UTZ Certified Certification Protocol

Transcription

1 Version 3.0 (previous version 2.0 February 2010)

2 Copies of this document are available for free in electronic format on the UTZ Certified Training Center website: If you are not able to access this document electronically, you may write to us at the following address to get hard copies at a reasonable cost-covering price: UTZ Certified De Ruyterkade AA Amsterdam The Netherlands All stakeholders are invited to send comments and suggestions on the document at any time, which will be included in the next revision process. Please use the feedback form that can be requested via and send your comments or suggestions to: certification@utzcertified.org Or via regular mail to: UTZ Certified Standards and Certification Department De Ruyterkade 6 bg 1013 AA Amsterdam The Netherlands UTZ Certified 2012 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without full attribution. UTZ Certified

3 TABLE OF CONTENTS 1. Introduction Scope of the UTZ Certified Certification Protocol Key terms of the UTZ Certified Certification Protocol Compliance with the UTZ Certified Certification Protocol Certification options Certificate Holder UTZ Certified Code of Conduct UTZ Certified Chain of Custody Structure and compliance of the Code of Conduct Structure and compliance level of the Code of Conduct Structure and compliance of the Chain of Custody UTZ Certification process: audit process, certification conditions General UTZ Certification process Audit process Certification conditions Determining volume of certified production Changes in certification information Non-compliances: warning, suspension and cancellation Internal Control System and requirements General requirements for an ICS Definition and responsibilities for internal inspectors Complaints, appeals and dispute procedure Surveillance by the CB of certified producers and/or supply chain actors Approval procedure for Certification Bodies and their relationship with UTZ Certified Approval procedure Requirements for approval Approval for UTZ Certified product and standard scopes Communication with UTZ Certified Warnings and withdrawal of approval by UTZ Certified Monitoring of Certification Bodies performance Qualification requirements for lead auditors, auditors and internal inspectors Definition and responsibilities for lead auditor, auditor and internal inspector Qualification requirements for Code of Conduct Qualification requirements for Chain of Custody audits Qualification requirements for internal inspectors Impartiality, independence and confidentiality Certification Bodies and their obligations UTZ Certified

4 9.1 Certificate and Summary Report Unannounced interim audits Annual report Communication on UTZ Certified and the UTZ Certified logo Annex 1: Format Annual Report for approved Certification Bodies Annex 2: Format Overview unannounced interim audits Annex 3: Additional certification procedures for tea UTZ Certified

5 1. Introduction UTZ Certified is a program and label for sustainable farming worldwide. Our mission is to create a world where sustainable farming is the norm. Sustainable farming helps farmers, workers and their families to fulfill their ambitions and contributes to safeguarding the earth s natural resources, now and in the future. A world where sustainable farming is the norm is a world where farmers implement good agricultural practices and manage their farms profitably with respect for people and planet, industry invests in and rewards sustainable production, and consumers can enjoy and trust the products they buy. The core documents of the UTZ Certified certification program are the following: The UTZ Certified Code of Conduct is an internationally recognized set of criteria for economic, social and environmentally responsible agricultural production. It is based on the international ILO Conventions and includes the principles of good agricultural practice. There are product specific Codes of Conduct for Coffee, Cocoa, Tea and Rooibos. Guidance documents are available that further explain how to implement the criteria of the respective Code of Conduct. For some product codes there are also specific group (ICS) guidance documents available. The UTZ Certified Chain of Custody is a set of administrative and technical rules designed to provide high level of confidence that the UTZ Certified product originates from or relates to an UTZ Certified source. The Chain of Custody documents are product specific. The UTZ Certified Certification Protocol explains the structure and process of certification according to the UTZ Certified Code of Conduct and Chain of Custody. It describes the procedures to be followed by the actors in the supply chain in order to obtain and maintain certification against the Code of Conduct and/or Chain of Custody as well as the procedures for Certification Bodies performing UTZ Certified audits. It also includes the main principles that need to be respected for the certification of producer groups. The requirements for the ICS and internal inspectors are also included in this document. This Certification Protocol further explains the approval procedure for Certification Bodies (CBs), the required qualifications of their lead auditors, auditors and the obligations for Certification Bodies. This document is applicable for the UTZ Certified products: coffee, cocoa and tea (and rooibos as part of the tea program). UTZ Certified has the overall authority for the issuing and amendment of the content and requirements stated in this document. In the case that the users of the Certification Protocol (i.e. certification bodies, certificate holders or others) experience difficulties with its implementation, please contact the UTZ Certified head office in Amsterdam. UTZ Certified

