holder must report in advance any non-compliance with a mandatory control point found, to the respective CB The certificate holder must take appropriate actions to correct this non-compliance. a. If the CB detects that the certificate holder did not report the non-compliance during the assessment, the CB issues a written warning within 6 weeks from the moment the non-compliance was detected, requesting compliance with the respective control point so the certificate holder can correct it in a maximum of 12 weeks (60 working days). The corrective actions need to be agreed between the CB and certificate holder. The non-compliances and corrective actions taken need to be documented and be available to the auditor. If the corrective actions have not been undertaken and checked by the CB within this timeline, the CB has to immediately suspend the certificate holder for a period of 3 months. In the case of several noncompliances with mandatory control points detected by the CB, the CB may decide to suspend the certificate holder for a longer period of time. While the certificate holder is suspended, the certificate holder may not sell its produce as certified. Before the end of the suspension period, the CB must re-audit the certificate holder to verify compliance with the specific control points.. If the same non-compliance with the same control point is detected, the current certificate (in case there is one) of the certificate holder is withdrawn and a certificate for the new certification period cannot be issued. The certificate holder may not apply for re-certification for one harvest (or for one year in the case of a continuous harvest). b. If the certificate holder did report the non-compliance to the CB, the certificate holder needs to take corrective actions to comply with the respective control point before the external audit takes place. The non-compliance and the corrective actions need to be documented and the CB will verify the fulfillment of the corrective actions during the recertification audit. If the CB detects that the corrective actions have UTZ Certified

26 not been undertaken, the procedure described above for non-reported non compliances needs to be followed Non-compliance with an additional control point (applicable to Code of Conduct only) If the CB detects during the audit or if the certificate holder reports that the requested number of additional control points is not complied with, the same measures apply as for non-compliances with a mandatory control point Non-compliances in case of group or multi-group certification The member/producer must report any non-compliance to the ICS management. The ICS management must take appropriate actions with the member/producer to correct this non-compliance. The ICS must record any warning, suspension or cancellation. a. If the internal inspection detects that the producer did not report the non-compliance to the ICS management, the ICS management should immediately suspend the producer. While the producer is suspended, the producer may not sell the produce as certified. Before the end of the suspension period, the producer must be internally re-inspected. If the same non-compliance with a mandatory control point is detected, the producer is cancelled as a member of the group and may not apply for re-certification for one harvest (or for one year in the case of a continuous harvest). b. If the producer did report the non-compliance to the ICS management, the ICS should issue a warning to the producer and grant a period for corrective actions. During that period the producer continues to be considered member of the group and may sell the produce as certified. At the end of the corrective action period, the ICS must internally re-inspect the producer to verify compliance with the control point(s) in question. If the same non-compliance is detected, the procedure for non-reported non-compliances need to be followed. The UTZ certificate for Code of Conduct and Chain of Custody can only be issued when all the non-compliances which prevent certification have been resolved. These non-compliances are reported to UTZ Certified in the Good Inside Portal. In the case of a Code of Conduct certification and non-compliances that are directly related to that year s harvest and of such a serious nature, the harvest cannot be certified. The CB must record any warnings and immediately inform the Standards and Certification Department of UTZ Certified accordingly in writing. In case of a suspension, the CB records the suspension immediately in the Good Inside Portal and informs UTZ Certified Standards and Certification Department by . The certificate holder must inform its UTZ Certified customers on the status of any suspensions. If a suspension leads to a withdrawal of the certificate (decertification), the Standard and Certification Department of UTZ Certified must be informed immediately in writing. The address for all these notifications is [email protected]. UTZ Certified

