annex 4 to framework agreement - tuev-sued.de · annex 4 to framework agreement page 1 of 24...

Annex 4 to Framework Agreement

page 1 of 24

INTEGRITY PROGRAM

As part of the IFS Integrity Program, IFS MANAGEMENT carries out a number of different measures

to assure the quality of the IFS, with a focus on the check of audits conducted by the certification

bodies and their auditors. One can differentiate between complaint management measures and

preventive quality assurance measures.

(1) As part of the complaint management, IFS MANAGEMENT may conduct so-called investigation

audits, which are aimed at processing and resolving complaints in connection with IFS audits that

have already been conducted. Depending on the nature and extent of the complaint, an investigation

CB office audit (see I. (1) a) below), an investigation on-site supplier audit (see I. (1) b) below)

and/or an investigation witness audit (see I. (1) c) below) may be conducted. The audits are always

aimed at ascertaining the cause of the complaint and identifying potential breaches of IFS

requirements.

(2) The so-called surveillance audits are conducted as part of the preventive quality assurance

measures. These audits are random reviews of IFS audits that have already been conducted,

regardless of whether or not complaints have been made. There are three types of surveillance audits:

surveillance CB office audits (see I. (2) a) below), surveillance on-site supplier audits (see I. (2)

b) below) and surveillance witness audits (see I. (2) c).

If all information required to resolve a complaint has been collected during the complaint management

process and if such information suggests that a breach Level 1 or Level 2 of IFS requirements has

been committed, or if important evidence of a potential breach Level 1 or Level 2 has been found

during the surveillance audits, IFS MANAGEMENT shall pass this information on to the IFS sanction

committee (see I. (4) below). Additionally all other investigations by IFS Quality Assurance

Management which suggest that a breach Level 1 or Level 2 of IFS requirements has been committed

shall be passed to the IFS sanction committee.

The sanction committee shall decide whether or not a breach has occurred and determine the level of

the suspected breach (for topics suspected to be Level 1 or Level 2 breaches).

Level 3 breaches (based on IFS database analyses) can be assessed directly by IFS Quality

Assurance Management but have to be confirmed by the chairman (lawyer) of the sanction committee.

IFS MANAGEMENT will subsequently impose penalties depending on the level of breach and the

occurrence of previous breaches (see IV. below).


page 2 of 24

The following chart shows the general structure of the IFS Integrity Program

on-site

supplier audit

Integrity

Program

Surveillance

audits

IFS quality

management sufficient evidence

at hand/breach Level

1 or Level 2

probable

Investigation

audits

Complaint

management

preventive QA

measures

witness

audit

CB office audit CB office

audit on-site

supplier audit

Chairman

lawyer

participant

from retailers

participant from the

industry

Sanction committee

participant from CBs

without right to vote

witness

audit

IFS quality

management direct

decision of Level 3

breaches based on

database analyses,

confirmed by chairman

(lawyer)


page 3 of 24

I. Definition

(1) Investigation Audits

Investigation audits are IFS audits that are conducted on behalf of IFS MANAGEMENT as a result of a

complaint received by IFS MANAGEMENT.

Depending on the nature of the complaint and the type of audit that seems most appropriate to resolve

the complaint, IFS MANAGEMENT shall decide whether to conduct an investigation CB office audit,

an investigation on-site supplier audit and/or an investigation witness audit (see I. (1) a) – c) below).

IFS MANAGEMENT shall notify the certification body that is subject to the complaint and/or the

certified organisation (by email and fax using the contact details stored in the IFS database) 0-48

hours prior to the audit date that an investigation audit will be conducted. It is being referred to § 2, no.

3 of the Framework Agreement.

IFS MANAGEMENT shall ensure that the auditor in charge of the investigation audit has the technical

and language skills (or that an interpreter is present) to conduct the relevant audit. In addition, IFS

MANAGEMENT shall guarantee the economic and personal independence of the auditor by ensuring

prior to each audit that the auditor has not had any economic relationship with the organisation 2 years

prior to the investigation audit, and that the auditor undertakes not to enter into an economic

relationship with the organisation for a period of 2 years following the audit. Furthermore, the auditor

shall sign a declaration of independence and confidentiality with IFS MANAGEMENT.

There are three types of investigation audits: investigation CB office audit, investigation on-site

supplier audit and/or investigation witness audit.

a) Investigation CB Office Audits

Investigation CB office audits are audits that are conducted by an auditor employed or commissioned

by IFS MANAGEMENT at the premises of the IFS-accredited certification body in order to resolve an

existing complaint. Their aim is to assess the work of the certification body in connection with an

existing case by means of records and invoices. Such audits are performed on the basis of a checklist

containing the requirements of the Framework agreement, the present Addendum, possible future

amendments of the Framework agreement as well as the relevant requirements of the IFS standards

and IFS regulations in their current versions. The purpose of the audit is to review documentation

relating to certification procedures, focusing on the content of the complaint. The audits can be

conducted in cooperation and jointly with other scheme owners who have concluded own respective

agreements with the certification body. Prior to the conduct of the CB office audit, IFS MANAGEMENT

will inform the CB if and which other scheme owner will attend the audit. As soon as the CB office

audit date is fixed IFS MANAGEMENT will inform the respective accreditation body to give them the

chance to attend the audit as an observer. At the end of the CB office audit process IFS

