UTZ Certified Certification Protocol

UTZ Certified Certification Protocol

Version 3.0 September 2012

(previous version 2.0 February 2010)

www.utzcertified.org

Copies of this document are available for free in electronic format on the UTZ Certified Training Center website:

http://www.utzcertified-trainingcenter.com

If you are not able to access this document electronically, you may write to us at the following address to get hard copies at a reasonable cost-covering price:

UTZ Certified De Ruyterkade 6 1013 AA Amsterdam

The Netherlands

All stakeholders are invited to send comments and suggestions on the document at any time, which will be included in the next revision process.

Please use the feedback form that can be requested via e-mail and send your comments or suggestions to:

certification@utzcertified.org

Or via regular mail to:

UTZ Certified Standards and Certification Department De Ruyterkade 6 bg

1013 AA Amsterdam The Netherlands

© UTZ Certified 2012

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without full attribution.

TABLE OF CONTENTS

1. Introduction ... 5

1.1 Scope of the UTZ Certified Certification Protocol ... 6

1.2 Key terms of the UTZ Certified Certification Protocol ... 6

1.3 Compliance with the UTZ Certified Certification Protocol ... 6

2. Certification options ... 9

2.1 Certificate Holder ... 9

2.2 UTZ Certified Code of Conduct ... 9

2.3 UTZ Certified Chain of Custody ... 12

3. Structure and compliance of the Code of Conduct ... 13

3.1 Structure and compliance level of the Code of Conduct ... 13

3.2 Structure and compliance of the Chain of Custody ... 15

4. UTZ Certification process: audit process, certification conditions ... 16

4.1 General UTZ Certification process ... 16

4.2 Audit process... 18

4.3 Certification conditions ... 21

4.4 Determining volume of certified production ... 23

4.5 Changes in certification information ... 24

4.6 Non-compliances: warning, suspension and cancellation... 24

5. Internal Control System and requirements ... 27

5.1 General requirements for an ICS ... 27

5.2 Definition and responsibilities for internal inspectors ... 28

6. Complaints, appeals and dispute procedure ... 29

6.1 Surveillance by the CB of certified producers and/or supply chain actors ... 29

7. Approval procedure for Certification Bodies and their relationship with UTZ Certified ... 30

7.1 Approval procedure ... 30

7.2 Requirements for approval ... 30

7.3 Approval for UTZ Certified product and standard scopes ... 31

7.4 Communication with UTZ Certified ... 31

7.5 Warnings and withdrawal of approval by UTZ Certified ... 32

7.6 Monitoring of Certification Bodies performance ... 32

8. Qualification requirements for lead auditors, auditors and internal inspectors ... 33

8.1 Definition and responsibilities for lead auditor, auditor and internal inspector ... 33

8.2 Qualification requirements for Code of Conduct ... 33

8.3 Qualification requirements for Chain of Custody audits ... 35

8.4 Qualification requirements for internal inspectors ... 36

8.5 Impartiality, independence and confidentiality ... 36

9. Certification Bodies and their obligations... 38

9.1 Certificate and Summary Report ... 38

9.2 Unannounced interim audits ... 38

9.3 Annual report ... 38

9.4 Communication on UTZ Certified and the UTZ Certified logo ... 39

Annex 1: Format Annual Report for approved Certification Bodies ... 40

Annex 2: Format Overview unannounced interim audits ... 41

Annex 3: Additional certification procedures for tea ... 42

1. Introduction

UTZ Certified is a program and label for sustainable farming worldwide. Our mission is to create a world where sustainable farming is the norm. Sustainable farming helps farmers, workers and their families to fulfill their ambitions and contributes to safeguarding the earth’s natural resources, now and in the future.

A world where sustainable farming is the norm is a world where farmers implement good agricultural practices and manage their farms profitably with respect for people and planet, industry invests in and rewards sustainable production, and consumers can enjoy and trust the products they buy.

The core documents of the UTZ Certified certification program are the following:

The UTZ Certified Code of Conduct is an internationally recognized set of criteria for economic, social and environmentally responsible agricultural production. It is based on the international ILO Conventions and includes the principles of good agricultural practice. There are product specific Codes of Conduct for Coffee, Cocoa, Tea and Rooibos. Guidance documents are available that further explain how to implement the criteria of the respective Code of Conduct. For some product codes there are also specific group (ICS) guidance documents available.

The UTZ Certified Chain of Custody is a set of administrative and technical rules designed to provide high level of confidence that the UTZ Certified product originates from or relates to an UTZ Certified source. The Chain of Custody documents are product specific.

The UTZ Certified Certification Protocol explains the structure and process of certification according to the UTZ Certified Code of Conduct and Chain of Custody. It describes the procedures to be followed by the actors in the supply chain in order to obtain and maintain certification against the Code of Conduct and/or Chain of Custody as well as the procedures for Certification Bodies performing UTZ Certified audits. It also includes the main principles that need to be respected for the certification of producer groups. The requirements for the ICS and internal inspectors are also included in this document.

This Certification Protocol further explains the approval procedure for Certification Bodies (CBs), the required qualifications of their lead auditors, auditors and the obligations for Certification Bodies. This document is applicable for the UTZ Certified products: coffee, cocoa and tea (and rooibos as part of the tea program).

UTZ Certified has the overall authority for the issuing and amendment of the content and requirements stated in this document.

In the case that the users of the Certification Protocol (i.e. certification bodies, certificate holders or others) experience

difficulties with its implementation, please contact the UTZ Certified head office in Amsterdam.

1.1 Scope of the UTZ Certified Certification Protocol This document applies to the following parties:



Certificate holders who are responsible for implementing and complying with the requirements and procedures of the UTZ Certified Certification Protocol in order to obtain and maintain certification against the Code of Conduct and/or Chain of Custody. See 2.1 for more information.



