guidance for the conduction of sa 8000:2014 audit · 7 review of management system documentation...

ITT-SYS03-SA8-07

Guidance for the conduction of

SA 8000:2014 audit

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19

ITT-SYS03-SA8-07 Pag.2/22

Contents

1. PURPOSE AND FIELD OF APPLICATION ...................................................................................................................... 4

2. MAIN REFERENCE DOCUMENTS AND REFERENCES TO OTHER DOCUMENTS ............................................................. 4

3. SCOPE OF SA8000 CERTIFICATION ............................................................................................................................. 4

4. AUDIT OF SOCIAL ACCOUNTABILITY MANAGEMENT SYSTEM ................................................................................... 5

4.1. Stakeholder engagement ...................................................................................................................................... 5

5. STAGE 1 AUDIT .......................................................................................................................................................... 6

5.1. Stage 1 audit preparation ..................................................................................................................................... 6 5.2. Stage 1 audit outcomes ........................................................................................................................................ 7

6. STAGE 2 AUDIT .......................................................................................................................................................... 7

6.1. Stage 2 audit preparation ..................................................................................................................................... 7 6.2. Opening meeting .................................................................................................................................................. 7 6.3. Overview tour ....................................................................................................................................................... 8 6.4. Health and Safety Tour ......................................................................................................................................... 8 6.5. Photographs .......................................................................................................................................................... 8 6.6. Documents and record review .............................................................................................................................. 9 6.7. Interviews .............................................................................................................................................................. 9 6.8. Management System Review .............................................................................................................................. 10 6.9. Closing Meeting .................................................................................................................................................. 11

7. SURVEILLANCE AUDIT ............................................................................................................................................. 12

7.1. Opening the process and confirmation of client informations ............................................................................ 13 7.2. Conduction of the audit ...................................................................................................................................... 13 7.3. Monitoring of certified organization performances and trends ......................................................................... 14 7.4. Surveillance Audit records review ....................................................................................................................... 14 7.5. Workers interviews during surveillance audits ................................................................................................... 15

8. RECERTIFICATION AUDIT ......................................................................................................................................... 15

9. NON CONFORMITY CLASSIFICATION ....................................................................................................................... 16

9.1. Critical Non Conformity ....................................................................................................................................... 16 9.2. Major Non Conformity ........................................................................................................................................ 16 9.3. Minor Non Conformity ........................................................................................................................................ 16 9.4. Time bound Non Conformity ............................................................................................................................... 17

10. APPENDIX 1. INTEGRATION OF SOCIAL FINGERPRINT INTO SA8000 SYSTEM ....................................................... 17

10.1. Integration of Social Fingerprint in Stage 1 audit ........................................................................................... 17 10.2. Integration of Social Fingerprint in Stage 2 and recertification audits ........................................................... 18 10.3. Integration of Social Fingerprint in transfer audits ......................................................................................... 18

11. APPENDIX 2. CONDUCTION OF A TRANSITION AUDIT FROM SA8000:2008 TO SA8000:2014 ............................... 19

12.1. Review of the gap analysis prepared by the Company ................................................................................... 19 12.2. Social Fingerprint Indipendent Evaluation ...................................................................................................... 19 12.3. Main aspects to be covered during the transition audit ................................................................................. 20

12. APPENDIX 3. SUMMARY OF ESSENTIAL INFORMATION ....................................................................................... 21

13. TABLE OF FIGURES............................................................................................................................................... 22

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


1. PURPOSE AND FIELD OF APPLICATION

These instructions detail the procedures for certification audits of Social Accountability Management Systems, in compliance with the SA8000:2014 Standards and also based on what is prescribed by the RINA Regulations.

The requirements contained in this ITT are applicable for SAMS audits under SAAS accreditation

2. MAIN REFERENCE DOCUMENTS AND REFERENCES TO OTHER DOCUMENTS

SA 8000:2014

ISO/IEC 17021-1:2015

ISO/IEC 17011:2004

SAAS Procedure 201A

SAAS Procedure 201B

SA8000:2014 Certification Exclusion List

SA8000:2014 Performance Indicator Annex

SA8000:2014 Drafters’ Notes

SA8000:2014 Guidance Document

SA8000:2014 Auditor Guidance for Social Fingerprint

SA8000:2014 Social Fingerprint Glossary

SA8000:2014 Social Fingerprint Rating Chart

IAF MD 1:2007 Certification of Multiple Sites Based on Sampling

IAF MD 2:2007 Transfer of Accredited Certification of Management Systems

IAF MD 5: 2013 Duration of QMS and EMS Audits

ISO/IEC TS 17022:2012

3. SCOPE OF SA8000 CERTIFICATION

SA8000 certification is generally permitted in all countries and is applicable in all industries except as designated in the SA8000:2014 Certification Exclusion List which can be found on SAI website at www.sa-intl.org and on Lotus Notes DB.

SA8000 certification SHALL not be permitted in Maritime Activities covered by the MLC sector.

Organisations without active operations [i.e. Shell Companies] are prohibited from being certified to SA8000.

o Any organisation that applies for SA8000 certification SHALL have been engaged in its stated business for at least 6 months prior to its application for SA8000.

o The organisation that is to be certified SHALL have active contracts with its customer(s).

o The Audit team SHALL maintain evidence in the client file to demonstrate that the client organisation is still active.