27 5. Internal Control System and requirements An internal control system (ICS) is a quality management system that indicates the necessary measures that producers take to improve their organizational skills, management, efficiency and overall performance. The ICS is a requirement to achieve Code of Conduct Group and Multi-Group Certification and to ensure that all members of the group comply with the UTZ Code of Conduct. The annual audit of all individual group members is delegated from the CB to the producer group s ICS, which means that internal inspections are considered formal inspections. The CB evaluates whether the ICS is working well to assure that all members of the group are complying with the Code of Conduct. The CB also checks whether the ICS procedures, as developed by the group, meet the minimum criteria of the UTZ Certified Code of Conduct. The audit is done by checking the ICS documentation, the qualifications of ICS staff and re-inspecting a representative number of group members. 5.1 General requirements for an ICS An ICS consists of different elements: An Internal Standard and Procedures document to ensure compliance with the UTZ Certified Code of Conduct requirements. The internal standard indicates the applicable control points of the Code of Conduct for the specific situation of the group. All ICS records and documents requested by the UTZ Certified Code of Conduct updated and accessible for the external inspector at a central location. List of the group members. Contract or agreement between the producer and the group or ICS management, specifying the rights and obligations of both. An internal inspection system in place. Each registered producer is inspected at least once a year against the applicable UTZ Certified requirements. The internal inspection can be done at any time of the year and can be combined with other activities as long as it is clear to the producer which activities are part of the internal inspection. At the time of the external audit, the internal inspection round has to be complete enough to assure the CB that the whole group is compliant with the Code of Conduct. Procedures for internal inspections and approval of farmers. There is an approval and sanction manager or committee who assesses the certification status of each producer based on the findings of the internal inspection. Records of warnings, suspensions or cancelations of members for non-compliances with mandatory and/or additional control points, and/or with UTZ Certified contractual agreements. The periods for corrective actions determined by the ICS need to be included. Procedures that allow the producer to exert her/his right to appeal any decisions made by the approval and sanction manager or committee. UTZ Certified

28 Records of the internal inspections to new group members. Those inspections need to be performed before the member can sell its produce as certified. 5.2 Definition and responsibilities for internal inspectors An internal inspector is appointed by the ICS management to undertake internal inspection of individual group members. Internal inspectors may provide advice to group members but then should only inspect those same members in justified cases, e.g. when the group management ensures and monitors the neutrality of the internal inspector. Requirements for internal inspectors: Internal inspectors are trained at least once a year. If the group subcontracts the internal inspection process, the ICS manager is responsible for the work carried out by the internal inspectors. The ICS manager is responsible for defining the necessary competences of its internal inspectors in terms of knowledge of local/regional agricultural systems, technical and social know-how of principles and practices of UTZ Certified, competence in control procedures and internal standards, among others. Records of education, training, skills and experience have to be maintained by the group management. New internal inspectors have to receive appropriate training before carrying out their tasks Note: Useful information about Internal Control Systems (ICS) for group certification can be found in the UTZ Certified guides on how to establish an ICS. It is an EXAMPLE of how to set up and manage an Internal Control System for certification against the UTZ Certified Code of Conduct. These guides are available from the UTZ Certified Training Center. UTZ Certified

29 6. Complaints, appeals and dispute procedure Producers or supply chain actors who have a complaint, appeal or dispute with a CB or subcontractor of the CB, about the audit and audit process, must submit it in writing to the CB. The CB must have a procedure for registering and addressing these complaints, appeals and disputes 9. The CB must reply to the plaintiff within 15 working days (3 weeks). If the complaint, appeal or dispute is not resolved within 20 working days (4 weeks), the CB must report it to UTZ Certified. If the plaintiff feels that the complaint, appeal or dispute was not handled properly by the CB, the plaintiff can report this to the UTZ Standards and Certifications Department Surveillance by the CB of certified producers and/or supply chain actors Certificate holders must inform the CB about any change in the certification information or scope of their certificate. If the CB deems it necessary, it may decide to carry out an additional investigation and/or an audit of a certified certificate holder. Also, the CB may suspend the certificate/license of the member and in this case the certificate holder is not allowed to sell the certified produce until the CB has notified her/him that s/he can do so. The CB needs to inform UTZ Certified about this. During the audit the CB evaluates the produce of the Certificate Holder to confirm that it continues to comply with the Code of Conduct and/or Chain of Custody. Furthermore, the Code of Conduct requires every certificate holder to keep a record of all complaints related to the certified produce and make these records available to the CB. The certificate holder must take appropriate action with respect to complaints and any deficiencies found in products or services that affect compliance with the standard. All actions should be documented by both the CB and the certificate holder. This surveillance can also result from complaints about the certificate holder by other parties to the CB, e.g. the government or NGOs. 9 A complaints procedure in place is one of the requirements of UTZ approved CBs (ISO 17065) 10 This can be sent to [email protected] UTZ Certified

