STAGE 1 & 2 AUDITS
If stage 1 audit is okay ie the company is ready for stage 2., we then carry out a stage 2 audit at your site/s to see that you are actually in compliance with your documentation. ACS would inform the client if on-site visit is necessary for stage 1.
The stage 1 audit findings incorporating document review would be documented in the stage 1 audit report and Document Review report. The client(s) would be given copies of the audit reports (stage 1, Document review and stage 2).
In cases where the client fails to conduct internal audit and management review prior to stage 1 audit and to ensure adequate time is made available to the client to conduct internal audit and management review, a minimum period of two weeks shall lapsed before any stage 2 audit can be conducted.
The interval between stage 1 and stage 2 audits would be determined based on the needs of the client to resolve areas of concern identified during stage 1. ACS may also need to revise the arrangements for stage 2.
Should there be any significant changes which occur during the interval between stage 1 and stage 2 which would impact the management system, ACS would consider and decide the need to repeat all or part of stage 1.
Depending on the results of stage 1, stage 2 audit may be postponed or cancelled.
Please Note: We are required to have a number of our audits witnessed by JAS-ANZ or ACS trainee auditors. It is therefore a requirement for us to obtain your agreement as these witness audits may take place during your regular audit. It should be stressed that the witness audit is evaluating the performance of our auditors and not your organisation.
CERTIFICATION
Should there be any major non-conformance reports (Major NC) issued by the auditor, the organization would not be recommended for certification until satisfactory resolution & close-out of these reports. The clients are required to respond to ACS the proposed corrections and/or corrective actions within ten working days and have the major NCs closed out within 30 days from the last day of the audit. For minor non-conformances (Minor NC), the client is required to respond to ACS the proposed corrections and/or corrective actions within ten working days. The minor NCs can then be closed out at the next surveillance audit.
Once major non-conformance reports issued have been closed out by the auditor and proposed corrections and corrective actions reviewed and accepted by the auditor , the audit reports and documents would be submitted to the certification committee for approval. Once the approval is granted, the office would then prepare and issue you with a Certificate of Registration subject to all outstanding payments received. The certification cycle would always be three years.
AUDIT FREQUENCY: (Maintenance)
The first surveillance audit shall be within 12 months from the date of initial certification decision date. Maximum period allowed is not exceeding 12 months from the initial certification decision date.
The second and third surveillance audits can then be once a calendar year as a minimum. In other words, the surveillance audits shall be conducted at least once a year ie. At least once from January through to December in any given year. The client would be suspended for failing to comply with this requirement.
The frequency of surveillance audit is once a calendar year as a minimum except in recertification years (subject to the auditors confidence in your systems). However, it may be necessary to adjust the frequency of surveillance audits to accommodate factors such as seasons or management system certification of a limited duration (e.g temporary construction site).
Short notice audits or unannounced audits may be necessary to (1) investigate complaints (2) in response to changes (3) follow-up on suspension enforced. In such cases, ACS would assure the client that additional care will be exercised in appointment of the audit team. ACS would at least advise clients of any short notice or unannounced audit at least two weeks in advance and send out the audit plan at the same time.
The audited organisation shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future surveillance audits) to close out any major nonconformities that were raised for stage 2 and surveillance audits and any nonconformity reports raised for recertification audits.
RE-CERTIFICATION, AFTER A PERIOD OF 3 YEARS (maintenance)
Prior to the expiry of certification, a re-certification takes place, which means conduct a full on-site audit and audit compliance to all applicable QMS clauses. The auditor would consider the performance of the management system over the period of certification which includes a review of the previous surveillance audit reports.
Re-approval of certification would be based on results of the audit, results of review of the management system over the period of certification, close-out of all non-conformities (past and present) and any complaints received from users of certification. The certificates granted will be for a period of three years.
The purpose of the recertification audit is to :
1.Confirm continued conformity as a whole of the management system
2. Continued effectiveness as a whole of the management system
3. Continued relevance for the scope of certification
4. Continued applicability for the scope of certification
Note: There may be a possibility that a stage 1 audit be conducted prior to re-certification audit under the following situations:
1. Significant changes to the management system certified.
2. Significant changes to the client (e.g top management changes)
3. Significant changes to context in which the management system is operating (e.g applicable statutory and regulatory requirements)
Note: For any major nonconformities raised during the recertification audit, the audit team leader during closing meeting agree with clients on the timeframe for the implementation of the non-conformities raised. This is to ensure that the organisation has sufficient time to implement the proposed corrections and corrective actions prior to certificate expiry.
