Codes of Practice

CODES OF PRACTICE

1. INTRODUCTION

These Codes of Practice have been structured in accordance with the applicable requirements of the accreditation bodies whose accreditation is currently held by the CFE Certification Limited (CFE). These Codes apply also to certification outside accredited schemes.

2. SCOPE

CFE provides accredited ISO/IEC 27001 Information Security, ISO 9001 Quality, ISO/IEC 20000-1 Service, ISO 22301 Business Continuity and ISO/IEC 27701 Privacy Information Management Systems auditing and certification services to companies (each a “Client”). CFE may provide non-accredited certification services against other management system standards or certification schemes, which CFE is not accredited. CFE may provide its services directly or, in its absolute discretion, through (a) its own or external employees, (b) any CFE affiliated company or (c) any other person or organization, as may be entrusted by CFE. Where part of the work is subcontracted to others, CFE retains full responsibility for granting, maintaining, extending, reducing, suspending or withdrawing certification and for ensuring that properly documented agreements are in place. CFE will notify its clients of any changes to the requirements for certification within a reasonable timeframe.

3. CONFIDENTIALITY

CFE maintains confidentiality at all levels of its organization concerning information obtained in the course of its business. No information will be disclosed to any third party unless in response to legal process or required by an accreditation body as part of the accreditation process. The client’s name, location, scope of certification and contact numbers may be entered into relevant directories. CFE maintains its own directory of certified clients which is publicly available via the CFE CERT website. This will show the status of any suspended, cancelled or withdrawn certificates.

4. ORGANIZATIONAL STRUCTURE

CFE is a private certification body and doesn’t obtain any kind of financial support from any other organization. CFE is not an agent of an accreditation body, and that nothing stated or done by CFE implies approval by an accreditation body. A copy of the organization chart of CFE, showing the responsibility and reporting structure of the organization, and documentation identifying the legal status of CFE are available on request.

5. APPLICATION FOR CERTIFICATION

On receipt of a completed Application Form (provided by CFE upon request), a Proposal is sent to the Client outlining the scope and costs of services together with an Application for Certification. Once the Application is returned, together with any due payments and controlled copies of relevant documentation and samples, the project will be allocated to an auditor who will be responsible for ensuring that the services are carried out in accordance with the procedures of CFE.

6. CLIENT’S OBLIGATIONS

In order to obtain and retain certification, the Client shall comply with the following procedures and rules:

• the Client shall make available to CFE all documents, samples of products, drawings, specifications and other information required by CFE to complete the assessment program and shall appoint a designated person who is authorized to maintain contact with CFE;
• CFE, if not satisfied that all certification requirements are met, shall inform the Client of those aspects in which the application has failed;
• when the Client can show that remedial action has been taken by it, within the time limit specified by CFE, to meet all the requirements, CFE will arrange, at additional cost to the Client, to repeat only the necessary parts of the assessment;
• if the Client fails to take acceptable remedial action within the specified time limit it may be necessary for CFE, at additional cost, to repeat the assessment in full;
• identification of conformity shall refer only to the sites or activities assessed as specified in the Certificate and Assessment Schedule (if any) or other attachments which may accompany the Certificate.
• Client shall when requested accommodate the presence of observers during assessments. E.G., accreditation auditors, or trainee auditors, etc.
• In their discretion, Accreditation bodies may require conducting unannounced visits to certified organizations. The client shall accept and facilitate unannounced assessments by accreditation bodies of their organization.
• The client shall not use its certification in such a manner that would bring CFE and/or certification system into disrepute and lose public trust.