SA8000 certification SHALL be valid for a single organisation within a single site or location, or a commonly owned and managed (multi-site) group of facilities at multiple locations within a single country. Multi-site certification across multiple countries SHALL NOT be permitted.

The scope SHALL include the entire legal entity’s structure and processes. In cases where a subcontractor is used by the certified organisation to deliver parts of its activities, the scope statement shall clearly specify that some processes are delivered by subcontractors and those parts are excluded from the scope.

The wording In the certificate need to show the extent of coverage of the processes/activities within the scope.

http://www.sa-intl.org/

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


The certification shall be granted to an entire organisation and it is no allowed to certify personnel in only one department of a multi-department organisation and not the other(s). Departments are interrelated and personnel might move from one department to another.

4. AUDIT OF SOCIAL ACCOUNTABILITY MANAGEMENT SYSTEM

The initial certification audit SHALL generally be conducted in 2 stages as described in Figure 1 below

4.1. Stakeholder engagement Stakeholder engagement SHALL be performed as part of the SA8000 certification process. Stakeholder engagement provides guidance, informed decision-making and a way to engage in meaningful dialogue with those parties with the most knowledge and stake in SA8000 activities. Stakeholder engagement allows auditors to engage with the community prior to the audit to do fact finding and assist in the assessment of the organisation. Auditors SHALL conduct local intelligence gathering while on-site or in a specific area for audits. This may include checking with the local community in the early morning of the Stage 1 audit and/or in the evening between audit days and at the time of an unannounced audit. In addition it’s always essential to check publicly available information on the Company such as website or any other sources. The information contained may corroborate findings or underline issues to be better analyzed during the audit.

Figure 1

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


5. STAGE 1 AUDIT The stage 1 SA8000 audit includes a document review to confirm that the organisation has established procedures and processes, is knowledgeable of legal requirements, and is ready for a Stage 2 SA8000 certification audit. It also involves a Social Fingerprint Independent Evaluation conducted by the SA8000 Lead Auditor. For the requirements related to the Social Fingerprint and its integration into the audit process, please refer to Appendix 1 (par. 10) The Stage 1 audit SHALL be conducted during an on-site visit to the organisation. In the case of micro-enterprises and only in Lower Risk Countries an on-site Stage 1 audit may not be necessary. In such cases, the justification for not doing an on-site visit shall be recorded in the client file. Details shall be recorded describing the conduct of the remote Stage 1 audit. The objective of a Stage 1 audit is as described below in Table 1. An important step

Table 1. Objectives of stage 1

a) Review accuracy of the pre-audit questionnaire returned by the client organisation.

b) Familiarize the Lead Auditor with the issues pertinent to the client organisation.

c) Gain an understanding of the client’s SA system and its state of development.

d) Determine client’s awareness and recognition of the local norms, regulatory and legal requirements.

e) Review the client organisation’s method of determining a local Living Wage and the wages paid to workers.

f) Review and assess the client’s SA8000 management system documentation.

g) Agree to the list of documentation that must be made available by the client organisation for the Stage 2 Audit.

h) Evaluate the client’s location and site-specific conditions.

i) Undertake discussions with the client’s personnel to determine the preparedness for the Stage 2 audit.

j) Identify all parts of the organisation so the auditor understands the structure of the organisation for proper determination of scope of the certificate.

k) Review the proposed allocation of resources for the Stage 2 audit against the draft audit plan and agree with the client on the details of the Stage 2 audit.

l) Evaluate if internal audits and management review are being planned and performed.

m) Review previous labor, ethics, and other similar second and third party audit reports that are in the possession of the SA80000 certified or applicant organisation. The client SHALL make available any such audit reports within the previous three years and all SA8000 audit reports, if ever previously certified.

5.1. Stage 1 audit preparation The Stage 1 audit steps SHALL generally be as described in Table 2. The Stage 1 audit shall be conducted by the appointed Lead Auditor who will conduct stage 2 audit

Table 2 : Stage 1 audit steps Audit Step

Audit Activity

1 Opening Meeting 2 Overview Tour (Including Canteen, Dormitory, Clinic, and Crèche, as

appropriate) 3 Meeting with Workers Representative(s) 4 Meeting with Management to Confirm Understanding of SA8000, Confirm

scope, Review Answers to SAAS Pre- Audit Questionnaire 5 Confirmation of Subcontract Labor on Site (Such As Cleaners, Canteen Staff,

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


Refuse Collectors, Clinic Nurses And Doctors, Dormitory And Security Guards) 6 Availability of Documents 7 Review of Management System Documentation Including Management

Review And Internal Audits 8 Confirm Stage 2 Audit Plan And Logistics for Audit 9 Closing Meeting - Review of Social Fingerprint results

5.2. Stage 1 audit outcomes In determining the interval between Stage 1 and Stage 2 audits, consideration SHALL be given to the need for the client organisation to resolve areas of concern identified during the Stage 1 audit. No more than 6 months SHALL be allowed to pass between the end of the Stage 1 audit and the first day of the Stage 2 audit. If more time is required, an additional Stage 1 audit shall be conducted together with the Social Fingerprint Indipendent Evaluation