6 1.1 Scope of the UTZ Certified Certification Protocol This document applies to the following parties: Certificate holders who are responsible for implementing and complying with the requirements and procedures of the UTZ Certified Certification Protocol in order to obtain and maintain certification against the Code of Conduct and/or Chain of Custody. See 2.1 for more information. Certification Bodies (and staff) who audit against the UTZ Certified program. The Certification Body needs to ensure that the certification process (including audit) follows and complies with the UTZ Certified Certification Protocol. In this document Certification Body is abbreviated to CB or CBs. Any Certification Body requesting an approval or extension of their approval needs to follow the procedures set out in this Protocol. Prospective certificate holders and CBs who want to become part of the UTZ Certified Program. The English language version of the certification documents is the official version. Please refer to the English version to clarify any doubts when reading other language versions. 1.2 Key terms of the UTZ Certified Certification Protocol Producer: a producer, group of producers or an entity organizing producers that is a Code of Conduct certificate holder. A Code of Conduct certificate covers all activities in the production, harvest, post-harvest, processing and commercialization of the certified produce. Supply Chain Actor: an entity that operates within the sustainable supply chain and generally takes ownership of the product. All supply chain actors need to be registered and the scope of their activities will determine if they need to be certified against the Chain of Custody requirements. Certificate: the document issued by the Certification Body when an audited producer or supply chain actor complies with the requirements of UTZ Certified. This certificate allows the certificate holder to produce or trade UTZ Certified products. CBs request a license (see below) for every valid certificate they issue. License: this allows the UTZ Certified producer or supply chain actor to access and use the Traceability System in the Good Inside Portal to record their transactions of UTZ products. The information from the license reflects the information on the certificate. 1.3 Compliance with the UTZ Certified Certification Protocol With the launch of the UTZ Certified Good Inside Portal the certification procedures will not change but the reporting will be formalized through the Portal. UTZ Certified reviewed and updated the previous version of the Certification Protocol based on comments received over the past year. The main changes can be found in: Chapter 2 Certification options Chapter 4 UTZ Certified certification process For more information on the changes, a change document version versus February 2010 is available upon request to certification@utzcertified.org. UTZ Certified

7 The UTZ Certified Certification Protocol version 3.0 substitutes the previous version, UTZ Certified Certification Protocol version 2.0 January Certification according to the updated version of the Certification Protocol comes into effect immediately after release. UTZ Certified reserves the right to ban any prospective producer or supply chain actor or CB from entering the UTZ program if they have misused the UTZ name or in any way participated in fraudulent behavior against the UTZ program and its members. Accordingly, UTZ Certified reserves the right to ban any certified or licensed member from continuing in the UTZ program if they have misused the UTZ name or in any way participated in fraudulent behavior against the UTZ program and its members. UTZ Certified

8 Overview certification documents of Coffee, Cocoa, Tea and Rooibos: The last version of those documents is available in the on-line UTZ certified Training Center. UTZ Certified certification documents Coffee Cocoa Tea and Rooibos Certification protocol Generic Certification Protocol Generic Certification Protocol Generic Certification Protocol Code of Conduct Code of Conduct for Coffee Code of Conduct for Individual Certification for Cocoa Code of Conduct for Group Certification for Cocoa Code of Conduct for Tea Farms Code of Conduct for Tea Factories Code of Conduct for Rooibos Production Code of Conduct for Rooibos Processing Code of Conduct Checklist Code of Conduct for Coffee Checklist Code of Conduct for Individual Certification for Cocoa Checklist Code of Conduct for Group Certification for Cocoa Checklist Code of Conduct for Tea Farms Checklist Code of Conduct for Tea Factories Checklist Code of Conduct for Rooibos Production Checklist Code of Conduct for Rooibos Processing Checklist Chain of Custody Chain of Custody for Coffee Chain of Custody for Cocoa Chain of Custody for Tea and Rooibos Chain of custody checklist Chain of Custody for Coffee Checklist Chain of Custody for Cocoa Chain of Custody for Tea and Rooibos Checklist List of definitions List of Definitions for Coffee List of Definitions for Cocoa List of Definitions for Tea Code of Conduct Annex (Global Guidance) Code of Conduct Annex (Local Guidance) List of Maximum Residue Limits List of Banned Crop Protection products Code of Conduct Annex for Group certification Code of Conduct Annex for Individual certification Code of Conduct Annex for Group certification for: Africa Brazil Colombia Central America Vietnam Code of Conduct Annex for Individual certification for: Africa Brazil Colombia Central America Vietnam List of Maximum Residue Limits for Coffee Generic List of Banned Crop Protection Products Code of Conduct Annex for Group certification for Cocoa Code of Conduct Annex for Individual certification for Cocoa Code of Conduct Annex for Group certification for Cocoa for: Ghana Cote d'ivoire Generic List of Banned Crop Protection Products Code of Conduct Annex for Tea Code of Conduct Annex for Rooibos Production Code of Conduct Annex for Rooibos Processing Generic List of Banned Crop Protection Products List of approved CBs Generic List of approved CBs Generic List of approved CBs Generic List of approved CBs Although the Code of Conduct for Tea Farms and the Code of Conduct for Tea Factories are two separate checklists, factories and farms can be included in the same certificate if they fall under the same management. In this case, two audits take place, one on farm level and one on factory level and one certificate is issued. UTZ Certified

