annex 4 to framework agreement - tuev-sued.de · annex 4 to framework agreement page 1 of 24...
TRANSCRIPT
Annex 4 to Framework Agreement
page 1 of 24
INTEGRITY PROGRAM
As part of the IFS Integrity Program, IFS MANAGEMENT carries out a number of different measures
to assure the quality of the IFS, with a focus on the check of audits conducted by the certification
bodies and their auditors. One can differentiate between complaint management measures and
preventive quality assurance measures.
(1) As part of the complaint management, IFS MANAGEMENT may conduct so-called investigation
audits, which are aimed at processing and resolving complaints in connection with IFS audits that
have already been conducted. Depending on the nature and extent of the complaint, an investigation
CB office audit (see I. (1) a) below), an investigation on-site supplier audit (see I. (1) b) below)
and/or an investigation witness audit (see I. (1) c) below) may be conducted. The audits are always
aimed at ascertaining the cause of the complaint and identifying potential breaches of IFS
requirements.
(2) The so-called surveillance audits are conducted as part of the preventive quality assurance
measures. These audits are random reviews of IFS audits that have already been conducted,
regardless of whether or not complaints have been made. There are three types of surveillance audits:
surveillance CB office audits (see I. (2) a) below), surveillance on-site supplier audits (see I. (2)
b) below) and surveillance witness audits (see I. (2) c).
If all information required to resolve a complaint has been collected during the complaint management
process and if such information suggests that a breach Level 1 or Level 2 of IFS requirements has
been committed, or if important evidence of a potential breach Level 1 or Level 2 has been found
during the surveillance audits, IFS MANAGEMENT shall pass this information on to the IFS sanction
committee (see I. (4) below). Additionally all other investigations by IFS Quality Assurance
Management which suggest that a breach Level 1 or Level 2 of IFS requirements has been committed
shall be passed to the IFS sanction committee.
The sanction committee shall decide whether or not a breach has occurred and determine the level of
the suspected breach (for topics suspected to be Level 1 or Level 2 breaches).
Level 3 breaches (based on IFS database analyses) can be assessed directly by IFS Quality
Assurance Management but have to be confirmed by the chairman (lawyer) of the sanction committee.
IFS MANAGEMENT will subsequently impose penalties depending on the level of breach and the
occurrence of previous breaches (see IV. below).
Annex 4 to Framework Agreement
page 2 of 24
The following chart shows the general structure of the IFS Integrity Program
on-site
supplier audit
Integrity
Program
Surveillance
audits
IFS quality
management sufficient evidence
at hand/breach Level
1 or Level 2
probable
Investigation
audits
Complaint
management
preventive QA
measures
witness
audit
CB office audit CB office
audit on-site
supplier audit
Chairman
lawyer
participant
from retailers
participant from the
industry
Sanction committee
participant from CBs
without right to vote
witness
audit
IFS quality
management direct
decision of Level 3
breaches based on
database analyses,
confirmed by chairman
(lawyer)
Annex 4 to Framework Agreement
page 3 of 24
I. Definition
(1) Investigation Audits
Investigation audits are IFS audits that are conducted on behalf of IFS MANAGEMENT as a result of a
complaint received by IFS MANAGEMENT.
Depending on the nature of the complaint and the type of audit that seems most appropriate to resolve
the complaint, IFS MANAGEMENT shall decide whether to conduct an investigation CB office audit,
an investigation on-site supplier audit and/or an investigation witness audit (see I. (1) a) – c) below).
IFS MANAGEMENT shall notify the certification body that is subject to the complaint and/or the
certified organisation (by email and fax using the contact details stored in the IFS database) 0-48
hours prior to the audit date that an investigation audit will be conducted. It is being referred to § 2, no.
3 of the Framework Agreement.
IFS MANAGEMENT shall ensure that the auditor in charge of the investigation audit has the technical
and language skills (or that an interpreter is present) to conduct the relevant audit. In addition, IFS
MANAGEMENT shall guarantee the economic and personal independence of the auditor by ensuring
prior to each audit that the auditor has not had any economic relationship with the organisation 2 years
prior to the investigation audit, and that the auditor undertakes not to enter into an economic
relationship with the organisation for a period of 2 years following the audit. Furthermore, the auditor
shall sign a declaration of independence and confidentiality with IFS MANAGEMENT.
There are three types of investigation audits: investigation CB office audit, investigation on-site
supplier audit and/or investigation witness audit.
a) Investigation CB Office Audits
Investigation CB office audits are audits that are conducted by an auditor employed or commissioned
by IFS MANAGEMENT at the premises of the IFS-accredited certification body in order to resolve an
existing complaint. Their aim is to assess the work of the certification body in connection with an
existing case by means of records and invoices. Such audits are performed on the basis of a checklist
containing the requirements of the Framework agreement, the present Addendum, possible future
amendments of the Framework agreement as well as the relevant requirements of the IFS standards
and IFS regulations in their current versions. The purpose of the audit is to review documentation
relating to certification procedures, focusing on the content of the complaint. The audits can be
conducted in cooperation and jointly with other scheme owners who have concluded own respective
agreements with the certification body. Prior to the conduct of the CB office audit, IFS MANAGEMENT
will inform the CB if and which other scheme owner will attend the audit. As soon as the CB office
audit date is fixed IFS MANAGEMENT will inform the respective accreditation body to give them the
chance to attend the audit as an observer. At the end of the CB office audit process IFS
MANAGEMENT sends a copy of the finally reviewed CB office audit report and the corrective actions
defined by the CB to the respective accreditation body.