Certification Bodies (and staff) who audit against the UTZ Certified program. The Certification Body needs to ensure that the certification process (including audit) follows and complies with the UTZ Certified Certification Protocol. In this document “Certification Body” is abbreviated to “CB” or “CBs”. Any Certification Body requesting an approval or extension of their approval needs to follow the procedures set out in this Protocol.



Prospective certificate holders and CBs who want to become part of the UTZ Certified Program.

The English language version of the certification documents is the official version. Please refer to the English version to clarify any doubts when reading other language versions.

1.2 Key terms of the UTZ Certified Certification Protocol



Producer: a producer, group of producers or an entity organizing producers that is a Code of Conduct certificate holder.

A Code of Conduct certificate covers all activities in the production, harvest, post-harvest, processing and commercialization of the certified produce.



Supply Chain Actor: an entity that operates within the sustainable supply chain and generally takes ownership of the product. All supply chain actors need to be registered and the scope of their activities will determine if they need to be certified against the Chain of Custody requirements.



Certificate: the document issued by the Certification Body when an audited producer or supply chain actor complies with the requirements of UTZ Certified. This certificate allows the certificate holder to produce or trade UTZ Certified products. CBs request a license (see below) for every valid certificate they issue.



License: this allows the UTZ Certified producer or supply chain actor to access and use the Traceability System in the Good Inside Portal to record their transactions of UTZ products. The information from the license reflects the information on the certificate.

1.3 Compliance with the UTZ Certified Certification Protocol

With the launch of the UTZ Certified Good Inside Portal the certification procedures will not change but the reporting will be formalized through the Portal. UTZ Certified reviewed and updated the previous version of the Certification Protocol based on comments received over the past year.

The main changes can be found in:



Chapter 2 Certification options



Chapter 4 UTZ Certified certification process

For more information on the changes, a change document version September 2012 versus February 2010 is available upon

request to certification@utzcertified.org.

The UTZ Certified Certification Protocol version 3.0 September 2012 substitutes the previous version, UTZ Certified Certification Protocol version 2.0 January 2010. Certification according to the updated version 3.0 2012 of the Certification Protocol comes into effect immediately after release.

UTZ Certified reserves the right to ban any prospective producer or supply chain actor or CB from entering the UTZ program if they have misused the UTZ name or in any way participated in fraudulent behavior against the UTZ program and its members.

Accordingly, UTZ Certified reserves the right to ban any certified or licensed member from continuing in the UTZ program if

they have misused the UTZ name or in any way participated in fraudulent behavior against the UTZ program and its members.

Overview certification documents of Coffee, Cocoa, Tea and Rooibos: The last version of those documents is available in the on-line UTZ certified Training Center.

UTZ Certified

certification documents Coffee Cocoa Tea and Rooibos

Certification protocol Generic ‐Certification Protocol Generic ‐Certification Protocol Generic ‐Certification Protocol Code of Conduct Code of Conduct for Coffee Code of Conduct for Individual Certification for Cocoa

Code of Conduct for Group Certification for Cocoa

Code of Conduct for Tea Farms Code of Conduct for Tea Factories Code of Conduct for Rooibos Production Code of Conduct for Rooibos Processing Code of Conduct Checklist Code of Conduct for Coffee Checklist Code of Conduct for Individual Certification for Cocoa

Checklist

Code of Conduct for Group Certification for Cocoa Checklist

Code of Conduct for Tea Farms Checklist Code of Conduct for Tea Factories Checklist Code of Conduct for Rooibos Production Checklist Code of Conduct for Rooibos Processing Checklist

Chain of Custody Chain of Custody for Coffee Chain of Custody for Cocoa Chain of Custody for Tea and Rooibos

Chain of custody checklist Chain of Custody for Coffee Checklist Chain of Custody for Cocoa Chain of Custody for Tea and Rooibos Checklist

List of definitions List of Definitions for Coffee List of Definitions for Cocoa List of Definitions for Tea

Code of Conduct Annex (Global Guidance) Code of Conduct Annex for Group certification

Code of Conduct Annex for Individual certification

Code of Conduct Annex for Group certification for Cocoa Code of Conduct Annex for Individual certification for Cocoa

Code of Conduct Annex for Tea

Code of Conduct Annex (Local Guidance) Code of Conduct Annex for Group certification for:

Africa Brazil Colombia Central America Vietnam

Code of Conduct Annex for Group certification for Cocoa for:

Ghana Cote d'Ivoire

Code of Conduct Annex for Rooibos Production Code of Conduct Annex for Rooibos Processing

Code of Conduct Annex for Individual

certification for: Africa Brazil

Colombia Central America Vietnam

List of Maximum Residue Limits List of Maximum Residue Limits for Coffee

List of Banned Crop Protection products Generic ‐List of Banned Crop Protection Products

Generic ‐List of Banned Crop Protection Products Generic ‐List of Banned Crop Protection Products

List of approved CBs Generic ‐List of approved CBs Generic ‐List of approved CBs Generic ‐List of approved CBs

Although the Code of Conduct for Tea Farms and the Code of Conduct for Tea Factories are two separate checklists, factories and farms can be included in the same certificate if they fall under the same

2. Certification options

UTZ Certified has two scopes of certification: Code of Conduct and Chain of Custody. Both scopes are applicable for the products coffee, cocoa and tea (including rooibos). The overall considerations for certificate holders as well as the options on certification are described in this chapter.

2.1 Certificate Holder

When the UTZ Certified Code of Conduct and Chain of Custody refer to a certificate holder, this means the entity that is responsible for implementing, complying with and monitoring the requirements of the UTZ Certified Code of Conduct or Chain of Custody.

The Code of Conduct certificate holder is a producer or an entity organizing the producers. All producers selling as UTZ Certified need to be certified. The Chain of Custody certificate holder is a supply chain actor. All supply chain actors need to be registered in the UTZ Program and the scope of their activities will determine if they need to be certified or not.