9 2. Certification options UTZ Certified has two scopes of certification: Code of Conduct and Chain of Custody. Both scopes are applicable for the products coffee, cocoa and tea (including rooibos). The overall considerations for certificate holders as well as the options on certification are described in this chapter. 2.1 Certificate Holder When the UTZ Certified Code of Conduct and Chain of Custody refer to a certificate holder, this means the entity that is responsible for implementing, complying with and monitoring the requirements of the UTZ Certified Code of Conduct or Chain of Custody. The Code of Conduct certificate holder is a producer or an entity organizing the producers. All producers selling as UTZ Certified need to be certified. The Chain of Custody certificate holder is a supply chain actor. All supply chain actors need to be registered in the UTZ Program and the scope of their activities will determine if they need to be certified or not. The name that appears on the certificate is the same as the name registered by the certificate holder in the Good Inside Portal. UTZ Certified allows two entities to appear on the certificate. For example if an exporter/trader financially supports a producer group's certification, its name can also appear on the certificate. However, UTZ Certified policy requires that the main name is that of the producer group. e.g.: PRODUCER NAME (mandated by exporter/trader). 2.2 UTZ Certified Code of Conduct The option for certification depends on how the certificate holder is structured. The CB certifies the certificate holder under one of four options. The certificate holder needs to understand clearly under which certification option s/he is certified. Under the Code of Conduct the following certification options are available: Option 1: Individual certification Structure Under this certification option, the individual producer is the certificate holder. Compliance The individual producer is responsible for the compliance of its farm plot(s). The individual producer needs to comply with all the applicable control points and corresponding levels and is responsible for the compliance of the farm (for more information on the levels and control points please check section 3.1). The CB annually audits the individual producer. UTZ Certified

10 Option 2: Multi-site certification Structure Under this certification option, several producers work under one central management. In this case the central management is the certificate holder. These producers or units/locations fall under one central management when there is an identified central location where activities and sites are managed. There is also evidence that proves that the central management owns or is contracted to manage these production areas. Compliance The central management is responsible for the compliance of the producers. All the producers under the central management need to comply with all applicable control points and corresponding level (for more information on the levels and control points please check section 3.1). All the producers are covered under one certificate. The CB annually audits all sites and clearly specifies on the certificate the names of the farms which are included in the certificate. Option 3: Group certification Structure Under this certification option, a group of organized producers is certified. The certificate holder is either the group itself or an entity organizing the group of producers. The group of organized producers can be organized in an association or cooperative or managed by a supply chain actor (such as an exporter) or another entity. In order to certify as a group, the certificate holder has to implement an Internal Control System (ICS). An ICS is a documented system for quality management that manages several aspects of the UTZ Certified Code of Conduct and also ensures the producer s fulfillment of the UTZ Certified Code of Conduct according to internally defined procedures. Compliance The certificate holder is responsible for the proper functioning of the ICS as well as the compliance of its group members. The certificate holder needs to comply with the applicable control points and corresponding level and needs to ensure that the group members comply with the control points p (for more information on the levels and control points please check section 3.1). Group members shall have a similar production system and be in geographic proximity. Producers with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with the applicable control points p and c. For producers with significant hired labor, the producer or her/his respective CB is requested to contact UTZ Certified for further guidance on how the social criteria are checked. The minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the group, with a minimum of 5 members, and is also determined by the result of the risk based evaluation of the ICS. For further information see chapter 4. UTZ Certified

