CERTIFICATION BODY

REGULATIONS
Version 4.0
Copyright notice
© 2020 4C Services GmbH
This document is protected by copyright. It is freely available from the 4C website or upon
request.
No part of this copyrighted document may be changed or amended. The document may not
be duplicated or copied in any form or by any means for commercial purpose without
permission of 4C Services.

Document Title: 4C Certification Body Regulations.

Version 4.0
Valid from: 01 July 2020
 3

4C CERTIFICATION BODY REGULATIONS

Content

Abbreviations.................................................................................................... 5

1 Introduction ............................................................................................. 6

2 Scope and Normative References ......................................................... 7

3 Requirements to become a 4C Cooperating Certification Body ............ 9

3.1 General Requirements for Certification Bodies ............................ 9
3.2 Specific Requirements for Certification Bodies ............................ 9
3.3 Application, Recognition, and Publication by 4C ........................ 10

4 Responsibilities of Certification Bodies ................................................ 12

4.1 Appointment of Qualified Staff .................................................... 12
4.2 Performance Maintenance and Periodic Evaluation
of Appointed Staff ........................................................................ 13
4.3 Management of Impartiality and Conflict of Interest ................... 14
4.4 Gender Balance of the Audit Team - Recommendation ............ 15
4.5 Quality Management ................................................................... 15
4.6 Risk Management ....................................................................... 15
4.7 Framework to Perform 4C Certification Activities ....................... 16
4.8 Issuance, Termination, and Withdrawal of Certificates .............. 16
4.9 Procedure for Complaints and Appeals ...................................... 18
4.10 Documentation ............................................................................ 18
4.11 Data Management and Transmission ......................................... 19

5 Integrity Program for Certification Bodies ............................................ 21

5.1 Monitoring of Certification Bodies ............................................... 21
5.2 Integrity Assessments of Certification Bodies Office .................. 21
5.3 Classification of Assessment Results ......................................... 22
5.4 Infringements, Procedures for Improvement and Sanctions ...... 23

6 Requirements for 4C Auditors and Evaluators ..................................... 26

6.1 General Requirements for Auditors and Evaluators ................... 26
6.2 General Qualifications of Auditors and Evaluators ..................... 27
6.3 Specific Qualifications of Auditors and Evaluators ..................... 27

© 4C Services GmbH
 4

4C CERTIFICATION BODY REGULATIONS

7 Contractual Relationship between Certification Bodies
and 4C System Users ........................................................................... 29

Annex: Declaration on Fulfilment of Requirements

for Certification Bodies .......................................................................... 30

© 4C Services GmbH
 5

4C CERTIFICATION BODY REGULATIONS

Abbreviations

AU Annual Update

BP Business Partner

BPM Business Partner Map

CB Certification Body

FB Final Buyer

IAF International Accreditation Forum

IB Intermediary Buyer

IEC International Electrotechnical Commission

IP Improvement Plan

ISAE International Standard on Assurance Engagements

ISO International Organisation for Standardisation

ME Managing Entity

QMS Quality Management System

ToU CB Terms of Use for Certification Bodies

ToU IB Terms of Use for Intermediary Buyers

ToU ME Terms of Use for Managing Entities

© 4C Services GmbH
 6

4C CERTIFICATION BODY REGULATIONS

1 Introduction
This document lays down the requirements for Certification Bodies (CBs) to Requirements
become a cooperating CB of 4C Services GmbH (4C), and the duties of for CBs
cooperating CBs to perform certification services according to the 4C
requirements. Furthermore, this document describes the requirements and
necessary qualifications for auditors and evaluators to become 4C appointed
auditors and evaluators in order to conduct and evaluate 4C audits.
The requirements and duties laid down in this document are based on industry Industry best
best practices, relevant International Organisation for Standardisation’ (ISO) practices and
international
standards, and the International Standard on Assurance Engagements (ISAE) standards
3000. That aims to ensure that the CB and its auditors and evaluators are
neutral and independent and operate in a consistent, transparent, reliable, and
credible manner. The correct application and assurance of the 4C certification
system are a core responsibility of 4C, its certified 4C Units, and its
cooperating CBs and auditors ensuring the integrity and robustness of the 4C
System.
A list of all 4C cooperating CBs is published and updated on the 4C website CBs published
on an ongoing basis. The list contains contact details of the recognised CBs on 4C website
as well as information about the accreditation body they were accredited and
are monitored by.
Requirements with regard to the 4C certification process as well as 4C System
Regulations
requirements on how to conduct 4C audits and evaluate Annual Updates
(AUs) are described in the 4C System Regulations.

© 4C Services GmbH
 7

4C CERTIFICATION BODY REGULATIONS

2 Scope and Normative References
The requirements specified in this document apply to all CBs, their auditors, Global
application
and their evaluators conducting 4C audits or performing 4C certification
services. These requirements apply on a global basis.
Relevant international standards establishing requirements for agricultural International
conformity assessment, certification of products, processes and services, standards

auditing or certification management of ISO, ISO/IEC, or ISAE, in their latest

valid version, must be considered for application.
As a basic principle, all 4C System documents published on the 4C website 4C requirements
in their latest applicable versions are valid and must be considered for the
scope of application.
Table 1 provides an overview of the normative 4C System documents as well Overview 4C
as further 4C templates and checklists based on the requirements defined in documents
the 4C System documents, and that are provided by 4C to facilitate the 4C
application and certification process.