MANAGEMENT sends a copy of the finally reviewed CB office audit report and the corrective actions

defined by the CB to the respective accreditation body.


page 4 of 24

b) Investigation On-site Supplier Audits

Investigation on-site supplier audits are IFS audits that are conducted by an auditor employed or

commissioned by IFS MANAGEMENT on the basis of a current version of the IFS checklist at the

premises of the certified company in order to resolve an existing complaint. Their aim is to assess the

certified company– i.e. the conditions of the existing certificate – as well as the auditor of the original

audit – using the information provided in the original audit report. This audit is not a regular IFS audit; it

focuses on the content of the complaint. The decision of the duration of the audit is up to IFS Quality

Assurance Management.

In case IFS MANAGEMENT decides to notify the certification body that is subject to the complaint as

well as the certified company, IFS MANAGEMENT has to notify both parties at the same time prior to

the audit date. The certification body has the possibility to attend the audit as observer.

If the certification body gets notified by IFS MANAGEMENT about the planned audit, it is prohibited for

the certification body to contact the certified company howsoever (also not through third parties). In the

case the certified company contacts the certification body it is prohibited to give information

concerning the complaint case and/or the upcoming investigation audit. The breach of such

interdiction constitutes a level 2 breach (see I. (5) b) below).

c) Investigation Witness Audits

Investigation witness audits are IFS audits, whereby a regular certification audit is attended by a

witness auditor employed or commissioned by IFS MANAGEMENT in order to resolve an existing

complaint. Their aim is to examine the work of the auditor in an audit situation by observing the

auditor’s method and assessments of the IFS requirements. Such audits are performed on the basis of

a standard IFS checklist. The result of the investigation witness audit is primarily based on the

comparison between the assessments of the auditor and of the observing witness auditor. The witness

auditor attends parts of the audits that are relevant to resolving the complaint; hence the witness time

may differ from the duration of the audit. IFS MANAGEMENT and CB agree on the date and the

company where the investigation witness audits shall take place.

(2) Surveillance Audits

Surveillance audits are IFS audits that are carried out by IFS MANAGEMENT to assess the IFS

system. The certification bodies, IFS certified companies and/or auditors shall be selected for

surveillance audits based on a random process by objective criteria. Objective criteria are e.g. the

number of certificates issued by the relevant certification body, analysis of the IFS database

concerning audit time or audit results, review of uploaded audit reports and further criteria.

IFS MANAGEMENT shall ensure that the auditor in charge of the surveillance audit has the technical

and language skills (or that an interpreter is present) to conduct the relevant audit. In addition, IFS


page 5 of 24

MANAGEMENT shall guarantee the economic and personal independence of the auditor by ensuring

prior to each audit that the auditor has not had any economic relationship with the organisation 2 years

prior to the surveillance audit, and that the auditor undertakes not to enter into an economic

relationship with the organisation for a period of 2 years following the audit. Furthermore, the auditor

shall sign a declaration of independence and confidentiality with IFS MANAGEMENT.

There are three types of surveillance audits: surveillance CB office audits, surveillance on-site supplier

audits and surveillance witness audits:

a) Surveillance CB Office Audits

Surveillance CB office audits are audits that are conducted by an auditor employed or commissioned

by IFS MANAGEMENT at the premises of the IFS-accredited certification body in order to assess the

quality of randomly selected certification procedures based on a documentation review. Such audits

are performed on the basis of a checklist containing the requirements of the Framework agreement,

the present Addendum, possible future amendments of the Framework agreement as well as the

relevant requirements of the IFS standards and IFS regulations in their current versions. The audits

can be conducted in cooperation and jointly with other scheme owners who have concluded own

respective agreements with the certification body. Prior to the conduct of the CB office audit, IFS

MANAGEMENT will inform the CB if and which other scheme owner will attend the audit. Notification

of surveillance CB office audits is generally provided by IFS MANAGEMENT in advance. If the CB

asks for a time shifting for the surveillance CB office audit and if such second fixed date falls through

due to CB’s behavior, this behavior constitutes a breach of a material duty according to § 9 no. 1 of the

Framework Agreement and may implicate to an extraordinary termination of the Framework

Agreement. As soon as the CB office audit date is fixed IFS MANAGEMENT will inform the respective

accreditation body to give them the chance to attend the audit as an observer. At the end of the CB

office audit process IFS MANAGEMENT sends a copy of the finally reviewed CB office audit report

and the corrective actions defined by the CB to the respective accreditation body.

b) Surveillance On-site Supplier Audits

Surveillance on-site supplier audits are IFS audits that are conducted by an auditor employed or

commissioned by IFS MANAGEMENT on the basis of a current version of the IFS checklist at the

premises of the certified company. Their aim is to assess the performance of the certified company –

i.e. the conditions of the existing certificate – as well as the auditor of the original audit – using the

information provided in the audit report. It does not always have to be a complete IFS audit.

