Professional Documents
Culture Documents
Certification as an
p. 3-4
p. 5
p. 6-8
p. 6
p. 7
p. 7
p. 7
p. 8
p. 9-15
General
Guidance on educational requirements
What audits do we accept for certification?
What training course certificates does IRCA accept?
Guidance on continuing professional development (CPD)
Guidance on work experience
Guidance on flexibility and potential concessions within IRCAs criteria
p. 9
p. 9
p. 9-11
P. 11-12
p. 12-14
p. 14-15
p. 15
p. 16-20
p. 16
p. 17
p. 18
p. 19-20
p. 20-22
p. 23-24
p. 23
p. 23
p. 23
p. 23
p. 23-24
Appendix I
p. 25-57
p. 25
p. 26
p. 27
p. 28-29
p. 30
p. 31-32
p. 33
p. 34-36
p. 37-40
p. 41
p. 42-44
p. 45-46
p. 47-49
p. 50-52
p. 53-58
Appendix II
Definitions
p. 59
Appendix III
IRCA Code of Conduct
p. 60
b) Your adherence to principles of proper ethical conduct, fair presentation and due
professional care, as articulated in the IRCA Code of Conduct
c) Your commitment to continuing professional development (CPD)
d) Your commitment to provide value to:
The users and stakeholders who rely on management systems audits to establish if
the organisations management system can consistently meet customer and
applicable regulatory requirements
The auditee by providing management with information regarding the
organisations ability to meet its management system-related business objectives;
identifying problems that may prevent the client from meeting its management
system-related business objectives; and identifying meaningful opportunities for
improvement, as well as those areas of risk that are not yet identified or managed.
When you achieve IRCA auditor certification, you join over 14,000 management systems auditors in
over 120 countries who share your professionalism and commitment, and benefit from:
Our award of certification means we have recognised that you understand and are
competent (depending on the grade awarded) to:
Uphold the principles of proper ethical conduct, fair presentation and due professional
care
Communicate clearly, both orally and in writing, with personnel at all levels of an
organisation
Plan and organise an audit of a management system
Identify, understand and audit relevant business processes
Sample and evaluate audit evidence, and determine the effectiveness of a
management system
Report audit findings and conclusions accurately
Plan, organise and lead the audit team, and manage the audit process.
The scope of certification is general. You may select from a list of up to six standard industry
sectors in which you have acquired work experience. These details, although included within the
register, are self-declarations and outside the scope of certification.
The details of all certificated auditors are included within a register that is publicly available.
The schemes are intended for:
Auditors, eg those for whom auditing is a significant part of their role, including supply
chain auditors, those employed by certification bodies/registrars, and those conducting
audits within their own organsations
Practitioners, eg consultants, audit programme managers, and others involved in
auditing through the development and maintenance of management systems, auditor
training and standards development.
Grade
Applicability
Guidance notes
Internal
Auditor
Provisional
Internal
Auditor
Auditor
Provisional
Auditor
Lead Auditor
Principal
Auditor
Required education/qualifications
Step 2
Complete the IRCA auditor certification application form (available at www.irca.org):
Indicate which discipline(s) and grades you are applying for, and attach evidence as required.
We accept applications and supporting documentation in the following languages:
English
Japanese
Spanish.
For all other languages, the application must be accompanied by a certified translation (into
English) of the original text. This is particularly important for educational qualifications,
training courses and work experience.
Step 3
Submit your completed application form and fee:
Current auditor certification application fees are available at the IRCA website
(www.irca.org). You may submit your form electronically by email, or by post to:
Email:
Address:
registration@irca.org
IRCA, Chancery Exchange, 10 Furnival Street, London, EC4A 1AB, UK
See the What we do box later in this section to learn how we manage your application. Do not send the annual
certification fee. If your application is successful, we will write and ask you to pay the annual certification fee.
to accept our offer of certification, pay your first annual fee and you will receive your first IRCA
auditor certification card, and be placed on the IRCA online register of auditors. Once your
application is successful, we award certification for a period of three years beginning from the
month we award certification. This three-year period is referred to as the certification period.
During the certification period, at the end of the first and second years you may maintain
certification by payment of the annual certification fee, and by compliance with the Code of
Conduct. We dont, however, require you to submit any other documentation at the end of year
one and year two. At the end of the third year, all certificated auditors are required to complete
the triannual renewal of certification process.
3.2 How to: Maintain your certification
Your entry onto the IRCA online register of certificated auditors is dependent on you paying your
annual certification fee every 12 months (starting from your initial certification date) and by
compliance with the IRCA Code of Conduct.
3.3 How to: Renew your certification
We dont require you to submit any other documentation at the end of year one and year two. At
the end of the third year, all certificated auditors are required to complete the renewal of
certification process by providing evidence of continuing professional development, audit
experience (depending on grade) and declarations of ongoing compliance with the IRCA Code of
Conduct, including any complaints against you. If you are successful at renewal, we will award you
certification for a further three-year certification period, and so on. Please refer to Section 6 (p.21)
for the grade-specific renewal criteria.