When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. In other words, subsequent certification cycle expiry dates can follow the initial certification cycle expiry date. The issue date on the new certificate would be on or after the recertification decision.
If ACS has not completed the recertification audit or ACS is unable to verify the implementation of corrections and corrective actions for any major nonconformity prior to the expiry date of the certification, then the audit team leader would not recommend recertification and the validity of the certification would not be extended. This would mean for the organisation to be certified, they would have to submit new application and be subjected to ACS requirements for initial clients.
However, following the expiration of certification, ACS can restore certification within six months provided outstanding recertification activities (remaining uncompleted recertification or closure of major NC(s)) are completed. Otherwise, at least a stage 2 audit would be conducted. The effective date on the certificate would be on or after the recertification decision and the expiry date would be based on prior certification cycle.
It is recommended that recertification audit be conducted as a minimum one month prior to the certificate expiry to ensure recertification activities can be completed and any major non-conformities raised can be closed-out before certificate expiry.
CRITERIA FOR GRANTING CERTIFICATION
OBSERVERS AND GUIDES
During audit activities, observers are allowed to be present provided agreement is reached between the client and ACS and justification(s) given for their presence. The audit team shall make sure that the observer(s) do not interfere or influence in the process of audit and it’s outcome.
Note : Observers can be members of client’s organization, consultants, witnessing accreditation body personnel, regulators or other justified persons.
Each auditor shall be accompanied by a guide, unless otherwise agreed to by the audit team leader and the client.
Guides are there to facilitate the audit. The audit team shall ensure that the guides do not interfere in the process of audit or it’s outcome.
The responsibilities of a guide as outlined in ISO 17021-1:2015 are as follows:-
a) Establishing contacts and timing for interview
b) Arranging visits to specific parts of the site or organization
c) Ensuring that rules concerning site safety and security procedures are known and respected by the audit team members
d) Witnessing the audit on behalf of the client
e) Providing clarification or information as requested by the auditor
Note : where appropriate, auditee can also act as the guide
The role and responsibilities of observers are as follows:
a) To observe how the audit process is conducted
b) The observers shall not influence or interfere in the audit process or outcome of audit
c) The observers can introduce themselves during the opening meeting and reason(s) for their presence
d) Only technical expert(s) can give input to the auditor(s) related to their level of expertise when the need arises.
e) The observers cannot question the validity or otherwise of any non-conformities or observations raised by the audit team
f) The observers shall not assist the interviewee on any aspects relating to management system standard and/or audit criteria audited e.g answering questions on their behalf, locating documents etc.
g) The observers can only ask clarification questions related to the interpretation of management system standard and/or audit criteria
h) The observers shall not act on behalf of the auditee during the audit process
i) In the case of any evaluator(s) assigned to evaluate auditor(s), he may take over the duties of the auditor-in- training and have final responsibility for the activities and findings of the auditor-in-training
j) Any translators or interpreters duty is to translate or interprete on behalf of the auditor and not act as an auditor or give advice or suggestions to the audit team, or auditee. They however, can clarify with the auditee terminologies used or any ambiguities.
TECHNICAL EXPERTS
The role of the technical experts during the audit activity shall be agreed to by ACS and client prior to the conduct of the audit. A technical expert is not an auditor and not part of the audit team. The technical expert whose role would be to provide the audit team advice for the preparation, planning or audit and would be accompanied by an auditor.
COLLECTION AND VERIFICATION OF INFORMATION
During the process of an audit, information will be collected and verified as objective evidence in reaching audit findings. Information relevant to the audit objectives, scope and criteria (including information relating to interfaces, between functions, activities and processes) are collected based on appropriate sampling.
The method of collecting the information shall include but not limited to the following:
a) Interviews
b) Observations of processes and activities
c) Review of documentation and records
CERTIFICATION REQUIREMENTS:
To achieve and maintain certification, your organization agrees to the following:
1. Always comply with the relevant provisions of the certification programme as specified in this manual, ISO standards, applicable legislation and other appropriate and relevant documentation.
2. Provide all relevant documentation and access to all processes and areas, records and personnel for the purposes of the initial audit, surveillance, recertification, follow-up audits; access to resolution of complaints and the corrective actions taken.