As a general rule, notification of surveillance on-site supplier audits shall be provided by IFS

MANAGEMENT approx. 48 hours prior to the audit date. Such notification may be omitted or may be

provided less than 48 hours prior to the audit date if there is evidence that food safety is at risk and/or

that shortcomings may be covered up.


page 6 of 24

IFS MANAGEMENT will inform the public about the policy of IFS MANAGEMENT concerning this

matter through its Internet presence and corresponding documents. The certification bodies are

responsible for their part to inform their customers. It is being referred to § 2, no. 3 of the Framework

Agreement.

In case IFS MANAGEMENT decides to notify the certification body as well as the certified company,

IFS MANAGEMENT has to notify both parties at the same time. The certification body has the

possibility to attend the audit as observer.

If the certification body gets notified by IFS MANAGEMENT about the planned surveillance audit, it is

prohibited for the certification body to contact the certified company howsoever (also not through third

parties). In the case the certified company contacts the certification body, it is prohibited to give

information concerning the upcoming surveillance audit.

c) Surveillance Witness Audits

Surveillance witness audits are IFS audits, whereby a regular certification audit is attended by a

witness auditor employed or commissioned by IFS MANAGEMENT. The aim is to examine the work of

the auditor in an audit situation by observing the auditor’s method and assessments of the IFS

requirements. Such audits are performed on the basis of a standard IFS checklist. The result of the

surveillance witness audit is primarily based on the comparison between the assessments of the

auditor and of the observing witness auditor. IFS MANAGEMENT and CB agree on the date and the

company where the surveillance witness audits shall take place.

(3) Audits to confirm CB or auditor competence

These audits are required when penalties have been imposed against a certification body and/or an

auditor as a result of a proven breach or several proven breaches (see IV. below). IFS

MANAGEMENT is not required to provide official notification prior to conducting such audits. Instead,

IFS MANAGEMENT and the certification body agree when and at the premises of which operator the

audit shall be conducted. There are two types of these audits: witness audits to confirm the

competence of an auditor and CB office audits to confirm the competence of a CB.

a) Witness Audits to confirm the competence of an auditor:

These witness audits are IFS audits that are conducted when a penalty has been imposed against an

IFS auditor and a regular certification audit is attended by an auditor employed or commissioned by

IFS MANAGEMENT. Their aim is to assess the work of the auditor in an audit situation by observing

the auditor’s method and assessments of the IFS requirements. The audit is performed on the basis of

a regular IFS checklist. The result of the witness audit is primarily based on the comparison between

the assessments of the auditor and of the observing witness auditor. The main focus of the audit is to


page 7 of 24

ensure that the problem which led to the penalty has been rectified. A positive outcome results in the

confirmation of the auditor approval for IFS audits.

b) CB Office Audits to confirm CB competence

These CB office audits are audits that are conducted by an auditor employed or commissioned by IFS

MANAGEMENT as a result of a penalty being imposed, and take place at the premises of the

certification body that has been issued with the penalty. Such audits are performed on the basis of a

checklist containing the requirements of the Framework agreement, the present Addendum, possible

future amendments of the Framework agreement as well as the relevant requirements of the IFS

standards and IFS regulations in their current versions. The main focus of the audit is to ensure that

the problem which led to the penalty has been rectified. These CB office audits can be conducted in

cooperation and jointly with other scheme owners who have concluded own respective agreements

with the certification body. Prior to the conduct of the CB office audit, IFS MANAGEMENT will inform

the CB if and which other scheme owner will attend the audit.

(4) Sanction Committee

The sanction committee consists of the following pool of people: a chairman (a lawyer),

representatives from the retail sector, representatives from industry as well as representatives from

certification bodies (without voting rights). If necessary, further guest participants (e.g. experts from

accreditation bodies) can support the committee in technical questions; however, they do not have any

voting rights. Each case will be assessed by 4 committee members (case team). These include the

committee chairman and 1 representative each from retail, industry and certification bodies. The

selection of each respective case team is performed by IFS MANAGEMENT using a random,

rotational selection process. IFS MANAGEMENT checks and ensures that the selected members are

not dependent, whether directly or indirectly, at a personal or economic level, on the organisations

involved in the case.

The case team is responsible for deciding whether or not a Level 1 or Level 2 breach has occurred

and for determining the level of breach. The case is only decided by the chairman and the

representatives from retail and industry, as the representative from the certification body merely

provides technical input and has no voting rights. The case team convenes once IFS MANAGEMENT

has collected all the information required for the assessment of a case and has found conclusive

evidence that an auditor and/or a certification body is in breach of the contract requirements or the

relevant requirements of the IFS.

Decision by the sanction committee:

If a fault of a certification body or an auditor is likely to have occurred, all relevant information shall be

made accessible to the members of the sanction committee in an anonymous way in a protected area


page 8 of 24

of the database. The sanction committee strives to decide within 4 weeks after the data has been

made available whether a breach has been committed and by whom (certification body or auditor) and

what level of breach (Level 1 or Level 2) has occurred.