30 7. Approval procedure for Certification Bodies and their relationship with UTZ Certified UTZ Certified approves Certification Bodies (CBs) to ensure that producers and supply chain actors can choose from a selection of credible and reliable CBs. Only approved CBs are allowed to audit against the UTZ Certified Code of Conduct and the UTZ Certified Chain of Custody. 7.1 Approval procedure The approval procedure for a CB consists of: 1. The CB needs to apply for approval from UTZ Certified using the application form that is available upon request at [email protected]. The CB sends the completed application form together with the required documentation for approval to the same address. 2. When all required documents have been received by UTZ Certified, the documents are verified and if all requirements are met an agreement of cooperation is sent to the CB. Once this agreement is signed and returned to UTZ Certified, an official approval statement is issued. The CB receives access to the Good Inside Portal and will be listed in the CB Directory and in the UTZ Certified List of approved Certification Bodies Requirements for approval To obtain approval, the CB must comply with one of the following requirements: Have a valid ISO 65 or EN accreditation with the scope of the UTZ Certified standard or another relevant agricultural scope that includes Good Agricultural Practices, such as GLOBALGAP crops base or IFOAM accreditation UTZ Certified will assess the relevant experience and accredited scopes. And the Accreditation Body needs to comply with one of the following requirements: Proof of membership of the Accreditation Body to the Multilateral Agreement (MLA) on product certification. The Accreditation Body must: 12 - Either be part of the European Co-operation for Accreditation (EA) or - Must be a member of the International Accreditation Forum (IAF) or - Be an ISEAL full member 11 The list is available at 12 Request for exceptions can be submitted to the UTZ Standards and Certification Department. UTZ Certified

31 The CB also needs to hand in the following documents: Organization charts of head and local offices and internal structure. A list of countries in which the CB will offer UTZ Certified audits. This list must include the respective (local) office of each country including the contact details and contact person. These contact details will also appear on the UTZ List of approved Certification Bodies. The required documentation of the lead auditor according to chapter and/or and proof of training of the scheme manager according with chapter 7.4 Subcontracting by the approved CB of another CB or an Inspection Body (IB) or a free-lance auditor for the UTZ Certified audit is possible. The subcontractor must be controlled by the CB, have a contract with the CB and must be included in the scope of ISO 65 accreditation of the CB. The CB is responsible for managing the user accounts and rights of the subcontractor in the Good Inside Portal. UTZ Certified therefore sees them as part of the approved CB. In the continuation of this document, UTZ Certified only refers to the approved CB which includes the above mentioned subcontracting situations. 7.3 Approval for UTZ Certified product and standard scopes When applying for approval as an UTZ Certified CB, the CB indicates on the application form what product scope (coffee, cocoa and/or tea) and what standard scope (Code of Conduct and/or Chain of Custody)wants to offer to their clients. The approval procedures and qualification requirements (for lead auditors and auditors) are the same for all product scopes except for the product specific knowledge. For the standards scopes, the requirements vary as it is described in chapters 8.2 and 8.3 in this document. It lies within the responsibility of the CBs to train the auditors according to the UTZ Certified product and standard scopes. If a CB is already approved for one product and standard scope but also wants to offer its services for another product and/or standard scope, it needs to re-apply for approval for the new product and/or standard scope 7.4 Communication with UTZ Certified The CB must appoint a scheme manager. The scheme manager may be another person than the lead auditor for the UTZ certification. In that case the scheme manager is also required to follow the relevant UTZ Certified trainings. A proof of compliance to this requirement needs to be provided to UTZ Certified. The primary tasks of the scheme manager are: to provide all UTZ certification documents to the Standards and Certification Department in accordance with the UTZ Certified Certification Protocol to keep all UTZ Certified related documentation up to date to coordinate all requested reporting in the Good Inside Portal to be responsible for proper management of the account of the CB in the Good Inside Portal. Communication with UTZ Certified concerning certification decisions is done under the responsibility of the lead auditor. UTZ Certified