We will write to you two months prior to your certification expiring to remind you that your renewal
is due.
3.4 How to: Regrade
You can apply to be regraded at any time. When we offer you initial certification, we will indicate the
audit experience and Competencies you need to attain the next grade(s) of certification.
To apply for regrade, you should complete IRCA/106 log sheets, enclose any additional information
requested, and send it to us with the regrade fee. Please visit www.irca.org for costs.
A successful application for regrade will not normally result in a change to your renewal of
certification date.
There is no regrade fee if you are regraded as part of the (three-year) renewal of certification
process.
Please contact us if you need any further advice on how to regrade.
sure you include detailed information of the audits you perform, and provide sufficient
contact details so that we are able to perform a verification
e) Applying for second and subsequent auditor schemes:
If you are already certificated as an Auditor, Lead Auditor or Principal Auditor on one of our
other schemes and you are applying for certification or regrade to a second or subsequent
scheme then a minimum of 75% of the audit days shall be to the relevant scheme you are
applying for. The remainder may be to the scheme(s) you are already certified to. Note: This
does not apply to renewal where you need to demonstrate you meet the audit requirements
for each scheme.
f)
The client (auditee) already had a fully established management system prior to the
audit
You had no part in setting up the management system being audited (except in such
specific circumstances as described below)
You were independent of the auditee
The scope of the audit included all elements of the management system.
We will also accept pre-assessment audits performed by you on a management system that
you were involved in developing, if the certification body subsequently awarded certification
at the first attempt
10
i)
j)
11
certified training course. IRCA does accept a very small number of non-IRCA-certified
training courses as being equivalent to its own courses. Please refer to this page on our
website: http://www.irca.org/en-gb/certification/How-to-apply/accepted-alternatives/ or
contact head office for information about accepted alternatives
b) You should normally have successfully completed auditor training within the three-year
period immediately prior to application for certification. We may accept training completed
prior to this period if you provide evidence of recent and relevant continuing professional
development (CPD), work experience and currency of your auditing skills. We advise you to
refer to the IRCA website (www.irca.org) for a current listing of all IRCA-certified training
organisations offering IRCA-certified management system auditor training courses
c) All training course certificates submitted must be supported by documentary evidence. An
example of acceptable evidence would be a good-quality photocopy of the original
certificate indicating the awarding body, the title and date of the award, and the name of
the person to whom the award was made. If any of this information is not available or is not
clear, we may ask you to supply us with more evidence. If no documentary evidence can be
supplied by the awarding body, it is unlikely we would accept your training course
certificate. IRCA reserves the right to verify this information with the relevant organisation
and/or individual(s)
d) IRCA does not accept certificates of attendance. Certificates must be of successful
completion of a course. The only exception to this rule is that IRCA will accept a certificate
of attendance of an Auditor/Lead Auditor course, as meeting the training requirement for
the Internal Auditor grade.
12
a) CPD Types:
1. Unstructured;
Included in this category would be;
2. Semi-structured;
Included in this category would be;
3. Structured;
Included in this category would be;
b) CPD Focus
CPD should be focused on appropriately developing ones knowledge and skills to maintain
ones effectiveness as an auditor.
In determining what your CPD objectives should be, you should consider;
1. what has changed / is changing? This could be a standard update, a technical change
13
c) CPD Approach
You should consider carefully what CPD you wish to do in the three year certification
period. You should identify some objectives early on, and plan your CPD activities in
advance to ensure you continue to meet the CPD requirements.
You may conduct CPD in a number of ways (types and areas). IRCA will not prescribe how
you should accomplish your personal CPD objectives, however IRCA will normally only
accept a maximum of 20 hours unstructured CPD. In certain circumstances, IRCA may
accept a greater number of hours of unstructured CPD, if the auditor can demonstrate;
a) good reason for not conducting enough semi-structured or structured CPD.
b) that there have been no significant changes that would warrant a semi-structured or
structured approach. (For example; an update to the standard may require formal
update training).
If you have conducted 45 hours of CPD, but IRCA determines that you have not conducted
CPD in a specific area, which it believes to be critically important, IRCA will advise you of
this and you will be required to submit evidence of this CPD to IRCA within an agreed
timeframe.
For each CPD entry on your log, you are required to state/describe;
1. what type of CPD it was
2. what areas the CPD was focused on
3. what skills/knowledge have you gained, and how these have enhanced your
capabilities as an auditor.
4. the contact details of someone who can confirm that the CPD took place (for
structured and semi-structured).
It is your responsibility to provide a case for acceptance of any activity you submit, and this
must be supported by sufficient and appropriate evidence, such as records of your activities,
provision of the contact details of someone who can verify the CPD took place (for nonindependent CPD) and any formal certificates or qualifications you may have received.