Once the sanction committee has informed IFS MANAGEMENT of its decision, IFS MANAGEMENT

shall check whether the auditor or the certification body concerned have committed any breaches in

the past. Depending on the level of breach and the number of breaches previously committed by the

certification body or the auditor, an initial warning or respective sanctions shall follow (see IV (1) a) –

e), charts with sanctions and penalties for different levels of breaches for certification bodies and

auditors).

(5) Levels of Breach

There are two levels of breaches which a certification body and/or its auditors might commit in the

course of performing an IFS audit and certification. Additionally there is a third level of breach which a

certification body might commit in the course of performing IFS audits and certification.

Topics which are likely to result in a Level 1 or Level 2 breach are forwarded to the sanction

committee. The decision whether a Level 3 breach is likely is assessed by the IFS Quality Assurance

Management and confirmed by the chairman (lawyer) of the sanction committee.

Note: Depending on the case the decision of the sanction committee can lead to both – breach for

auditor and breach for CB.

All examples mentioned below for the different Levels of breaches are not exclusive, further topics can

be also decided as breach Level 1-3 depending on the case.

a) Level 1

Non-acceptable performance which calls into question the overall competence of the certification body

and/or the auditor: Breach of contract requirements and/or IFS requirements which generally put

product safety at risk and/or results in a breach of law. Relevant is only such law which is associated

with the IFS certifications.

Examples for Level 1 breaches for certification bodies

The certification body fails to identify obvious errors in an audit report during a certification

process (review process), which puts product safety at risk and/or results in a breach of law.

The certification body fails to comply with one or several penalties which have been imposed

against it as a result of a previous level 1 breach.

Examples for Level 1 breaches for auditors

Severe error of an auditor when auditing a company, which puts product safety at risk and/or

leads to a breach of law.


page 9 of 24

The auditor provides incorrect information/ratings in the audit report, which puts product safety

at risk and/or results in a breach of law.

b) Level 2

Very poor performance of the certification body and/or an auditor, requiring immediate and radical

improvement measures: Incorrect behavior during an audit and/or breach of IFS rules in view of the

required procedures of the certification process, which does not generally put product safety at risk

and/or result in a breach of law. Relevant is only such law which is associated with the IFS

certifications.


The calculation matrix of IFS Food Standard, version 6 and the additional regulations

described in the IFS Food Standard, version 6 and the Doctrine for CBs concerning audit time

calculation were not respected to determine audit duration.

The certification body did not monitor one/several auditors by an on-site witness audit at least

once every two years according to the rules defined in the IFS standards current version

and/or there is/are no documented witness report/s available.

The Certification Body did not train its auditors in accordance with IFS regulations on a regular

basis, though at least once per year in a two-day course and there is/are no document(s) of

training attendance available.

The certification body fails to identify obvious errors in an audit report during a certification

process, which does not put product safety at risk.

An audit was conducted by an auditor/ audit team not having the product scope and/or

technical scope approval required to perform the audit.

The suspension of a current certificate according to the standard regulations is missing

completely in the database.

The CB already got a level 3 breach for the topic “missing suspension of the current certificate

within a maximum 2 working days after the audit” and within the next period of 6 months again

for > 5 % of all IFS-audits with Major- or KO-rating the suspension of the current certificate

was not carried out within a maximum 2 working days after the audit date.

An audit is conducted by an auditor not having the necessary language approval for the

respective country (country according to the list provided with the Doctrine for CBs a translator

is not allowed to be used for).

An audit is conducted by an auditor not having the necessary language approval for the

respective country (country according the Doctrine for CBs a translator is allowed), no

translator was additionally used and/or the audit time was not increased accordingly.

Indications in the CV of an auditor sent to IFS Office are demonstrably not correct.


page 10 of 24

The certification body contacts the certified company howsoever after having been notified by

IFS MANAGEMENT about a planned Integrity on-site audit and before the beginning of such

audit.

Penalties imposed as a result of a level 2 breach have not been complied with.

The certification body did not participate at the yearly certification body conference (referring to § 3, no. 4 of the Framework Agreement).

Examples for Level 2 breaches for auditors

The auditor provides incorrect information in the audit report not relating to product safety.

The auditor mentioned in the scope of the audit products, which demonstrably were not

produced at the time of the audit.

The auditor mentioned in the audit report dates and times, but it is evident that he was not at

this site at the mentioned dates and times.

An audit is conducted by an auditor/ audit team not having the product scope and/or

technology scope approval required to perform the audit. The missing product scope or

technology scope is required to guarantee a qualitative and comprehensive audit of the

company.

An audit is conducted by an auditor not having a current IFS approval at the time of the audit.

c) Level 3

Other breaches of the IFS, the IFS audit system and other IFS audit requirements

The topics mentioned below are based on database investigations by IFS office. In each case the

topic is forwarded to the certification body with a request for internal investigation as well as a

statement. If the statement is sufficient, IFS Quality Assurance Management shall ascertain whether

the existing problem is rectified or whether a breach by the certification body is likely to have occurred.

The decision whether a Level 3 breach is likely is assessed by the IFS Quality Assurance

Management, but has to be confirmed by the chairman (lawyer) of the sanction committee.