32 In the case that the CB decides to appoint a new person as a scheme manager, the CB needs to inform UTZ Certified in writing about this change. 7.5 Warnings and withdrawal of approval by UTZ Certified UTZ Certified reserves the right to sanction a CB on evidence of improper procedure or behavior, following this document and the agreement of cooperation signed between the UTZ Certified approved CB and UTZ Certified. UTZ Certified will issue a warning for each case of evidence of improper procedure or behavior. UTZ Certified may decide to request a replacement of the lead auditor or to withdraw a CB s approval if the CB is no longer complying with the approval requirements the CB s performance has repeatedly been found to be weak (e.g. the certification decisions and corrective actions by the CB are not in line with the intent of the UTZ Certified Code of Conduct or Chain of Custody standards, or the CB is not adhering to the procedures laid down in the Certification Protocol, the CB is not attending trainings offered by UTZ Certified) one of the CB s auditors or staff members has been found to be involved in a corruption case / has accepted bribes UTZ Certified will issue warning(s) to the CB before the CB s approval is withdrawn. However, UTZ Certified reserves the right to immediately withdraw approval of the CB after a first incident of improper procedure or behavior. 7.6 Monitoring of Certification Bodies performance To ensure a good level of competence and consistency across all CBs, all monitoring activities may be done by an UTZ Certified employee or a subcontracted party to UTZ Certified. UTZ Certified reserves the right to perform CB monitoring activities. Some of these activities include but are not limited to: UTZ Certified reserves the right to accompany any UTZ Certified audit of a CB (shadow audit). UTZ Certified can either announce to the CB that the audit will be accompanied or can agree on it with the (prospective) certificate holder and accompany the audit unannounced. UTZ Certified will communicate the findings of the accompanied audit to the CB. Review audits. This is an onsite visit to the producer or supply chain actor using the last audit summary report and related documentation. This is a spot check to see if the summary report of the certification body correlates with what is seen at the time. In-depth monitoring of non-compliances and proposed corrective actions by the CB. Surveys (through questionnaires or any other means) to its stakeholders about the performance of a CB. If the performance is found to be weak the CB will be warned or its approval can be withdrawn (see 7.5). UTZ Certified

33 8. Qualification requirements for lead auditors, auditors and internal inspectors This chapter describes the qualifications in terms of training and experience that UTZ Certified requires from lead auditors and auditors for auditing against the Code of Conduct and the Chain of Custody. The responsibilities of the internal inspectors of producer groups are also described. 8.1 Definition and responsibilities for lead auditor, auditor and internal inspector A lead auditor is the person who is responsible within the CB: for ensuring and supervising that all auditors: - are qualified conforming to the auditor requirements of this Certification Protocol. - conduct the audits according to this Certification Protocol. for the final certification decision. 13 that the certification documents (audit reports, certificate and certificate decision) are submitted according to the requirements set out in chapter 10 of this document. The lead auditor may also perform audits in the field/on-site. In that case another qualified (and approved by UTZ Certified) lead auditor within the certification body is responsible for the final certification decision (to comply with the four eyes principle ). The lead auditor is responsible for being up to date on the UTZ Certified documents and requirements. The lead auditor also attends UTZ Certified trainings when required. An auditor is the person who conducts the field/site audit. The responsibilities of auditors regarding the UTZ Certified audits are to: perform audits of producers and of the Internal Control Systems (ICS) of producer groups in compliance with the UTZ Certified Code of Conduct. perform audits of supply chain actors in compliance with the UTZ Certified Chain of Custody. produce timely and accurate UTZ Certified summary reports of the audits in accordance with the criteria specified in chapter 9. stay up to date with developments, issues and regulatory changes that pertain to auditing in general and UTZ Certified auditing in particular. An internal inspector is appointed by the ICS management to undertake internal audits of individual group members. Internal inspectors may provide advice to group members but should only inspect those same members in justified cases, e.g. when the group management ensures and monitors the neutrality of the internal inspector. If the group subcontracts the internal inspection process, the ICS manager is responsible for the work carried out by the subcontracted internal inspectors. 8.2 Qualification requirements for Code of Conduct The qualification requirements mentioned in chapter and respectively for the lead auditors and auditors are specifically for auditing against the Code of Conduct. 13 If the lead auditor wants to appoint a replacement or additional persons to sign and/or take certification decisions on her/his behalf, the CB first needs to inform UTZ Certified in writing at [email protected] UTZ Certified

