of service companies that administer contracts but do not perform the
work e.g. cleaning companies. These companies are not considered shell
companies? Should the scope mention exclusions such as the actual onsite
Response: The answer is “Yes” to each of these questions.
Research: Clause 11.1.3 e) and Clause 13.2.3: Initial research or
contact with local interested party is also compliance with below
requirement "auditors shall conduct local intelligence gathering while
on-site or in a specific area for audits". Am I correct?Response: NO.
The requirements of Clause 11.1.3 e) are different from Clause 13.2.3.
The intent of Clause 13.2.3 is to perform research prior to the CB going
to site. Clause 11.1.3e) provides additional intelligence when in the
location of their client company e.g. at the time of the Stage 1 Audit.
– Initial Research: Should an “Initial Research” be started from stage
of application to determine if CB accepts the application and last to
1st stage audit while some activities of an Initial research should be
completed by on-site visit? Does it mean that a (partial) result of
Initial Research (even it has not been fully completed) SHALL be taken
into considerations before accepting an application of SA8000
Generally yes but it can also carry on to the beginning of the Stage 2
phase if information was uncovered at the Stage 1 Audit that requires
SAI Fire Safety Checklist: This has been removed from Procedure 200?
Yes as all the new requirements in 200 and the Performance Indicator Annex address this matter.
Witness Fire Drill In Highest Risk Countries – Old Advisory 18. This has been removed from Procedure 200?
as all the new requirements in 200 and the PIA etc address this matter.
The CB needs to approach this and other issues in line with the risk
based approach to certification as described in ISO 17021-1:2015 Clauses
4.8 & 9.4.2g). Should this requirement change, all CBs and other
stakeholders shall be notified.
Table 15: This states that the effort includes reporting time. How long do we need to spend on writing the report?
time allocation should be 0.25 days on Social Fingerprint and then
80/20%** with respect to on site and reporting time. Using the guide in
IAF MD 5:2015 Issue 3 Clause 2.1.2 “The duration of a management system
certification audit (1.7) should typically not be less than 80% of the
audit time calculated following the methodology in Section 3. This
applies to initial, surveillance and recertification audits.”
16: Based on the Table 16, Initial BSCI Allowance Audit Days, addressed
in P. 200:2015, reporting audit days are included in both stage 1 and
stage 2 audits. However, the Table 17, Single Site Surveillance Audit
Effort, mentions that it excludes on-site reporting time. Does it mean
that CBs should add extra on-site audit day, says 0.5 day, for reporting
on the top of this basic duration for only audit activities?Response: Table
16 is appropriate to BSCI “transfer/upgrade” audits only. Table 15 is
the normal single site audit effort table. The CB is expected to add the
time it takes them to produce the report to this audit effort based on
how long it takes them to produce the report. This would be normally 0.5
to 1 day.
Table 17: This states that it excludes reporting effort. How long do we need to spend on writing the report?
Response: The time allocation should be 80/20% with respect to on site and reporting time.See note about IAF MD 5 above.
17: Based on the remark in Table 17, it mentions Social Fingerprint
Evaluation. From my understanding, the onsite audit effort in the table
doesn't include time for doing the SF Evaluation. It means that if
additional onsite audit effort, says 0.5 days, should be added for doing
SF Evaluation. Right?
17 by means of the * shows that these times DO include the SF
Independent Evaluation Effort. Procedure 200A (Audit Requirements for
Accredited Certification Bodies For Social Fingerprint) describes the
required effort as “sufficient time”. The time required is obviously
dependent on the CB Auditors Experience but it is thought that generally
this will be between 2-3 hours.
Fingerprint: It is not clear how it is possible for the auditor to do
the Independent Evaluation after the audit, when it is necessary to give
feedback to auditee during closing meeting?
Response: Closing Meeting To be held after SF IE.
Bribery procedure: it is necessary to define how to detect or identify “corrupt auditors”, proactively…?
Response: Yes this is normal practice and expected of all CB’s regardless of size.
on announced surveillance audit scheduling: There is no tolerance
stated for the audit scheduling of announced surveillance audits.
following should be adopted: If delay due to client: 3 months delay -
certificate is suspended; a total of 6 months delay: certificate is
cancelled (delay must be justified in records).