6. STAGE 2 AUDIT The Stage 2 SA8000 audit confirms that the organisation is effectively implementing a management system and conforming to the requirements of the SA8000 Standard. It also involves a Social Fingerprint Independent Evaluation conducted by the SA8000 Lead Auditor. For the requirements related to the Social Fingerprint and its integration into the audit process, please refer to Appendix 1 (par. 10)

6.1. Stage 2 audit preparation Stage 2 Audit that shall follow ISO/IEC 17021 clause 9.3.1.3 and generally shall be planned following the guidelines as outlined in Table 3, below. In addition the audit communication letter shall always be sent as described in IS-CRT-SYS-02

Table 3 : Stage 2 audit steps

Audit steps

Stage 2 audit activity

1 Opening Meeting

2 Quick Overview Tour - including canteen, dormitory, clinic and crèche as appropriate

3 Confirmation of records required for interviews

4 Management Interviews

5 Management System Elements Review (including: Policies, Procedures and Records, Social Performance Team, Identification and Assessment of Risks, Monitoring, Internal Involvement and Communication, Complaints Management and Resolution, External Verification and Stakeholder Engagement, Corrective and Preventive Actions, Training and Capacity Building, Management of Suppliers and Contractors.)

6 Workers Representative Interview & Social Performance Team Interviews

7 Health & Safety & Working Conditions Tour - including in situ worker interviews and selection of production records

8 Subcontractor Interviews such as - cleaners, canteen staff, clinic nurses, doctors, dormitory managers and security guards

9 Employee Interviews - including staff, junior managers, first aiders, emergency response team members

10 Worker Interviews

11 Document & Record Review - Working Hours, Payroll, Living Wage, Cost Accounting

12 Pre-Closing Meeting Preparation

13 Closing Meeting

6.2. Opening meeting Senior Management of the client organisation SHALL be requested to attend the Opening Meeting. As applicable, this SHALL include management representatives for health and safety; payroll; production schedules; time and attendance monitoring and labor & ethics/social accountability compliance.

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


Workers Representatives SHALL be requested to attend the Opening Meeting. The client SHALL be reminded of the need to take pictures and copies of documents and photographs of the premises for evidence of conformance. It SHALL be stated that workers will be selected at random to be interviewed and those. It shall be made clear that no one will be disadvantaged by being chosen for interview. It SHALL be stated that the Audit team will choose an area during the overview tour where they will undertake confidential interviews of workers and no management may be present at the time of the interview.

6.3. Overview tour All areas of the organisation are to be briefly toured (including canteen, dormitory, clinic and crèche and all other employer-provided worker service facilities as appropriate). This SHALL include any areas under construction or renovation and any temporary work areas to verify:

o Any changes from the Stage 1 Audit o Identification of potentially Hazardous Areas of Work o Identification of any major structural problems that are clearly evident o Potential Candidates for Interview.

The organisation SHALL provide a simple layout drawing/plan of their premises that includes all buildings and floors and canteen, dormitory, clinic and crèche and all other employer-provided worker service facilities as appropriate, including any areas under construction or renovation. This plan SHALL be filed as a hard or soft copy in the client file.

6.4. Health and Safety Tour This is the detailed tour where ALL areas of the organisation are viewed, particularly with respect to the need to comply with the SA8000:2014 Performance Indicator Annex. During the OHS tour, it is expected that some workers will be chosen for a brief interview about general issues. In order for an organisation to be certified to SA8000, all facility and building areas must be accessed by auditors. This includes any areas under construction or renovation, in which case auditors SHALL be provided with protective equipment as necessary. Interviews of subcontractors may also be performed during the OHS tour.

6.5. Photographs To provide supporting evidence of audit outcomes, photographs SHALL be taken as a record of the audit. The photographs SHALL provide positive reporting showing conformance (or non- conformance) to the elements of the Standard. Photographs SHALL be taken of the following, as applicable and described in Table 4

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


Table 4 : Photographs required 1. SA8000 Standard (s) 2 Evacuation Exits

3. Organisation Building/ Premises 4 Evacuation Drills

5. Work Floor(s) 6 Warehouse

7. Dormitory 8

Supporting Facilities e.g. sewage treatment, boiler, generator)

9. Canteen 10 Attendance Record System

11. Chemical Storage Area 12 Work-In-Progress

13. Personal Protective Equipment 14 H&S Non-compliances

15. Fire Fighting Equipment 16 Best Practice

17. All Organisation’s documents reviewed as a part of the management systems

6.6. Documents and record review The personnel files, time and attendance and remuneration records SHALL be checked for all the interviewees chosen, as well as additional personnel as indicated in column 2 and 3 of Table 5, below. The minimum number of personnel/worker records to be reviewed at Initial (Stage 2) and Recertification Audits SHALL be at least as per Table 5, below.

Table 5 : Number of records to be reviewed

Column 1 Column 2 Column 3 Column 4

N° of Employees Detailed review Additional Worker files to

be reviewed Total worker files and Wage records

reviewed

1-10 As decided by the LA As decided by the LA

11-25 2 3 5

26-100 3 5 8

101-250 6 7 13

251-500 10 9 19

501-800 15 12 27

801-1200 15 15 30

1201-2000 20 17 37

2001-3000 20 20 40

3001-6000 25 25 50

6001-10000 25 30 55

10000-15000 30 35 65

15001-20000 30 40 70

The files in column 2 shall be reviewed in detail. This number shall correspond to the number of workers confidentially interviewed (see table 6) Additional workers file (column 3) shall be skimmed to look for anomalies to be investigated further if found

6.7. Interviews The following indications shall be followed while interviewing the following categories:

Management interviews: Discussions will be held to establish the general thoughts of the management of the organisation with respect to

the implementation by the organisation of their SA8000 management system.