Completing the CPD log sheet clearly, fully and providing an accurate description of the CPD
undertaken and the skills/knowledge attained, will help ensure your CPD log is accepted.
4.6 Guidance on work experience
a) Please refer to the scheme-specific appendix document and the guidance section of the
application form for information about what will be accepted as experience relevant to the
auditor scheme you are applying for
14
A cover letter highlighting which grade you are seeking to be certified at. (This letter
should also explain why you believe yourself to be suitable for this grade)
A copy of your curriculum vitae
All releveant traininig certificates and educational certificates
A recommendation from an IRCA certified Lead/Principal Auditor (if possible).
Any other supporting documentation, for example an auditor certification from another
auditor certification body.
Completed IRCA Audit Logs and CPD logs to support your application.
Note: The Certification Process will still require you to make a non-refundable application
payment before your application can be formally reviewed. IRCA will review applications
that request such consessions on a case by case basis, and will provide a full and justified
explanation for any decisions made. Any flexibility or concessions to the IRCA requirements
will be entirely at discretion of the Certification Manager.
15
5.1 Internal Auditor (see the bottom of the page for Provisional Internal Auditor)
Education
At least to secondary education level.
Work experience
Four years full-time experience, or two years with a degree or near degree
One years full-time experience relevant to the auditor scheme.
Auditor training
A relevant IRCA-certified Foundation course and a relevant IRCA-certified Internal
Auditor training course
or
The relevant IRCA-certified Auditor/Lead Auditor training course. (Refer to 4.4 for
guidance on what training IRCA accepts.)
Note: IRCA will consider, on a case-by-case basis, auditors applying for an internal auditor
grade that have successfully completed an Internal Auditor course, but not the respective
Foundation course. The decision will be based on the information provided in the work
experience and sector understanding parts of the application form.
Auditing experience
You need to have performed at least five internal audits, each of which must have been
of at least three hours duration, have included all elements of the audit cycle audit
planning, document review, auditing, interviewing and audit reporting and must not
have involved areas or activities in which you yourself perform. However, we will
accept audits of activities for which you are directly or indirectly responsible, eg as a
line manager. (Refer to 4.3 for guidance on what audits are accepted.)
16
5.2 Auditor (See the bottom of the page for Provisional Auditor)
Education
At least to secondary education level.
Note: If you have a degree or near degree level qualification, we will reduce the
requirement for work experience. Acceptable qualifications include those awarded by an
institution recognised by a national governmental body or accredited by a national
professional body.
Work experience
Four years full-time experience, or three years with a degree or near degree
Two years full-time experience relevant to the auditor scheme you are applying for.
Please refer to the scheme-specific appendix document for information about what will
be accepted as experience relevant to the auditor scheme you are applying for.
Auditor training
A relevant IRCA-certified Auditor/Lead Auditor training course.
Or the relevant IRCA-certified Auditor/Lead Auditor Conversion training course only
acceptable if you have previously completed a five-day Auditor/Lead Auditor training
course in another discipline. (Refer to 4.4 for guidance on what training IRCA accepts.)
Auditing experience
You need to have performed at least four full management system audits covering all
clauses (requirements) of the applicable management system standard. Auditing activity
must include document review, preparation and performance of on-site audit activities,
and audit reporting. The total duration of these audits must not be less than 20 days, 15
of which must have been acquired on site. (Refer to 4.3 for guidance on what audits are
accepted.)
Note: Although we recommend you should complete all of the audits under the direction
and guidance of an auditor competent as a team leader (one currently certificated as a
lead auditor or who has equivalent competence), we acknowledge that for many auditors
this will be very difficult and costly to arrange. Consequently, we will accept a minimum
of one audit under these conditions. We may require this team leader to attest to your
competence to audit as a team member.
Provisional Auditor
No audits are required. All other requirements are the same as those for an Auditor.
17
18
Six years certification to Lead Auditor grade by IRCA (or acceptable alternative) prior to
certification.
Note 1: You must have completed 6 years certification as a lead auditor and meet
the criteria for Lead Auditor Certification at the second recertification (this is the
earliest time possible to be eligible for Principal Auditor). If you have already
completed 2 recertifications as a Lead Auditor, you may transition to Principal
Auditor at any time.
Note 2: You may choose to maintain your lead auditor certification, rather than
progressing to Principal Auditor, however, you will need to continue to meet the
renewal requirements for lead auditor if you do so.
Or
19
Note: CPD does not have to be conducted in all categories. You should identify CPD which is
essential to maintianing your currency and effectiveness as an auditor, and CPD that can
enhance your effectiveness as an auditor.
20
2) Audit experience
We need you to record and submit your audit experience on the audit log sheets
(IRCA/106) that we supply.