Annex 4 to Framework Agreement
page 4 of 24
b) Investigation On-site Supplier Audits
Investigation on-site supplier audits are IFS audits that are conducted by an auditor employed or
commissioned by IFS MANAGEMENT on the basis of a current version of the IFS checklist at the
premises of the certified company in order to resolve an existing complaint. Their aim is to assess the
certified company– i.e. the conditions of the existing certificate – as well as the auditor of the original
audit – using the information provided in the original audit report. This audit is not a regular IFS audit; it
focuses on the content of the complaint. The decision of the duration of the audit is up to IFS Quality
Assurance Management.
In case IFS MANAGEMENT decides to notify the certification body that is subject to the complaint as
well as the certified company, IFS MANAGEMENT has to notify both parties at the same time prior to
the audit date. The certification body has the possibility to attend the audit as observer.
If the certification body gets notified by IFS MANAGEMENT about the planned audit, it is prohibited for
the certification body to contact the certified company howsoever (also not through third parties). In the
case the certified company contacts the certification body it is prohibited to give information
concerning the complaint case and/or the upcoming investigation audit. The breach of such
interdiction constitutes a level 2 breach (see I. (5) b) below).
c) Investigation Witness Audits
Investigation witness audits are IFS audits, whereby a regular certification audit is attended by a
witness auditor employed or commissioned by IFS MANAGEMENT in order to resolve an existing
complaint. Their aim is to examine the work of the auditor in an audit situation by observing the
auditor’s method and assessments of the IFS requirements. Such audits are performed on the basis of
a standard IFS checklist. The result of the investigation witness audit is primarily based on the
comparison between the assessments of the auditor and of the observing witness auditor. The witness
auditor attends parts of the audits that are relevant to resolving the complaint; hence the witness time
may differ from the duration of the audit. IFS MANAGEMENT and CB agree on the date and the
company where the investigation witness audits shall take place.
(2) Surveillance Audits
Surveillance audits are IFS audits that are carried out by IFS MANAGEMENT to assess the IFS
system. The certification bodies, IFS certified companies and/or auditors shall be selected for
surveillance audits based on a random process by objective criteria. Objective criteria are e.g. the
number of certificates issued by the relevant certification body, analysis of the IFS database
concerning audit time or audit results, review of uploaded audit reports and further criteria.
IFS MANAGEMENT shall ensure that the auditor in charge of the surveillance audit has the technical
and language skills (or that an interpreter is present) to conduct the relevant audit. In addition, IFS
Annex 4 to Framework Agreement
page 5 of 24
MANAGEMENT shall guarantee the economic and personal independence of the auditor by ensuring
prior to each audit that the auditor has not had any economic relationship with the organisation 2 years
prior to the surveillance audit, and that the auditor undertakes not to enter into an economic
relationship with the organisation for a period of 2 years following the audit. Furthermore, the auditor
shall sign a declaration of independence and confidentiality with IFS MANAGEMENT.
There are three types of surveillance audits: surveillance CB office audits, surveillance on-site supplier
audits and surveillance witness audits:
a) Surveillance CB Office Audits
Surveillance CB office audits are audits that are conducted by an auditor employed or commissioned
by IFS MANAGEMENT at the premises of the IFS-accredited certification body in order to assess the
quality of randomly selected certification procedures based on a documentation review. Such audits
are performed on the basis of a checklist containing the requirements of the Framework agreement,
the present Addendum, possible future amendments of the Framework agreement as well as the
relevant requirements of the IFS standards and IFS regulations in their current versions. The audits
can be conducted in cooperation and jointly with other scheme owners who have concluded own
respective agreements with the certification body. Prior to the conduct of the CB office audit, IFS
MANAGEMENT will inform the CB if and which other scheme owner will attend the audit. Notification
of surveillance CB office audits is generally provided by IFS MANAGEMENT in advance. If the CB
asks for a time shifting for the surveillance CB office audit and if such second fixed date falls through
due to CB’s behavior, this behavior constitutes a breach of a material duty according to § 9 no. 1 of the
Framework Agreement and may implicate to an extraordinary termination of the Framework
Agreement. As soon as the CB office audit date is fixed IFS MANAGEMENT will inform the respective
accreditation body to give them the chance to attend the audit as an observer. At the end of the CB
office audit process IFS MANAGEMENT sends a copy of the finally reviewed CB office audit report
and the corrective actions defined by the CB to the respective accreditation body.
b) Surveillance On-site Supplier Audits
Surveillance on-site supplier audits are IFS audits that are conducted by an auditor employed or
commissioned by IFS MANAGEMENT on the basis of a current version of the IFS checklist at the
premises of the certified company. Their aim is to assess the performance of the certified company –
i.e. the conditions of the existing certificate – as well as the auditor of the original audit – using the
information provided in the audit report. It does not always have to be a complete IFS audit.
As a general rule, notification of surveillance on-site supplier audits shall be provided by IFS
MANAGEMENT approx. 48 hours prior to the audit date. Such notification may be omitted or may be
provided less than 48 hours prior to the audit date if there is evidence that food safety is at risk and/or
that shortcomings may be covered up.