General personnel interviews (including staff and junior managers:

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


Discussions will be held to establish the general thoughts and awareness of the personnel of the organisation with respect to the implementation by the organisation of their SA8000 management system.

Confidential Worker Interviews: Remember at all times that the purpose of worker interviews is to obtain information that may act as a signpost

to issues that require further examination by the SA8000 auditor. Workers SHALL be interviewed in a confidential setting without any supervision or management personnel

present. If a trade union exists, the trade union representative shall be permitted to attend the interview at the request of the interviewee.

The Auditor shall maintain a list of interviewees. This shall not be shared with the client organisation/management. This list SHALL be used to ensure that different individuals are interviewed during subsequent audits or to do follow-up interviews at future audits.

The number of workers to be interviewed is detailed in table 6, below. Any variation shall be in any case duly documented and justified

Table 6 : Stage 2 and recertification audit : Number of workers to be interviewed


N° of Employees

Individual Interviews

Group Inteviews total Average time

1-10 As decided by the LA

As decided by the LA As decided by the LA

40 mins

11-25 2 [1 group of 3] 5 1

26-100 3 [2 group of 2] & [1 goup of 3] 10 3

101-250 6 [3 group of 3] 15 4

251-500 10 [2 group of 3 & [1 group of 4] 20 5

501-800 15 [1 group of 3 & [1 group of 4] 25 7

801-1200 15 [1 group of 3 & [3 group of 4] 30 7

1201-2000 20 [2 group of 3 & [1 group of 4] & [1 group of 5] 35 9

2001-3000 20 [2 group of 3 & [1 group of 4] & [2 group of 5] 40 9

3001-6000 25 [2 group of 3 & [1 group of 4 & [2 group of 5] 45 11

6001-10000 25 [2 group of 3 & [2 group of 4] & [1 group of 5] & [1

group of 6] 50 11

10000-15000 30 [2 group of 3] & [2 group of 4] & [1 group of 5] & [1

group of 6] 55 13

15001-20000 30 [2 group of 3] & [2 group of 4] & [ 2 group of 5] & [1group

of 6] 60 14

Workers representative(s) interview: Discussions will be held to establish the thoughts of the Workers representative(s) with respect to the

implementation by the organisation of its SA8000 management system, general working conditions, Freedom of Association (FOA), and other elements of the Standard within the organisation.

The Workers representative(s) SHALL be asked to describe any Collective Bargaining Agreement (CBA) in place in the organisation.

On-site subcontract labour and suppliers Discussions SHALL be held to establish the general thoughts and awareness of the personnel of on-site

subcontractors and suppliers (such as cleaners, canteen staff, construction crews, clinic nurses and doctors, dormitory and security guards).

Auditors SHALL identify the existence of migrant, temporary, contract and homeworker labourers and maintain interview questions particular to those labour situations.

6.8. Management System Review

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


The management system established by the organisation must follow the classic Plan-Do-Check-Act [PDCA] principle. The PDCA approach is relevant and applies to social, environmental, health and safety management systems. An SA8000 Stage 2 certification audit SHALL fully evaluate the effectiveness of the SA8000 management system, its linkages, its requirements and its performance. This is facilitated through the use of the Social Fingerprint Independent Evaluation. The review shall include a review of the following Items (table 7)

Table 7 : Management System Elements a) Policies, Procedures and Records b) Social Performance Team

c) Identification and Assessment of Risks d) Monitoring

e) Internal Involvement and Communication

f) Complaint Management and Resolution

g) External Verification and Stakeholder Engagement

h) Corrective and Preventive Actions

i) Training and Capacity Building j) Management of Suppliers and Contractors

6.9. Closing Meeting Senior Management SHALL be requested to attend the Closing Meeting. Workers Representatives SHALL be requested to attend the Closing Meeting. If Workers Representative is not in attendance, this SHALL be noted in the audit report. During the closing meeting it’s necessary to carry out a review of Social fingerprint scores (both Self Assessment and Indipendent evaluation). This review shall focus on the individual section scores to make the Company understands the findings and logic behind the scoring.

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


7. SURVEILLANCE AUDIT Surveillance audits of SA8000 certified organisations SHALL be planned as described in Figure 2. Surveillance 2 and surveillance 4 shall also include, in the first certification cycle, a Social Fingerprint Independent Evaluation conducted by the SA8000 Lead Auditor. For the requirements related to the Social Fingerprint and its integration into the audit process, please refer to Appendix 1 (par. 10)

Figure 2

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


7.1. Opening the process and confirmation of client informations Prior to each audit is necessary to fill in the documents FORM-SYS02-SA8-07 in order to understand changes in employment during the audit cycle and, as necessary, adjust the audit day effort. This SHALL be performed and documented at least 4 weeks ahead of the audit date (except for unannounced audits).