For Internal Auditor:
You need to have completed a minimum of five internal audits, the total
duration of which must have been at least 15 hours.
For Auditor:
Five audits, two of which must be full system audits. Three of the five audits may be
surveillance or partial system audits.
Audit experience within the three-year certification period shall be not less than eight
on-site audit days. You must have performed these audits within the previous three-year
certification period.
Five audits, two of which must be full system audits. Three of the five audits may be
surveillance or partial system audits.
A minimum of one full system audit shall be while leading a team that includes at least
one other person (total team of 2 persons minimum).
Note: IRCA may exercise discretion on this requirement, should the auditor have a
substantial and demonstrable history of conducting lead audits.
Audit experience within the three-year certification period shall be not less than eight
on-site audit days. You must have performed these audits within the previous three-year
certification period.
21
3) Additional Requirements
For all grades other than Principal Auditor:
There are no other requirements
For Principal Auditor:
You must submit evidence of continued work expereience related to the relevant
management system(s) and evidence of continued involvement in auditing or audit related
activities.
4) Declaration of complaints
We need you to tell us about any complaints made against your professional conduct. It is
important we know of any complaints, as we need to consider these as part of the renewal of
certification process. We will investigate all instances of complaints. If complaints are made
against your conduct and you do not declare them, the consequences will be far more serious
and may result in suspension or withdrawal of your certification.
5) Compliance with the Code of Conduct
We need you to make a declaration that you have always acted in compliance with the Code of
Conduct (see Appendix III).
6) Payment of the annual fee
And finally, we need you to pay the annual fee. Because the fee will be dependent on the grade
we offer you after renewal, we do not ask you to pay this fee until we have completed renewal.
We will write to you with the results of the renewal, enclosing the invoice and fee-due date.
Failure to pay your annual fee within 28 working days of the date of the invoice will result in
your certification being withdrawn, and the removal of your details from the online register.
Once we have received your payment, we will write to you again enclosing your new
certification card.
22
Application fee: We need you to pay this fee when you send in your application.
Alternatively, we will invoice you on receipt of your application. This fee covers the costs of
the application process and is not refunded if the application is unsuccessful. Failure to pay
this fee will cause a delay in the processing of your application
23
Annual certification fee: This fee covers the annual cost of administering your certification.
We will normally invoice you for this fee when we first offer you certification following your
application, and each year thereafter, three months before payment is due.
Failure to pay your fees within 28 days of them being due will result in withdrawal of your
certification. Upon receipt of your fee, your card will be issued.
Application for regrade fee: This fee covers the costs of evaluating your regrade. We need
you to pay this when you submit your request and, as with the application fee, the regrade
fee is not refundable. If you are regraded during the year, we will not ask you to pay any
further certification fees for that current year. You may request a regrade at any stage
during the certification period. There is no regrade fee if we regrade you as part of the
(three-year) renewal of certification process.
Except for every third year, when your renewal is due we invoice you after we have completed your
renewal, on the basis that your grade (and fee) may have changed as a result. Upon receipt of
payment, your card will be issued.
24
Appendix I Part 1
Quality Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
25
Appendix I Part 2
Environmental Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
Within the sector understanding and work experience sections of the application form, you are
required to demonstrate the following knowledge and competencies:
26
Appendix I Part 3
Occupational Health and Safety System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
27
Appendix I Part 4
Information Security Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
28
29
Appendix I Part 5
Information Technology Service Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
Employees conducting IT service management system audits within their own organisation,
ie internal audits
IT service management system auditors, eg those employed by third-party certification
bodies/registrars or by purchasing organisations
IT service management practitioners, eg IT service management consultants and other IT
service management personnel.
30
Appendix I Part 6
Business Continuity Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
Within the sector understanding and work experience sections of the application form, you are
required to demonstrate the following knowledge and competencies:
Note: IRCA will accept completion of the BCI Certificate Examination (CBCI) as evidence of
the above.
2)
3)
4)
5)
6)
7)
8)
Understanding the core processes involved in business continuity management and the
interrelationships that enable you to examine BCMS, and to generate appropriate audit
findings and conclusions
Understanding the relationship processes based on business continuity management and
supplier continuity management
Understanding resolution processes based on identifying potential threats and impacts, and
handling disruptions and business continuity incidents
Knowledge of processes and products, including services, that enable you to comprehend
the business context in which the audit is being conducted
Knowledge of relevant standards, regulatory or legal requirements pertaining to BCM, within
the specific sector and geography being audited
Understanding the need for BCM to be a top management-led embedded business process,
and the experience to evaluate whether this is being maintained effectively
Understanding the nature of continual improvement through the use of top management
leadership, planning and performance evaluation.
31
32
Appendix I Part 7
Energy Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
Note: As a guide, courses such as the Energy Institutes Certificate in Energy Management Essentials
(or equivalent) would meet this requirement, as would higher-level energy management-related
qualifications.