7. CFE’S RESPONSIBILITIES

• CFE makes necessary arrangements to conduct the audit in reasonable time period after signing the contract by the client.
• CFE informs the clients when changes occurred at certification conditions.
• CFE issues a certificate to the client in reasonable time period, when the client completes all required actions and positive conclusion of certification decision function.
• CFE provides certification and related accreditation marks to the clients.
• CFE provides adequate resources to conduct all initial/surveillance/recertification/scope extension audits in time without jeopardizing the status of its clients.
• CFE publishes certification status of its certified clients as defined in related accreditation standards. All other information, except for information that is made publicly accessible by the client, shall be considered confidential. If any confidential information is required legally to disclose to a third party, the client shall be informed by CFE in advance.
• CFE makes its own interpretations of the requirements of the certification audit standards available to its certified clients, when these requirements are updated.
• Submission, investigation and decision on appeals or complaints shall not result in any discriminatory actions against the appellant.

8. ISSUANCE OF CERTIFICATE

When CFE is satisfied that the Client meets all the certification requirements, CFE will inform the Client and issue a Certificate. The Certificate shall remain the property of CFE and may only be copied or reproduced for the benefit of a third party if the word “copy” is marked thereon.

The Certificate will remain valid, until its expiry, unless surveillance reveals that the management system and/or activities of the Client no longer meet the standards, norms or regulations.

CFE reserves the right to decide, on a case by case basis, at its sole discretion and after taking into account various local requirements, that the issuance of the Certificate will be conditioned to the full payment.

9. CERTIFICATION MARKS

Upon issuance of a Certificate, CFE may also authorize the Client to use a designated certification mark. A Client’s right to use any such mark is contingent on CFE CERT maintaining a valid Certificate in respect of the certified management system and compliance with the Regulations governing the use of the mark issued by CFE. A Client who has been authorized to use the mark of an accreditation body must also comply with the rules governing the mark of such body. Improper use of such a mark is non- conformity with certification requirements and may result in suspension of certification.

10. SURVEILLANCE

Periodic surveillance visits (at least once a calendar year) shall be carried out and shall cover aspects of the management system, documentation, manufacturing and distributing processes and products, depending on the type of certification services provided, at the discretion of the nominated auditor. The date of first surveillance audit following initial certification shall not be more than 12 months from the certification decision date. The Client shall give access to all sites or activities for surveillance purposes whenever deemed necessary and CFE shall reserve the right to make additional special or short noticed audits as required either under the requirements of a certification scheme or as a result of a reported incident or complaint, or a breach of regulation necessitating the involvement of the competent regulatory authority.

The Client shall maintain a register recording all customer complaints and safety-related incidents related to the scope of certification, reported by an enforcing authority or users and make this available to CFE on request. In addition, the client shall without delay inform CFE of any serious incident or breach of regulation relevant to the scope of certification necessitating the involvement of the competent regulatory authority.

11. RENEWAL OF CERTIFICATION

Clients wishing to revalidate Certificates approaching the end of their cycles shall apply and complete a new application form. Clients are generally informed of the requirement for renewal of the certification during the pre-renewal visit which is the last surveillance visit of each cycle, but sole responsibility for timely filing the renewal application shall be with the Client.

12. EXTENSION OR REDUCTION OF CERTIFICATION SCOPE

In order to extend the scope of a Certificate to cover additional sites or activities, Client shall complete a new application form. The sales and contract procedure will be followed and an assessment will be carried out on those areas/activities not previously covered. The cost of extending the scope of certification will be based on the nature and program of work. Following a successful assessment an amended Certificate will be issued covering those aspects covered by the extended Certificate.

CFE shall reduce the scope of certification to exclude the parts not meeting the requirements, when the certified client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. Any such reduction shall be in line with the requirements of the standard used for certification. In such cases, a new certificate is issued by CFE to reflect reduced scope definition. The certified client must review and take necessary actions to remove references to the activities, processes and/or sites which have been removed from the scope of certification.

13. SYSTEM/PROCESS MODIFICATION

The Client shall inform CFE, in writing, of any intended modification to the management system, products or processes which may affect compliance with the standards, norms or regulations (Exp: legal, commercial, organizational status or ownership; organization and management; contact address and sites; certification scope, major changes to the management system, etc). CFE will determine whether the notified changes require additional assessment. Failure to notify CFE of any intended modification may result in suspension of the Certificate.

