SAAS understands that there are different ways to define and interpret the scope of what is covered during an SA8000 audit and on an SA8000 certificate. SAAS Audit Requirements, Procedure 200 Clause 10, provides detailed information on requirements for determining the scope of an SA8000 certificate.
Defining scope within the SA8000 certification process can be a complicated issue – the SA8000 Guidance document provides detailed direction for auditors, clarifying that the overall intent of SA8000 is to certify an organization which has adopted a social initiative and applies it evenly and completely throughout its operation. Specifically, SA8000 certificates should cover the complete premises and operations including remote sites and home workers operating under a common management system.
The organization’s implemented social management system has to be clearly identified on the SA8000 certificate, including the nature of the business in terms of the products and/or services the company provides, as well as the physical address(es) of the business. If a multi-site certificate is involved, all addresses must be defined on the SA8000 certificate.
Continuous process should also be considered when defining proper scope. Thus, harvesting and packing in agriculture typically are considered to be a continuous process and should be combined for the certified entity. This also applies to the continuous process of fabricating, finishing and packaging where the entire process should be included in the certification. A ready-made garment factory that gets its fabric from a company dyeing facility should be combined under this philosophy as well.
In fact, suppliers operating on-site at the certified location should be treated as part of the company’s operation as their workers are under the umbrella of the certification and must be included as part of the oversight process. They would also be included the calculation of the number of workers at the certified company.
Additionally, companies that seek certification as a means of obtaining contracts (essentially “shell” companies created for this unique situation) while subcontracting the majority of the end product or service may not be approved.
Companies which desire to certify only a portion of the company must comply with the following rules:
- Top management of the company has to be included in the scope, regardless of how the scope is restricted.
- The boundaries of the scope have to be clearly defined.
- The company must not limit certification to a unique department within the company, e.g., human resources or purchasing.
- Scope of the certificate can be extended over time through the process of expansion of scope.
The following are also key points to keep in mind:
- The scope must be clearly described on the SA8000 certificate. Top management of the company must be included in the scope and the boundaries of the scope must be clearly defined.
- CBs cannot certify personnel in one department of the company and not another. Departments are interrelated and personnel might move from one department to another.
- Stage 1 of SA8000 audits should identify all parts of the company so the CB understands the structure of the company for proper determination of scope of the certificate.
- CBs should continuously review the size of the organization to ensure proper allocation of SA8000 audit days throughout the certification and surveillance cycle.
- Public information on the certification of a facility must be clear, understandable, and specific when it comes to the scope and what is included in the certificate. This public information by the SA8000 client must be audited by the CB at every SA8000 audit and will be reviewed by the SAAS auditor during a witness audit and in packages during an office audit.