The EnMS Scheme is based on the auditing key standard:
ISO 50001: Energy management systems Requirements with guidance for use (latest Issue).
Guidance on who this scheme is intended for
33
Appendix I Part 8
Pharmaceutical Management System GMP Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
Knowledge and Understanding of the pharmaceutical supply chain and the context of
individual suppliers within the globalisation of the pharmaceutical supply chain and the
associated storage and distribution requirements
Knowledge of ICH Q8 (current edition) and the interaction of ICH Q9 risk management
(current edition) and ICH Q 10 pharmaceutical quality system (current edition)
This should be supported by;
Evidence of successful completion of a GMP awareness training course
Or
2 years demonstrable work experience in a GMP environment
Understanding of patient risk and general risk management to establish the control strategy
that can include parameters and attributes related to drug substance, finished product,
starting materials and components. This should embody a working relationship with
applicable GMP.
Understanding of the required GMPs for the processes which the auditor is intending to
audit for example:
34
Audit requirements:
For Internal Auditor grade, for initial certification, and renewal of certification, all GMP audits will be
accepted, including those that are not full management system audits.
For Auditor / Lead Auditor grade, for initial certification and renewal of certification only full
management system GMP audits will be accepted.
Note: Please indicate on the audit log any audits that are full management system audits.
The Pharmaceutical GMP Auditor Scheme is based on the auditing key standards:
In Europe - The GMP Directive 2003/94/EC and EudraLex Volume 4
In the USA - CFRs Title 21 Parts 210 and 211
ICH Q10: Pharmaceutical quality system (current edition)
ICH Q9: Quality risk management (current edition)
ICH Q8: Pharmaceutical development (current edition)
ICH Q7: Good manufacturing practice guide for active pharmaceutical ingredients
ISO 19011: Guidelines for auditing management systems (current edition)
ISO 17021: Requirements for bodies providing audit and certification of management systems
(current version).
Guidance on who this scheme is intended for:
Internal auditors who conduct full or partial GMP and pharmaceutical quality management
system audits within their own organisation.
Pharmaceutical auditors conducting audits of:
o
o
o
o
o
o
Third Party Pharmaceutical auditors working for clients within the pharmaceutical industry
35
Audits of different phases of the product lifecycle (ie research and development,
clinical trial manufacture, commercial manufacture, distribution and supply, and
product discontinuation)
Note:
If you are seeking auditor training or auditor certification to the PQG supplier standards
for packaging and excipients you should visit the CQI's Pharmaceutical Quality Group's
website for further information.
36
Appendix I Part 9
Aerospace Quality Management System Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
Within the sector understanding and work experience sections of the application form, all applicants
are required to demonstrate knowlege and competence in the application of aerospace
requirements. This means services and products that have airworthiness, regulatory, legal or
aerospace-specific requirements. It will not be sufficient for you to have experience of products such
as seats and cabin equipment, simple fasteners, general forgings, castings, fabrications or machined
parts that, while used in aerospace applications, are subject to general engineering requirements
rather than the airworthiness requirements detailed below.
You should demonstrate on the form knowledge and competence in the majority of the following
aerospace industry-specific aspects of aerospace industry quality, regulatory and/or military
aerospace requirements:
37
AS9100/EN9100 certification
AS9110/EN9110 certification
FAR/EASA Part 21 or Part 145 approval
CAA, JAA or FAA approval to airworthiness standards
ISO 9001, where the applicant can clearly show the experience was not of products such as
seats, fasteners, general forgings, castings or fabrications that, while used in aerospace, are
38
QMS auditors expected to check the effectiveness and compliance with aerospace
requirements, such as those employed by third-party certification bodies/registrars (but not
for ICOP certification), or to conduct second-party audits on behalf of purchasing
organisations, or on behalf of organisations carrying out first-party audits of a size or
complexity beyond the capability of internal auditor grades
39
Quality practitioners, eg quality consultants, quality managers and other quality personnel
that require the greater understanding or professional standing conferred by the grade
Technical personnel/airworthiness surveyors etc with employment experience with civil
aerospace regulatory authorities and government military aerospace organisations.
40
Appendix I Part 10
TickIT Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
Software products
Products that include software
Software systems that facilitate service provision.
41
Appendix I Part 11
Food Safety Management System Auditor Scheme
Specific Requirements and Guidance
Important notes:
For Part 1 of this scheme, all of the IRCA auditor grades are available (see table on p.5)
For Part 1 of this scheme, the generic auditor criteria apply (Section 5)
For Part 2 of this scheme, only one grade is available ISO 22003: Auditor
For Part 2 of this scheme, all the generic criteria for auditor grade apply (see Section 5.2).