34 8.2.1 Qualification requirements for lead auditor The lead auditor has to be competent in the assessment of the UTZ Certified Code of Conduct. Competence is based on education, training, skills and experience. 1. Basic education qualifications: a. Minimum of post high school (post-secondary school) training in horticulture or agriculture/food related discipline, including the understanding and application of Good Agricultural Practices (GAP) and Integrated Pest Management (IPM). 2. Skills, qualifications and experiences: a. Training in the practical application of the UTZ Certified Code of Conduct, and Certification Protocol. b. Successful completion of the E-learning course or webinar for UTZ Certified CBs. 14 c. Demonstrable knowledge of the production and processing systems of the applicable UTZ Certified products (coffee, cocoa and/or tea). 15 d. Successful completion of an ISO 9000/9001 lead auditor course and experience in auditing of Internal Control Systems (ICS) or proof of ICS training (only applicable in case of certification of groups). e. Successful completion of HACCP training based on the principles from Codex Alimentarius (Alinorm 97/13) or ISO course and the ability to demonstrate competence in understanding and applying a HACCP system or ISO and mould-toxin prevention. f. Successful completion of food hygiene training, either as a part of professional qualifications or by the successful completion of a course. g. Qualification for auditing social or ethical standards, e.g. demonstrable knowledge of worker welfare issues and social auditing experience, for example with SA8000 or related social or ethical accountability codes such as Fairtrade. h. Successful completion of a training or workshop on occupational health and safety auditing. i. Successful completion of a training or workshop on environmental or ecological auditing or demonstrable knowledge of and experience in environmental and ecological auditing, for example experience with organic agriculture, ISO or Environmental Management Systems (EMS). 3. Communication skills: a. Has working language skills in English or Spanish suitable for verbal and written reporting to UTZ Certified. Proof of the above skills and qualifications must be submitted (by ) together with the required documentation for the CB when seeking approval from UTZ Certified. Exceptions to any of these requirements must be registered in advance and approved by UTZ Certified. 14 The Standard and Certification Department will provide further information when applying. 15 The required demonstrable knowledge depends on the choice of product scope. UTZ Certified

35 8.2.2 Qualification requirements for auditors The auditors have to be competent in the assessment of the UTZ Certified Code of Conduct. Competence is based on education, training, skills and experience. 1. Basic education qualifications: a. Minimum of post high school (post-secondary school) training in horticulture or agriculture/food related discipline. Additional requirements: a. Contract with an UTZ Certified approved CB. b. Proof of participation in training on the UTZ Certified Code of Conduct, given by UTZ Certified or by the lead auditor within the CB. c. Demonstrable knowledge of the production and processing systems of the applicable UTZ Certified products (coffee, cocoa and/or tea). 16 d. Experience in auditing of Internal Control Systems (ICS) or proof of ICS training (only applicable in case of certification of groups). e. Understanding of Good Agricultural Practices (GAP) and Integrated Pest Management (IPM). f. Proof of auditor training including social and environmental auditing skills. UTZ Certified reserves the right to request the name and CV of the auditor from the CB at any time. Exceptions to any of these requirements must be registered in advance and approved by UTZ Certified. 8.3 Qualification requirements for Chain of Custody audits The qualification requirements mentioned under chapter and for the lead auditors and auditors are specifically for Chain of Custody audits Qualification requirements for lead auditor The lead auditor has to be competent in the assessment of the UTZ Certified Chain of Custody audits. Competence is based on education, training, skills and experience. 1. Basic education qualifications: a. Minimum of post high school (post-secondary school) training in horticulture or agriculture/food related discipline. 2. Skills, qualifications and experiences: b. Training in the practical application of the UTZ Certified Chain of Custody and labeling requirements, knowledge and understanding of the UTZ Certified program. c. Demonstrable knowledge of production and processing systems and experience in auditing these systems. 16 The required demonstrable knowledge depends on the choice of the product scope. UTZ Certified