4C System documents (normative)

4C Code of Conduct
4C principles and criteria for the production, processing, and trading of
green coffee beans
4C System Regulations
Relevant aspects and requirements of the 4C System, including general
rules according to which the 4C System is governed, its internal structure,
and the requirements for 4C certification which need to be applied by all
participants of the 4C System. Furthermore, requirements regarding the
trading of 4C certified coffee and the 4C communication guidelines are
described
4C Certification Body Regulations
Requirements for CBs to become a CB cooperating with 4C, requirements
and necessary qualifications for 4C auditors, evaluators as well as duties
of CBs cooperating with 4C to perform 4C audits and certification
4C templates and checklists based on the 4C System documents
4C Audit Checklist
Audit checklist to be used during 4C audits
Business Partner Map (BPM)
Tool for Managing Entities (MEs) to collect the basic required data of its
Business Partners (BPs)
Improvement Plan (IP)
Plan that includes improvement actions detected during an audit of a 4C
Unit

© 4C Services GmbH
 8

4C CERTIFICATION BODY REGULATIONS

4C contractual documents
Terms of Use for Managing Entities (ToU ME)
Contractual document between 4C and MEs
Terms of Use for Certification Bodies (ToU CB)
Contractual document between 4C and CBs
Terms of Use for Intermediary Buyers (ToU IB)
Contractual document between 4C and Intermediary Buyers
Service Agreement with Final Buyers
Contractual document between 4C and Final Buyers
Table 1: Overview 4C System documents, templates, and checklists

© 4C Services GmbH
 9

4C CERTIFICATION BODY REGULATIONS

3 Requirements to become a 4C Cooperating
Certification Body
3.1 General Requirements for Certification Bodies
The CB must ensure appropriate expertise and experience, both in the CB expertise
relevant fields of activity and for the scope of auditing tasks it is to undertake.
The CB should be carrying out audits in conformity with or according to the International
principles of: standards

• ISO/IEC 17065 establishing requirements for product certification or

ISO/IEC 17021 establishing requirements for management system
certification.
• ISO 19011 for general guidance on conducting and managing audits
and on CB competence management.
• ISO/IEC Guide 60 establishing good practices for conformity
assessments.
• ISAE 3000 regarding assurance engagements other than audits, or
reviews of historical financial information.
The CB must ensure that it performs 4C certification services according to the 4C System
framework as laid down in the 4C System documents. requirements

The CB must also ensure that its staff participating in 4C audits has knowledge Appointment of
on 4C requirements and meets the mandatory competence requirements for qualified staff
each duty assigned as described in chapter 4.1 and chapter 5 prior to perform
(conduct, evaluate or manage) 4C audits.

3.2 Specific Requirements for Certification Bodies

3.2.1 Legal Entity

CBs must be registered as legal entities. CB liability

In case of multinational certification companies, its local branches may apply Multinational
to become an independent 4C cooperating CB or may be registered as a local cooperating CB
operator of the mother company under the condition that the cooperation
agreement is concluded between the mother company and 4C, and local
branches are declared as the CB’s wish to include them in the approval of its
geographical scope of operation. In this case, the CB must provide a
description of the organisational structure including such local branches.

3.2.2 ISO/IEC 17065 Accreditation

CBs must be accredited against ISO/IEC 17065 establishing requirements for Accreditation
bodies operating product certification systems. Accreditation must be
performed by Accreditation Body Members of the International Accreditation
Forum (IAF), according to internationally accepted standards in the agriculture
production sector.
The respective accreditation body is responsible for monitoring the accredited Monitoring of
CB’s compliance with the preconditions for its accreditation. Monitoring of the accredited CBs

© 4C Services GmbH
 10

4C CERTIFICATION BODY REGULATIONS

CB by accreditation bodies will be complemented and supported by 4C in the
framework of the 4C Integrity Program (see chapter 3.9 of the 4C System
Regulations and chapter 5 of this document for further information).
In case CBs are multinational with local branches, and local branches wish to Accreditation of
be recognised independently by 4C after meeting the requirements laid down multinational CB
in chapter 3.2.1, the CB applicant must ensure that local branches are
independently accredited against ISO/IEC 17065, or the ISO/IEC certificate of
accreditation of the CB mother company covers these local branches and this
compliance must be mentioned in the scope of this certificate of accreditation.
The CB is obliged to inform 4C immediately if the accreditation is suspended, Accreditation
withdrawn, terminated or renewed by the accreditation body. In case the CB status
does not get the renewed accreditation certificate before the old certificate
expires, however the renewal process is started, and the CB is waiting for a
final decision from the responsible accreditation body, the CB has a grace
period of one month after the previous accreditation certificate expires by
submitting written notification to 4C, altogether with documented evidence of
lateness of issuance of the renewed accreditation certificate.

3.2.3 Geographic Scope of Operation

CBs must only conduct 4C audits in the countries where they are approved
for.
The auditors’ knowledge and experience with the local context and legislation Approval of
is crucial for reliable audits. Therefore, CBs are approved to perform 4C audits country scope
in the country where they are legally based, as well as in countries where their
auditor(s) meet the following conditions:
• have experience in auditing coffee production in those countries
• have knowledge of applicable local legislation and sectorial context
• preferably speak the local language. Only in exceptional cases,
independent interpreter(s) can conduct the interpretation services. In
this case, to avoid conflicts of interest, the CB and its auditors must
not accept interpreters who work for the Managing Entity (ME) or for
any Business Partner (BP) of the 4C Unit to be certified
Audits conducted in unregistered/unapproved countries will not be accepted Rejection of
audit
and the CB assumes full responsibility of handling the situation with the 4C
Unit.