Annex 4 to Framework Agreement
page 6 of 24
IFS MANAGEMENT will inform the public about the policy of IFS MANAGEMENT concerning this
matter through its Internet presence and corresponding documents. The certification bodies are
responsible for their part to inform their customers. It is being referred to § 2, no. 3 of the Framework
Agreement.
In case IFS MANAGEMENT decides to notify the certification body as well as the certified company,
IFS MANAGEMENT has to notify both parties at the same time. The certification body has the
possibility to attend the audit as observer.
If the certification body gets notified by IFS MANAGEMENT about the planned surveillance audit, it is
prohibited for the certification body to contact the certified company howsoever (also not through third
parties). In the case the certified company contacts the certification body, it is prohibited to give
information concerning the upcoming surveillance audit.
c) Surveillance Witness Audits
Surveillance witness audits are IFS audits, whereby a regular certification audit is attended by a
witness auditor employed or commissioned by IFS MANAGEMENT. The aim is to examine the work of
the auditor in an audit situation by observing the auditor’s method and assessments of the IFS
requirements. Such audits are performed on the basis of a standard IFS checklist. The result of the
surveillance witness audit is primarily based on the comparison between the assessments of the
auditor and of the observing witness auditor. IFS MANAGEMENT and CB agree on the date and the
company where the surveillance witness audits shall take place.
(3) Audits to confirm CB or auditor competence
These audits are required when penalties have been imposed against a certification body and/or an
auditor as a result of a proven breach or several proven breaches (see IV. below). IFS
MANAGEMENT is not required to provide official notification prior to conducting such audits. Instead,
IFS MANAGEMENT and the certification body agree when and at the premises of which operator the
audit shall be conducted. There are two types of these audits: witness audits to confirm the
competence of an auditor and CB office audits to confirm the competence of a CB.
a) Witness Audits to confirm the competence of an auditor:
These witness audits are IFS audits that are conducted when a penalty has been imposed against an
IFS auditor and a regular certification audit is attended by an auditor employed or commissioned by
IFS MANAGEMENT. Their aim is to assess the work of the auditor in an audit situation by observing
the auditor’s method and assessments of the IFS requirements. The audit is performed on the basis of
a regular IFS checklist. The result of the witness audit is primarily based on the comparison between
the assessments of the auditor and of the observing witness auditor. The main focus of the audit is to
Annex 4 to Framework Agreement
page 7 of 24
ensure that the problem which led to the penalty has been rectified. A positive outcome results in the
confirmation of the auditor approval for IFS audits.
b) CB Office Audits to confirm CB competence
These CB office audits are audits that are conducted by an auditor employed or commissioned by IFS
MANAGEMENT as a result of a penalty being imposed, and take place at the premises of the
certification body that has been issued with the penalty. Such audits are performed on the basis of a
checklist containing the requirements of the Framework agreement, the present Addendum, possible
future amendments of the Framework agreement as well as the relevant requirements of the IFS
standards and IFS regulations in their current versions. The main focus of the audit is to ensure that
the problem which led to the penalty has been rectified. These CB office audits can be conducted in
cooperation and jointly with other scheme owners who have concluded own respective agreements
with the certification body. Prior to the conduct of the CB office audit, IFS MANAGEMENT will inform
the CB if and which other scheme owner will attend the audit.
(4) Sanction Committee
The sanction committee consists of the following pool of people: a chairman (a lawyer),
representatives from the retail sector, representatives from industry as well as representatives from
certification bodies (without voting rights). If necessary, further guest participants (e.g. experts from
accreditation bodies) can support the committee in technical questions; however, they do not have any
voting rights. Each case will be assessed by 4 committee members (case team). These include the
committee chairman and 1 representative each from retail, industry and certification bodies. The
selection of each respective case team is performed by IFS MANAGEMENT using a random,
rotational selection process. IFS MANAGEMENT checks and ensures that the selected members are
not dependent, whether directly or indirectly, at a personal or economic level, on the organisations
involved in the case.
The case team is responsible for deciding whether or not a Level 1 or Level 2 breach has occurred
and for determining the level of breach. The case is only decided by the chairman and the
representatives from retail and industry, as the representative from the certification body merely
provides technical input and has no voting rights. The case team convenes once IFS MANAGEMENT
has collected all the information required for the assessment of a case and has found conclusive
evidence that an auditor and/or a certification body is in breach of the contract requirements or the
relevant requirements of the IFS.
Decision by the sanction committee:
If a fault of a certification body or an auditor is likely to have occurred, all relevant information shall be
made accessible to the members of the sanction committee in an anonymous way in a protected area
Annex 4 to Framework Agreement
page 8 of 24
of the database. The sanction committee strives to decide within 4 weeks after the data has been
made available whether a breach has been committed and by whom (certification body or auditor) and
what level of breach (Level 1 or Level 2) has occurred.
Once the sanction committee has informed IFS MANAGEMENT of its decision, IFS MANAGEMENT
shall check whether the auditor or the certification body concerned have committed any breaches in
the past. Depending on the level of breach and the number of breaches previously committed by the
certification body or the auditor, an initial warning or respective sanctions shall follow (see IV (1) a) –
e), charts with sanctions and penalties for different levels of breaches for certification bodies and
auditors).