11 Option 4: Multi-Group certification Structure Under this certification option, two or more (individual) groups of organized producers are certified. The multi-group is the certificate holder and the certificate includes the names of the groups. The multi-group is the center that manages the two or more (individual) groups with regards to the activities of the group. Compliance From a certification point of view, the multi-group is responsible for the management of the ICS and ensures compliance with the UTZ Certified Code of Conduct of all groups and their members. Usually each group has an ICS coordinator responsible for working together with the ICS manager of the multi-group. The minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the whole multi-group, and also determined by the result of the risk based evaluation of the ICS. If the sub-groups of the multi-group do not have similar production systems and/or there is no central ICS management on multi-group level, then the sub-groups are seen as individual entities (although gathered under one certificate), and the square root for (external) auditing by the CB is taken per group. Group members should have a similar production system, and be in geographic proximity. Producers with a considerably different production system (nature or geography) may be part of the sub-group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with control points p and c. The multi-group certification is chosen in situations where the multi-group exports produce under the name of the multi-group. The multi-group reserves the option to indicate the name of the (individual) group in the sales documentation and in the UTZ Certified Good Inside Portal. Annex 3 to this document contains additional information for certification procedures for Tea. UTZ Certified

12 2.3 UTZ Certified Chain of Custody The UTZ Certified Chain of Custody requirements have been designed to provide a high level of confidence that UTZ Certified products are physically and/or administratively related to UTZ Certified producers. These requirements are a set of chain-wide administrative and technical requirements ensuring the traceability of UTZ Certified products. Therefore, the standard includes above all criteria for physical and/or administrative separation of UTZ Certified products and non-utz Certified products. Please check the UTZ Certified Chain of Custody documents for coffee, cocoa and tea for the specific product requirements and which supply chain actor in the supply chain needs to be certified. For the Chain of Custody certification, the following certification options are applicable: Option 1: Individual certification Under this certification option, the certificate holder is an individual supply chain actor. The individual supply chain actor can apply for certification against the UTZ Certified Chain of Custody. The individual supply chain actor is responsible for the compliance of its unit(s). The CB annually audits the individual supply chain actor. Option 2 Multi-site certification: Under this certification option, several units/locations belong to one central management. This central management is the certificate holder. These units/locations fall under one central management when there is an identified central location where activities and sites are managed. There is also evidence that proves that the central management owns or is contracted to manage these processing areas. All the sites can be covered under one certificate. The CB makes an annual risk assessment before the audit to assess how many sites of the multi-site need to be physically audited (the risk assessment includes but is not limited to: traceability model, complexity of processing at sites, homogeneity of processing activities within the multi-site operation). The number of sites to be audited by the CB needs to be at least the square root of the total number of sites. For sites that are not physically audited, the CB may require documentation for a documentation check. The CB specifies on the certificate which units/locations are included in the certificate. All sites mentioned on the certificate need to comply with all the applicable control points. UTZ Certified

13 3. Structure and compliance of the Code of Conduct Each product (coffee, cocoa and tea) has Code of Conduct and Chain of Custody requirements. The generic aspects of these documents can be found in this chapter. The structure of the Code of Conduct for Coffee, Cocoa and Tea (including Rooibos) is based on a continuous improvement concept allowing producers to demonstrate that they are maximizing positive impact on production each year. The four year improvement system encourages and supports the producer to implement the Plan-Do- Check-Act (PDCA) cycle. 3.1 Structure and compliance level of the Code of Conduct The structure of the Code of Conduct includes the following aspects: Type of control points: there are two types of control points: mandatory control points (shaded in green) additional control points (not shaded) To obtain certification, the certificate holder has to comply with the mandatory control points and a defined number of additional points in each indicated part/chapter/year. Levels of audit - compliance check level. Control points are in general applicable to the whole production system. However, in order to make it easier for the auditor to check, the Level of Audit column indicates on what level to assess the control point. Each control point has its own level of audit clearly defined in the Code of Conduct. (C) indicates the requirement is checked at certificate holder level, (P) is producer, (N) indicates points to be checked at the nursery, (S) refers to storage and (E) are control points that also need to be checked with an external information source. Year of Compliance: There is a separate column for each year from 1 to 4. It is clearly indicated which mandatory control points need to be complied with in which year, e.g. there is a separate column to assess compliance for year 1 to year 4. The certificate holder can clearly see the control points that become mandatory in the next year. When compliance is reached, the respective box is ticked. Mandatory control points: From year 1 to year 4 the number of mandatory control points increases. This means that the number of total control points required for certification increases per year per part (group of chapters). This is clearly indicated in the columns year 1 to 4. E.g. Part 1 (Chapters 1-2) in the Code of Conduct for Coffee: 1 st year of certification - 12 mandatory control points 2 nd year of certification 13 mandatory control points 3 rd year of certification 15 mandatory control points 4 th year of certification 16 mandatory control points Additional control points: the certificate holder chooses which additional control points he wishes to comply with. It is most useful to choose the additional control points which become mandatory in the next year of certification. UTZ Certified