3.3 Application, Recognition, and Publication by 4C

Once a CB has been legally registered and accredited in the accreditation Application
program as required in chapter 3.1 and 3.2, and its staff meets the conditions for CB
requirements as laid down in chapter 4.1 and chapter 6 of this document, the
CB is ready to apply to become a 4C cooperating CB.
In order for a CB to cooperate with 4C, the CB must submit a written Application of
application to 4C. Together with the application correspondence, according to CB

© 4C Services GmbH
 11

4C CERTIFICATION BODY REGULATIONS

the requirements set out in the chapters 3.1 and 3.2, the CB must provide 4C
with documented evidence of:

• legal registration
• valid accreditation certificate(s)
• geographic scope declaration with a list of countries within which the
CB will offer 4C audits and the corresponding names of the auditors
• list of assigned staff including 4C auditor(s) and evaluator(s) who meet
the qualification requirements laid down in chapter 6 and are approved
by the CB to conduct and evaluate 4C audits and make certification
decisions
• declaration on the fulfilment of all requirements laid down in this
document (Annex 1)
Once 4C receives sufficient evidence from the applying CB and approves the Contractual
application, 4C will inform the CB about the approval decision and the latest agreement
version of the Term of Use for CBs (ToU CB) that the CB is required to accept
prior to entering into cooperation with 4C. The ToU CB is a legally binding
contract establishing the cooperation between 4C and the applying CB. The
requirements laid down in this document and the 4C ToU CB complement
each other. After the CB has accepted the ToU CB, the CB is recognised by
4C and is called “cooperating CB”. Any kind of certification, audit, or inspection
activity can only be conducted after the CB has accepted the ToU CB. An
exception to this rule can only be made if certain activities are explicitly
required during the process of accreditation of the CB, and only with explicit
approval in advance by 4C.
As soon as cooperation between 4C and the CB is confirmed, 4C will publish Publication of
the name, address, and logo of the cooperating CB and CB responsible CBs’ contact
contact person, including its contact details, on the 4C website. Furthermore,
4C will publish by which accreditation body the CB was accredited. The
information on the 4C website regarding 4C cooperating CBs will be publicly
available and kept up to date.

© 4C Services GmbH
 12

4C CERTIFICATION BODY REGULATIONS

4 Responsibilities of Certification Bodies
4.1 Appointment of Qualified Staff
The CB must appoint and have a sufficient minimum number of qualified staff Minimum
number of staff
(at least one 4C auditor and one evaluator) to be able to conduct and evaluate
4C audits, make certificate decisions and to provide 4C certification services.
The CB must define the staff(s) (e.g. person or committee) responsible for Evaluator and
evaluating and/or making the certification decision at the CB. This/these certifier
staff(s) must be qualified to evaluate 4C audit reports and/or to make the 4C
certification decision and must not have been involved in the audit process of
the 4C Units to be certified.
All appointed staff to be involved in 4C audits and 4C certification services are Training
obliged to participate in a formal 4C training prior to the certification activity. A requirement
cooperating CB is allowed to appoint a new 4C auditor if he/she has completed
an internal training which should be equivalent to the formal 4C training in
terms of length and content, should include the latest version of the 4C System
documents, and should be conducted by the most experienced 4C auditor or
evaluator at the CB. In addition to the requirements for the internal training,
the CB must ensure that the new auditor will attend a formal 4C training to be
organised by 4C Services within the following twelve months to maintain
his/her approval status.
According to the CB’s quality management and its human resource Responsibility for
management regulations, the CB is responsible for assigning, training, staff competence
evaluating and approving any individual staff appointed to be involved in a 4C
audit. The CB shall ensure that these assigned staffs are competent to deliver
the expected results according to the 4C requirements.
The CB is obliged to immediately inform 4C via e-mail of any changes in staff Reporting of
appointed to involve in any 4C certification activities. relevant changes

4.1.1 Appointment of Certification Body Responsible Person

The CB must appoint a responsible person within the CB to act as the main
contact person for 4C matters.
The CB responsible person is a staff of the CB, must be fluent in English, and CB contact
is the representative of the CB to communicate with 4C on all matters such person for 4C
as, but not limited to, legal status, accreditation, performance of the CB and
its staff, implementation of corrective measures, reporting of improvements
according to 4C requirements.
The CB responsible person is obliged to participate in a formal 4C training. Participation in
Furthermore, the CB responsible person should participate in the meetings, 4C activities
workshops, and/or webinars organised by 4C, to exchange practical
experiences, feedback, and best practices.

© 4C Services GmbH
 13

4C CERTIFICATION BODY REGULATIONS

4.1.2 Appointment of 4C Auditor and Evaluator
The CB shall assign at least one person as 4C auditor and at least one person
as evaluator. Before these persons can start to work as 4C auditor and
evaluator, the CB shall ensure that they meet the qualification requirements
as laid down in chapter 6.
4C auditors can act as evaluators and therefore can evaluate 4C audit reports Auditors act as
provided that they were not the auditor in charge nor part of the audit team of evaluator
the audit to be evaluated.