(5) Levels of Breach
There are two levels of breaches which a certification body and/or its auditors might commit in the
course of performing an IFS audit and certification. Additionally there is a third level of breach which a
certification body might commit in the course of performing IFS audits and certification.
Topics which are likely to result in a Level 1 or Level 2 breach are forwarded to the sanction
committee. The decision whether a Level 3 breach is likely is assessed by the IFS Quality Assurance
Management and confirmed by the chairman (lawyer) of the sanction committee.
Note: Depending on the case the decision of the sanction committee can lead to both – breach for
auditor and breach for CB.
All examples mentioned below for the different Levels of breaches are not exclusive, further topics can
be also decided as breach Level 1-3 depending on the case.
a) Level 1
Non-acceptable performance which calls into question the overall competence of the certification body
and/or the auditor: Breach of contract requirements and/or IFS requirements which generally put
product safety at risk and/or results in a breach of law. Relevant is only such law which is associated
with the IFS certifications.
Examples for Level 1 breaches for certification bodies
The certification body fails to identify obvious errors in an audit report during a certification
process (review process), which puts product safety at risk and/or results in a breach of law.
The certification body fails to comply with one or several penalties which have been imposed
against it as a result of a previous level 1 breach.
Examples for Level 1 breaches for auditors
Severe error of an auditor when auditing a company, which puts product safety at risk and/or
leads to a breach of law.
Annex 4 to Framework Agreement
page 9 of 24
The auditor provides incorrect information/ratings in the audit report, which puts product safety
at risk and/or results in a breach of law.
b) Level 2
Very poor performance of the certification body and/or an auditor, requiring immediate and radical
improvement measures: Incorrect behavior during an audit and/or breach of IFS rules in view of the
required procedures of the certification process, which does not generally put product safety at risk
and/or result in a breach of law. Relevant is only such law which is associated with the IFS
certifications.
Examples for Level 2 breaches for certification bodies
The calculation matrix of IFS Food Standard, version 6 and the additional regulations
described in the IFS Food Standard, version 6 and the Doctrine for CBs concerning audit time
calculation were not respected to determine audit duration.
The certification body did not monitor one/several auditors by an on-site witness audit at least
once every two years according to the rules defined in the IFS standards current version
and/or there is/are no documented witness report/s available.
The Certification Body did not train its auditors in accordance with IFS regulations on a regular
basis, though at least once per year in a two-day course and there is/are no document(s) of
training attendance available.
The certification body fails to identify obvious errors in an audit report during a certification
process, which does not put product safety at risk.
An audit was conducted by an auditor/ audit team not having the product scope and/or
technical scope approval required to perform the audit.
The suspension of a current certificate according to the standard regulations is missing
completely in the database.
The CB already got a level 3 breach for the topic “missing suspension of the current certificate
within a maximum 2 working days after the audit” and within the next period of 6 months again
for > 5 % of all IFS-audits with Major- or KO-rating the suspension of the current certificate
was not carried out within a maximum 2 working days after the audit date.
An audit is conducted by an auditor not having the necessary language approval for the
respective country (country according to the list provided with the Doctrine for CBs a translator
is not allowed to be used for).
An audit is conducted by an auditor not having the necessary language approval for the
respective country (country according the Doctrine for CBs a translator is allowed), no
translator was additionally used and/or the audit time was not increased accordingly.
Indications in the CV of an auditor sent to IFS Office are demonstrably not correct.
Annex 4 to Framework Agreement
page 10 of 24
The certification body contacts the certified company howsoever after having been notified by
IFS MANAGEMENT about a planned Integrity on-site audit and before the beginning of such
audit.
Penalties imposed as a result of a level 2 breach have not been complied with.
The certification body did not participate at the yearly certification body conference (referring to § 3, no. 4 of the Framework Agreement).
Examples for Level 2 breaches for auditors
The auditor provides incorrect information in the audit report not relating to product safety.
The auditor mentioned in the scope of the audit products, which demonstrably were not
produced at the time of the audit.
The auditor mentioned in the audit report dates and times, but it is evident that he was not at
this site at the mentioned dates and times.
An audit is conducted by an auditor/ audit team not having the product scope and/or
technology scope approval required to perform the audit. The missing product scope or
technology scope is required to guarantee a qualitative and comprehensive audit of the
company.
An audit is conducted by an auditor not having a current IFS approval at the time of the audit.
c) Level 3
Other breaches of the IFS, the IFS audit system and other IFS audit requirements
The topics mentioned below are based on database investigations by IFS office. In each case the
topic is forwarded to the certification body with a request for internal investigation as well as a
statement. If the statement is sufficient, IFS Quality Assurance Management shall ascertain whether
the existing problem is rectified or whether a breach by the certification body is likely to have occurred.
The decision whether a Level 3 breach is likely is assessed by the IFS Quality Assurance
Management, but has to be confirmed by the chairman (lawyer) of the sanction committee.
Examples for Level 3 breaches for certification bodies
The auditor conducts more consecutive audits at the same organization than permitted under
current IFS rules, this fact is evident by database analysis and the certification body´s
statement is not able to clarify the case.
For > 5 % of all IFS-audits with Major- or KO-rating, analyzed within a 6 months period by IFS
QAM, the suspension of the current certificate was not carried out within a maximum 2
working days after the audit date.