The name that appears on the certificate is the same as the name registered by the certificate holder in the Good Inside Portal. UTZ Certified allows two entities to appear on the certificate. For example if an exporter/trader financially supports a producer group's certification, its name can also appear on the certificate. However, UTZ Certified policy requires that the main name is that of the producer group. e.g.: PRODUCER NAME (mandated by exporter/trader).

2.2 UTZ Certified Code of Conduct

The option for certification depends on how the certificate holder is structured. The CB certifies the certificate holder under one of four options. The certificate holder needs to understand clearly under which certification option s/he is certified.

Under the Code of Conduct the following certification options are available:

Option 1: Individual certification Structure

Under this certification option, the individual producer is the certificate holder.

Compliance

The individual producer is responsible for the compliance of its farm plot(s). The individual producer needs to comply with all the applicable control points and corresponding levels and is responsible for the compliance of the farm (for more information on the levels and control points please check section 3.1).

The CB annually audits the individual producer.

Option 2: Multi-site certification

Structure

Under this certification option, several producers work under one central management. In this case the central management is the certificate holder.

These producers or units/locations fall under one central management when there is an identified central location where activities and sites are managed. There is also evidence that proves that the central management owns or is contracted to manage these production areas.

Compliance

The central management is responsible for the compliance of the producers. All the producers under the central management need to comply with all applicable control points and corresponding level (for more information on the levels and control points please check section 3.1).

All the producers are covered under one certificate. The CB annually audits all sites and clearly specifies on the certificate the names of the farms which are included in the certificate.

Option 3: Group certification Structure

Under this certification option, a group of organized producers is certified. The certificate holder is either the group itself or an entity organizing the group of producers. The group of organized producers can be organized in an association or cooperative or managed by a supply chain actor (such as an exporter) or another entity.

In order to certify as a group, the certificate holder has to implement an Internal Control System (ICS). An ICS is a documented system for quality management that manages several aspects of the UTZ Certified Code of Conduct and also ensures the producer’s fulfillment of the UTZ Certified Code of Conduct according to internally defined procedures.

Compliance

The certificate holder is responsible for the proper functioning of the ICS as well as the compliance of its group members. The certificate holder needs to comply with the applicable control points and corresponding level and needs to ensure that the group members comply with the control points ‘p’ (for more information on the levels and control points please check section 3.1).

Group members shall have a similar production system and be in geographic proximity. Producers with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with the applicable control points ‘p’ and ‘c’. For producers with significant hired labor, the producer or her/his respective CB is requested to contact UTZ Certified for further guidance on how the social criteria are checked.

The minimum number of farms to be audited by the CB will be based on the square root of the number of

producers belonging to the group, with a minimum of 5 members, and is also determined by the result of the

risk based evaluation of the ICS. For further information see chapter 4.

Annex 3 to this document contains additional information for certification procedures for Tea.

Option 4: Multi-Group certification

Structure

Under this certification option, two or more (individual) groups of organized producers are certified.

The multi-group is the certificate holder and the certificate includes the names of the groups. The multi-group is the center that manages the two or more (individual) groups with regards to the activities of the group.

Compliance

From a certification point of view, the multi-group is responsible for the management of the ICS and ensures compliance with the UTZ Certified Code of Conduct of all groups and their members. Usually each group has an ICS coordinator responsible for working together with the ICS manager of the multi-group.

The minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the whole multi-group, and also determined by the result of the risk based evaluation of the ICS.

If the sub-groups of the multi-group do not have similar production systems and/or there is no central ICS management on multi-group level, then the sub-groups are seen as individual entities (although gathered under one certificate), and the square root for (external) auditing by the CB is taken per group.

Group members should have a similar production system, and be in geographic proximity. Producers with a considerably different production system (nature or geography) may be part of the sub-group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with control points ‘p’ and ‘c’.

The multi-group certification is chosen in situations where the multi-group exports produce under the name of

the multi-group. The multi-group reserves the option to indicate the name of the (individual) group in the sales

documentation and in the UTZ Certified Good Inside Portal.

2.3 UTZ Certified Chain of Custody

The UTZ Certified Chain of Custody requirements have been designed to provide a high level of confidence that UTZ Certified products are physically and/or administratively related to UTZ Certified producers. These requirements are a set of chain-wide administrative and technical requirements ensuring the traceability of UTZ Certified products.

Therefore, the standard includes above all criteria for physical and/or administrative separation of UTZ Certified products and non-UTZ Certified products.

Please check the UTZ Certified Chain of Custody documents for coffee, cocoa and tea for the specific product requirements and which supply chain actor in the supply chain needs to be certified.

For the Chain of Custody certification, the following certification options are applicable:

Option 1: Individual certification

Under this certification option, the certificate holder is an individual supply chain actor.

The individual supply chain actor can apply for certification against the UTZ Certified Chain of Custody. The individual supply chain actor is responsible for the compliance of its unit(s).

The CB annually audits the individual supply chain actor.

Option 2 Multi-site certification:

Under this certification option, several units/locations belong to one central management. This central management is the certificate holder.

These units/locations fall under one central management when there is an identified central location where activities and sites are managed. There is also evidence that proves that the central management owns or is contracted to manage these processing areas.

All the sites can be covered under one certificate. The CB makes an annual risk assessment before the audit to assess how many sites of the multi-site need to be physically audited (the risk assessment includes but is not limited to: traceability model, complexity of processing at sites, homogeneity of processing activities within the multi-site operation). The number of sites to be audited by the CB needs to be at least the square root of the total number of sites. For sites that are not physically audited, the CB may require documentation for a documentation check. The CB specifies on the certificate which units/locations are included in the certificate.

All sites mentioned on the certificate need to comply with all the applicable control points.

3. Structure and compliance of the Code of Conduct

Each product (coffee, cocoa and tea) has Code of Conduct and Chain of Custody requirements. The generic aspects of these documents can be found in this chapter.