14 If a mandatory control point is not applicable for the certificate holder in question, then this is indicated in the self-assessment in the comments column (see the Checklist). The number of mandatory control points that are not applicable for certification also needs to be indicated in the calculation section below the criteria. If an additional control point is not applicable for the certificate holder in question, then this is indicated in the comments column (see the Checklist). The additional control point can then NOT be counted in or deducted from the number of additional control points complied with. A new certificate holder starts in the 1 st year of compliance of the Code of Conduct. Certificate holders who recertify move on to the following year of certification 1. E.g. from year 2 to 3, from year 3 to 4 2. For a certificate holder that quits UTZ Certification (i.e. is not re-certified or stops her/his UTZ certification) but at a later stage applies again to become UTZ Certified, the following rules apply: If the non-certified period has been 12 months or less, the certificate holder needs to comply with the subsequent year of compliance following her/his last certification. If the non-certified period was longer than 12 months but less than 36 months, the certificate holder may be assessed again with the year of compliance that was used in her/his last certification. If the noncertified period was longer than 36 months, the producer is considered as a new producer (for the timing of the audit see 4.3) 3. E.g. 1: the certificate holder was certified against year 2 and after that did not apply for recertification for 10 months. When the certificate holder decides to re-apply for recertification, the certificate holder has to comply with year 3 requirements. E.g. 2: the certificate holder was certified against year 2 and after that did not apply for recertification for 30 months. When the certificate holder decides to re-apply for recertification, the certificate holder may be assessed with year 2 requirements. In any case, the certificate holder must consult with her/his Certification Body. Certificate holders can always request to be assessed against requirements of a higher year (e.g. producer groups with producer members in different years of compliance). Harmonization of internal procedures and documentation can lead to a positive effect where time and resources are used effectively. 1 For further details please see the respective Code of Conduct. Exceptions to this requirement can be granted after consultation with the Standards and Certifications Department. 2 When a certificate holder is certified conforming the 4 th year, upon the next year the certificate holder is again certified conforming the 4 th year requirements, until further notice by UTZ Certified. 3 Exceptions to this requirement can be granted after consultation with the Standards and Certifications Department UTZ Certified

15 3.2 Structure and compliance of the Chain of Custody The structure of the Chain of Custody includes the following aspects: The control points in the Chain of Custody are all mandatory. From the first year of certification, all control points need to be complied with. The Chain of Custody documents for coffee, cocoa and tea contain further information on the type of activities covered. The scope of the Chain of Custody certificate is per country, with the exception of EU-27 4 countries where the scope can be EU-27 wide. 4 For a full list please visit UTZ Certified

16 4. UTZ Certification process: audit process, certification conditions It is UTZ Certified s goal to have a timely and orderly audit and certification process. This chapter describes the procedure and timing for arranging and conducting the audit (for either Code of Conduct or Chain of Custody). 4.1 General UTZ Certification process In order to maintain UTZ Certified Code of Conduct and/or Chain of Custody certification, an annual audit must be performed each calendar year (1 January to 31 December). When a new producer or supply chain actor wants to become UTZ Certified, they must complete the following process: 1. A new producer or supply chain actor must first register in the UTZ Certified Good Inside Portal. 2. UTZ Certified provides the producer or supply chain actor with a confirmation of the registration. The confirmation contains the member ID, username and password and it is sent to all registered users in the UTZ Certified Good Inside Portal account. 3. It is recommended that the producer or supply chain actor makes sure that her/his organization complies with the requirements of the Code of Conduct or Chain of Custody (according to the latest versions). In case of a recertification, the certificate holder will already be registered in the Good Inside Portal. It is the responsibility of the certificate holder request an audit on time with the CB before her/his certificate expires. The following steps apply to both new members and those being recertified. UTZ Certified

17 4. The producer or supply chain actor chooses the Certification Body. It is recommended that the producer or supply chain actor requests quotes from several CBs. It is not mandatory to stay with the same CB. 5. There must be a contract between the producer or supply chain actor and the CB where at least the fee, timeframe and scope of the UTZ Certified audit are established. 6. When a producer or supply chain actor applies for an audit with the CB, the CB starts its application procedure by providing the latest version of all the relevant documents (e.g. Certification Protocol, Code of Conduct and/or Chain of Custody). 7. In order to save time, the certificate holder provides the CB with the self-assessment prior to the physical audit. 8. A mutually accepted audit date must be arranged by the CB and the producer or supply chain actor. 9. The audit (physical audit, interviews, documentation checks) takes place before the original or the extension certificate expires. 10. When completing the certification process, the CB must fill in the Summary Report in the UTZ Certified Good Inside Portal and upload the UTZ certificate (certification decision) within 20 working days (4 weeks) of completing the audit. UTZ Certified reserves the right to request additional documentation (e.g. UTZ Certified Checklist signed by the lead auditor and auditor). The CB must comply with this request. 11. When the information in the UTZ Certified Good Inside Portal is reviewed and confirmed by the UTZ Standards and Certification Department, the license will become active and the producer or supply chain actor will be able to record transactions in the Good Inside Portal. The CB needs to ensure the certificate holder receives a copy of the certificate and summary report. UTZ Certified