36 d. Successful completion of HACCP training based on the principles from Codex Alimentarius (Alinorm 97/13) or ISO course, and ability to demonstrate competence in understanding and applying a HACCP system or ISO and mould-toxin prevention. Proof of the above skills and requirements need to be submitted (by ) together with the required documentation for the CB when seeking approval from UTZ Certified. Exceptions to any of these requirements must be registered in advance and approved by UTZ Certified Qualification requirements for auditors Auditors have to be competent in the assessment of the UTZ Certified Chain of Custody audits. Competence is based on education, training, skills and experience. 1. Basic education qualifications: a. Minimum of post high school (post-secondary school) training in horticulture or agriculture/food related discipline. Additional requirements: b. Contract with an UTZ Certified approved CB. c. Demonstrable knowledge of production and processing systems. d. Successful completion of HACCP training based on the principles from Codex Alimentarius (Alinorm 97/13) or ISO course and ability to demonstrate competence in understanding and applying a HACCP system or ISO and mould-toxin prevention. UTZ Certified reserves the right to request the name and CV of an auditor from the CB at any time. Exceptions to any of these requirements must be registered in advance and approved by UTZ Certified. 8.4 Qualification requirements for internal inspectors The internal inspector needs to be qualified to conduct internal inspections on all group members and of the Internal Control System (ICS) of the supply chain actor. It is the responsibility of the certificate holder to determine the necessary competencies for its internal inspectors and to provide training for them. Records of education, training, skills and experience have to be maintained by the group management. New internal inspectors have to receive appropriate training before carrying out their tasks. More information on internal inspectors can be found in chapter Impartiality, independence and confidentiality Lead auditors, auditors and internal inspectors are not permitted to carry out any activities which may affect their independence, impartiality or confidentiality. Lead auditors and auditors should not carry out consultancy activities for the producer or group of producers on whom they perform audits. Nor should they have worked (as an employee or advisor) for the producer or the group of producers during the last 3 years. UTZ Certified

37 If the CB offers pre-audits to a producers or supply chain actors, the CB must ensure that the same auditor does not perform the full audit nor takes part on the certification decision. The lead auditor or auditor should immediately report any situation that may influence her/his independence, impartiality or confidentiality to the management of the CB. Training (of trainers) is permitted only if the CB is able to demonstrate that the auditor is not advising on work that will be later inspected by the same CB. Any doubts should be discussed with UTZ Certified. Lead auditors and auditors must strictly observe and respect the internal procedures on confidentiality of information and records of both the CB and the supply chain actor. Information and records of the audit can only be given to third parties with written consent of the client and of the CB. UTZ Certified

38 9. Certification Bodies and their obligations In order to maintain a complete and correct overview of the activities of the CBs, CBs have reporting obligations to UTZ Certified on the audits as well as the unannounced interim audits. Sanctioning procedures are in place in the event of improper content or behavior. 9.1 Certificate and Summary Report It is the ambition of UTZ Certified to ensure a high and consistent level of auditing. UTZ Certified serves as a means of information flow between producers and buyers of certified responsible produce. The certificate and summary report are instruments to obtain this information. UTZ Certified may use the information to conduct internal quality checks on the overall auditing process and to analyze the practicality of the Code of Conduct and Chain of Custody (e.g. what are the most common non-compliances and how are they dealt with). The audit results must be reported via the Good Inside Portal by using the new license request process. Also, a copy of the certificate must be uploaded during the reporting process. Once the results are reviewed and accepted the Summary Report is generated and is available to the member, the respective CB and UTZ Certified. 9.2 Unannounced interim audits Unannounced interim audits may be conducted at the discretion of the CB. Every CB is required to conduct unannounced interim audits (or surprise audits) on at least 10% of the certificate holders who are annually certified by that CB. The costs of these audits should be part of the fee charged to the supply chain actor for the regular annual audit. The 10% includes the certificate holders of the CB, not of each local office. E.g. the CB operates in 10 countries. Each country has a local office and issues 10 certificates per country, in total 100 certificates. The 10% unannounced interim audits is based on the 100 certificates. However in some cases, certain CBs with offices throughout the world, work complete independently 17 and are approved by UTZ Certified as an individual CB. These CBs need to comply as an individual CB with regards to the unannounced interim audits. Each year an overview of the unannounced interim audits is filled in. The format of this overview can be found in annex 2 of this document and is available as an Excel spreadsheet, UTZ Certified Format Overview unannounced interim audits. 18 UTZ Certified reserves to right to conduct additional quality control assessments of audits. 9.3 Annual report CBs report annually (at the end/beginning of each year) to UTZ Certified on the number of audits performed, unannounced interim audits and the results of these audits. The CB also provides an overview on the auditors. Reporting must be done through the Good Inside Portal by uploading the necessary documents. The format of the annual report can be found in annex 1 of this document and is available as an Excel spreadsheet, UTZ Certified Format Annual Report for CBs. 17 The CB fully runs the certification process at their office. 18 The format of the overview of unannounced interim audits is available only for approved CBs and upon request at [email protected]. UTZ Certified