The structure of the Code of Conduct for Coffee, Cocoa and Tea (including Rooibos) is based on a continuous improvement concept allowing producers to demonstrate that they are maximizing positive impact on production each year. The four year improvement system encourages and supports the producer to implement the Plan-Do- Check-Act (PDCA) cycle.

3.1 Structure and compliance level of the Code of Conduct The structure of the Code of Conduct includes the following aspects:



Type of control points: there are two types of control points:

 mandatory control points (shaded in green)

 additional control points (not shaded)

To obtain certification, the certificate holder has to comply with the mandatory control points and a defined number of additional points in each indicated part/chapter/year.



Levels of audit - compliance check level. Control points are in general applicable to the whole production system.

However, in order to make it easier for the auditor to check, the ‘Level of Audit’ column indicates on what level to assess the control point. Each control point has its own level of audit clearly defined in the Code of Conduct. (C) indicates the requirement is checked at certificate holder level, (P) is producer, (N) indicates points to be checked at the nursery, (S) refers to storage and (E) are control points that also need to be checked with an external information source.



Year of Compliance: There is a separate column for each year from 1 to 4.

It is clearly indicated which mandatory control points need to be complied with in which year, e.g. there is a separate column to assess compliance for year 1 to year 4. The certificate holder can clearly see the control points that become mandatory in the next year. When compliance is reached, the respective box is ticked.



Mandatory control points: From year 1 to year 4 the number of mandatory control points increases.

This means that the number of total control points required for certification increases per year per part (group of chapters). This is clearly indicated in the columns year 1 to 4.

E.g. Part 1 (Chapters 1-2) in the Code of Conduct for Coffee:

1

year of certification - 12 mandatory control points 2

year of certification – 13 mandatory control points 3

year of certification – 15 mandatory control points 4

year of certification – 16 mandatory control points



Additional control points: the certificate holder chooses which additional control points he wishes to comply

with. It is most useful to choose the additional control points which become mandatory in the next year of

certification.



If a mandatory control point is not applicable for the certificate holder in question, then this is indicated in the self-assessment in the comments column (see the Checklist). The number of mandatory control points that are not applicable for certification also needs to be indicated in the calculation section below the criteria.



If an additional control point is not applicable for the certificate holder in question, then this is indicated in the comments column (see the

Checklist). The additional control point can then NOT be counted in or deducted from the number of additional control points complied with.



A new certificate holder starts in the 1

year of compliance of the Code of Conduct. Certificate holders who recertify move on to the following year of certification

.

E.g. from year 2 to 3, from year 3 to 4

.



For a certificate holder that quits UTZ Certification (i.e. is not re-certified or stops her/his UTZ certification) but at a later stage applies again to become UTZ Certified, the following rules apply: If the non-certified period has been 12 months or less, the certificate holder needs to comply with the subsequent year of compliance following her/his last certification. If the non-certified period was longer than 12 months but less than 36 months, the certificate holder may be assessed again with the year of compliance that was used in her/his last certification. If the non- certified period was longer than 36 months, the producer is considered as a new producer (for the timing of the audit see 4.3)

.

E.g. 1: the certificate holder was certified against year 2 and after that did not apply for recertification for 10 months. When the certificate holder decides to re-apply for recertification, the certificate holder has to comply with year 3 requirements.

E.g. 2: the certificate holder was certified against year 2 and after that did not apply for recertification for 30 months. When the certificate holder decides to re-apply for recertification, the certificate holder may be assessed with year 2 requirements.

In any case, the certificate holder must consult with her/his Certification Body.



Certificate holders can always request to be assessed against requirements of a higher year (e.g. producer groups with producer members in different years of compliance). Harmonization of internal procedures and documentation can lead to a positive effect where time and resources are used effectively.

1 For further details please see the respective Code of Conduct. Exceptions to this requirement can be granted after consultation with the Standards and Certifications Department.

2 When a certificate holder is certified conforming the 4^th year, upon the next year the certificate holder is again certified conforming the 4^th year requirements, until further notice by UTZ Certified.

3 Exceptions to this requirement can be granted after consultation with the Standards and Certifications Department

3.2 Structure and compliance of the Chain of Custody

The structure of the Chain of Custody includes the following aspects:



The control points in the Chain of Custody are all mandatory. From the first year of certification, all control points need to be complied with.



The Chain of Custody documents for coffee, cocoa and tea contain further information on the type of activities covered.



The scope of the Chain of Custody certificate is per country, with the exception of EU-27

countries where the scope can be EU-27 wide.

4. UTZ Certification process: audit process, certification conditions

It is UTZ Certified’s goal to have a timely and orderly audit and certification process. This chapter describes the procedure and timing for arranging and conducting the audit (for either Code of Conduct or Chain of Custody).

4.1 General UTZ Certification process

In order to maintain UTZ Certified Code of Conduct and/or Chain of Custody certification, an annual audit must be performed each calendar year (1 January to 31 December).

When a new producer or supply chain actor wants to become UTZ Certified, they must complete the following process:

In case of a recertification, the certificate holder will already be registered in the Good Inside Portal. It is the responsibility of the certificate holder request an audit on time with the CB before her/his certificate expires.

The following steps apply to both new members and those being recertified.

1. A new producer or supply chain actor must first register in the UTZ Certified Good Inside Portal.

2. UTZ Certified provides the producer or supply chain actor with a confirmation of the registration.

The confirmation contains the member ID, username and password and it is sent to all registered users in the UTZ Certified Good Inside Portal account.

3. It is recommended that the producer or supply chain actor makes sure that her/his organization complies

with the requirements of the Code of Conduct or Chain of Custody (according to the latest versions).

4. The producer or supply chain actor chooses the Certification Body. It is recommended that the producer or supply chain actor requests quotes from several CBs. It is not mandatory to stay with the same CB.

5. There must be a contract between the producer or supply chain actor and the CB where at least the fee, timeframe and scope of the UTZ Certified audit are established.