18 4.2 Audit process This section describes the steps of the audit process for Code of Conduct audits and Chain of Custody audits. Producers and supply chain actors certified against the Code of Conduct and/or Chain of Custody must be annually recertified (each calendar year: 1 January to 31 December). If translators are used during the audit, they should be independent from the producer or supply chain actor being audited. If this is not possible, translators must play a neutral role and the auditor needs to record the name of the translator and her/his affiliation to the organization in the audit report. In order to enhance efficiency of audits and reduce costs, the CB carries out a desk review before the actual audit of the producer or supply chain actor against the Code of Conduct and/or Chain of Custody. Producers and supply chain actors applying for certification must submit the results of the annual self-assessment, the results of the previous audit, and other records demonstrating they are complying with the applicable requirements. The UTZ Certified Checklists facilitate this desk review. The CB reviews the submitted documents and clarifies any issues or areas of concern with the producer or supply chain actor to determine if it makes sense to plan the audit. The CB must ensure the certificate holder receives a copy of the final certificate and summary report General audit process for Code of Conduct The Code of Conduct audit differs depending on the year the certificate holder is complying with. The certificate holder has to comply with a defined number of mandatory control points as well as a defined number of additional points. A new certificate holder starts in the 1 st year of compliance of the Code of Conduct. Certificate holders who recertify, move on to the following year of certification 5. E.g. from year 2 to 3, from year 3 to 4. The desk review serves to establish which year the certificate holder is in and therefore which mandatory control points are applicable. As for the defined number of additional control points, the certificate holder chooses which additional control points they comply with 6. For the certificate holder it is most useful to choose the additional control points which become mandatory in the next year of certification. For a first audit, the auditor will verify the requested records in the Code of Conduct for the 3 months prior to the date of audit in order to have an overview over the record keeping on the farm. The records have to meet the Code of Conduct requirements from the beginning of the validity of the certificate on. For a subsequent audit (recertification) the auditor will verify all the requested records in the Code of Conduct going back to the previous audit. For the audit, UTZ Certified strongly recommends that all points, when applicable, are verified in order to raise awareness with the certificate holder on which control points are coming up and/or which need further improvement for compliance. The certificate holder can request that the CB focus on the mandatory and chosen additional control points only (e.g. in order to save time), provided (1) the self-assessment contains all information regarding the applicability of control points and which additional control points the certificate holder wants to comply with and (2) the certificate holder has clear evidence of the non-applicability of any control point. 5 For further details please see the respective Code of Conduct. 6 Additional control points which the certificate holder did not choose (yet) to comply with, do not have to be included in the summary report as being a non-compliance. It is optional to mention these points, or some of them, as points which need to be addressed in future certifications. UTZ Certified

19 Code of Conduct audit of an individual or multi-site certification The audit will be undertaken at the farm and central office, using the latest document of the Certification Protocol and Code of Conduct. The audit will include: 1) opening meeting with management 2) review of the results of the previous external audit and annual self-assessment done by the producer 3) review of all relevant documentation 4) evaluation of records 5) product flow control calculations 6) discussions / interviews with key staff 7) physical audit: In case of an individual certification, the auditor will audit the individual farm. If the farm has several plots, the minimum number of plots to be audited will be based on the square root of the number of plots belonging to the farm. The CB can increase this number at its own discretion and based on justifiable criteria. Every year a different sample group of plots should be audited. The individual farm is audited against all the applicable control points of the Code of Conduct. In case of a multi-site certification, the CB annually audits each of the sites/units which are applying for certification, and clearly specifies on the certificate which sites/units are included in the certification. All sites/units are audited against all the applicable control points of the Code of Conduct. 8) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed) Code of Conduct audit of a group and multi-group certification The audit of a group will be undertaken at the central office or administrative center of the group, using the latest document of the Certification Protocol and Code of Conduct. This is the place where the Internal Control System (ICS) of the group is managed, where all documentation can be found and where control over key decision making is. A group of farmers can be considered one farm unit if all farmers demonstrably follow the same farming practices and have a joint management system. The audit will include: 1) opening meeting with management of the group 2) evaluation of the structure and functioning of the ICS, checking: the list of the members of the group the contract or agreement between the producer and the group or ICS management, specifying the rights and obligations of both the internal standard of the group, which is an adapted interpretation of the Code of Conduct applicable for the specific situation of the group, indicating the applicable control points UTZ Certified