7.2. Conduction of the audit Although not all clauses of SA8000 will usually be audited during each surveillance audit, the items in Table 8 SHALL be audited on each surveillance audit.

Table 8 : Mandatory Items to Be Audited During Surveillance Audits

a) Verification of the number of personnel covered by the scope.

b) The review of the management system elements of management review, internal audits and corrective action.

c) Response to any complaints received. d) Worker training and worker awareness and understanding of the client’s SA8000 system in place.

e) Effectiveness of the root cause analysis, corrective and preventive action taken as a result of non- conformities raised during the previous audit (s)

f) Effectiveness of the health and safety management system in place, including number of incidents since the previous audit and analysis of any fatalities, any serious accidents, and any potentially hazardous events including fires, spills of toxic chemicals, explosions.

g) Activities of the Worker Representative(s) since the previous audit.

h) Analysis of working hours and remuneration (including during high season, if any) since the previous audit.

i) Comparison between RINA calculated current living wage and the process and number that is calculated by the certified organisation.

j) Use of claims made by the client about their SA8000 certified status including the use of RINA and SAAS SA8000 mark.

k) Update of the client’s SA8000 audit records. l) Confirmation that the SA8000 Standard is posted in prominent location(s) including in field offices.

m) A site tour of facilities SHALL be mandatory on every on-site audit.

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


7.3. Monitoring of certified organization performances and trends The performance of the client organisation to the requirements of SA8000 SHALL be monitored during each surveillance audit over the certification cycle. Aa record of the client’s progress toward improvement in performance for each SA8000 element and tgether with the history of Non Conformities is available in ASCESI, by clicking on the button “Summary of Activities/Sites” from the page with details of the step of each process. (Figure 3)

Figure 3 : Summary of Activities/ sites in Ascesi

7.4. Surveillance Audit records review The number of files to be reviewed during surveillance audits is detailed in Table 9

Table 9 : Files to be reviewed : surveillance Audit


N° of Employees Detailed review Additional Worker files to

be reviewed Total worker files and Wage records

reviewed

1-10 As decided by the LA As decided by the LA

11-25 1 1 2

26-100 1 2 3

101-250 2 2 4

251-500 3 3 6

501-800 5 4 9

801-1200 5 5 10

1201-2000 7 6 12

2001-3000 7 7 13

3001-6000 8 8 17

6001-10000 8 10 18

10000-15000 10 12 22

15001-20000 10 13 23

The files in column 2 shall be reviewed in detail. This number shall correspond to the number of workers confidentially interviewed (see table 10) Additional workers file (column 3) shall be skimmed to look for anomalies to be investigated further if found

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


7.5. Workers interviews during surveillance audits The number of workers to be interviewed (single and in group) during surveillance audit is detailed in table 10 below

Table 10 : Surveillance Audit - workers to be interviewed


N° of Employees

Individual Interviews

Group Inteviews total Average time


As decided by the LA As decided by the LA

40 mins

11-25 1 [1 group of 2] 3 1

26-100 2 [1 group of 2] 4 3

101-250 3 [1 group of 2] 5 4

251-500 4 [1 group of 3] 7 5

501-800 5 [1 group of 3] 8 7

801-1200 5 [1 group of 2] & [1 group of 3] 10 7

1201-2000 6 [1 group of 2] & [1 group of 4] 12 9

2001-3000 6 [2 group of 2] & [1 group of 3] 13 9

3001-6000 8 [2 group of 2] & [1 group of 3] 15 11

6001-10000 8 [1 group of 2] & [1 group of 3] & [1 group of 4] 17 11

10000-15000 9 [1 group of 2] & [1 group of 3] & [1 group of 4] 18 13

15001-20000 10 [2 group of 2] & [2 group of 3] 20 14

8. RECERTIFICATION AUDIT The process as described in Stage 2 Audits above shall be followed for all Recertification Audits, including Social Fingerprint (see Appendix 1). Every recertification audit shall reassess the effectiveness of the entirety of the policies and actions defined in the client organisation’s social management system and the overall effectiveness of that management system in its entirety, taking into consideration internal and external changes which may have affected the social management system.

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


9. NON CONFORMITY CLASSIFICATION

There are four types of audit non-conformity findings that may be raised as the result of an SA8000 Stage 2, Surveillance, Transfer, Recertification or Special Audit. These are as follows:

o Critical Non-Conformity o Major Non-Conformity o Minor Non-Conformity o Time-Bound Non-Conformity

All NC shall be related to management system violation of the company. Any NC shall therefore only be raised against clause and/or sub clause of the SA8000:2014 standard. For additional information on expressing findings in audit reports, reference is to be made to the ITT-SYS03-ALL-02

9.1. Critical Non Conformity A CRITICAL non-conformity SHALL be issued in the case of a grievous breach of the SA8000 Standard that results in severe impact to individual rights, life, safety and/or SA8000, SAI or SAAS’ reputation. That includes:

o a breach of ethical standards; o immediate threats to workers lives; and/or o grievous and intentional violations of human rights.