42
For initial certification to your first category, you need to have performed a minimum of 12
FSMS audit days and all under the direction and guidance of a Lead Auditor (or similarly
qualified) competent to attest to your competence. The audits must have been conducted
within four different organisations in the category you are applying for
Each additional category requires four FSMS audits under the direction and guidance of a
qualified auditor in the new category.
You need to have completed at least five external audits per year, including at least two
FSMS audits
or
A minimum of four FSMS on-site external audits per year
or
Ten FSMS audit days per year.
Part II:
43
FSMS Scheme Part II Food chain categories (as per ISO/TS 22003)
Category codes
Categories
Examples of sectors
Farming 1 (Animals)
Farming 2 (Plants)
Processing 1
(Perishable animal products,
including all activities after
farming, eg slaughtering
Processing 2
(Perishable vegetable
products)
Processing 3
(Products with long shelflife at an ambient temperature)
Feed production
Catering
Distribution
Services
Equipment manufacturing
(Bio)Chemical
manufacturing
Packaging material
44
Appendix I Part 12
Social Systems Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you are required
to demonstrate the following knowledge and competencies:
Internationally accepted human rights norms, laws and regulations relating to labour and
ethics issues
Relevant industry codes of practice, legal requirements, guidelines and standards relating to
labour, ethics, health and safety, and environmental issues
Relevant international, national and local judicial systems and legislative frameworks
Relevant social responsibility and labour culture, trade unions, non-governmental
organisations (NGOs) and other interested parties within the country or area of operation.
The Social Systems Auditor Scheme is based on any of the following audit criteria:
45
ILO Conventions 29 and 105 and Recommendation 35 (Forced and Bonded Labour)
ILO Convention 87 (Freedom of Association)
ILO Convention 98 (Rights to Organise and Collective Bargaining)
ILO Conventions 100 and 111 and Recommendations 90 and 111 (Equal Remuneration for Male and Female
Workers for Equal Value; Discrimination in Employment and Occupation)
ILO Convention 138 and Recommendation 146 (Minimum Age)
ILO Convention 135 and Recommendation 143 (Workers Representatives)
ILO Convention 155 and Recommendation 164 (Occupational Safety and Health)
ILO Convention 159 and Recommendation 168 (Vocation Rehabilitation and Employment of Disabled Persons)
ILO Convention 177 and Recommendation 184 (Home Working)
ILO Convention 170 (Safe Use of Chemicals)
ILO Convention 110 (includes reference to Provision of Housing for Migrant Workers)
(A total of 185 ILO Conventions are published and others may be relevant)
Purchasing organisations
Supplier organisations
Regulatory authorities
NGOs
Contracted verification agencies.
Note: EICC-GeSI Auditor training courses are accepted for registration onto this scheme.
46
Appendix I Part 13
EICC-GeSI Auditor Scheme
Specific Requirements and Guidance
Important note: This scheme only has three grades Provisional Auditor, Auditor and Lead Auditor.
The generic criteria still apply.
Scheme specific (additional) requirements
The certification grades applicable to this scheme are limited and fall into two scopes, as below:
Grade
Scopes *
Provisional Auditor
As a Provisional Auditor you must meet the requirements for at least one of
these:
Auditor
As an Auditor you must meet the requirements for at least one of these:
Lead Auditor
As a Lead Auditor it is mandatory that you meet the requirements for the
labour and ethics scope.
You may also meet the requirements for the environmental, health and
safety scope.
* Scope
requirements
Qualifications/
experience
or
or
Qualification(s) in a closely related field.
Either
Auditor training
Either
EICC-GeSI Labour and Ethics Lead
Auditor course
or
or
47
Within the sector understanding and work experience sections of the application form, you are
required to demonstrate the following knowledge and competencies:
Internationally accepted human rights norms, laws and regulations relating to labour and ethics
issues
Relevant industry codes of practice, legal requirements, guidelines and standards relating to
labour, ethics, health and safety, and environmental issues
Relevant international, national and local judicial systems, and legislative frameworks
Relevant social responsibility and labour culture, trade unions, non-governmental organisations
(NGOs) and other interested parties within the country or area of operation.
The EICC-GeSI Scheme is based on the following audit criteria key documents:
Purchasing organisations
Supplier organisations
Regulatory authorities
NGOs
Contracted verification agencies.
48
49
Appendix I Part 14
Maritime Auditor Scheme
Specific Requirements and Guidance
Scheme specific (additional) requirements
Within the sector understanding and work experience sections of the application form, you are
required to demonstrate the following knowledge and competencies:
Work experience
You must have four years work experience in any of the positions below:
Master, chief engineer, first mate, second engineer, superintendent or manager engaged in
organising, managing and operating ships, surveying ships, or providing specific marine
consultancy
Deck and engineer officers sailing as chief mate or second engineer, having obtained their
master and/or chief engineer certificates/qualifications
Principal or senior lecturer in a marine college, teaching the above relevant marine courses
and with supporting records of sea service.