20 the risk assessment: the auditor shall carry out a risk assessment of all steps in the production chain and its immediate environment, as well as in the ICS, to identify risks to the integrity of production. The risk assessment shall function as a basis for the audit and certification activities. 3) review of all relevant documentation, including the self-assessment 4) evaluation of records 5) review of the annual internal audit done by the ICS 6) review how non-compliances are dealt with by the ICS 7) product flow control calculations 8) discussions / interviews with key staff 9) physical audit: In case of group certification, the auditor audits the square root of the number of members/producers belonging to the group with a minimum of 5 members. The number will also be determined by the result of the risk based evaluation of the ICS. The farms to be audited must be selected in a way that represents the whole group, based on a combination of risk-based evaluation and random selection. The CB can increase the number of farms to audit at its own discretion and based on justifiable criteria. Members/producers with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with the applicable control points p and c. In case of a multi-group certification, the minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the whole group, and also determined by the result of the risk based evaluation of the ICS. If the sub-groups of the multi-group don t have similar production systems and/or there is no central ICS management on multi-group level, then the sub-groups are seen as individual entities (although gathered under one certificate), and the square root for (external) auditing by the CB is taken per group. As with group certification, multi-groups with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB and comply with applicable control points p and c. 10) witness audits of a representative sample of internal inspectors: Assessment of the competence and performance of internal inspectors 11) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed) General audit process for Chain of Custody The control points in the Chain of Custody are all mandatory. From the first year of certification, all control points need to be complied with. Please check the respective UTZ Certified Chain of Custody documents for coffee, cocoa and tea for the specific requirements and which supply chain actor in the supply chain needs to be certified. UTZ Certified

21 For a first audit, the auditor will verify the requested records in the Chain of Custody for the 3 months prior to the date of audit in order to have an overview over the record keeping on the organization. The records have to meet the Chain of Custody requirements from the beginning of the validity of the certificate. For a subsequent audit (recertification) the auditor will verify all the requested records in the Chain of Custody going back to the previous audit. Chain of Custody audit of an individual or multi-site certification The audit will be undertaken at the location of the supply chain actor, using the latest document of the Certification Protocol and UTZ Certified Chain of Custody. The audit will include: 1) opening meeting with management 2) review of all relevant documentation, self-assessment and results of the previous external audit 3) evaluation of records 4) discussions / interviews with key staff 5) physical audit: In case of an individual certification, the auditor will audit the individual supply chain actor against all the applicable control points of the Chain of Custody. In case of a multi-site certification, the CB makes an annual risk assessment before the audit to assess how many sites of the multi-site need to be physically audited (the risk assessment includes but is not limited to: traceability model, use of subcontractors, complexity of processing at sites, homogeneity of processing activities within the multi-site operation). The number of sites to be audited by the CB needs to be at least the square root of the total number of sites. For sites that are not physically audited, the CB may require documentation for a documentation check. The CB specifies on the certificate which units/locations are included in the certificate. 6) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed). 4.3 Certification conditions This section describes the conditions for certification which need to be adhered to by certificate holders (producers, supply chain actors) and CBs for the Code of Conduct and Chain of Custody audits General certification conditions for Code of Conduct and Chain of Custody certification The following conditions are applicable for all products and their respective Code of Conduct and Chain of Custody certifications. Further conditions for the Code of Conduct for Tea certification are given in annex 3. a. The certificate is valid for a period of 365 days. There cannot be a time gap between the certificates 7. b. The certificate holder has to have a signed contract with the CB latest at the date of the certificate is issued 7 Exception to this requirement is only granted when the certificate holder changes CB (at the end of the certificate validity), and when in this case the contract with the new CB has not been established at the time of expiration of the previous certificate. UTZ Certified