A critical NC shall be addressed by the company within 1 month from the audit and results in the immediate suspension of the certificate

9.2. Major Non Conformity A MAJOR non-conformity is one or more of:

The absence or total breakdown of a system to meet an SA8000 requirement. A number of minor non-conformities against one requirement can represent a total breakdown of the system and thus be considered a major non-conformity;

A non-conformity that the judgment and experience of the SA8000 Lead Auditor indicates is likely either to: o result in the failure of the social management system in meeting its goals and expectations or o to materially reduce its ability to reliably assure control of its policies and directives in the workplace to

protect its workers.

A MINOR non-conformity that has not been addressed, or for which no significantimprovement has been made by the time of a follow-up audit, in spite the organisation’s commitment to resolve the issue.

A non-conformity that poses an imminent and immediate but not life-threatening threat to the health and safety of workers

A MAJOR non-conformity that has not been addressed or for which no significant improvement has been made by the time of a follow up audit, in spite of the organisation’s commitment to resolve the issue, SHALL lead to the organisation being issued a warning and moved toward suspension.

9.3. Minor Non Conformity A Minor non-conformity is one or more of:

A failure or oversight in some part of the organisation's social management system relative to SA8000 that is not systemic in nature;

A single observed lapse in following one item of an organisation's social management system.

Failure of closure of a minor NC within the specified time and in any case in no more than 6 months from the previous audit, shall be treated as a failure to the system in addressing the problem and therefore shall cause the minor NC to be re

proposed and raised as a Major NC

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


9.4. Time bound Non Conformity A Time Bound Non Conformity is a special NC which can be raised only against point 8 of the Standard (remuneration), as a result of audit evidence and findings that show that the client organisation meets the local law BUT NOT the higher requirements of SA8000:2014. (E.g. The client organisation pays workers the legal minimum wage but not a living wage) A Time Bound NC can have a Corrective Action Implementation timeline between 18 and 24 month, In order to allow the company to correctly prepare and implement a detailed action plan

10. APPENDIX 1. INTEGRATION OF SOCIAL FINGERPRINT INTO SA8000 SYSTEM Social Fingerprint is now included as a part of SA8000:2014 to increase the integrity and effectiveness of SA8000 certification. The 2 key tools used in Social Fingerprint are: 1. A management system self-assessment completed by the applicant organisation. 2. An independent evaluation of the management system completed by the SA8000 auditor. All SA8000:2014 applicants and certified organisations complete a Social Fingerprint self-assessment as part of the application, transition, or recertification process. Auditors conduct a Social Fingerprint independent evaluation as part of SA8000:2014 audits. For the allocation of Social Fingerprint through the certification cycle, please refer to table 11 below. For new SA8000 applicants, the Certification Body will need to conduct an independent evaluation during Stage 1 and Stage 2 audits. If the applicant becomes certified, the Certification Body will need to conduct an independent evaluation once a year. In case of Multisite Certification audits, the DF Indipendent Evaluation is only completed for the Nominated Head Office. Social fingerprint Indipendent evaluation scores shall be maintained in the online SAI Reporting tool accessed through the SAI training center. If the Lead Auditor uses the SF Indipendend Evaluation offline tool, the results shall be uploaded to the online SAI reporting tool, within 3 working days from the onsite audit. The PR is responsible, in collaboration with the Administrator of the Social Fingerprint identified within each office, to provide the Lead Auditor before the audit with the results of Client’s self-assessmenT. For a list of personnel authorized to the administrator role, see annex to this ITT

Table 11 : Social Fingerprint in the certification cycle First Certification cycle Recertification cycle

Type Stage 1 Stage 2 Surv 1 Surv 2 Surv 3 Surv 4 Surv 5 Recert From Surv 1 through Surv 5

Recert

New Cert.

Self Assessment + Indipendent evaluation

Indipendent Evaluation





10.1. Integration of Social Fingerprint in Stage 1 audit

Preparation If a Stage 1 Audit is not performed because the client organisation is a micro enterprise, the SF Independent Evaluation SHALL only be performed at the Stage 2 Audit. The Audit Plan developed for the Stage 1 Audit SHALL include sufficient time for the CB Lead Auditor to perform an onsite management system documentation review and complete the SF Independent Evaluation questionnaire.

Audit execution and outcomes

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


The auditor SHALL answer all of the questions in the SF Independent Evaluation questionnaire in order to produce the SF scores during the classification of any audit findings and before the closing meeting The SF Independent Evaluation scores SHALL be reviewed with the client organisation during the closing meeting. The SF Independent Evaluation Score SHALL be reviewed as one factor for determining whether the client organisation is ready for the Stage 2 Audit, in conjunction with the other audit findings. If the Independent Evaluation score is less than 3 the Lead Auditor shall caution the applicant organisation about proceeding to the Stage 2 Audit If more than 6 months pass between the end of the Stage 1 and Stage 2 Audits, the audit team shall conduct an additional Stage 1 Audit and corresponding SF Independent Evaluation. The client is not required to repeat the Self-Assessment in these circumstances.

10.2. Integration of Social Fingerprint in Stage 2 and recertification audits

Preparation The Audit Plan developed for the Stage 2 Audit SHALL include sufficient time for the Lead Auditor to complete the SF Independent Evaluation questionnaire. For recertification audit, review the results of the SF Independent Evaluations conducted during the certification cycle. The Lead Auditor shall also review the results of the SF Self-Assessment that the client organisation has completed before the Recertification Audit. This review SHALL be documented and maintained as an audit record.