Annex 4 to Framework Agreement
page 11 of 24
In case of complaint handling a certification body does not send any statement to the IFS
offices even after 2 reminder emails. For administrative complaints this means a certification
body shows no reaction even after 2 reminder emails within 1 month after sending the first
email with the notification of an administrative complaint. For qualitative complaints this means
a certification body shows no reaction even after 2 reminder emails within 2 months after
sending the first email with the notification of a qualitative complaint.
Penalties imposed as a result of a level 3 breach are not complied with.
The certification body has not improved its inadequate performance of one or several of the
CB administrative indicators after a previous first warning within a further 6 months analysis
time.
(6) Analyses by IFS Quality Assurance Management (CB administrative indicators)
IFS Quality Assurance Management evaluates different administrative indicators for certification
bodies every 6 months.
Examples for administrative indicators are described below.
If the certification body is not respecting the IFS rules for administrative indicators within the first 6
months analysis this results in a first warning. 6 months later an additional evaluation is carried out. If
no improvement is reached within these 6 months the result of this evaluation will be send to the
accreditation body. Additionally IFS Quality Assurance Management assesses a level 3 breach for the
certification body and this has to be confirmed by the chairman (lawyer) of the sanction committee.
CB administrative indicators:
Inadequate performance, which requires the implementation of improvement measures, such
performance being linked to administrative errors by the certification body.
The diary function of the IFS portal was not used within 6 months for > 5 % of the IFS audits
carried out by the certification body (referring to Part 1, 3.3 of the IFS Food standard, version
6).
Within 6 months > 5 % of the IFS audits carried out by the certification body were not
uploaded in time (8 weeks after the audit date) to the IFS portal (referring to Part 1, 6.1 of the
IFS Food, version 6 standard).
Within 6 months the IFS office got administrative complaints for > 2 % of the IFS audits carried
out by the certification body based on different complaint reasons (e.g. report not uploaded,
date in diary function missing, new COID account for existing company, reason for blocking
the certificate is not sufficient,…..).
Annex 4 to Framework Agreement
page 12 of 24
(7) Other Definitions
IFS:
all standards that are marketed by IFS MANAGEMENT under the brand of “International
Featured Standards”.
II. IFS Complaint Management
(1) General IFS MANAGEMENT usually receives complaints about IFS audits from retailers. For this purpose,
retailers use the official IFS complaints form. In addition, IFS MANAGEMENT may also receive
complaints or information from certification bodies, employees of IFS-certified companies or other
natural persons or legal entities which are treated in the same way during the complaint management
as complaints from retailers. The following circumstances, without intending to be exhaustive, may be
the cause of a complaint.
a) A product that was produced at an IFS-certified site does not comply with the relevant IFS
requirements in terms of product safety or other legal requirements which are associated with the IFS
certifications.
b) The state of an IFS-certified site does not correspond to the conditions described in the current
audit report or the conditions that can be expected based on the overall result indicated on the current
certificate.
c) A significant discrepancy between the information provided in an existing IFS report or the
information of an IFS certificate issued and the observations made during a supplier audit that was
conducted after the IFS audit.
d) Other information that indicates a suspected incorrect behavior by participants in the IFS
certification scheme (IFS-certified company, auditor, certification body). This may include:
general information, e.g. discrepancies between the audit report and true events or
adjustments of the production process that have implications for human health and/or product
safety, and/or
administrative shortcomings in connection with the IFS audit, e.g. errors on IFS certificates
and/or IFS reports that were not or have not been uploaded correctly and/or in full into the IFS
portal.
Annex 4 to Framework Agreement
page 13 of 24
(2) Procedure a) The IFS offices receive a complaint, usually in the form of an IFS complaint form sent by retailers.
Qualitative complaints are processed exclusively by IFS Quality Assurance Management in Berlin.
Administrative complaints can be also processed by the local offices (Berlin, Paris, Milan).
b) Based on a comparison between the content of the complaint and the information available via the
IFS portal, it is decided whether or not the complaint is reasonable. If it is not reasonable, the
certification body shall merely be informed of the complaint and the complainant shall be notified
accordingly. The case shall be closed. If the complaint is reasonable, it shall be added to the internal
complaint management database.
c) The content of the complaint is usually forwarded to the certification body with a request for internal
investigation as well as a statement. The notification to the certification body may be omitted if IFS
MANAGEMENT suspects that this step may affect the resolution of the complaint.
If the complaint relates to the quality of the content of IFS audits or IFS audit reports, IFS
MANAGEMENT shall ask the certification body to provide a statement on the cause and the measures
introduced to rectify the problem within 2 weeks. If the complaint relates to administrative errors, e.g.
in IFS audit reports, IFS certificates or in the IFS database, IFS MANAGEMENT shall ask the
certification body to provide a statement and rectify the problem within 1 week. The certification body
may ask IFS MANAGEMENT to extend this period if there is good cause. The statement must be
issued in writing by email or post.
d) If the cause of the complaint cannot be conclusively verified or if the problem cannot be rectified
once the statement has been checked IFS MANAGEMENT shall organize in general an investigation
audit. The type of investigation audit depends on the content of the complaint as well as the missing
information. For this purpose, an independent auditor shall be selected and commissioned by IFS
MANAGEMENT and provided with the relevant information.