6. When a producer or supply chain actor applies for an audit with the CB, the CB starts its application procedure by providing the latest version of all the relevant documents (e.g.

Certification Protocol, Code of Conduct and/or Chain of Custody).

7. In order to save time, the certificate holder provides the CB with the self-assessment prior to the physical audit.

8. A mutually accepted audit date must be arranged by the CB and the producer or supply chain actor.

9. The audit (physical audit, interviews, documentation checks) takes place before the original or the extension certificate expires.

10. When completing the certification process, the CB must fill in the Summary Report in the UTZ Certified Good Inside Portal and upload the UTZ certificate (certification decision) within 20 working days (4 weeks) of completing the audit.

UTZ Certified reserves the right to request additional documentation (e.g. UTZ Certified Checklist signed by the lead auditor and auditor). The CB must comply with this request.

11. When the information in the UTZ Certified Good Inside Portal is reviewed and

confirmed by the UTZ Standards and Certification Department, the license will become

active and the producer or supply chain actor will be able to record transactions in the Good

Inside Portal. The CB needs to ensure the certificate holder receives a copy of the certificate

and summary report.

4.2 Audit process

This section describes the steps of the audit process for Code of Conduct audits and Chain of Custody audits.

Producers and supply chain actors certified against the Code of Conduct and/or Chain of Custody must be annually recertified (each calendar year: 1 January to 31 December).

If translators are used during the audit, they should be independent from the producer or supply chain actor being audited. If this is not possible, translators must play a neutral role and the auditor needs to record the name of the translator and her/his affiliation to the organization in the audit report.

In order to enhance efficiency of audits and reduce costs, the CB carries out a desk review before the actual audit of the producer or supply chain actor against the Code of Conduct and/or Chain of Custody. Producers and supply chain actors applying for certification must submit the results of the annual self-assessment, the results of the previous audit, and other records demonstrating they are complying with the applicable requirements. The UTZ Certified Checklists facilitate this desk review. The CB reviews the submitted documents and clarifies any issues or areas of concern with the producer or supply chain actor to determine if it makes sense to plan the audit.

The CB must ensure the certificate holder receives a copy of the final certificate and summary report.

4.2.1. General audit process for Code of Conduct

The Code of Conduct audit differs depending on the year the certificate holder is complying with. The certificate holder has to comply with a defined number of mandatory control points as well as a defined number of additional points. A new certificate holder starts in the 1

year of compliance of the Code of Conduct. Certificate holders who recertify, move on to the following year of certification

. E.g. from year 2 to 3, from year 3 to 4.

The desk review serves to establish which year the certificate holder is in and therefore which mandatory control points are applicable. As for the defined number of additional control points, the certificate holder chooses which additional control points they comply with

. For the certificate holder it is most useful to choose the additional control points which become mandatory in the next year of certification.

For a first audit, the auditor will verify the requested records in the Code of Conduct for the 3 months prior to the date of audit in order to have an overview over the record keeping on the farm. The records have to meet the Code of Conduct requirements from the beginning of the validity of the certificate on. For a subsequent audit (recertification) the auditor will verify all the requested records in the Code of Conduct going back to the previous audit.

For the audit, UTZ Certified strongly recommends that all points, when applicable, are verified in order to raise awareness with the certificate holder on which control points are coming up and/or which need further improvement for compliance. The certificate holder can request that the CB focus on the mandatory and chosen additional control points only (e.g. in order to save time), provided (1) the self-assessment contains all information regarding the applicability of control points and which additional control points the certificate holder wants to comply with and (2) the certificate holder has clear evidence of the non-applicability of any control point.

5 For further details please see the respective Code of Conduct.

6 Additional control points which the certificate holder did not choose (yet) to comply with, do not have to be included in the summary report as being a non-compliance. It is optional to mention these points, or some of them, as points which need to be addressed in future certifications.

4.2.2. Code of Conduct audit of an individual or multi-site certification

The audit will be undertaken at the farm and central office, using the latest document of the Certification Protocol and Code of Conduct. The audit will include:

1) opening meeting with management

2) review of the results of the previous external audit and annual self-assessment done by the producer 3) review of all relevant documentation

4) evaluation of records

5) product flow control calculations 6) discussions / interviews with key staff 7) physical audit:

In case of an individual certification, the auditor will audit the individual farm. If the farm has several plots, the minimum number of plots to be audited will be based on the square root of the number of plots belonging to the farm. The CB can increase this number at its own discretion and based on justifiable criteria. Every year a different sample group of plots should be audited. The individual farm is audited against all the applicable control points of the Code of Conduct.

In case of a multi-site certification, the CB annually audits each of the sites/units which are applying for certification, and clearly specifies on the certificate which sites/units are included in the certification. All sites/units are audited against all the applicable control points of the Code of Conduct.

8) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed).

4.2.3. Code of Conduct audit of a group and multi-group certification

The audit of a group will be undertaken at the central office or administrative center of the group, using the latest document of the Certification Protocol and Code of Conduct. This is the place where the Internal Control System (ICS) of the group is managed, where all documentation can be found and where control over key decision making is. A group of farmers can be considered one farm unit if all farmers demonstrably follow the same farming practices and have a joint management system.

The audit will include:

1) opening meeting with management of the group

2) evaluation of the structure and functioning of the ICS, checking:



the list of the members of the group



the contract or agreement between the producer and the group or ICS management, specifying the rights and obligations of both



the internal standard of the group, which is an adapted interpretation of the Code of Conduct applicable

for the specific situation of the group, indicating the applicable control points



the risk assessment: the auditor shall carry out a risk assessment of all steps in the production chain and its immediate environment, as well as in the ICS, to identify risks to the integrity of production. The risk assessment shall function as a basis for the audit and certification activities.

