Public consultation on Enquiry Drafts of revised PEFC International Standards for Chain of Custody and Trademark Rules

ED PEFC ST 2002:201X, Chain of Custody of Forest and Tree Based Products - Requirements

4 Management system requirements

4.1 General requirements

4.1.1 The organisation shall operate a management system in accordance with the requirements of this standard, to ensure correct implementation, and maintenance of the PEFC chain of custody process(es). The management system shall be appropriate to the type, range and volume of work performed, and cover outsourced activities relevant for the organisation’s chain of custody and all sites in case of multi-site organisations (see Appendix 2).

Note: An organisation’s quality (ISO 9001) or environmental (ISO 14001) management system can be used to meet the requirements for the management system defined in this standard.

4.1.2 The organisation shall define the scope of its PEFC chain of custody by specifying the PEFC product groups for which the requirements of the PEFC chain of custody are implemented.

4.1.3 The organisation shall only make PEFC claims and PEFC related statements that are correct to the best of its knowledge and covered by its PEFC certification scope.

4.2 Documented procedures

4.2.1 The organisation shall establish written documented procedures for its PEFC chain of custody. The documented procedures shall include at least the following elements:

a) organisational structure, responsibilities and authorities relating to the PEFC chain of custody,

b) description of the raw material flow within the production/trading process(es), including definition of product groups,

c) procedures for PEFC chain of custody process(es) covering all requirements of this standard, including:

i. identification of material categories,

ii. physical separation of certified, controlled material and other material (for organisations applying the physical separation),

iii. definition of product groups, calculation of certified content, management of credit accounts, transfer to outputs (for organisations applying percentage methods),

iv. sale/transfer of products, on-products claims and on- and off-product trademark use,

v. record keeping,

vi. procedures for internal audits and non-conformity control,

vii. procedures for the due diligence system,

viii. procedures for complaints resolution.

4.3 Responsibilities and authorities

4.3.1 General responsibilities The organisation’s management shall define,document its commitment to implement and maintain the chain of custody requirements in accordance with this standard. The organisation’s commitment shall be made available to the organisation’s personnel, suppliers, customers, and other interested parties. The organisation’s management shall appoint a member of the management who, irrespective of other responsibilities, shall have overall responsibility and authority for the organisation’s PEFC chain of custody.

4.3.2 Responsibilities and authorities for chain of custody

The organisation shall identify the personnel performing activities for the implementation and maintenance of its PEFC chain of custody and shall establish personnel responsibilities and authorities for the implementation of the procedures 4.2.1 c) i-viii.

Note: The responsibilities and authorities for the PEFC chain of custody given above can be cumulative.

4.4 Record keeping

4.4.1 To provide evidence of conformity with the requirements of this standard the organisation shall establish and maintain at least the following records relating to the product groups covered by its PEFC chain of custody:

a) records of all suppliers of certified material, including evidence of the suppliers’ PEFC certified status,

Note: Evidence could be a reference to the PEFC website, the PEFC information system or a copy of the organisation’s PEFC recognised certificate.

b) records of all input material, including PEFC claims and documents associated to the delivery of the input material, and for recycled input material, information demonstrating that the definition of recycled material is met,

c) records of calculation of the certified percentage, transfer of the percentage to output products and management of the credit account, as applicable,

d) records of all products sold/transferred, including PEFC claims and documents associated to the delivery of the output products,

e) records of the due diligence system, including records of risk assessments and significant risk supplies management, as applicable,

f) records of internal audits, periodic chain of custody review, non-conformities which occurred and corrective actions taken,

g) records on complaints and their resolution.

4.4.2 The organisation shall maintain the records for a minimum period of five years.

4.5 Resource management

4.5.1 Human resources/personnel

The organisation shall ensure and demonstrate that all personnel performing activities affecting the implementation and maintenance of its PEFC chain of custody are competent on the basis of appropriate training, education, skills and experience.

4.5.2 Technical facilities

The organisation shall identify, provide and maintain the infrastructure and technical facilities needed for effective implementation and maintenance of its chain of custody with the requirements of this standard.

4.6 Inspection and control

4.6.1 The organisation shall conduct internal audits at least annually, covering its compliance with all requirements of this standard applicable to the organisation, including activities covered by outsourcing, and establish corrective and preventive measures if required.

Note:  Informative guidance for performing internal audits is given in ISO 19011

4.6.2 The organisation’s management shall review the result of the internal audit and the organisation’s PEFC chain of custody at least annually.

4.7 Complaints

4.7.1 The organisation shall establish procedures for dealing with complaints from suppliers, customers and other parties relating to its chain of custody.

4.7.2 Upon receipt of the complaint, the organisation shall:

a) acknowledge the complaint to the complainant within ten days,

b) gather and verify all necessary information to evaluate and validate the complaint and make decision on the complaint,

c) formally communicate the decision on the complaint and of the complaint handling process to the complainant,

d) ensure that any appropriate corrective and preventive actions are taken.

4.8 Nonconformity and corrective action

4.8.1 When a nonconformity occurs, the organisation shall: 

a) react to the nonconformity and, as applicable:

i. take action to control and correct it;

ii. deal with the consequences;

b) evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by:

i. reviewing the nonconformity;

ii. determining the causes of the nonconformity;

iii. determining if similar nonconformities exist, or could potentially occur;

c) implement any action needed;

d) review the effectiveness of any corrective action taken;

e) make changes to the management system, if necessary.

4.8.2 The standard requires that corrective actions shall be appropriate to the effects of the nonconformities encountered.

4.8.3 The standard requires that the organisation shall retain documented information as evidence of:

a) the nature of the nonconformities and any subsequent actions taken;

b) the results of any corrective action.

4.9 Outsourcing

4.9.1 The organisation may outsource activities covered by its chain of custody to another entity.

4.9.2 Through all stages of outsourcing the organisation shall be responsible that all outsourced activities meet the requirements of this standard, including management system requirements. The organisation shall have a written agreement with all entities to whom activities have been outsourced, ensuring that:

a) the material/products covered by the organisation’s chain of custody are physically separated from other material or products, and

b) the organisation has access to the entity’s site(s)for internal and external auditing of outsourced activities for conformity with the requirements of this standard.

Note: A template for an outsourcing agreement can be obtained from the PEFC Council and PEFC authorised bodies.

4.10 Social, health and safety requirements in Chain of Custody

This clause includes requirements relating to health, safety and labour issues that are based on ILO Declaration on Fundamental Principles and Rights at Work (1998).

4.10.1 The organisation shall demonstrate its commitment to comply with the social, health and safety requirements defined in this standard.

4.10.2 The organisation shall demonstrate that:

a) workers are not prevented from associating freely, choosing their representatives, and bargaining collectively with their employer,

b) forced labour is not used,

c) workers, who are under the minimum legal age, the age of 15, or the compulsory school attendance age, which ever is higher, are not used,

d) workers are not denied equal employment opportunities and treatment.