Execution and outcomes Lead Auditor and other members of the audit team can use the SF Independent Evaluation questionnaire as a tool to guide the Stage 2 Audit. The SF Independent Evaluation Scores shall be reviewed as one factor for determining whether the client organisation will be certified or recertified to SA8000. It shall also be reviewed to assess the organisation’s progress in implementing improvements. SF Independent Evaluation scores shall be reviewed with the client organisation during the closing meeting. Generally the results of Social fingerprint indipendent Evaluation shall be reflected in the overall audit outcomes. The following is a guidance on expectations based on SF results and therefore not normative. If the Independent Evaluation score is 1: Organisations with a score of 1 will likely have significant major non-conformities and are not ready for certification. If the Independent Evaluation score is 2: Organisations with a score of 2 will likely have a small number of major non-conformities and numerous minor non-conformities. Organisations at this level are likely not ready for certification, but may be able to make some improvements to become ready over time. If the Independent Evaluation score is 3: Organisations with a score of 3 will likely have several minor non-conformities and areas of improvement, and may have one or two major non-conformities. Organisations at this level may be ready for certification if they make specific improvements to their system. The auditor shall provide justification for providing certification to organisations at this level. If the Independent Evaluation score is 4: Organisations with a score of 4 may have a small number of minor non-conformities but should be ready for certification, provided they meet the other requirements of the Standard. If the Independent Evaluation score is 5: It is unlikely, although possible. Organisations with a score of 5 should be ready for certification and their management system implementation would likely surpass the certification expectations. In any case, non conformities shall not be written against SF scores. Scores are only intended to support the audit findings and Non –conformities that are identified during an audit.

10.3. Integration of Social Fingerprint in transfer audits The client organisation SHALL complete a SF Self-Assessment prior to the Transfer Audit if more than 6 months have passed since it performed a Self-Assessment. As part of the pre-transfer review the Lead Auditor SHALL review the results of previous SF Independent Evaluations as provided by the previous CB, and the organisation's Self-Assessment(s). The SF Independent Evaluation Score generated during the Transfer Audit SHALL be reviewed as one factor for determining whether the client organisation will issue a new SA8000 certificate to the transfer client.

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


10.4. Integration of Social Fingerprint in Surveillance audits.

Preparation The SF Independent Evaluation SHALL BE performed at the 2nd and 4th Surveillance Audits. Prior to performing a Surveillance Audit with a required SF Independent Evaluation, the CB Lead Auditor SHALL review the results of the previous SF Independent Evaluations. This review SHALL be documented and maintained as an audit record. The Surveillance Audit Plan developed for each Surveillance Audit with a required SF Independent Evaluation (including unannounced audits) SHALL include sufficient time for the CB Lead Auditor to complete the SF Independent Evaluation questionnaire.

Execution and outcomes The Social Fingerprint Independent Evaluation during a Surveillance Audit shall be conducted the same as during a Stage 2 Audit. Surveillance Audits only assess specific sections of the organisation’s management system. Table 12 outlines the mandatory items to be reviewed during Surveillance Audits. Practically, the review of those items shall enable the auditor to evaluate the organisation’s performance for 7 of the 10 management system requirements and answer the Independent Evaluation questions for those requirements. If the other three requirements (Social Performance Team, External Verification and Stakeholder Engagement, and Management of Suppliers and Contractors) are not covered during the specific surveillance audit (i.e. if they are not related to a non-conformity), then the auditor shall use the evidence from a prior audit to complete the Independent Evaluation for those requirements.

11. APPENDIX 2. CONDUCTION OF A TRANSITION AUDIT FROM SA8000:2008 TO SA8000:2014 Transitions to SA8000:2014 can be performed during any planned certification, recertification or surveillance audit. The transition period starts on April 1st, 2016 and will be concluded by June 30th, 2017. The transition audit will be conducted in line with the requirements set in this instruction, with regards to audit timing, documents and evidences to be retrieved, pictures to be taken. The following aspects are essential for the conduction of the transition audit

12.1. Review of the gap analysis prepared by the Company

The audit team shall review during the surveillance audit the completeness of the “Annex to the Informative Questionnaire” (FORM-SYS01-SA8-06). This questionnaire, given to the company at the time of the Application review, is a list of minimum performance requirement for an SA8000 certified facility. It will be Audit team responsibility to review the answer given by the Clients in the light of the audit conducted, with particular focus on the most significant changes made in the SA8000 standard. Any NC issued to the client shall never be referred to the clauses of the Annex but shall always refer to the higher point of the standard.

12.2. Social Fingerprint Indipendent Evaluation The Lead Auditor shall have received, prior to to the transition audit, the Client’s SA8000:2014 Social Fingerprint Self-Assessment results from the competent personnel. The Lead Auditor then performs its independent evaluation. For current clients transitioning to SA8000:2014 during a transition audit, the Lead Aud will need to conduct an independent evaluation during the surveillance audit. Once the client transitions, the Lead Aud will need conduct an independent evaluation once a year For clients transitioning during a recertification audit, the Lead Aud will need to conduct an independent evaluation during recert audit. If the recertification is succesfull, the Lead Aud will need to conduct an independent evaluation once a year. Table 12 below provides a timeline of when the applicant needs to complete a self-assessment and when the Certification Body needs to complete an independent evaluation for current clients that transition to the SA8000:2014 certification

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


during a surveillance or recertification audit. For the cost associated to each Self Assessment/independent evaluation, please refer to ITT-SYS00-SA8-01.