The auditor conducts more consecutive audits at the same organization than permitted under

current IFS rules, this fact is evident by database analysis and the certification body´s

statement is not able to clarify the case.

For > 5 % of all IFS-audits with Major- or KO-rating, analyzed within a 6 months period by IFS

QAM, the suspension of the current certificate was not carried out within a maximum 2

working days after the audit date.


page 11 of 24

In case of complaint handling a certification body does not send any statement to the IFS

offices even after 2 reminder emails. For administrative complaints this means a certification

body shows no reaction even after 2 reminder emails within 1 month after sending the first

email with the notification of an administrative complaint. For qualitative complaints this means

a certification body shows no reaction even after 2 reminder emails within 2 months after

sending the first email with the notification of a qualitative complaint.

Penalties imposed as a result of a level 3 breach are not complied with.

The certification body has not improved its inadequate performance of one or several of the

CB administrative indicators after a previous first warning within a further 6 months analysis

time.

(6) Analyses by IFS Quality Assurance Management (CB administrative indicators)

IFS Quality Assurance Management evaluates different administrative indicators for certification

bodies every 6 months.

Examples for administrative indicators are described below.

If the certification body is not respecting the IFS rules for administrative indicators within the first 6

months analysis this results in a first warning. 6 months later an additional evaluation is carried out. If

no improvement is reached within these 6 months the result of this evaluation will be send to the

accreditation body. Additionally IFS Quality Assurance Management assesses a level 3 breach for the

certification body and this has to be confirmed by the chairman (lawyer) of the sanction committee.

CB administrative indicators:

Inadequate performance, which requires the implementation of improvement measures, such

performance being linked to administrative errors by the certification body.

The diary function of the IFS portal was not used within 6 months for > 5 % of the IFS audits

carried out by the certification body (referring to Part 1, 3.3 of the IFS Food standard, version

6).

Within 6 months > 5 % of the IFS audits carried out by the certification body were not

uploaded in time (8 weeks after the audit date) to the IFS portal (referring to Part 1, 6.1 of the

IFS Food, version 6 standard).

Within 6 months the IFS office got administrative complaints for > 2 % of the IFS audits carried

out by the certification body based on different complaint reasons (e.g. report not uploaded,

date in diary function missing, new COID account for existing company, reason for blocking

the certificate is not sufficient,…..).


page 12 of 24

(7) Other Definitions

IFS:

all standards that are marketed by IFS MANAGEMENT under the brand of “International

Featured Standards”.

II. IFS Complaint Management

(1) General IFS MANAGEMENT usually receives complaints about IFS audits from retailers. For this purpose,

retailers use the official IFS complaints form. In addition, IFS MANAGEMENT may also receive

complaints or information from certification bodies, employees of IFS-certified companies or other

natural persons or legal entities which are treated in the same way during the complaint management

as complaints from retailers. The following circumstances, without intending to be exhaustive, may be

the cause of a complaint.

a) A product that was produced at an IFS-certified site does not comply with the relevant IFS

requirements in terms of product safety or other legal requirements which are associated with the IFS

certifications.

b) The state of an IFS-certified site does not correspond to the conditions described in the current

audit report or the conditions that can be expected based on the overall result indicated on the current

certificate.

c) A significant discrepancy between the information provided in an existing IFS report or the

information of an IFS certificate issued and the observations made during a supplier audit that was

conducted after the IFS audit.

d) Other information that indicates a suspected incorrect behavior by participants in the IFS

certification scheme (IFS-certified company, auditor, certification body). This may include:

general information, e.g. discrepancies between the audit report and true events or

adjustments of the production process that have implications for human health and/or product

safety, and/or

administrative shortcomings in connection with the IFS audit, e.g. errors on IFS certificates

and/or IFS reports that were not or have not been uploaded correctly and/or in full into the IFS

portal.


page 13 of 24

(2) Procedure a) The IFS offices receive a complaint, usually in the form of an IFS complaint form sent by retailers.

Qualitative complaints are processed exclusively by IFS Quality Assurance Management in Berlin.

Administrative complaints can be also processed by the local offices (Berlin, Paris, Milan).

b) Based on a comparison between the content of the complaint and the information available via the

IFS portal, it is decided whether or not the complaint is reasonable. If it is not reasonable, the

certification body shall merely be informed of the complaint and the complainant shall be notified

accordingly. The case shall be closed. If the complaint is reasonable, it shall be added to the internal

complaint management database.

c) The content of the complaint is usually forwarded to the certification body with a request for internal

investigation as well as a statement. The notification to the certification body may be omitted if IFS

MANAGEMENT suspects that this step may affect the resolution of the complaint.

If the complaint relates to the quality of the content of IFS audits or IFS audit reports, IFS

MANAGEMENT shall ask the certification body to provide a statement on the cause and the measures

introduced to rectify the problem within 2 weeks. If the complaint relates to administrative errors, e.g.

in IFS audit reports, IFS certificates or in the IFS database, IFS MANAGEMENT shall ask the

certification body to provide a statement and rectify the problem within 1 week. The certification body

may ask IFS MANAGEMENT to extend this period if there is good cause. The statement must be

issued in writing by email or post.

d) If the cause of the complaint cannot be conclusively verified or if the problem cannot be rectified

once the statement has been checked IFS MANAGEMENT shall organize in general an investigation

audit. The type of investigation audit depends on the content of the complaint as well as the missing

information. For this purpose, an independent auditor shall be selected and commissioned by IFS

MANAGEMENT and provided with the relevant information.