Note 1: Sea time is most important, and IRCA will not only review qualifications and work experience
but also records of sea-time experience, so please make sure this is made clear in your application.
Note 2: Experience as a cargo surveyor, shipbuilder, ship designer, ship repairer or a ship inspector is
not acceptable.
Academic qualifications
Applicants are expected to hold at least one of the following:
50
Auditor training
All applicants must have successfully completed a QMS Auditor/Lead Auditor Training course and a 2
day approved ISM Code Training course OR an approved combined QMS Auditor/Lead Auditor/ISM
Code training course, within a three-year period immediately prior to any application for
certification. Such training courses must meet the requirements of ISO 19011:2011.
Audit experience
Auditor
Requires a minimum of five audits, consisting of a maximum of four against the ISM code for the
issue of the Ships Safety Management Certificate, and a maximum of two audits for the purpose of
issuing the Document of Compliance for the shipping company. Applicants shall state on their audit
log sheets (IRCA/106) which certificate has been issued for each audit, and further details of at least
five audits shall be included on the Supplementary Audit log form (IRCA/150).
Lead Auditor
Requires a minimum of a further five audits (in addition to those specified above) as team leader,
leading a team of two or more auditors. The overall total of 10 audits shall include one audit (as
team leader) for issuing the Document of Compliance to a company managing a minimum of 10
vessels, or include two audits (as team leader) for issuing the Document of Compliance for
companies managing less than 10 vessels.
Note: Details of the above audits must be included on the Supplementary Audit form IRCA/150.
Renewal of certification
The generic requirements for renewal of certification apply (see Section 6), although all qualifying
audits shall have been performed against a management system that includes all the elements of
the ISM code. In addition to the IRCA/106 audit log sheet, all auditors are required to complete the
IRCA/150 Supplementary Maritime (ISM) audit log form for each audit claimed.
The maritime scheme is based on the following key document:
ISM Code: The International Management Code for the Safe Operation of Ships and for Pollution
Prevention (latest issue).
Guidance on who this scheme is intended for
Maritime auditors, such as those employed by:
Flag administrations
Recognised organisations
51
Marine consultants
Ship managers
Employees conducting ISM code audits within their own organisation, ie:
Internal audits
Second-party audits.
52
Appendix I Part 15
SSiP Assessor Scheme
Requirements and Guidance
Important notes:
Not all of the generic criteria apply to this scheme. This is indicated in the requirements below.
This scheme has three grades that differ from the generic IRCA grades. These are Provisional
Assessor, Assessor and Reviewer. There is also a separate application form and assessor log for the
SSiP Scheme (IRCA/4007/11/01 and IRCA/4006/11/1). The scope of certification is general, ie it does
not include any detailed industry sector-specific safety Competencies.
The scheme criteria for initial certification are detailed below:
Education (generic criteria does not apply)
For all grades:
53
None.
You need to have performed at least 10 complete assessments against Core Criteria Stage 1;
this assessment activity must include document review, preparation and performance of the
assessment activities, and assessment reporting. Although we recommend you should
complete all of the assessments under the direction and guidance of an SSIP reviewer, we
acknowledge that for many small SSIP Forum members this will be very difficult and costly to
arrange. Consequently, we will accept a minimum of one assessment under these
conditions. We will require the reviewer to attest to your competence to assess.
In addition to the assessment requirement for the SSIP Assessor grade listed above, you
must have completed five acceptable assessment verifications.
Additional requirements:
For the Reviewer:
Please note:
For both an assessor and reviewer, assessment verifications must have taken place during
the previous two-year period, and assessments must have taken place during the previous
three-year period. We must be able to verify all assessment and verification experience you
submit in your log sheets
We will only accept assessments that have been performed in accordance with the
requirements of the CDM 2007 ACOP Appendix 4 for Core Criteria Stage 1
Assessments performed against alternative national, international or company standards
may be acceptable, as long as the issues required in Core Criteria Stage 1 are addressed as a
basic minimum
We will accept OHSAS 18011 audits performed by you if the scope of the audit included all
elements of CDM 2007 ACOP Appendix 4 for Core Criteria Stage 1.
54
Renewal of certification
Compliance with the IRCA Code of Conduct (as per generic criteria)
Assessment experience
We need you to record and submit your assessment experience on the assessor log sheets
(IRCA/4006) which we supply.
55
56
Assessor Competencies
Provisional SSIP Assessor and SSIP Assessor grades:
Activity
Understanding
business and safety
implications
A1
Establishes and clearly understands the applicants business and safety risks.
Establishes awareness of the stakeholder expectations including customer expectation and regulator requirements,
especially those associated with safety and safety compliance.
Develops an assessment plan to:
A2
Meet the purpose, scope and criteria of the assessment against Core Criteria Stage 1
Request additional data when considered necessary, and manages the assessment timeline to accommodate
the receipt of this data
Be aware of and able to prepare for typical problems encountered in assessments (incompleteness, generic
submissions, lack of understanding of requirements, falsification, etc).