3. To ensure that internal audits and management reviews are carried out each year and records available for review. To also ensure that actions have been taken on all outstanding minor NCs and/or major NCs and records or evidence(s) available for review by ACS auditors.
4. Claim to be certified only in those areas of their operation that are specified in the scope of their certification documentation.
5. Operate in such a manner that does not bring ACS or JAS-ANZ into disrepute. This shall include making any statement about their certification, which is misleading or untrue.
6. Amends all advertising matter when the scope of certification has been reduced.
7. Management system certification shall not used in such a way that implies the product (service) or process is certified by ACS.
8. Shall not imply that the certification applies to those activities that are outside the scope of certification
9. Upon any suspension or withdrawal of their certificate, not to continue claiming to be certified through the use of logos or statements in the organisation’s documentation or other advertising matter or promote certification. The issued certificates & relevant documents to be returned to the Company upon withdrawal.
10. To ensure that no certification document, mark or report, or any part thereof, is used in a misleading manner.
11. In making reference to the certification in communication media such as documents, brochures or advertising, comply with the requirements of the certification body. e.g certificate number shall be prominently displayed together with JAS-ANZ and/or ACS or IAF logos. Where the ACS logo does not specify the management system standard, the management system standard certified shall be displayed.
12. To have relevant procedures in place to ensure compliance with the above requirements.
13. Does not use the certification in such a manner that would bring the certification body and/or certification system into disrepute and lose public trust.
14. To accommodate the presence of observers (witness auditor(s)) ,ACS trainee auditors/technical observers . The client would not be charged for the presence of these observers. The witness auditor(s) be they from JAS-ANZ or ACS are there to witness and evaluate the auditor(s) assigned to the audit and not the organization’s management system. The trainee auditor may be sent to the audit as part of their training and auditor registration requirements.
15. Make all necessary arrangements for the conduct of audits for the purpose of initial, surveillance, recertification, resolution of complaints and any other vistis:
• Conducting the audit and any reaudits or audit follow-up.
• Examining documentation
• Accessing all areas and processes including off site areas
• Accessing all appropriate records, personnel and documentation.
• Accessing personnel at all levels in the organisation
• Reassessment and resolution of complaints, disputes and appeals.
16. Use certification only to demonstrate that their Quality System conforms to a recognised Quality Standard, and not imply that the product or service is approved by the Company.
17. Advertising documentation complies with the certification requirements of the Company.
18. Only ensure that only those sites (for multi-site organizations) that are shown in the certification document ( e.g certificate) are claimed to be certified.
19. To comply with ACS procedures in relation to required man-days, sample size & selected sites for initial, surveillance, short-notice audits and recertification audits for both single & multi-site organizations where applicable.
REFUSING CERTIFICATION
The above specifies the criteria for certification. ACS reserves the right to refuse certification should the applicant fails to comply with any of the above criteria.
AUDIT PROGRAMME
The audit programme shall be prepared by ACS after receipt of the completed application form from the client and after resolving with the client any areas of concern & requests for any additional information (if applicable)
The audit programme shall be confirmed with the client prior to stage 1 & 2 audits ie. during or after the client has accepted ACS proposal. Then a copy of the audit programme will be communicated to the client either by hand or by email.
During surveillance and recertification audits, prior to the confirmation of the audit team, there shall be communication between ACS office and the certified client (e.g change of scope) to determine if any changes to the audit programme is required. Conditions that may necessitate adjustments to the audit programme are a) size of organisation, b) Scope and complexity of management system, c) Products and processes, d) Management system effectiveness and e) Results of any previous audits. The audit programme will be prepared based on these information to determine whether any need for adjustments to the audit programme.
Then the audit programme will be confirm with the client and communicated to them either by hand or email. For recertification audits, the audit programme review should be carried out prior to the recertification audit review process.
After all initial audits, surveillance and recertification audits, based on the findings of the audits, the audit programme would be confirmed or adjusted accordingly based on the findings of the relevant audits. Changes can be for example, frequency of audits, duration of audits, any follow-up activities, need for special audits etc. Any adjustments and changes will be documented in the audit programme and communicated to the client either by hand or email.
FORCE MAJEUR
Should any unforeseen circumstances occur that prevent us from completing any certification activity, then we reserve the right to claim Force Majeur.