If no further information is required and the cause of the complaint seems to be solved, the

complainant will be asked for agreement to close the case (in this case go straight to g) below).

e) The commissioned auditor submits the result of the audit to IFS MANAGEMENT. IFS

MANAGEMENT forwards the result immediately to the certification body and if applicable to the

respective company. The certification body is obligated to comment in written form on the result within

2 weeks after receipt of the result. If the certification body does not comment in time, IFS

MANAGEMENT may continue with the procedure.

If a KO or Major non-conformity is issued in the investigation audit which has to lead to a suspension

of the certificate, the following measures have to be taken:


page 14 of 24

If an observer of the certification body has attended the audit, the certification body is obliged to

suspend the certificate within 3 working days after receipt of the result.

If the investigation audit was carried out without the prior notification of the certification body or without

the attendance of an observer of the certification body, the certification body has 7 days to inform IFS

MANAGEMENT if it accepts or rejects the result. Meanwhile, IFS MANAGEMENT will mark the

audited company with a warning triangle on the IFS database. When the warning triangle is set in the

database all database users that are registered as retailers or registered as certified company having

mentioned the respective company in their favorites list will be automatically informed of the result of

the control audit by email. The warning triangle is also visible for the certification body concerned. If

the certification body accepts the result or if the certification body does not comment within 7 days, the

certification body is obliged to suspend the certificate after further 3 working days. If the certification

body rejects the result, the certification body has to prove to IFS MANAGEMENT that adequate

measures are being taken, that product safety is not in danger and a breach of law (e.g. food law) is

not being committed.

When the suspension of the certificate is performed by the certification body all users having access to

the IFS database (retailers and certified companies) and having mentioned the respective company in

their favorites list will get an e-mail notice from the IFS audit portal that the current certificate has been

suspended. In addition, the organization concerned shall remain in the database with a relevant note

for a period of three months after certificate suspension and such note shall be visible to all database

users.

f) Once all relevant information (investigation audit result, statement(s) of the certification body) has

been received by IFS MANAGEMENT, the information shall be checked to ascertain whether the data

is sufficient to identify the cause of the complaint. If an investigation audit has been carried out and the

available information is still insufficient, a new investigation audit shall be scheduled.

g) If the data is sufficient, IFS MANAGEMENT shall ascertain whether the existing problem has

already been rectified and/or a breach by the auditor and/or the certification body is likely to have

occurred. If the problem has already been rectified and/or a breach by the auditor/certification body is

unlikely to have occurred, the case shall be closed and the complainant shall receive a final report.

If there is sufficient data available to make a decision and if the problem has not yet been rectified and

a breach is likely to have occurred, all relevant information shall be made accessible to the members

of the sanction committee in an anonymous way in a protected area of the database. The sanction

committee strives to decide within 4 weeks after the data has been made available whether a breach

has been committed and by whom and, if applicable, what level of breach has occurred.


page 15 of 24

h) Once the sanction committee has informed IFS MANAGEMENT of its decision, IFS MANAGEMENT

shall check whether the auditor and/or the certification body concerned have committed any breaches

in the past. Depending on the level of breach and the number of breaches previously committed by the

certification body and/or the auditor, a warning, a suspension or an extraordinary termination of the

framework agreement shall follow (see IV 1) a) –e), charts with sanctions and penalties for different

levels of breaches for certification bodies and auditors).

i) Once the breach has been decided and/or penalties have been imposed, the responsible

accreditation body shall be informed of the case. Findings from a closed case which can play a role for

the interpretation and/or the enhancement of the IFS may be provided to all certification bodies and

retailers.

j) The case is deemed closed when the complainant has received a final report from IFS

MANAGEMENT.

III. Process relating to preventive quality assurance measures of IFS MANAGEMENT

(1) IFS MANAGEMENT shall treat all information relating to breaches of IFS requirements, which IFS

MANAGEMENT receives in connection with the surveillance audits in the same manner as information

received by IFS MANAGEMENT in connection with the complaint management. This means that the

complaint management process described in II. (2) e) – i) above also applies in connection with

preventive quality assurance measures. This means further that in the case of a breach, the

certification body and its auditors shall be issued with the same penalties that apply in the case of a

complaint. Furthermore, in the event that a KO or Major non-conformity is issued in a surveillance on-

site supplier audit, the certification body shall be requested to suspend the certificate of the respective

company as described in II. (2) e).

(2) IFS MANAGEMENT shall treat all information found in connection with routine assessments of IFS

reports, IFS certificates or other available data or in connection with evaluation options, which

indicates a breach of IFS requirements, in the same manner as information received in connection

with the complaint management.