4.2 Performance Maintenance and Periodic Evaluation of Appointed

Staff
To maintain the knowledge on 4C requirements of the appointed staff, the CB Required CB
procedure
must have in place a procedure to ensure that:
• every 4C auditor conducts at least one 4C audit annually. Witness
audits conducted by the CB itself are acceptable. Exceptions to this
rule must be approved by 4C in due time (e.g. in case the CB does not
have a sufficient number of 4C clients to conduct the respective
number of 4C audits). If it is not possible for an auditor to maintain
competency by carrying out at least one 4C audit per calendar year,
the auditor must be trained by the CB or participate in 4C webinars or
formal 4C trainings.
• all assigned staff involved in 4C certification services shall have
access to, read, and understand the 4C System Updates, adjustments,
or changes of 4C requirements, as well as other relevant
communication from 4C.
• all assigned staff involved in 4C certification services shall participate
in one of the formal 4C trainings at least every five years to ensure
competence especially in case of a revision of the 4C Code of Conduct
and/or 4C System Regulations. They shall regularly participate in
training courses organised by the CB or in 4C webinars and formal 4C
trainings.
The CB must evaluate their staff’s performance on a periodic basis, according Competence
to the CB’s quality management and its human resource management evaluation
regulations to ensure the relevant appointed staff meets the competence
requirements. Staff competence should be evaluated regularly through a
process that considers personal behaviour and the ability to apply the
knowledge and skills gained through education, work experience, auditor
training, and audit experience.
The CB shall outsource the auditing activities only to persons who meet the Performance of
requirements laid down in chapter 6 of this document. In addition to freelance auditor
requirements set out in the ISO/IEC 17065 on the CB’s responsibility for all
outsourced activities, the CB shall conduct the evaluation of the performance
of the freelance 4C auditors immediately after each 4C audit.

© 4C Services GmbH
 14

4C CERTIFICATION BODY REGULATIONS

Results of performance evaluations must be documented and managed at the Competence
CB office, and actions must be taken to address any need (e.g. training) to maintenance
adequately maintain the team’s competence for conducting 4C certification
services.

4.3 Management of Impartiality and Conflict of Interest

The CB and its appointed staff must be impartial and free from any potential Professional
practices
conflict of interest and/or situation which may affect their impartiality and
objectivity in their respective tasks within the 4C certification process.
Evaluations and decisions must be based on objective evidence of conformity
(or non-conformity) and must not be influenced by other interests or by other
parties. All CB staff, especially 4C auditors, evaluators, and person(s) who
make certification decisions must operate at high levels of professional
integrity and be free from commercial, financial, or other pressures that might
affect their judgment.
The CB must have an internal procedure in place, ensuring that the CB and Conflict of
its assigned staff insourced or outsourced is not allowed to offer or provide interest
management
consultancy services to such clients where the CB is to conduct the
assessment and to evaluate the compliance with 4C requirements. The CB
must have documented procedures in place to appropriately determine and
manage conflicts of interest which may arise in the context of 4C certification
activities.
Conflict of interest may arise, among others, when: Potential conflict
of interest
• The 4C auditor or assigned staff involved in 4C certification activities
of a 4C Unit has provided services to the same 4C Unit in implementing
the 4C requirements (within the last four years counting from the last
day that the services are provided to the date the audit is registered in
the 4C system) and/or prepares the 4C Unit for the currently requested
certification.
• The same 4C auditor has been appointed as auditor in charge for
certification of the same 4C Unit for more than three consecutive audits
(all types of audits, excluding surveillance audits) prior to the currently
requested certification.
• The CB and/ or its 4C auditors or assigned staff involved in 4C
certification activities have benefits from the business of the ME or 4C
Unit requesting for certification, including client retention. For instance,
assigned staffs have shares in the ME or 4C Unit, have direct kinship
relationships with the owner(s) of the object to be verified, or have
commercial relationships with the ME or 4C Unit.
Before sending an offer to the ME applying for certification, CBs must ensure
that they have no conflict of interest in that particular certification.
However, during the certification process, the CB may provide the ME and its Support to
4C Unit with useful information on various issues, may support the ME in filling auditees
in the 4C templates correctly, which are not related to complying with the 4C

© 4C Services GmbH
 15

4C CERTIFICATION BODY REGULATIONS

requirements. In this case, the CB must make it clear to the ME and its 4C
Unit that:

• The suggestions given are not binding requirements

• 4C Units are responsible for implementing the 4C requirements
• Useful information provided to the 4C Unit during an audit is recorded
in the audit report.

4.4 Gender Balance of the Audit Team - Recommendation

It is recommended that the cooperating CBs have a gender-balanced audit Gender aspect
team during 4C on-site audits. consideration

A high number of women work in the coffee sector. In many cases, due to Gender-sensitive
socio-cultural reasons, male auditors are not always able to conduct in-depth approach
interviews with female producers or workers and verify their working or living
conditions effectively. When the audit team is gender-balanced and splits up,
the task division should take the gender aspect into account in order to ensure
that the female auditor has the possibility to interview as many female
producers and workers as possible. In case of the absence of female auditors,
male auditors should follow good practices of gender-sensitive interviewing.

4.5 Quality Management

The CB must appropriately include the relevant aspects of 4C requirements 4C requirements
in QMS
into the CB’s quality management system (QMS). The quality management of
the CB should aim for continuous improvement of CB’s performance against
4C requirements internally and externally. The integration of 4C requirements
into the QMS of the CB should cover:

• Internal processes of the CB: This includes sufficient process

descriptions and clear responsibilities related to activities performed in
relation to 4C audits (e.g. who is responsible for evaluating 4C audit
reports or making a certification decision).
• Services provided to external parties (4C users): This includes
communication with customers, the preparation and performance of
4C audits, and the CB’s internal handling of complaints or appeals
from 4C users.

4.6 Risk Management

During any 4C audit, the 4C auditor must carry out a risk assessment of the Risk based audit
4C Unit to be audited. The result of the risk assessment drives the intensity of
the audit and influences the size and selection of the sample.
The 4C requirements for the risk assessment are specified in chapter 7 of the
4C System Regulations.