If no further information is required and the cause of the complaint seems to be solved, the
complainant will be asked for agreement to close the case (in this case go straight to g) below).
e) The commissioned auditor submits the result of the audit to IFS MANAGEMENT. IFS
MANAGEMENT forwards the result immediately to the certification body and if applicable to the
respective company. The certification body is obligated to comment in written form on the result within
2 weeks after receipt of the result. If the certification body does not comment in time, IFS
MANAGEMENT may continue with the procedure.
If a KO or Major non-conformity is issued in the investigation audit which has to lead to a suspension
of the certificate, the following measures have to be taken:
Annex 4 to Framework Agreement
page 14 of 24
If an observer of the certification body has attended the audit, the certification body is obliged to
suspend the certificate within 3 working days after receipt of the result.
If the investigation audit was carried out without the prior notification of the certification body or without
the attendance of an observer of the certification body, the certification body has 7 days to inform IFS
MANAGEMENT if it accepts or rejects the result. Meanwhile, IFS MANAGEMENT will mark the
audited company with a warning triangle on the IFS database. When the warning triangle is set in the
database all database users that are registered as retailers or registered as certified company having
mentioned the respective company in their favorites list will be automatically informed of the result of
the control audit by email. The warning triangle is also visible for the certification body concerned. If
the certification body accepts the result or if the certification body does not comment within 7 days, the
certification body is obliged to suspend the certificate after further 3 working days. If the certification
body rejects the result, the certification body has to prove to IFS MANAGEMENT that adequate
measures are being taken, that product safety is not in danger and a breach of law (e.g. food law) is
not being committed.
When the suspension of the certificate is performed by the certification body all users having access to
the IFS database (retailers and certified companies) and having mentioned the respective company in
their favorites list will get an e-mail notice from the IFS audit portal that the current certificate has been
suspended. In addition, the organization concerned shall remain in the database with a relevant note
for a period of three months after certificate suspension and such note shall be visible to all database
users.
f) Once all relevant information (investigation audit result, statement(s) of the certification body) has
been received by IFS MANAGEMENT, the information shall be checked to ascertain whether the data
is sufficient to identify the cause of the complaint. If an investigation audit has been carried out and the
available information is still insufficient, a new investigation audit shall be scheduled.
g) If the data is sufficient, IFS MANAGEMENT shall ascertain whether the existing problem has
already been rectified and/or a breach by the auditor and/or the certification body is likely to have
occurred. If the problem has already been rectified and/or a breach by the auditor/certification body is
unlikely to have occurred, the case shall be closed and the complainant shall receive a final report.
If there is sufficient data available to make a decision and if the problem has not yet been rectified and
a breach is likely to have occurred, all relevant information shall be made accessible to the members
of the sanction committee in an anonymous way in a protected area of the database. The sanction
committee strives to decide within 4 weeks after the data has been made available whether a breach
has been committed and by whom and, if applicable, what level of breach has occurred.
Annex 4 to Framework Agreement
page 15 of 24
h) Once the sanction committee has informed IFS MANAGEMENT of its decision, IFS MANAGEMENT
shall check whether the auditor and/or the certification body concerned have committed any breaches
in the past. Depending on the level of breach and the number of breaches previously committed by the
certification body and/or the auditor, a warning, a suspension or an extraordinary termination of the
framework agreement shall follow (see IV 1) a) –e), charts with sanctions and penalties for different
levels of breaches for certification bodies and auditors).
i) Once the breach has been decided and/or penalties have been imposed, the responsible
accreditation body shall be informed of the case. Findings from a closed case which can play a role for
the interpretation and/or the enhancement of the IFS may be provided to all certification bodies and
retailers.
j) The case is deemed closed when the complainant has received a final report from IFS
MANAGEMENT.
III. Process relating to preventive quality assurance measures of IFS MANAGEMENT
(1) IFS MANAGEMENT shall treat all information relating to breaches of IFS requirements, which IFS
MANAGEMENT receives in connection with the surveillance audits in the same manner as information
received by IFS MANAGEMENT in connection with the complaint management. This means that the
complaint management process described in II. (2) e) – i) above also applies in connection with
preventive quality assurance measures. This means further that in the case of a breach, the
certification body and its auditors shall be issued with the same penalties that apply in the case of a
complaint. Furthermore, in the event that a KO or Major non-conformity is issued in a surveillance on-
site supplier audit, the certification body shall be requested to suspend the certificate of the respective
company as described in II. (2) e).
(2) IFS MANAGEMENT shall treat all information found in connection with routine assessments of IFS
reports, IFS certificates or other available data or in connection with evaluation options, which
indicates a breach of IFS requirements, in the same manner as information received in connection
with the complaint management.
IV. Penalties
Penalties shall be imposed on the certification body and/or its auditors if the sanction committee,
having checked all the available information, concludes that a Level 1 or Level 2 breach has been
committed by the certification body and/or its auditors and IFS MANAGEMENT has been notified
accordingly.
Annex 4 to Framework Agreement
page 16 of 24
The penalties for Level 3 breaches shall be imposed on the certification body when after investigation
of all topics and statements IFS Quality Assurance Management decides that a breach Level 3 has
been committed by the certification body and the chairman (lawyer) of the sanction committee has
confirmed the Level 3 breach.