IV. Penalties

Penalties shall be imposed on the certification body and/or its auditors if the sanction committee,

having checked all the available information, concludes that a Level 1 or Level 2 breach has been

committed by the certification body and/or its auditors and IFS MANAGEMENT has been notified

accordingly.


page 16 of 24

The penalties for Level 3 breaches shall be imposed on the certification body when after investigation

of all topics and statements IFS Quality Assurance Management decides that a breach Level 3 has

been committed by the certification body and the chairman (lawyer) of the sanction committee has

confirmed the Level 3 breach.

The type of penalty to be imposed depends on the number of breaches previously committed by the

auditor and/or certification body concerned as well as the level of such breaches. IFS MANAGEMENT

will inform the respective accreditation body if a breach for a certification body and/or for an auditor

has been decided, this means if an initial warning has been issued or additional sanctions have been

issued. The period of limitation for breaches that were previously committed and subject to penalties is

3 years, even if the auditor has moved to another certification body.

In the case the sanction committee (or IFS Quality Assurance Management for Level 3 breaches with

confirmation by the chairman of the sanction committee) finds out that a breach has been committed,

the certification body is obliged to compensate IFS MANAGEMENT for the following costs, if they have

been occurred:

- costs of the audits which have been conducted within the Integrity Program,

- costs of the sanction committee related to the determined breach

- costs for the sanctions following the decision of the breach (e.g. additional CB office audit to confirm

CB approval, IP- witness audit to confirm auditor competence, GAP- training or calibration training

which was demanded by IP)

This compensation of the costs is obligatory no matter which of the penalties described in the following

charts is imposed on the certification body and/or its auditors. The costs are due as soon as IFS

MANAGEMENT informs the certification body about the breach and invoices the costs.

Additionally if a Level 1 or Level 2 breach has been decided for an auditor a review of the performed

audits by this auditor has to be carried out by the certification body, to assess if further mistakes have

been made for already performed audits. This has to be carried out for all audits with a valid IFS-

certificate.

In case of a suspension of the certification body the whole certification process has to be stopped and

the certification body is no longer allowed to issue any IFS certificates. In particular, the certification

body cannot issue IFS certificates from the date of suspension, even for the audits which have been

already performed but which are still in the certification process (review of the report, certification

decision, etc.).

So that means that, from the time of suspension:

Sites with audits pending

The CB is not permitted to schedule or perform audits whilst suspended.


page 17 of 24

Sites with audits currently planned during the suspension period have to be contacted by the CB. Sites

should make arrangements with an alternative approved and accredited certification body for the

scheme.

Sites with certificates pending

The CB is not permitted to issue certificates whilst suspended, no certification decision shall be made.

Existing certificated sites

A review has to be done of the processes operated by the CB to ensure the validity of currently issued

certificates. The content and extent of the review shall be based on the reason for the suspension.


page 18 of 24

(1) Charts with Processes for different Levels of Breaches

a) Level 1 breach for certification bodies

Information to IFS

Office Berlin

regarding decision

on level of breach

Previous breaches

for CB in internal IFS

QAM registration ?

warning and penalty:

- Reimbursement of IP audit

and Sanction Committee

costs

- Performance of an internal

CB training

- Adequate corrective

actions

- penalty of 5.000€

Proof to IFS QAM by

CB:

performing of internal

training and determine

adequate CA within 3

weeks after warning



and Sanction Committee costs

- Performance of an internal CB

training

- Adequate corrective actions

- penalty of 10.000€

Extraordinary

termination of

framework

agreement

No

Yes

2nd breach

Another level 1

breach for not-

fulfilling warning

request

3rd breach

suspension of CB

for 1 year

Fulfilling of IFS

requirements for CBs

to be approved as

IFS CBs

signing the new

framework

agreement

Result office audit

positive?

Yes

No

confirmation

of CB

No

internal registration of

breach by IFS QAM

Proof to IFS QAM by

CB:


training and

determine adequate

CA within 3 weeks

after warning

Yes

Another level 1

breach for not-

fulfilling warning

request

No

new start of IP process

for CB

CB office audit

(if a minimum of 3

IFS audits were

performed)

No


breach by IFS QAM

confirmation of CB

new framework

agreement no longer

valid

IFS QAM received

relevant proofs?

IFS QAM received

relevant proofs?

Yes


page 19 of 24


page 20 of 24

b) Level 1 breach for auditors

Information to IFS

Office Berlin

regarding decision

on level of breach

Previous breaches

for auditor in internal IFS

QAM registration?

suspension until

attendance at GAP

course or

calibration training

No

2nd breach

Yes

Demand of GAP

course or


initial

examinationNo

Conduct IP witness

audit by IFS

Result IP witness

audit positive?

Yes

12 months

suspension

after 12 months

suspension

demand of initial

examination

Yes

IFS

examination

process

No

confirmation as IFS

auditor

No

Auditor passes initial

examination?

Auditor attends GAP

course or calibration training

within 1 year?