© 4C Services GmbH
 16

4C CERTIFICATION BODY REGULATIONS

4.7 Framework to Perform 4C Certification Activities
The CB must take entire responsibility for conducting the audit and evaluating CB responsibility
the audit reports’ results, make a certification decision, and issue the in certification
certificate. The CB is responsible for establishing the framework within which
its appointed staff conduct their tasks relating to 4C certification activities.
The CB and the auditor who is involved in a (re)certification audit of a 4C Unit CB role during
must be responsible to conduct any surveillance audit(s), addendum audit(s) certificate validity
and to evaluate AUs of the 4C Unit within the validity period of the certificate,
unless the ME of a 4C Unit has contracted another CB for the conduction of
addendum audit(s) and evaluation of AUs.
Prior to any 4C audits and 4C certification activities, the CB must have Service Contract
concluded a Service Contract with the ME of the 4C Unit. The CB may receive
requests for proposal (e.g. quotation) from MEs when they wish to be audited
against the 4C requirements. A request for the offer does not guarantee that
the CB will be selected for conducting the audit or evaluation of AUs of a 4C
Unit. For each 4C audit or AU evaluation that the CB is selected for by a ME,
it is recommended that a separate (commercial) Service Contract between the
CB and the ME is employed.
Immediately after the CB has concluded a Service Contract with the ME and Audit registration
prior to any certification activities, the CB must register the application of the
ME and its 4C Unit for an audit or AU evaluation in the 4C portal, which is then
confirmed by the ME of the 4C Unit to be audited and thereafter validated by
4C.
The CB must ensure that the ME and auditors use the applicable and up-to- 4C working
date version of the 4C audit checklist, working templates required for each 4C templates
audit and that the documents are filled in both completely and correctly.
Should questions or ambiguities arise in the course of the certification
process, the CB is obliged to contact 4C immediately to request clarification
and guidance before proceeding with the certification. 4C is entitled to give
binding instructions to the CB regarding the application, interpretation, or
verification of 4C requirements.
To renew the 4C certificate, a recertification audit to verify compliance of 4C CB’s role in the
recertification
Units against the 4C requirements must be conducted every three years. The
CB should cooperate with the ME to investigate a timely recertification audit
of the 4C Unit, especially to reduce the risk of a gap between two certificates.

4.8 Issuance, Termination, and Withdrawal of Certificates

4.8.1 Issuance of Certificates

4C provides templates for 4C certificates which must be always applied. If the 4C certificate
CB intends to adjust the layout of the template (e.g. due to safety paper with template
watermarks), the adjustment of the layout must be approved by 4C. The
certificate may only be issued based on the information available at that time

© 4C Services GmbH
 17

4C CERTIFICATION BODY REGULATIONS

in the 4C database, as confirmed within the 4C registration of MEs and its 4C
Units, and IBs.

After a positive certification decision, the CB will issue a 4C certificate using Condition to
the latest version of the 4C certificate template. A 4C certificate can only be issue certificate
issued if an audit has been conducted and all applicable 4C requirements are
complied with. A 4C certificate can only be issued to MEs of 4C Units who
have accepted the latest applicable version of the 4C Terms of Use for MEs
(ToU ME), IBs who have accepted the latest applicable version of the 4C
Terms of Use for IBs (ToU IB) and Final Buyers (FBs) who have signed a
Service Agreement with 4C and who are not suspended from certification by
4C.

The CB must confirm the 4C certification decision no later than 60 calendar Certification
days after the last day of the audit. This period includes the time for the decision
implementation of corrective measures by the 4C Unit to clear non-
conformities which were detected during the respective audit. The CB may
issue a 4C certificate immediately or once the current valid certificate has
expired in order to avoid a gap between two certificates. The certificate’s
validity period must not start prior to the date of issuance of the certificate. The
CB is responsible for the compliance of the 4C Units certified and for the
correctness of a 4C certificate it has issued until the certificate expires or is
terminated (voluntarily) by the ME of 4C Units, by the IB, by the FB or is
withdrawn by the CB or suspended by 4C.

4.8.2 Termination of Certificates

In case a ME, IB, FB does not intend to continue with the 4C certification, it is Discontinue
certification
possible to end (terminate) a certificate prior to the end of the official validity
period by giving notice to the CB which issued the 4C certificate as well as to
4C. The CB is responsible for informing 4C about the end date of the validity
period. In case a 4C certificate is terminated prior to the end of its initial validity
period, 4C will update the database of certificates on the 4C website and portal
accordingly.

4.8.3 Withdrawal of Certificates

The CB must withdraw immediately a 4C certificate if there are severe or Infringements
critical infringements with 4C requirements identified. Definition and types of
infringements are laid down in chapter 3.8 of the 4C System Regulations.

If there are infringements reported in the AU documents, or by other reliable Surveillance

audit request
sources of information (e.g. newspapers, reports of authorities, etc..), the
issuing CB shall request a surveillance audit to check the compliance of the
4C Unit. Annual surveillance is mandatory for the IB or FB in order to maintain
the validity of the chain of custody certificate. The results of the surveillance
audit in all cases will form the basis for the CB to either confirm the validity of
the certificate issued or withdraw a certificate.

© 4C Services GmbH
 18

4C CERTIFICATION BODY REGULATIONS

In the case where the CB withdraws a certificate, the CB must immediately Withdrawal
inform 4C about the withdrawal and must upload all supporting documents procedure
(e.g. surveillance audit report, documented evidence, etc.) into the 4C portal.
Withdrawn certificates will be published as such on the 4C website.

4C is responsible for classifying any infringements and for assessing the MEs Suspension vs
infringement
and their 4C Units, or IBs’ or FBs’ infringements based on a case-by-case
examination, taking into account the requirements laid down in the 4C System
documents as well as in the 4C ToU ME, ToU IB and Service Agreement
signed by FBs. With regard to this examination, 4C is entitled to undertake
adequate fact-finding measures, in particular, to request documents or
(written) statements concerning the event, to be provided to 4C and 4C will
take responsibility on the suspension decision that results from the
examination, according to guidance as laid down in chapter 3.8 of the 4C
System Regulations. The CB is obliged to cooperate with and support 4C in
such examinations as thoroughly as possible.