3) review of all relevant documentation, including the self-assessment 4) evaluation of records

5) review of the annual internal audit done by the ICS 6) review how non-compliances are dealt with by the ICS 7) product flow control calculations

8) discussions / interviews with key staff 9) physical audit:

In case of group certification, the auditor audits the square root of the number of members/producers belonging to the group with a minimum of 5 members. The number will also be determined by the result of the risk based evaluation of the ICS. The farms to be audited must be selected in a way that represents the whole group, based on a combination of risk-based evaluation and random selection. The CB can increase the number of farms to audit at its own discretion and based on justifiable criteria.

Members/producers with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB. These producers need to comply with the applicable control points ‘p’ and ‘c’.

In case of a multi-group certification, the minimum number of farms to be audited by the CB will be based on the square root of the number of producers belonging to the whole group, and also determined by the result of the risk based evaluation of the ICS.

If the sub-groups of the multi-group don’t have similar production systems and/or there is no central ICS management on multi-group level, then the sub-groups are seen as individual entities (although gathered under one certificate), and the square root for (external) auditing by the CB is taken per group. As with group certification, multi-groups with a considerably different production system (nature or geography) can be part of the group and of the Internal Control System (ICS) but should be audited individually by the CB and comply with applicable control points ´p´ and ´c´.

10) witness audits of a representative sample of internal inspectors: Assessment of the competence and performance of internal inspectors

11) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed).

4.2.4. General audit process for Chain of Custody

The control points in the Chain of Custody are all mandatory. From the first year of certification, all control points need

to be complied with. Please check the respective UTZ Certified Chain of Custody documents for coffee, cocoa and tea

for the specific requirements and which supply chain actor in the supply chain needs to be certified.

For a first audit, the auditor will verify the requested records in the Chain of Custody for the 3 months prior to the date of audit in order to have an overview over the record keeping on the organization. The records have to meet the Chain of Custody requirements from the beginning of the validity of the certificate. For a subsequent audit (recertification) the auditor will verify all the requested records in the Chain of Custody going back to the previous audit.

Chain of Custody audit of an individual or multi-site certification

The audit will be undertaken at the location of the supply chain actor, using the latest document of the Certification Protocol and UTZ Certified Chain of Custody. The audit will include:

1) opening meeting with management

2) review of all relevant documentation, self-assessment and results of the previous external audit 3) evaluation of records

4) discussions / interviews with key staff 5) physical audit:

In case of an individual certification, the auditor will audit the individual supply chain actor against all the applicable control points of the Chain of Custody.

In case of a multi-site certification, the CB makes an annual risk assessment before the audit to assess how many sites of the multi-site need to be physically audited (the risk assessment includes but is not limited to: traceability model, use of subcontractors, complexity of processing at sites, homogeneity of processing activities within the multi-site operation). The number of sites to be audited by the CB needs to be at least the square root of the total number of sites. For sites that are not physically audited, the CB may require documentation for a documentation check. The CB specifies on the certificate which units/locations are included in the certificate.

6) closing meeting with the management including review of any non-compliances identified (it is not necessary to leave a draft version of the summary report with the (prospective) certificate holder, but main audit findings need to have been discussed).

4.3 Certification conditions

This section describes the conditions for certification which need to be adhered to by certificate holders (producers, supply chain actors) and CBs for the Code of Conduct and Chain of Custody audits.

4.3.1. General certification conditions for Code of Conduct and Chain of Custody certification

The following conditions are applicable for all products and their respective Code of Conduct and Chain of Custody certifications. Further conditions for the Code of Conduct for Tea certification are given in annex 3.

a. The certificate is valid for a period of 365 days. There cannot be a time gap between the certificates

. b. The certificate holder has to have a signed contract with the CB latest at the date of the certificate is issued

7 Exception to this requirement is only granted when the certificate holder changes CB (at the end of the certificate validity), and when in this case

c. If the certificate holder changes CB for its certification process, the CB with whom the member has a valid contract is the one who is able to make an extension of the (current) certificate. A CB can always decline an extension if the certificate holder does not provide enough evidence that the extension is justified.

d. Extension of a certificate can be granted up to 3 months after the original certificate expires. However, there always has to be an annual audit, each calendar year (1 January to 31 December). The certificate holder must request the extension with the CB. An extension can only be allowed if a re-audit has been planned and confirmed. UTZ Certified is informed of the extension of a certificate with the respective reason, date of the next audit and attached certificate including the extension, before the current certificate/license expires.

e. In case of extension, the audit can be done at any time up to 3 months after the expiry date of the original certificate. The certificate is then issued for the remaining period of the new certification period. For example, if a 3 month extension is granted, the new certificate will be valid for the next 9 months.

f. During subsequent audits, CBs can audit the certificate holder at any time of the year, provided it is before the expiration date of the certificate. This enables the CB to audit on different stages of production which is highly recommended by UTZ Certified.

g. UTZ Certified strongly recommends carrying out the audit at the latest 1 month before the expiration of the certificate to ensure a smooth process.

h. The UTZ Certified certificate for Code of Conduct and Chain of Custody can only be issued when all the non- compliances which inhibit the certification are resolved.

In case of a subsequent audit (recertification), the validity dates of the certificate will be aligned with the validity dates of the previous certificate, since the certification is a continuous process.

i. In the case of a subsequent audit (recertification), if the certificate holder decides to not receive the yearly audit, the CB cancels the contract.

4.3.2. Certification conditions for Code of Conduct

The following conditions only apply for a Code of Conduct certification:

a. The first audit (for a new producer) should be 3 months before or up to 3 months after the beginning of the harvest. Harvest refers to main/big or mid/small harvest. If the certificate holder decides at a later stage to request the first audit (at the end or after the harvest), this harvest cannot be certified.

If there is a continuous harvest, the first audit can take place at any moment in time.

b. The validity of the certificate starts at the beginning of the harvest of the certificate holder (so that the entire harvest period is covered by the certificate).

If the first audit has taken place during the harvest, the validity of the certificate still starts at the beginning of the harvest, implying that the CB has to check the requirements retrospectively for the period passed from the beginning of harvest to the audit date.