Scope: When reading the new procedure 200, is not totally clear to me
that a company can choose to include some sites in scope and leave
others out of the scope, even when the perform the same activities in
all sites. For example, can a company start SA8000 certification in
headquarter only, and in following audits decide to add sites as long as
they progress on the implementation of the system in other sites? (as
they do with other management systems). So they would begin with a
single site certification, including only the workers from the HQ?
has been permitted in the past and suits an organisations’ roll-out of
SA8000 Certification. That way they can learn from the experience and
save costs on consultancy etc. There should though be some sort of logic
to the roll-out and the CB should work with the client on the
understanding say that all sites will be certified with 3 years. Failure
to do so will mean that certification is lost for all the sites or that
they go back to a single site certification basis. In the initial
certification roll-out MUST be the head office then say ALL the sites in
a particular town or province etc. SAAS is putting together guidance on
scope and CBs shall contact SAAS directly under these described
Initial Audit Clause 21.4 vs. 21.6.1: Some regional offices in service
sector can be limited scope during stage 2 so these two clauses are
Response: Yes take 21.6.1 as the criteria for the service sector.
21.6.9: In the case that sites are classified as "temporary", it is not
defined how to consider those in the audit process, since procedure
only defines requirements for "permanent sites" surveillance (21.7.4),
and a company may provide cleaning service (or pest control, or
gardening, or transportation, etc) to many different customers every
year, in some cases through participation in tenders, annually or every 2
or 3 years, for example.
Response: Clause 21.7.4 this should be taken as temporary or permanent site.
Clause 21.7.4: It is not clear how to define a temporary site?
should be noted that the length of contract with a customer does not
define whether a workplace is temporary or not. The following
illustrates what SAAS consider as a temporary site. “A temporary site is
one set up in order to perform specific work or service for a finite
and limited period of time”. These may be for example: Construction
Sites; Temporary Exhibitions; Outdoor events and concerts; Event
caterers; One off customer call-out to repair ítems e.g. photocopier.
Examples of permanent sites are: Cleaning services; Pest control;
surveillance: Clause 21.7: Is the audit effort, audit records,
interviews etc the same as for single site surveillance?
21.6.9 states that 2% or 2 work locations (not owned/controlled by the
organization) shall be audited. Does not clarify whether this is
applicable to permanent and/or temporary sites. Actually, in the
service sector, the list of "work locations" (whether permanent or
temporary) would be the complete list of customers!?
21.6.9 refers to premises not owned by the CB Client but at which work
is performed by their workers. This applies to both permanent or
temporary sites. Yes it would be the complete list of work locations but
even if there are 1000 work locations the audit effort is only 2% that
is 20 locations at 0.5 days each.
If a Major NC is raised by a CB during a surveillance visit then is it
expected that the Clients Certificate is suspended?
Response: No not in every case. A Critical NC triggers a client’s automatic suspension.
22.2.2 Zero Tolerances and Clause 7.2.32: There is no guidance on what
are Zero Tolerance issues – are these the same as BSCI has? Only
Critical or Critical / Major (in Definitions): always must be reported,
but could a Major when for example it is immediately fixed?
these are not, in all cases, the same as BSCI Zero Tolerances. They
are clearly defined in Clause 7.2.32. Procedure 200 Clause 22.5.1
Clearly states ……… Non-conformities SHALL NOT be closed by the CB
during the audit in which they were issued.
Bound Non-conformities: Clause 22.3.4: There were several TBNC’s in
earlier issues of Procedure 200. Why are these not there now?
Bound NCs are limited to ONLY those now found in Procedure 200:2015.
Should SAI consider others, they will be added and all stakeholder
Definitions Of OFI and
Observations: Some CBs definitions for OFI and Observations are the
other way around from Procedure 200. What do we do in these
CB can continue to use their definition as long as they include a
clarification in their documented management system as to what their
term equates to with respect to the SAAS Procedure 200 definition.
with ISO: There is currently no requirement now that SA8000 audits
SHALL not be combined with ISO 9001, 14001 audits etc.?
Response: Correct, there is no requirement. This was removed during the last stages of 200 editing.
Guidance: Will SAI include country-specific guidance somewhere on its website?
it is planned that SAI will publish country-specific guidance -
however, there is no specific timeline for this publication at the