Table 13 : Social fingerprint during transition audits

12.3. Main aspects to be covered during the transition audit The transition audit shall in any case be focused on:

Forced and compulsory labor

Health and Safety

Company Management System

A review of the minor changes in the new standard

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


12. APPENDIX 3. SUMMARY OF ESSENTIAL INFORMATION

STAGE 2/ RECERT - FILES TO BE REVIEWED

N° of Employees

Detailed review

Additional Worker files to be reviewed

Total worker files and

Wage records reviewed


11-25 2 3 5

26-100 3 5 8

101-250 6 7 13

251-500 10 9 19

501-800 15 12 27

801-1200 15 15 30

1201-2000 20 17 37

2001-3000 20 20 40

3001-6000 25 25 50

6001-10000 25 30 55

10000-15000 30 35 65

15001-20000 30 40 70

STAGE 2 / RECERT - INTERVIEWS

Employees Individual Groups total Time

1-10 As decided by the LA 40 ‘

11-25 2 1x3 5 1

26-100 3 2x2 + 1x3 10 3

101-250 6 3x3 15 4

251-500 10 2x3 + 1x4 20 5

501-800 15 1x3 + 1x4 25 7

801-1200 15 1x3 + 3x4 30 7

1201-2000 20 2x3 + 1x3 + 1x5 35 9

2001-3000 20 2x3 + 1x4 + 2x5 40 9

3001-6000 25 2x3 + 1x4 + 2x5 45 11

6001-10000 25 2x3 + 2x4 + 1x5 + 1x6 50 11

10000-15000 30 2x3 + 2x4 + 1x5 + 1x6 55 13

15001-20000 30 2X3 + 2X4 + 2X5 + 1X6 60 14

SURVEILLANCE AUDIT - FILES TO BE REVIEWED

N° of Employees

Detailed review

Additional Worker files to be reviewed

Total worker files and

Wage records reviewed


11-25 1 1 2

26-100 1 2 3

101-250 2 2 4

251-500 3 3 6

501-800 5 4 9

801-1200 5 5 10

1201-2000 7 6 12

2001-3000 7 7 13

3001-6000 8 8 17

6001-10000 8 10 18

10000-15000 10 12 22

15001-20000 10 13 23

SURVEILLANCE AUDIT - INTERVIEWS

Employees Individual Groups total Time

1-10 As decided by the LA 40 ‘

11-25 1 1X2 3 1

26-100 2 1X2 4 3

101-250 3 1X2 5 4

251-500 4 1X3 7 5

501-800 5 1X3 8 7

801-1200 5 1X2 + 1X3 10 7

1201-2000 6 1X2 + 1X4 12 9

2001-3000 6 2X2 + 1X3 13 9

3001-6000 8 2X2 + 1X3 15 11

6001-10000 8 1X2 + 1X3 + 1X4 17 11

10000-15000 9 1X2 + 1X3 è 1X4 18 13

15001-20000 10 2X2 + 2X3 20 14

PICTURES - ALL AUDITS 1. SA8000 Standard (s) 2 Evacuation Exits

3. Organisation Building/ Premises 4 Evacuation Drills

5. Work Floor(s) 6 Warehouse

7. Dormitory 8

Supporting Facilities e.g. sewage treatment, boiler, generator)

9. Canteen 10 Attendance Record System

11. Chemical Storage Area 12 Work-In-Progress

13. Personal Protective Equipment 14 H&S Non-compliances

15. Fire Fighting Equipment 16 Best Practice

17. All Organisation’s documents reviewed as a part of the management systems

RINA SA 8000:2014

Audit Guidance

ITT-SYS-03-SA8-07

Rev.2

/19


13. TABLE OF FIGURES TABLE 1. OBJECTIVES OF STAGE 1............................................................................................................................................. 6

TABLE 2 : STAGE 1 AUDIT STEPS ............................................................................................................................................... 6

TABLE 3 : STAGE 2 AUDIT STEPS ............................................................................................................................................... 7

TABLE 4 : PHOTOGRAPHS REQUIRED........................................................................................................................................ 9

TABLE 5 : NUMBER OF RECORDS TO BE REVIEWED ................................................................................................................. 9

TABLE 6 : STAGE 2 AND RECERTIFICATION AUDIT : NUMBER OF WORKERS TO BE INTERVIEWED ....................................... 10

TABLE 7 : MANAGEMENT SYSTEM ELEMENTS ........................................................................................................................ 11

TABLE 8 : MANDATORY ITEMS TO BE AUDITED DURING SURVEILLANCE AUDITS .................................................................. 13

TABLE 9 : FILES TO BE REVIEWED : SURVEILLANCE AUDIT...................................................................................................... 14

TABLE 10 : SURVEILLANCE AUDIT - WORKERS TO BE INTERVIEWED ..................................................................................... 15

TABLE 11 : SOCIAL FINGERPRINT IN THE CERTIFICATION CYCLE ............................................................................................ 17

TABLE 12 : SOCIAL FINGERPRINT DURING TRANSITION AUDITS ............................................................................................ 20