22 c. If the certificate holder changes CB for its certification process, the CB with whom the member has a valid contract is the one who is able to make an extension of the (current) certificate. A CB can always decline an extension if the certificate holder does not provide enough evidence that the extension is justified. d. Extension of a certificate can be granted up to 3 months after the original certificate expires. However, there always has to be an annual audit, each calendar year (1 January to 31 December). The certificate holder must request the extension with the CB. An extension can only be allowed if a re-audit has been planned and confirmed. UTZ Certified is informed of the extension of a certificate with the respective reason, date of the next audit and attached certificate including the extension, before the current certificate/license expires. e. In case of extension, the audit can be done at any time up to 3 months after the expiry date of the original certificate. The certificate is then issued for the remaining period of the new certification period. For example, if a 3 month extension is granted, the new certificate will be valid for the next 9 months. f. During subsequent audits, CBs can audit the certificate holder at any time of the year, provided it is before the expiration date of the certificate. This enables the CB to audit on different stages of production which is highly recommended by UTZ Certified. g. UTZ Certified strongly recommends carrying out the audit at the latest 1 month before the expiration of the certificate to ensure a smooth process. h. The UTZ Certified certificate for Code of Conduct and Chain of Custody can only be issued when all the noncompliances which inhibit the certification are resolved. In case of a subsequent audit (recertification), the validity dates of the certificate will be aligned with the validity dates of the previous certificate, since the certification is a continuous process. i. In the case of a subsequent audit (recertification), if the certificate holder decides to not receive the yearly audit, the CB cancels the contract Certification conditions for Code of Conduct The following conditions only apply for a Code of Conduct certification: a. The first audit (for a new producer) should be 3 months before or up to 3 months after the beginning of the harvest. Harvest refers to main/big or mid/small harvest. If the certificate holder decides at a later stage to request the first audit (at the end or after the harvest), this harvest cannot be certified. If there is a continuous harvest, the first audit can take place at any moment in time. b. The validity of the certificate starts at the beginning of the harvest of the certificate holder (so that the entire harvest period is covered by the certificate). If the first audit has taken place during the harvest, the validity of the certificate still starts at the beginning of the harvest, implying that the CB has to check the requirements retrospectively for the period passed from the beginning of harvest to the audit date. In case of a continuous harvest, the validity of the certificate can start at any moment in time (i.e. when the certificate holder is in compliance and at the earliest 3 months before the audit - the latter than requiring a retrospective check). c. As mentioned above, the UTZ Certified certificate for Code of Conduct can only be issued when all the corrective actions of the non-compliances which inhibit certification have been addressed. In the case that UTZ Certified

23 non-compliances are directly related to that year s harvest and are of a serious nature, the harvest cannot be certified 8. d. As mentioned above, in case of a subsequent audit (recertification), if the certificate holder decides to not receive the yearly audit, the CB cancels the contract. If the certificate holder decides at a later stage (i.e. more than 3 months after the beginning of the harvest) to request the audit, the harvest of that year cannot be certified. Example case: a new producer will receive an audit for the first time for the UTZ Certified Code of Conduct certification. The harvest starts in November 2012 and, according to the Protocol, the auditor can audit shortly before (not more than 3 months) or during the harvest (first 3 months), i.e. between the period of to February The auditor performs the audit in October 2012 and issues the certificate with a validity starting on the 20 th November The certificate is now valid until the 19 th November In 2013, the CB issues an extension of 3 months. The certificate is extended until the 19 th February This is only possible if the auditor does the audit before the 31 st December The new issued certificate will then be valid from the 20 th February 2014 to 19 th November First certificate: 20 th November th November 2013 Extended certificate: 20 th November th February 2014 Audit performed before 31 st of December 2013 Second certificate: 20th February th November Certification conditions for Chain of Custody The following conditions only apply for a Chain of Custody certification: a. In case of a Chain of Custody certification, a new supply chain actor has 3 months to receive the audit from the moment the supply chain actor starts the certified activities (e.g. processing). b. The certificate will be issued with a validity date which is the same as when the supply chain actor started processing the certified produce (in Mass Balance Cocoa Chain of Custody: 3 months from the moment the certified cocoa has been received). 4.4 Determining volume of certified production CBs are required to estimate the volume of produce from a certificate holder that may be sold as UTZ Certified. This volume must be mentioned on the Code of Conduct certificate. The certified quantity of produce must be determined based on historical production records and forecasts of the current crop. If the harvested volume is higher than the forecasted volume (and to the certified volume), the producer may decide to certify the extra volume. The CB can report the change in certified volume in one of the following ways: - The CB reports to UTZ Certified the change in certified volume by requesting a volume extension in the Good Inside Portal before the expiration date of the certificate/license. The CB includes the extra volume as carryover in the new certificate after the extra volume is assessed during the recertification audit If the certificate holder (i.e. the producer or the group of organized producers) still has certified produce from the previous year s certification in stock, the auditor assesses the quantity which is still available to be 8 For consultation, the CB can contact the UTZ Standards and Certification team. UTZ Certified