4.9 Procedure for Complaints and Appeals

The CB shall have in place a procedure on managing and handling complaints Dispute
and appeals related to 4C audits or evaluations of AUs conducted by the CB. management
The CB shall record and track complaints and appeals, as well as actions
undertaken to resolve them.
The 4C System users can raise a complaint or an appeal toward the CB and Complaint
toward CB
request the CB to address it before the audit report is completed or before the
certification decision is made by the CB. The procedure of the CB should
enable the CB to process complaints and appeals in an effective, timely, and
professional manner. The staff who is already involved in a 4C certification
activity (conduct or evaluate a 4C audit or make a certification decision) shall
not be involved in handling complaints or appeals relating to that audit.
Regarding complaints and appeals toward 4C, the CB must provide 4C with Complaint
additional evidence or justification within the time if requested by 4C, to toward 4C
support the handling process and archive solution decision made by 4C,
according to requirements laid down in chapter 3.7 of the 4C System
Regulations.

4.10 Documentation
The CB is responsible to implement and manage documentation of all 4C Information
audits, copies of all certificates issues, results of AU evaluations, and relevant management
staff records to ensure the competence of appointed staff involved in 4C
certification activities. These documents must be retained at the CB office for
a minimum of six years and are subject to inspection and verification by an
integrity auditor commissioned by 4C.
4C audit and certification documents must be managed in such a way that Audit documents
only approved and valid versions are in use. The CB must ensure that the management
applicable 4C audit checklist and all required pertinent documents valid at the
© 4C Services GmbH
 19

4C CERTIFICATION BODY REGULATIONS

time of audit are used for each audit conducted. 4C is responsible to provide
a template for the audit report and all required pertinent documents for
consistent use within 4C. 4C may adjust existing or develop additional
documents to be used after a specified transition period, especially in the case
this is deemed necessary to improve traceability or to reduce the risk of
fraudulent behaviour.
The CB must document periodic competence evaluation of CB staff (4C Staff
competence
auditors, other assigned staff) and must keep appropriate records of the
documentation
education, training, skills, experience, and approval decision of all appointed
staff of the CB.

4.11 Data Management and Transmission

The CB is obliged to upload all documents related to 4C audits and evaluation Timely uploading
of AUs into the 4C portal in a timely manner. This includes documents of of documents
certification audits, surveillance audits, addendum audits, and AUs. The
obligation to upload the documents into the 4C portal applies also for audits
with a negative certification decision as a result.
The CB may use data provided in the 4C portal for internal administrative Agreement on
processes, according to the 4C ToU CB and 4C System Regulations. data use
Utilisation and transmission of data other than what is described in the 4C ToU
CB and 4C System Regulations is strictly prohibited.
4C accepts the documents that are uploaded into the 4C portal only if they are Language of
filled out in English, Spanish, or Portuguese. In case of complaints, appeals, reports

or any other formal dispute, CBs must provide the complete report translated
into English.
Documents to be uploaded into the 4C portal include but are not limited to: Documents to be
uploaded
1. 4C Audit

• Certificate in visual/digital form (pdf file)

• Business Partner Map (BPM)
• 4C audit report
• Signed 4C audit report result page
• Improvement Plan (IP)
• GRAS risk assessment report, final risk levels and audit plan from
risk assessment
• Documented evidence, if applicable
2. Annual Updates

• Business Partner Map (BPM)

• Improvement Plan (IP)
Required documents must be uploaded on the 4C portal in such a manner Quality of
that they can be reviewed and processed by 4C without disproportionate documents
effort. This includes but is not limited to documents containing correct data
(e.g. addresses or geo-coordinates, audit dates, etc.) and being signed if

© 4C Services GmbH
 20

4C CERTIFICATION BODY REGULATIONS

necessary. 4C is entitled to specify the requirements regarding the form in
which certification documents are to be submitted to 4C.
The CB is obliged to immediately inform 4C via e-mail of any changes made Reporting of
relevant changes
to or withdrawal of any certificate previously issued, as well as of any
unsuccessful audits.

© 4C Services GmbH
 21

4C CERTIFICATION BODY REGULATIONS

5 Integrity Program for Certification Bodies
4C is responsible to develop and operate the 4C Integrity Program as a means Quality and risk
of quality and risk management and as a tool for monitoring and verifying the management
compliance of CBs and their appointed staff with 4C requirements. The 4C
Integrity Program ensures the integrity of the 4C certification system and
facilitates continuous improvement and implementation of best practices.
Within the framework of the Integrity Program, 4C is entitled to perform the
monitoring and integrity assessments of cooperating CBs. Monitoring or
integrity assessments will be conducted either by 4C or by independent
auditors commissioned by 4C.

5.1 Monitoring of Certification Bodies

Monitoring of certification services provided by CBs is conducted by 4C or by Scope of
a 4C integrity auditor commissioned by 4C on an on-going basis. The monitoring CBs
monitoring consists of but is not limited to, checking the compliance of the CB
and its assigned staff who are involved in 4C audits on e.g. certification
procedure, sample size calculation, sample selection, meeting deadlines
(uploading audit documents, certification decision, providing feedback to 4C’s
comments during process of validation or of solving complaints and appeals),
and audit report quality (e.g. relevance and adequateness of justification,
explanation).
Monitoring can be a desk audit or audit at the CB office with or without audit Type of
at auditees’ sites. monitoring CB

In case of infringements with 4C requirements observed during the audit Sanction to CB

process, 4C may require the CB to repeat the audits in a manner that complies
with 4C requirements on the CB’s own expense.