39 UTZ Certified reserves the right to ask for further information based on the annual report 9.4 Communication on UTZ Certified and the UTZ Certified logo Any communication of UTZ Certified on a homepage, folder, brochure or other material of the CB must be checked before release with the UTZ Certified Communications Department at [email protected]. The procedures for the use of the UTZ Certified logo, both on and off product, are described in the UTZ Certified Labeling Policy. 19 Approved CBs are permitted to use the UTZ Certified logo on certificates issued for the Code of Conduct and the Chain of Custody. The UTZ Certified logo is copyright material and is a registered trademark, owned by the UTZ Certified Foundation. Unauthorized use of this copyright material is prohibited and may lead to removal of the CB from the list of approved CBs and/or legal action. UTZ Certified reserves the right to claim damages. 19 This is document is only available upon request at [email protected]. UTZ Certified

40 Annex 1: Format Annual Report for approved Certification Bodies UTZ Certified

41 Annex 2: Format Overview unannounced interim audits UTZ Certified

42 Annex 3: Additional certification procedures for tea It is common practice that (groups of) producers, or outgrowers, deliver their fresh tea leaves to an estate factory for processing. Considering that outgrowers should be able to benefit from certification and sell their certified tea to the factory, there are different options to include them in the certification. This document explains the conditions for outgrower certification. Tea from outgrowers can only be accepted as certified tea if the outgrowers comply with the Code of Conduct for Tea and a well-functioning Internal Control System (ICS) is in place to monitor compliance. The certificate holder, who is responsible for monitoring compliance of the group members, may be a separate entity (e.g. cooperative or producer supply chain actor) or the estate itself. Outgrowers always need to be organized by an ICS; they always need to be registered and certified under group certification. In the case that the outgrowers are organized by a separate entity (e.g. a cooperative), they need to be registered and certified separately and must choose the certification option group certification. In the case that the outgrowers are included in the certificate of an estate (or a group of estates) that also has its own agricultural production, the estate (or group of estates) also needs to register as a group. All production sites, including the production site(s) of the estate(s) itself, will be covered by the Internal Control System of the group. During the external audit, e the auditor will check the square root of the number of outgrowers and each of the individual production sites. 20. Setting up the ICS If the volume purchased from outgrowers is less than 5% of the total certified volume processed by a factory, this tea can be accepted as certified during the start-up phase, even though the ICS is not yet fully set up. Considering that it takes time and investment to set up an ICS, there is a grace period of two years. However, the outgrowers will be audited and will receive feedback on steps to be taken for compliance where necessary. The auditor reports and informs UTZ Certified on the number of outgrowers, the total volume of outgrower tea purchased by the factory and about the status of the ICS. In case an estate is already registered under individual certification or multi-site certification and wants to include outgrowers in its certificate, the estate registers again as a group as soon as the ICS is fully set up. Their future certification will then be a group certification. 20 Producers with a considerably different production system (size, nature or geography) can be part of the group and of the Internal Control System (ICS) but shall be audited individually by the auditor see chapter 2. UTZ Certified