The type of penalty to be imposed depends on the number of breaches previously committed by the
auditor and/or certification body concerned as well as the level of such breaches. IFS MANAGEMENT
will inform the respective accreditation body if a breach for a certification body and/or for an auditor
has been decided, this means if an initial warning has been issued or additional sanctions have been
issued. The period of limitation for breaches that were previously committed and subject to penalties is
3 years, even if the auditor has moved to another certification body.
In the case the sanction committee (or IFS Quality Assurance Management for Level 3 breaches with
confirmation by the chairman of the sanction committee) finds out that a breach has been committed,
the certification body is obliged to compensate IFS MANAGEMENT for the following costs, if they have
been occurred:
- costs of the audits which have been conducted within the Integrity Program,
- costs of the sanction committee related to the determined breach
- costs for the sanctions following the decision of the breach (e.g. additional CB office audit to confirm
CB approval, IP- witness audit to confirm auditor competence, GAP- training or calibration training
which was demanded by IP)
This compensation of the costs is obligatory no matter which of the penalties described in the following
charts is imposed on the certification body and/or its auditors. The costs are due as soon as IFS
MANAGEMENT informs the certification body about the breach and invoices the costs.
Additionally if a Level 1 or Level 2 breach has been decided for an auditor a review of the performed
audits by this auditor has to be carried out by the certification body, to assess if further mistakes have
been made for already performed audits. This has to be carried out for all audits with a valid IFS-
certificate.
In case of a suspension of the certification body the whole certification process has to be stopped and
the certification body is no longer allowed to issue any IFS certificates. In particular, the certification
body cannot issue IFS certificates from the date of suspension, even for the audits which have been
already performed but which are still in the certification process (review of the report, certification
decision, etc.).
So that means that, from the time of suspension:
Sites with audits pending
The CB is not permitted to schedule or perform audits whilst suspended.
Annex 4 to Framework Agreement
page 17 of 24
Sites with audits currently planned during the suspension period have to be contacted by the CB. Sites
should make arrangements with an alternative approved and accredited certification body for the
scheme.
Sites with certificates pending
The CB is not permitted to issue certificates whilst suspended, no certification decision shall be made.
Existing certificated sites
A review has to be done of the processes operated by the CB to ensure the validity of currently issued
certificates. The content and extent of the review shall be based on the reason for the suspension.
Annex 4 to Framework Agreement
page 18 of 24
(1) Charts with Processes for different Levels of Breaches
a) Level 1 breach for certification bodies
Information to IFS
Office Berlin
regarding decision
on level of breach
Previous breaches
for CB in internal IFS
QAM registration ?
warning and penalty:
- Reimbursement of IP audit
and Sanction Committee
costs
- Performance of an internal
CB training
- Adequate corrective
actions
- penalty of 5.000€
Proof to IFS QAM by
CB:
performing of internal
training and determine
adequate CA within 3
weeks after warning
warning and penalty:
- Reimbursement of IP audit
and Sanction Committee costs
- Performance of an internal CB
training
- Adequate corrective actions
- penalty of 10.000€
Extraordinary
termination of
framework
agreement
No
Yes
2nd breach
Another level 1
breach for not-
fulfilling warning
request
3rd breach
suspension of CB
for 1 year
Fulfilling of IFS
requirements for CBs
to be approved as
IFS CBs
signing the new
framework
agreement
Result office audit
positive?
Yes
No
confirmation
of CB
No
internal registration of
breach by IFS QAM
Proof to IFS QAM by
CB:
performing of internal
training and
determine adequate
CA within 3 weeks
after warning
Yes
Another level 1
breach for not-
fulfilling warning
request
No
new start of IP process
for CB
CB office audit
(if a minimum of 3
IFS audits were
performed)
No
internal registration of
breach by IFS QAM
confirmation of CB
new framework
agreement no longer
valid
IFS QAM received
relevant proofs?
IFS QAM received
relevant proofs?
Yes
Annex 4 to Framework Agreement
page 20 of 24
b) Level 1 breach for auditors
Information to IFS
Office Berlin
regarding decision
on level of breach
Previous breaches
for auditor in internal IFS
QAM registration?
suspension until
attendance at GAP
course or
calibration training
No
2nd breach
Yes
Demand of GAP
course or
calibration training
initial
examinationNo
Conduct IP witness
audit by IFS
Result IP witness
audit positive?
Yes
12 months
suspension
after 12 months
suspension
demand of initial
examination
Yes
IFS
examination
process
No
confirmation as IFS
auditor
No
Auditor passes initial
examination?
Auditor attends GAP
course or calibration training
within 1 year?
Yes
After Auditor confirmation as IFS auditor in case of 2nd breach the IP process for the auditor starts new.