In the unlikely event of this occurrence, we will immediately contact you, informing you of our proposed action.
EXTENDING CERTIFICATION/ REGISTRATION
The company would have to apply to ACS for any extension of scope. Each request would be individually reviewed and determine any audit activities necessary to decide whether or not the extension may be granted. Any auditing required would be conveyed to the client and may be conducted in conjunction with a surveillance audit.
REDUCING OF CERTIFICATION
During the course of the audit, it may become clear to the auditor that the organization is not in a position to achieve certification within the originally conceived scope.
(1) The company has persistently or seriously failed to meet the certification requirements for those parts of the certification scope. In other words the company’s ability to comply with the certified scope has been compromised.
(2) Major changes to the certified organization.
(3) Failure to respond to a issued non-conformity within agreed timeline.
(4) Failure to resolve issues that have resulted in suspension of certification in an agreed timeframe.
(5) A request from company to reduce it’s scope
The auditor will discuss with the organization management for the reduction of scope and submit the report. This will be determined by the Certification Manager upon reviewing the audit report and it’s recommendation.
RESTORING OF CERTIFICATION
Following the expiration of certification, ACS can restore certification of the affected client within 6 (Six) months provided that the outstanding recertification activities are completed. Otherwise , at least a stage 2 shall be conducted.
Outstanding recertification activities mean that ACS has not completed the recertification audit or ACS is unable to close-out any major non-conformities raised prior to the expiry date of the certification.
SUSPENSION OF CERTIFICATION
The certification may be suspended when
(1) The Organization persistently or seriously failed to meet certification requirements including requirements for the effectiveness of management system or fails to respond to a non-conformity within the agreed timeline or when the organization is going through a significant change which is affecting conformity
(2) Failure to allow scheduled surveillance, scheduled re-certification audits and allow auditor access to applicable documents and facilities.
(3) Failure to comply with this “Terms and conditions” including certification requirements
(4) The certified client voluntarily request for suspension
(5) Non-payment of all previous audit fees due. Eventual non-payment of audit fees will result in withdrawal of certificates.
(6) The first surveillance audit following initial certification exceed 12 months from the last day of the stage 2 audit.
(7) The surveillance audit is not conducted at least once a year.
Note : In most cases, suspension would not exceed 6 months
WITHDRAWAL OF CERTIFICATIONS
The certificate of registration may be withdrawn in the following situations:
(1) The organisation ceases to trade
(2) Fails to pay ACS the appropriate fees invoiced in a timely manner and/or
(3) There is no response to corrective actions for non-conformities within the agreed timeline (despite allowable extension)
(4) Failure to observe the condition of non-promotion of certification status during the period of suspension
(5) Failure to resolve issues that have resulted in suspension of certification in
an agreed timeframe.
SCOPE LIMITATION
When the desired scope of certification is related to a specific programme, service or product, the Company will provide any necessary information to the applicant.
PROVISION OF ADDITIONAL INFORMATION TO AN APPLICANT
If requested the Company will supply any additional information to an applicant so that the conditions of certification and operation as a certified body are clearly understood.
COMPANY APPLICATION REQUIREMENTS
The Company shall require an applicant seeking certification to a quality standard to:
• Complete the Questionnaire.
• Ensure that a duly authorised representative of the organisation signs the form.
• Provide on the quotation a clear definition of the scope of the desired certification. The scope shall be identified using the four-digit ANZSIC code system, or some other coding system, which has a clear definition and provides guidelines and parameters against which assessment may take place. (The Company uses the coding system as a means of auditor team selection and composition and where required expertise deficiency is made up by the use of technical experts)
• Comply with all of the requirements for certification and to allow access to any information needed for evaluation purposes, in particular the documented procedures required by the relevant Standard.
NOTICE OF CHANGES BY ACS
ACS shall give it’s certified clients due notice of any changes to it’s requirements for certification. A circular would be faxed or otherwise send to the client informing them of these changes and clients’ obligations as well as dateline for compliance.
ACS would monitor compliance to these changes during the next surveillance audit unless requested earlier by client(s). Non-conformance to these requirements or changes would be raised as observations prior to the dateline. After the deadline, any non-conformance to the changes would be raised as major or minor NCs depending on the severity of the non-conformance(s).