5.2 Integrity Assessments of Certification Bodies Office

Integrity assessments can be conducted at the CB’s office (CB office audit) Integrity report
and/or at 4C Units certified by the CB (CB customer audit). Both CB office
audit and CB customer audit aim to assess and verify the compliance of the
CB and of its 4C auditors and assigned staff who are involved in 4C
certification activities in particular. The result of an integrity assessment is
summarised in an integrity report in which the performance of the auditor,
assigned staff and the CB is evaluated, their compliance with 4C requirements
is verified, infringements are stated and corrective measures, as well as points
of improvement, are identified based on the findings of the audit. A
representative of the CB assessed shall sign the report.
Upon request, 4C is entitled to forward the integrity report to the competent Sharing of
public national authority or accreditation body responsible for the accreditation integrity report
of the CB, especially in case of severe infringements of the CB, its auditors,
or assigned staff.
The 4C integrity assessment at the office of a cooperating CB is taken CB office audit
separately from the common surveillance and monitoring of CBs usually
© 4C Services GmbH
 22

4C CERTIFICATION BODY REGULATIONS

performed by the accreditation body responsible for accreditation of the CB.
The CB is obliged to allow for and to participate in CB office audits scheduled
by 4C. Participation of the CB in CB customer audits scheduled by 4C is not
mandatory, but highly recommended. Further information on integrity
assessments at CB customer audits are provided in the 4C System
Regulations, chapter 3.9 “Integrity Program”.

At all locations where the cooperating CB performs activities associated with Granting access
4C and at which it exercises the verification of 4C requirements, the
cooperating CB must enable employees of 4C and/or independent auditors
commissioned by 4C:

• to enter sites and offices during business hours or hours of operation

• to conduct inspections
• to inspect and audit all written and electronic business records
available
• to request the necessary information
• to accompany the cooperating CB on 4C audits and/or carry out its
own control audits of MEs and 4C Units that have already been
certified.

The integrity assessment includes, among others, the verification of the Scope of
following elements: assessment

• Accreditation of the CB
• Training and qualification of 4C auditors and assigned staff (CVs,
training records and evidence of competence, etc.)
• QMS and related procedures regarding the 4C certification audits and
evaluation of AU
• Documentation of risk analysis conducted prior to on-site audits of 4C
Units (e.g. remote sensing analysis of farms and compliance with 4C
requirements), sample size calculation and sample selection
• Documentation of audit reports, evaluation process of audit reports,
and monitoring of the timely implementation of corrective actions
• Documentation on the evaluation of AUs
• Decision-making process for issuing a certificate and approving AUs
• Other procedures or documentation required by 4C as laid down in
currently applicable versions of 4C System documents.
General requirements on the 4C Unit’s integrity assessment and the 4C
Integrity Program are specified in chapter 3.9 of the 4C System Regulations.

5.3 Classification of Assessment Results

Based on one or more integrity reports and monitoring results, 4C will classify Evidence-based
classification
the performance of the CB, its 4C auditors, and assigned staff who are
involved in 4C certification activities. In the case of unacceptable or deficient
performance, the CB and the auditor and/or assigned staff (if applicable) will

© 4C Services GmbH
 23

4C CERTIFICATION BODY REGULATIONS

be informed about this classification and shall have the opportunity to respond
in a written statement within 14 calendar days after notification.
The 4C performance classification for the CB, its 4C auditors, and other
assigned staff will be based on:
• The individual CB integrity report
• The integrity reports of 4C Units which have been audited by the CB
• The CB’s written statement to the integrity report
• The monitoring results through reviewing 4C audits conducted by the
CB
CBs’ performance can be classified respectively as: Performance
classification
1. Good performance: No systematic or severe infringements of the CB
and its appointed 4C auditors and 4C evaluators have been found. The
CB demonstrates good performance. No specific reassessments or
immediate measures are necessary.
2. Performance needs to be improved: Requires the CB and/or its 4C
auditors and 4C evaluators to improve performance and implement
improvement measures. Performance needs to be improved in case
of infringements with regard to the following aspects, but not limited to,
have been detected:

• Negligence of the 4C requirements in a way that has no substantial

negative impact on the implementation of the 4C System, for
instance, lack of adequate documentation at CBs office
• One or more minor technical failures in the audit process.
3. Unacceptable performance: Puts the overall competency of the CB
and/or its 4C auditors and 4C evaluators regarding 4C at risk. In such a
case, severe or critical infringements with the 4C requirements and
procedures are observed. These include but are not limited to:

• Deliberate and/or repeated ignorance or negligence of the 4C

requirements (e.g. send not qualified auditor to conduct a 4C audit)
• One or more major technical failures in the audit process (e.g.
auditing an insufficient sample)
• A large number of technical failures in the audit process
• Verified fraud
• Do not grant access to the integrity auditor for integrity
assessment.
Further integrity assessment(s) can be planned immediately to investigate
whether it was an isolated incident or a customary working practice, but one
single assessment can also result in this classification.