In case of a continuous harvest, the validity of the certificate can start at any moment in time (i.e. when the certificate holder is in compliance and at the earliest 3 months before the audit - the latter than requiring a retrospective check).

c. As mentioned above, the UTZ Certified certificate for Code of Conduct can only be issued when all the

corrective actions of the non-compliances which inhibit certification have been addressed. In the case that

non-compliances are directly related to that year’s harvest and are of a serious nature, the harvest cannot be certified

.

d. As mentioned above, in case of a subsequent audit (recertification), if the certificate holder decides to not receive the yearly audit, the CB cancels the contract. If the certificate holder decides at a later stage (i.e. more than 3 months after the beginning of the harvest) to request the audit, the harvest of that year cannot be certified.

Example case: a new producer will receive an audit for the first time for the UTZ Certified Code of Conduct certification.

The harvest starts in November 2012 and, according to the Protocol, the auditor can audit shortly before (not more than 3 months) or during the harvest (first 3 months), i.e. between the period of September 2012 to February 2013. The auditor performs the audit in October 2012 and issues the certificate with a validity starting on the 20^th November 2012. The certificate is now valid until the 19^th November 2013.

In 2013, the CB issues an extension of 3 months. The certificate is extended until the 19^th February 2014. This is only possible if the auditor does the audit before the 31^st December 2013. The new issued certificate will then be valid from the 20^th February 2014 to 19^th November 2014.

First certificate: 20^th November 2012 – 19^th November 2013 Extended certificate: 20^th November 2013 – 19^th February 2014 Audit performed before 31^st of December 2013

Second certificate: 20th February 2014 – 19th November 2014

4.3.3. Certification conditions for Chain of Custody

The following conditions only apply for a Chain of Custody certification:

a. In case of a Chain of Custody certification, a new supply chain actor has 3 months to receive the audit from the moment the supply chain actor starts the certified activities (e.g. processing).

b. The certificate will be issued with a validity date which is the same as when the supply chain actor started processing the certified produce (in Mass Balance Cocoa Chain of Custody: 3 months from the moment the certified cocoa has been received).

4.4 Determining volume of certified production

CBs are required to estimate the volume of produce from a certificate holder that may be sold as UTZ Certified. This volume must be mentioned on the Code of Conduct certificate. The certified quantity of produce must be determined based on historical production records and forecasts of the current crop. If the harvested volume is higher than the forecasted volume (and to the certified volume), the producer may decide to certify the extra volume.

The CB can report the change in certified volume in one of the following ways:

- The CB reports to UTZ Certified the change in certified volume by requesting a volume extension in the Good Inside Portal before the expiration date of the certificate/license.

The CB includes the extra volume as carryover in the new certificate after the extra volume is assessed during the

recertification audit If the certificate holder (i.e. the producer or the group of organized producers) still has certified

produce from the previous year’s certification in stock, the auditor assesses the quantity which is still available to be

sold as UTZ Certified product. This quantity is then included as “carry-over volume” in the Code of Conduct certificate and the certificate holder can still sell the quantity as certified produce. Volumes delivered to the warehouse and announced in the Good Inside Portal cannot be taken as carryover in the new certificate.

4.5 Changes in certification information

The certificate holder must inform the CB of all changes concerning the certification information (production area, volume, new members, and sites). The CB can then follow up in accordance with the Certification Protocol and request an extension of the current certificate via the Good Inside Portal.

The CB will issue a new certificate containing the changes and report the extension from UTZ Certified. If an additional audit has been performed, the certificate and the audit report need to be sent to UTZ Certified. CBs can request a Summary Report template for additional audits to: certification@utzcertified.org

Up to 10% of new production area and/or volume for a certified producer may be added to the certificate annually by registering the additional area with the CB without further verification by the CB. If the increase in the production area and/or volume of a certified producer is more than 10% in one year, an additional audit will be required during that year before the extension may be added to the existing certificate.

Up to 10% of new members of a producer group may be added to the certificate annually by registering the additional members with their production area and volume with the CB without further verification by the CB. If the increase in the number of members of a producer group is more than 10% in one year, an additional audit of the ICS and of the square root of the number of new members will be required during that year before the extension may be added to the existing certificate.

Regardless of the number of new members of a producer group in one year, if the group as a whole increases the production area and/or volume by more than 10% in one year, an additional audit of the ICS and of the square root of the number of new members will be required during that year before the extension may be added to the existing certificate.

These changes in certification information refer to changes occurred during the validity of a certificate, i.e. after the producer or supply chain actor have received the certificate and before the expiry date of the certificate.

4.6 Non-compliances: warning, suspension and cancellation

a. If there are non-compliances preventing certification, the CB and the certificate holder need to agree on the period within which the certificate holder has to address these non-compliances. The recommended period for resolving non-compliances is up to 12 weeks (maximum of 60 working days).

The CB must set a new, mutually acceptable date for re-audit if applicable depending on the corrective action plan set up.

The certificate is only issued when all mandatory and the necessary number of additional control points are complied with, and non-compliances (if applicable) have been resolved.

If a certificate holder does not comply with the Code of Conduct certification, the CB cannot certify that harvest

and the certificate holder needs to apply for a new audit for the following year’s harvest.

In the case of a Chain of Custody certification, a certificate holder needs to apply for a new audit (no specific time frame is indicated).

b. If one of the previous years’ non-compliances is repeated in the new certification, the corrective action has to be more stringent than in the previous certification decision.

c. If the certificate holder changes CB for its certification process, the previous CB is required to inform the new CB on the results of the previous external audit.

In the case of certification against the Code of Conduct, the certificate holder continues with the following year of compliance based on the last certification. Certificate holders cannot stay an additional year on the same level because they decided to change CBs.

d. The complaints procedure for complaints by the certificate holder to a CB about its performance is described in chapter 6 of this document.