Yes

After Auditor confirmation as IFS auditor in case of 2nd breach the IP process for the auditor starts new.


page 21 of 24

c) Level 2 breach for certification bodies

Information to IFS

Office Berlin

regarding decision

on level of breach

Previous breaches

for CB in internal IFS

QAM registration?

warning:


and Sanction Committee

costs

- Performance of an internal

CB training


actions

Proof to IFS QAM by

CB:


training and determine

adequate CA within 3

weeks after warning



and Sanction Committee costs


training


- Penalty of 3.000€

Extraordinary

termination of

framework

agreement

No

Yes

2nd breach 4th breach

Another level 2

breach for not-

fulfilling warning

request


- Reimbursement of IP audit and

Sanction Committee costs


training


- Penalty of 5.000€

3rd breach

suspension of CB

for 1 year

Fulfilling of IFS

requirements for CBs

to be approved as

IFS CBs

signing the new

framework

agreement

Conduct a CB office

audit by IFS

Result office audit

positive?

confirmation of CB

Yes

No

confirmation

of CB

No


breach by IFS QAM

Proof to IFS QAM by

CB:


training and

determine adequate

CA within 3 weeks

after warning

Yes

Another level 2

breach for not-

fulfilling warning

request

No

new start of IP process

for CB

Nein


breach by IFS QAM


breach by IFS QAM

CB office audit

(if a minimum of 3

IFS audits were

performed)

procedure for

CB office

audits

new framework

agreement no

longer valid

IFS QAM receives

relevant proofs?

Yes

IFS QAM receives

relevant proofs?


page 22 of 24

d) Level 2 breach for auditors

Information to IFS

Office Berlin

regarding decision

on level of breach

Previous breaches

for auditor in internal IFS

QAM registration?

warning:

Auditor is allowed to

perform audits

No

2nd breach

3 months

suspension

3rd breach

Yes

Demand of GAP

course or


within 1 year after

warning

Initial exam

Demand of GAP

course or calibration

training

confirmation of IFS

auditor

12 months

suspension

confirmation as IFS

auditorr

Yes


breach by IFS QAM

Yes

Conduct IP witness

audit by IFS

Result IP witness

audit positive?

Yes

No

confirmation

as IFS auditor

No

IFS

examination

process

Yes


breach by IFS QAM

Initial exam

No

IFS

examination

process

NoYes Auditor passes

initial exam?

Auditor attendes GAP

course or calibration

training?

Auditor attends

at GAP course or

calibration training within 1

year?

No

Auditor passes

initial exam?No

After auditor confirmation as IFS auditor in case of 3rd breach the IP process for the auditor starts new.


page 23 of 24

e) Level 3 breach for certification bodies

decision on level of

breach by IFS QAM and

confirmation of the breach

by chairman (lawyer) of

the sanction committee

warning

- Performance of an

internal CB training


actions

1st-2nd breach 3rd – 5th breach > 5 breaches

warning and penalty

- Performance of an

internal CB training


actions

- penalty of 500 €

3 month suspension

confirmation of CB

CB office audit by IFS

Result office audit

positive?

Yes

No confirmation of

CBNo


breach by IFS QAM

4.a Proof to IFS QAM

by CB: performing of

internal training and

determine adequate

CA within 3 weeks

after warning

Another level

3 breach for

notfulfilling

warning

request


breach by IFS QAM

Yes

further procedure

depends on the

number of level 3

breaches

Proof to IFS QAM by

CB: performing of

internal training and

determine adequate

CA within 3 weeks

after warning


breach by IFS QAM

Yes

further 1 month suspension and

additional CB office

audit

IFS QAM receives the

relevant proofs?No

IFS QAM receives the

relevant proofs?No

If the issue for receiving the breach is the same as for the previous breach the penalty will be doubled.


page 24 of 24

V. Obligations of the Certification Body

The Certification Body undertakes to inform any auditors it commissions about the existing Integrity

Program and the penalties associated with it. Such information shall be provided in writing and

presented as evidence to IFS MANAGEMENT.

The content of this document shall especially explain that each auditor is aware that in case of not

respecting the rules of IFS standards and related IFS regulations IFS MANAGEMENT has the right to

forward the respective case to the sanction committee for decision. The sanction committee might

decide breaches directly for auditors and in this case auditors might be obliged to take part at IFS

training courses or might be suspended as IFS auditor for a certain time.

Any breaches will be recorded for each auditor in order to have an overview of the “history” of the

auditor. Also in case of a CB change breaches for auditors are not cancelled within a period of 36

months. In case of a CB change IFS MANAGEMENT is allowed to inform with the switch the new

certification body of previous still valid breaches of this auditor.

Certification bodies shall send copies of the signed versions of their respective auditor´s confirmation

documents concerning the Integrity Program to IFS MANAGEMENT.

Old and new customers shall be informed in writing about the content of the Integrity Program and the

possible impact on their companies.

The Certification Body undertakes to provide IFS MANAGEMENT with a contact name for the Integrity

Program. This person shall be responsible for the communication with IFS MANAGEMENT in

connection with the complaints management and penalty management. The Certification Body

undertakes to notify IFS MANAGEMENT in writing and without delay of any personnel changes in this

regard.

Berlin, ……………………………………. Place, date Place, date ……………………………………. ……………………………………. IFS MANAGEMENT GmbH Certification Body (Signature and company stamp)

annex 4 to framework agreement - tuev-sued.de · annex 4 to framework agreement page 1 of 24...

Documents