Annex 4 to Framework Agreement
page 21 of 24
c) Level 2 breach for certification bodies
Information to IFS
Office Berlin
regarding decision
on level of breach
Previous breaches
for CB in internal IFS
QAM registration?
warning:
- Reimbursement of IP audit
and Sanction Committee
costs
- Performance of an internal
CB training
- Adequate corrective
actions
Proof to IFS QAM by
CB:
performing of internal
training and determine
adequate CA within 3
weeks after warning
warning and penalty:
- Reimbursement of IP audit
and Sanction Committee costs
- Performance of an internal CB
training
- Adequate corrective actions
- Penalty of 3.000€
Extraordinary
termination of
framework
agreement
No
Yes
2nd breach 4th breach
Another level 2
breach for not-
fulfilling warning
request
warning and penalty:
- Reimbursement of IP audit and
Sanction Committee costs
- Performance of an internal CB
training
- Adequate corrective actions
- Penalty of 5.000€
3rd breach
suspension of CB
for 1 year
Fulfilling of IFS
requirements for CBs
to be approved as
IFS CBs
signing the new
framework
agreement
Conduct a CB office
audit by IFS
Result office audit
positive?
confirmation of CB
Yes
No
confirmation
of CB
No
internal registration of
breach by IFS QAM
Proof to IFS QAM by
CB:
performing of internal
training and
determine adequate
CA within 3 weeks
after warning
Yes
Another level 2
breach for not-
fulfilling warning
request
No
new start of IP process
for CB
Nein
internal registration of
breach by IFS QAM
internal registration of
breach by IFS QAM
CB office audit
(if a minimum of 3
IFS audits were
performed)
procedure for
CB office
audits
new framework
agreement no
longer valid
IFS QAM receives
relevant proofs?
Yes
IFS QAM receives
relevant proofs?
Annex 4 to Framework Agreement
page 22 of 24
d) Level 2 breach for auditors
Information to IFS
Office Berlin
regarding decision
on level of breach
Previous breaches
for auditor in internal IFS
QAM registration?
warning:
Auditor is allowed to
perform audits
No
2nd breach
3 months
suspension
3rd breach
Yes
Demand of GAP
course or
calibration training
within 1 year after
warning
Initial exam
Demand of GAP
course or calibration
training
confirmation of IFS
auditor
12 months
suspension
confirmation as IFS
auditorr
Yes
internal registration of
breach by IFS QAM
Yes
Conduct IP witness
audit by IFS
Result IP witness
audit positive?
Yes
No
confirmation
as IFS auditor
No
IFS
examination
process
Yes
internal registration of
breach by IFS QAM
Initial exam
No
IFS
examination
process
NoYes Auditor passes
initial exam?
Auditor attendes GAP
course or calibration
training?
Auditor attends
at GAP course or
calibration training within 1
year?
No
Auditor passes
initial exam?No
After auditor confirmation as IFS auditor in case of 3rd breach the IP process for the auditor starts new.
Annex 4 to Framework Agreement
page 23 of 24
e) Level 3 breach for certification bodies
decision on level of
breach by IFS QAM and
confirmation of the breach
by chairman (lawyer) of
the sanction committee
warning
- Performance of an
internal CB training
- Adequate corrective
actions
1st-2nd breach 3rd – 5th breach > 5 breaches
warning and penalty
- Performance of an
internal CB training
- Adequate corrective
actions
- penalty of 500 €
3 month suspension
confirmation of CB
CB office audit by IFS
Result office audit
positive?
Yes
No confirmation of
CBNo
internal registration of
breach by IFS QAM
4.a Proof to IFS QAM
by CB: performing of
internal training and
determine adequate
CA within 3 weeks
after warning
Another level
3 breach for
notfulfilling
warning
request
internal registration of
breach by IFS QAM
Yes
further procedure
depends on the
number of level 3
breaches
Proof to IFS QAM by
CB: performing of
internal training and
determine adequate
CA within 3 weeks
after warning
internal registration of
breach by IFS QAM
Yes
further 1 month suspension and
additional CB office
audit
IFS QAM receives the
relevant proofs?No
IFS QAM receives the
relevant proofs?No
If the issue for receiving the breach is the same as for the previous breach the penalty will be doubled.
Annex 4 to Framework Agreement
page 24 of 24
V. Obligations of the Certification Body
The Certification Body undertakes to inform any auditors it commissions about the existing Integrity
Program and the penalties associated with it. Such information shall be provided in writing and
presented as evidence to IFS MANAGEMENT.
The content of this document shall especially explain that each auditor is aware that in case of not
respecting the rules of IFS standards and related IFS regulations IFS MANAGEMENT has the right to
forward the respective case to the sanction committee for decision. The sanction committee might
decide breaches directly for auditors and in this case auditors might be obliged to take part at IFS
training courses or might be suspended as IFS auditor for a certain time.
Any breaches will be recorded for each auditor in order to have an overview of the “history” of the
auditor. Also in case of a CB change breaches for auditors are not cancelled within a period of 36
months. In case of a CB change IFS MANAGEMENT is allowed to inform with the switch the new
certification body of previous still valid breaches of this auditor.
Certification bodies shall send copies of the signed versions of their respective auditor´s confirmation
documents concerning the Integrity Program to IFS MANAGEMENT.
Old and new customers shall be informed in writing about the content of the Integrity Program and the
possible impact on their companies.
The Certification Body undertakes to provide IFS MANAGEMENT with a contact name for the Integrity
Program. This person shall be responsible for the communication with IFS MANAGEMENT in
connection with the complaints management and penalty management. The Certification Body
undertakes to notify IFS MANAGEMENT in writing and without delay of any personnel changes in this
regard.
Berlin, ……………………………………. Place, date Place, date ……………………………………. ……………………………………. IFS MANAGEMENT GmbH Certification Body (Signature and company stamp)