CBs must have systems in place to identify non-compliance with the Code of Conduct or the Chain of Custody as described below. A certificate holder may be warned, suspended or her/his certificate could be withdrawn for non- compliance with mandatory and/or additional control points, and/or with the UTZ Certified Certification Protocol.

4.6.1. Non-compliance with a mandatory control point

The certificate holder must report in advance any non-compliance with a mandatory control point found, to the respective CB The certificate holder must take appropriate actions to correct this non-compliance.

a. If the CB detects that the certificate holder did not report the non-compliance during the assessment, the CB issues a written warning within 6 weeks from the moment the non-compliance was detected, requesting compliance with the respective control point so the certificate holder can correct it in a maximum of 12 weeks (60 working days). The corrective actions need to be agreed between the CB and certificate holder. The non-compliances and corrective actions taken need to be documented and be available to the auditor.

If the corrective actions have not been undertaken and checked by the CB within this timeline, the CB has to immediately suspend the certificate holder for a period of 3 months. In the case of several non- compliances with mandatory control points detected by the CB, the CB may decide to suspend the certificate holder for a longer period of time. While the certificate holder is suspended, the certificate holder may not sell its produce as certified. Before the end of the suspension period, the CB must re-audit the certificate holder to verify compliance with the specific control points. . If the same non-compliance with the same control point is detected, the current certificate (in case there is one) of the certificate holder is withdrawn and a certificate for the new certification period cannot be issued. The certificate holder may not apply for re-certification for one harvest (or for one year in the case of a continuous harvest).

b. If the certificate holder did report the non-compliance to the CB, the certificate holder needs to take

corrective actions to comply with the respective control point before the external audit takes place. The

non-compliance and the corrective actions need to be documented and the CB will verify the fulfillment of

not been undertaken, the procedure described above for non-reported non compliances needs to be followed..

4.6.2. Non-compliance with an additional control point (applicable to Code of Conduct only)

If the CB detects during the audit or if the certificate holder reports that the requested number of additional control points is not complied with, the same measures apply as for non-compliances with a mandatory control point.

4.6.3. Non-compliances in case of group or multi-group certification

The member/producer must report any non-compliance to the ICS management. The ICS management must take appropriate actions with the member/producer to correct this non-compliance. The ICS must record any warning, suspension or cancellation.

a. If the internal inspection detects that the producer did not report the non-compliance to the ICS management, the ICS management should immediately suspend the producer. While the producer is suspended, the producer may not sell the produce as certified. Before the end of the suspension period, the producer must be internally re-inspected. If the same non-compliance with a mandatory control point is detected, the producer is cancelled as a member of the group and may not apply for re-certification for one harvest (or for one year in the case of a continuous harvest).

b. If the producer did report the non-compliance to the ICS management, the ICS should issue a warning to the producer and grant a period for corrective actions. During that period the producer continues to be considered member of the group and may sell the produce as certified. At the end of the corrective action period, the ICS must internally re-inspect the producer to verify compliance with the control point(s) in question. If the same non-compliance is detected, the procedure for non-reported non-compliances need to be followed.

The UTZ certificate for Code of Conduct and Chain of Custody can only be issued when all the non-compliances which prevent certification have been resolved. These non-compliances are reported to UTZ Certified in the Good Inside Portal.

In the case of a Code of Conduct certification and non-compliances that are directly related to that year’s harvest and of such a serious nature, the harvest cannot be certified.

The CB must record any warnings and immediately inform the Standards and Certification Department of UTZ Certified accordingly in writing. In case of a suspension, the CB records the suspension immediately in the Good Inside Portal and informs UTZ Certified Standards and Certification Department by email. The certificate holder must inform its UTZ Certified customers on the status of any suspensions. If a suspension leads to a withdrawal of the certificate (decertification), the Standard and Certification Department of UTZ Certified must be informed immediately in writing.

The address for all these notifications is certification@utzcertified.org.

5. Internal Control System and requirements

An internal control system (ICS) is a quality management system that indicates the necessary measures that producers take to improve their organizational skills, management, efficiency and overall performance. The ICS is a requirement to achieve Code of Conduct Group and Multi-Group Certification and to ensure that all members of the group comply with the UTZ Code of Conduct. The annual audit of all individual group members is delegated from the CB to the producer group’s ICS, which means that internal inspections are considered formal inspections.

The CB evaluates whether the ICS is working well to assure that all members of the group are complying with the Code of Conduct. The CB also checks whether the ICS procedures, as developed by the group, meet the minimum criteria of the UTZ Certified Code of Conduct. The audit is done by checking the ICS documentation, the qualifications of ICS staff and re-inspecting a representative number of group members.

5.1 General requirements for an ICS An ICS consists of different elements:

• An Internal Standard and Procedures document to ensure compliance with the UTZ Certified Code of Conduct requirements. The internal standard indicates the applicable control points of the Code of Conduct for the specific situation of the group.

• All ICS records and documents requested by the UTZ Certified Code of Conduct updated and accessible for the external inspector at a central location.

• List of the group members.

• Contract or agreement between the producer and the group or ICS management, specifying the rights and obligations of both.

• An internal inspection system in place. Each registered producer is inspected at least once a year against the applicable UTZ Certified requirements. The internal inspection can be done at any time of the year and can be combined with other activities as long as it is clear to the producer which activities are part of the internal inspection. At the time of the external audit, the internal inspection round has to be complete enough to assure the CB that the whole group is compliant with the Code of Conduct.

• Procedures for internal inspections and approval of farmers. There is an approval and sanction manager or committee who assesses the certification status of each producer based on the findings of the internal inspection.

• Records of warnings, suspensions or cancelations of members for non-compliances with mandatory and/or additional control points, and/or with UTZ Certified contractual agreements. The periods for corrective actions determined by the ICS need to be included.

• Procedures that allow the producer to exert her/his right to appeal any decisions made by the approval and

sanction manager or committee.