Work process
B1
Operates independently whilst working collaboratively within the company or SSIP membership.
Opening discussions
with applicant
C1
Contacts the applicant in a credible and positive manner that sets the tone for an effective assessment and reporting
dialogue.
D1
Deploys appropriate techniques for assessing top management commitment and involvement in the safety management
and application process.
Understand safety
needs in the context
of the application
and apply that
knowledge to the
assessment process
Manage the
assessment process
Gather assessment
evidence
Evaluate findings
and decide
conformity and
effectiveness of the
safety system
D2
Applies assessment criteria appropriately to the size, risk and type of business.
E1
Maintains and monitors the progress of individual assessments against realistic timelines, when the process requires
additional data or clarification of evidence supplied in support of core competence criteria requirements.
E2
Maintains open communication with the applying organisation with respect to assessment progress.
F1
Acquires all required information effectively using appropriate techniques, to ensure conformity to the core competence
criteria requirements.
F2
Selects samples and topics that are relevant and commensurate with the safety risks associated with the business
activity or service provided by the applicant.
F3
Remains focused on assessment objectives and is not deflected away from required assessment trails.
F4
Collects information effectively through a variety of means, such as observing and reviewing documents, records and
data, and where necessary interviewing and listening.
F5
Effectively tests the level of compliance and robustness of the applying companys processes.
F6
Demonstrates effective assessment of stated processes via review of supplied inputs, outputs, controls, reviews and
resources.
F7
G1
Is aware of and acts upon factors that can affect the reliability of the assessment findings and conclusions.
G2
Evaluates the effectiveness of the system within the context of the business/industry sector.
G3
Evaluates and reports to the applying organisation as to whether the design and implementation of the safety system is
appropriate to the required application, and the advancement of safety standards within the applying organisation.
57
Activity
Identify
opportunities
for use of
simplification/
best practice
beyond
conformance
Communicating
giving feedback and
effective verbal and
written responses
H1
Adopts a value-added approach to the assessment, but does not offer consultancy
I1
I2
Discloses and discusses assessment findings openly and honestly with the applicant
I3
Communicates the findings of the assessment in a style that is credible and which is of value to the applying organisation
I4
Makes requests for additional data or clarification in a style that is accurate, easily understood and straightforward to
follow
I5
Writes an assessment report that accurately and succinctly summarises the assessment findings using only verifiable
facts
J1
Adapts to changing circumstances, and is open to new ideas, approaches and methods
J2
J3
J4
Keeps emotions under control, handles criticism well and learns from it
Activity
Ensure assessments
are appropriate
K1
L1
L2
L3
M1
M2
Confirm assessors
are competent
Resolve complaints
and disputes
58
Appendix II
Definitions
Audit
A systematic, independent and documented process for obtaining audit evidence and evaluating it
objectively, to determine the extent to which audit criteria are fulfilled.
Auditee
The organisation being audited.
Audit client
The person or organisation requesting an audit.
Audit team
Two or more auditors performing an audit, one of whom is appointed as leader.
Lead audit
An audit where the auditor performed the audit whilst leading a team of at least one other auditor.
Sole audit
An audit where one auditor performed all phases of the audit.
First-party audit
An audit performed within an organisation by that organisations own auditing resource. Also
referred to as an internal audit.
Second-party audit
An audit of contractors/suppliers undertaken by, or on behalf of, a purchasing organisation. This
may include the audit of companies or divisions supplying goods or services to others within the
same group. Also referred to as a supplier audit.
Third-party audit
An audit of an organisation performed by a body that is independent of the organisation being
audited, eg certification body or registrar.
59
Appendix III
IRCA Code of Conduct
It is a condition of certification that you agree to act in accordance with, and be bound by, the
following Code of Conduct:
a) To act in a strictly trustworthy and unbiased manner in relation to both the organisation to
which you are employed, contracted or otherwise formally engaged (the audit organisation), and
any other organisation involved in an audit performed by you or by personnel under your direct
control
b) To disclose to your employer any relationships you may have with the organisation to be audited
before undertaking any audit function in respect of that organisation
c) Not to accept any inducement, gift, commission, discount or any other profit from the
organisations audited, from their representatives or from any other interested person, or
knowingly allow personnel for whom you are responsible to do so
d) Not to disclose the findings, or any part of them, of the audit team for which you are responsible
or of which you are part, or any other information gained in the course of the audit, to a third
party, unless authorised in writing by both the auditee and the audit organisation to do so
e) Not to act in any way prejudicial to the reputation or interest of the audit organisation
f)
Not to act in any way prejudicial to the reputation, interests or credibility of the IRCA
g) In the event of any alleged breach of this code, to cooperate fully with any formal enquiry
procedure.
60