NOTICE OF CHANGES BY CLIENT
The client shall inform ACS without delay of matters that may affect the capability of management system to continue to fulfil the requirements of the standard used for certification including changes relating to:
• The legal, commercial, organizational status or ownership
• Organizational and management changes e.g (key managerial, decision making or technical staff)
• Contact address and sites
• Scope of operations under the certified management system
• Major changes to the management system and processes
Actions to be taken by ACS would vary according to the type and severity of changes. Actions
may include one the following:
a. update of address, locations and name change would involve updating the certification document if there are no other changes made
b. Major changes such as scope of operations, key staff or top management change, legal, commercial and organisational status change and major changes to management system and processes will necessitate a visit to the registered site(s) to verify on the changes made and to ensure that the changes made do not adversely affect the integrity of the management system that may result in a failure to meet audit objectives.
c. Non- conformites may be raised as a result of the visit if the changes made adversely affect the stated audit objectives. If non-conformities are raised, the timeframe for proposed corrections and corrective actions and for closure would be as per ACS policy on non-conformities.
TERMINATION OF AUDIT
The audit leader may terminate the audit at any time if:
• the system is not sufficiently developed to justify an audit;
• the auditee is exerting undue influence on the audit team;
• the auditee is being obstructive; and
• a conflict of interest becomes apparent
The audit team leader shall inform the client of the termination. Should the client request the audit to proceed, the audit objectives and/or scope shall be revised.
AMENDMENT TO CERTIFICATION SCOPE
The Company will undertake amendment to the scope of certification that has already been granted.
The Company will decide what, if any, assessment procedure is appropriate to determine whether or not the amendment should be granted and will undertake such actions accordingly.
ACCESS TO INFORMATION
The applicant shall afford the company access to it’s record of complaints and the use of the ACS & JAS-ANZ logos. Access to logos is to ensure the correct use of them. The logos shall not be placed in any place where it can be misconstrue as product certification.
During initial audit & surveillances, ACS auditors would audit all applicable elements of as per the audit plan. However, the process by which the auditor(s) conducts the audit would be on a sampling basis. However, surveillance audit(s) would only cover selected elements of certified quality management system of applicant’s organization and ISO 9001:2015 standard.
The applicant and certified client shall also afford access to JAS-ANZ auditors as required for the purpose of conducting an witness audit. This witness audit is an audit not on the organization processes and/or procedures but on the auditor(s) conduct of the audit. ACS is required to be audited periodically by JAS-ANZ as part of the accreditation requirements. It is also therefore a requirement for us to obtain your consent that your files (documents, records) may be selected and verified by the JAS-ANZ auditor. Please be assured that any JAS-ANZ auditor selected to conduct audits on ACS would be required to sign ACS “Conflicts of interest and confidentiality undertaking” before being allowed access to these information.
PAYMENT
The applicant shall made the payment of the fees for audit(s) carried out as per the terms specified in the quotation. Prolonged non-payment would result in suspension of further audits. Failure to conduct audit(s) within the twelve month period from previous audit would result in the applicant being deregistered from JAS-ANZ.
CONFIDENTIALITY AND CONFLICT OF INTEREST UNDERTAKING
Prior to the assignment of audit(s) all staff, auditors, technical experts, advisory council members, certification committee member(s) of ACS Certification (M) Sdn. Bhd and JAS-ANZ auditor(s). shall sign the “Confidentiality and Conflict of Interest Undertaking” form. This ensures that the members involved in the certification of the applicant retains confidentiality of client’s information which come to their knowledge and will not disclose or use the same unless prior written consent from the applicant to such disclosure or use is available.
ACS has a documented procedure section 6 “Confidentiality” that deals with the above mater. ACS shall inform the client in advance, of any information it intends to put in the public domain. ACS with the exception of the requirement of the certified standard, information regarding a particular client or individual shall not be disclosed to a third party without the written consent from the client(s) or the individual concerned. All information except for those the client(s) have made publically accessible would remain confidential and treated as such.
Where ACS is required by law to release confidential information to a third party, the client or individual concerned, unless regulated by law would be notified in advance of the information provided. Information about the client from sources other than the client (e.g complainant, regulators) would be treated as confidential.
ACS with regards to confidential information made available to other bodies, ACS would be subjected to periodic audits by JAS-ANZ. As such certain information e.g audit reports would be reviewed by their auditor(s). ACS would required them as described above to sign ACS Conflict of interest and confidentiality agreement.