14. PUBLICITY BY CLIENT

In compliance with the applicable Regulations governing the relevant mark(s), a Client may render public that its relevant management system has been certified and may print the relevant certification mark on stationery and publicity materials relating to the scope of certification.

In any case, the Client shall ensure that its announcements and advertising material do not create confusion or could otherwise mislead third parties about certified and non-certified systems, activities or sites. If the scope of certification is reduced, the client shall amend its advertising material in order to prevent misleading.

15. MISUSE OF CERTIFICATE AND CERTIFICATION MARK

CFE shall take suitable action, at the expense of the Client, to deal with incorrect or misleading references to certification or use of Certificates and certification marks. The client shall not refer to its management system certification to be used in such way as to imply that CFE certifies its products, services or processes.

These include suspension or withdrawal of Certificate, legal action and/or publication of the transgression.

16. SUSPENSION OF CERTIFICATE

A Certificate may be suspended by CFE for a limited period in cases such as the following:

• if a Corrective Action Request has not been satisfactorily complied within the designated time limit; or
• if a case of misuse as described in Clause 15 is not corrected by suitable retractions or other appropriate remedial measures by the Client; or 
• if there has been any contravention of the Proposal, Application for Registration, General Conditions for Certification Services, these Codes of Practice or the Regulations governing the use of the certification mark; or
• if products are being placed on the market in an unsafe or non-conforming condition.
• if audits are not carried out within the prescribed timeframe. The Client shall not identify itself as certified and shall not use any certification mark under a suspended Certificate.

A certification can be restored after a suspension period in maximum 6 months, if the reason that has resulted in the suspension is resolved.

17. WITHDRAWAL OF CERTIFICATION

Certification will be withdrawn where a client’s management system demonstrates significant nonconformity with the audit standard or planned arrangements and a failure in its ability to react to and correct the nonconformities in a timely manner. Failure of the client to pay CFE invoices for services provided or a failure of the client to provide CFE auditors access to the certified facility for audit purposes may also result in withdrawal of the certification. In such case, the client shall be informed in written and asked for removing all kinds of references, advertisements, publicity, etc. activities for certificate; must ensure that the statements and references to the certificate in the documents are deleted, and that stop using logos and marks associated with the certification. CFE Certification Manager shall ensure that decertification information is forwarded to the same external publications in which the original certification was announced. If the client disagrees with the decision for withdrawal, appeal can be submitted as explained below.

18. CANCELLATION OF CERTIFICATION

Cancellation of a certification occurs when the client no longer desires to maintain the certification with CFE, or the Certificate is superseded by another. The request for cancellation shall be sent by the client to CFE in written. CFE Certification Manager shall ensure that de-certification information is forwarded to the same external publications in which the original certification was announced.

19. COMPLAINT / APPEAL / FEEDBACK

If a customer wants to give any feedback (complaint, appeal, suggestion, etc) regarding our services, personnel, our clients, customer of a client or anything else, it is possible to use relevant section (provide feedback) of our website or directly send email to cfecert@cfecert.co.uk. Please provide all the details for us to be able to investigate the inquiry. The inquiry will be investigated by the relevant committee. Investigation of the feedback shall commence within 30 days of receipt. The customer may be contacted to determine the full nature and extent of the feedback and any additional information is added to the record on the database. CFE Certification will notify the customer, in writing within 3 months, of the result of the feedback and actions taken to prevent recurrence of any complaint. If the feedback cannot be closed within 3 months, due to further actions, CFE Certification shall keep the customer informed of progress in evaluating the feedback and finally notify the inquirer when the feedback is considered to be closed. All the information about a feedback will be confidential and will not be disclosed to any other person or party except only to whom need to know the details to be able to investigate the feedback.