The members involved in the certification process would also be required to disclose to ACS Certification (M) Sdn. Bhd. any commercial, business, financial or personal interest in the applicant’s organization to safeguard impartiality of the process.
USER OF MARKS AND LOGO
Only ACS certified clients are allowed to use the marks and logos provided. Reference to your certification status can be used on the internet, brochures or advertising, or other documents subject to the conditions specified below. The marks and logos used and/or displayed by the certified client for the purpose of promotion and/or advertisement shall be not be in any way misleading or providing an inaccurate status of the certified organizations. In particular, the following shall be complied with:
.
(a) Marks and logos used shall highlight the standard(s) to which the organization is certified. Include the company name and/or logo
(b) Marks and logos used shall be traceable to the certification body ie. the organization shall display amongst others the certificate number on the marks and logos used. Where the ACS logo does not specify the management system standard, the management system standard certified shall be displayed e.g "ISO 9001:2008 certified".
(c) The following rule shall be observed when any statement on product packaging or in accompanying information that the certified client has a certified management system.
a. Product packaging is considered as that which can be removed without the product disintegrating or being damaged.
b. Accompanying information is considered as separately available or easily detachable.
Note : Type labels or identification plates are considered as part of the product and thus no statement by certified client that it has a certified management system is allowed.
The statement shall in no way imply that the product, process or service is certified. The statement shall include reference to :
- Identification (e.g brand or name) of the certified client
- The type of management system (e.g quality, environment) and the applicable standard
- The certification body issuing the certificate
(d) Marks and logos shall not be applied to laboratory test, calibration or inspection reports.
(e) The client shall not use the marks and logos during the period of suspension pending resolution of appeals.
(f) The client shall return the certificates of registration to ACS upon withdrawal or discontinuation. The use of marks and logos as well as advertising matter that contains reference to certification shall be not be used upon suspension until the suspension is lifted. The use of marks and logos as well as advertising matter that contains reference to certification shall be not be used upon discontinuation or withdrawal of certification.
(g) The client only display, apply and use the marks and logos for the scope with which it is certified and the sites for which it is certified (for multi-site locations).
(h) The client shall not claim in it’s marketing literature and/or use the marks and logos for those scope of activities and/or sites for which it is not certified or outside the scope of certification, whether single or multi-site. Where the symbols relate in part, to define in the document the part the symbols applied.
(i) The client shall amend all advertising matter when the scope of certification is reduced or revised that has been approved by ACS.
(j) To not use the certificate document or any part thereof in a misleading way
(k) Do not allow reference to your certification to imply ACS certifies a product (including service) or process.
(l) Does not make or permit any misleading statement regarding it’s certification.
(m) Does not use the certification in a manner that would bring ACS and/or certification system into disrepute and lose public trust.
(n) Symbols provided shall not be reproduced in a color combination other than those provided.
(o) Symbols may be uniformly enlarged or reduced . However, they shall be large enough for wording to be clearly legible.
(p) The symbols shall not be used in isolation for accredited certificates. They must be used together as per the template provided by ACS
(q) Symbols shall not used to suggest that the Australian/New Zealand Government, JAS-ANZ governing board, or any government minister have certified or approved the certified scope
(r) Symbols used shall be of the same size and not different in sizes and positioned together side by side.
(s) To at all times comply with directions from ACS as directed from JAS_ANZ on the use, prohibition of use or discontinuation of the use of JAS-ANZ, IAF and ACS logos
Compliance to the above requirements, correct reference to certification status and the correct usage of certification documents, marks or audit reports would be monitored during every surveillance or recertification audits. A Non-conformance report (major or minor) with regards to the severity as appropriate would be issued by the auditor for any misleading actions and non conformance to the above requirements. A publication of transgression could be one of possible corrective actions. Failure to resolve & have the auditor close the NCs within the agreed dateline would result in suspension and/or withdrawal of certification.
ACS reserves the right to take appropriate legal action if necessary should there be any non-conformance to the above requirements.
NOTE: THE TERMS AND CONDITIONS CONTAINED HEREIN ALSO APPLY TO ALL THE SITES COVERED BY THE SCOPE OF CERTIFICATION FOR AN ORGANISATION CERTIFIED WITH MULTIPLE SITES.