5.4 Infringements, Procedures for Improvement and Sanctions

In the event of infringements of a CB cooperating with 4C, its auditors, or Verification of
assigned staff, 4C may impose sanctions against the CB or the individuals infringement

© 4C Services GmbH
 24

4C CERTIFICATION BODY REGULATIONS

responsible for the infringement. Based on a case by case examination, 4C
evaluates the type and level of infringements and defines the type and level
of sanctions.
There are four steps for informing the CB on the infringement(s) identified,
improvement requirements, and sanctions to the CB: warning, yellow card,
red card, and contract cancellation. 4C is entitled to take sanctioning
decisions. Yellow and red cards can be lifted again after a defined time period.
Step 1: Warning
A warning can be issued where moderate infringements with the 4C Warning letter
requirements are detected. Only the CB will be informed about the warning.
Usually, warnings require that the CB submits to 4C a statement of
explanation and a plan of corrective measures to be implemented with a clear
timeframe of implementation in order to ensure the compliance with 4C
requirements, within 14 calendar days following the notification of the official
warning.
Evidence on the corrective measures needs to be provided to 4C within a
timeline defined and agreed upon.
Step 2: Yellow card
A yellow card can be issued where the CB does not react nor report towards Yellow card
4C in response to the warning, and/or to the written request to the CB to
develop a correction plan with an indicated deadline made by 4C, or where
infringements with the 4C requirements are detected (e.g. in the framework of
the 4C Integrity Program). A yellow card can especially be issued, where
minor infringements occur repeatedly or systematically, especially in cases
where 4C has already issued a warning to the CB regarding the same type of
infringement
Altogether with the issuance of a yellow card, the CB: Sanction
• will be marked with a yellow card in the list of cooperating CBs that is
published on the 4C website. The yellow card remains remarked
during the period where the CB implements corrective actions.
• can continue and finish all on-going 4C certification activities as
contracted with MEs, however, is not allowed to commit nor to start a
new 4C audit until the yellow card is lifted.
The yellow card can only be lifted when 4C receives sufficient documented Lifting yellow
evidence from the CB to confirm the correction of infringements. If applicable, card condition

4C may request a new assessment to confirm the correction of severe

infringements or to verify the effectiveness of the corrective measures.
Step 3: Red card
A red card can be issued where severe or critical infringements with 4C Red card
requirements are detected (e.g. in the framework of the 4C Integrity Program),
where required improvement measures due to a yellow card are found to have
not been sufficiently implemented, where the CB does not react nor report on

© 4C Services GmbH
 25

4C CERTIFICATION BODY REGULATIONS

repeated written requests by 4C, or where the accreditation body or
competent national public authority has suspended the accreditation or
permission of the CB.
A red card will lead to the different sanctions that: Sanction

• The CB will be marked with a red card in the list of cooperating CBs
that is published on the 4C website.
• The CB is not allowed to issue or reissue new certificates
• The CB must inform all clients that the CB is not allowed to issue or
reissue 4C certificates
• In the case of severe infringement (e.g. a large number of technical
failures in the audit process), individual 4C responsible auditor(s) may
be immediately suspended from conducting further 4C audits.
The red card can only be lifted when 4C receives sufficient documented Lifting red card
evidence from the CB to confirm the elimination of infringements or when 4C condition
receives the lifting decision from the responsible accreditation body or the
competent national public authority. If applicable, 4C may request a
reassessment to confirm the elimination of severe or critical infringements and
the CB must bear the full cost for any reassessment if that requires.
Step 4: Contract cancellation
Contractual agreement cancellation, between 4C and the CB, can take place Contract
in particular in cases of verified fraud, when a red card could not be lifted again termination
after the agreed time period, bankruptcy, or loss of the required permission or
accreditation of the CB by a national authority or accreditation body.
Consequences in the case of cancellation of contract agreement between 4C
and the cooperating CB:
• The CB is not allowed to issue or reissue new certificates
• Cancellation of the cooperation agreement by 4C.
• Contract cancellation is made public on the 4C website and all 4C
System users are informed.
• Information provided to the accreditation body that has accredited the
CB and is responsible for monitoring the CB.
In case the CB would want to reactivate the cooperation with 4C, the CB must Reapplication of
reapply for recognition by 4C. The CB must implement corrective actions and the CB
reports in written on its immediate actions to 4C and submit these documents
altogether with the application to 4C. 4C takes the right to accept or refuse the
application, and may request an assessment to the CB to confirm the
correction of severe or critical infringements of the CB and the CB must bear
the full cost for any assessment if that is required.

© 4C Services GmbH
 26

4C CERTIFICATION BODY REGULATIONS

6 Requirements for 4C Auditors and Evaluators
Independent of their specific operational area, all auditors must meet general Approval
requirements and qualification requirements to be able to conduct 4C audits. conditions
Depending on whether they conduct audits at IB or FB, they must meet
additional specific requirements.

6.1 General Requirements for Auditors and Evaluators

All auditors and evaluators appointed to conduct and evaluate 4C audits must
meet the following requirements:

• Technical knowledge and a good understanding of the activities and General

processes undertaken by the audited 4C Unit, its overall organization requirements
with respect to the 4C requirements. Auditors and evaluators’
knowledge must be sufficient for identifying, assessing, and managing
the risks during each audit and audit evaluation.
• Capability to analyse the risks, based on the auditor’s professional
knowledge and the information provided by the ME of the 4C Unit. This
is necessary to be able to draw up and carry out an audit plan,
corresponding to the risk assessment requirements according to
chapter 7 of the 4C System Regulations, the scope, and complexity of
the 4C Unit’s activities. This includes relevant evidence, upon which
the final conclusion will be based.
• Personal and professional behaviour in the sense of ISO 19011 (e.g.
ethical, open-minded, diplomatic, observant, culturally sensitive, etc.).
Auditors and evaluators should follow “principles of auditing” according
to ISO 19011 when conducting and evaluating 4C audits. Those
principles are integrity, fair presentation, due professional care,
confidentiality, independence, evidence-based approach, and risk-
based approach1.
• Plan and conduct the audit with respect to nature, timing, and extent
of evidence-gathering procedures in such a way that a meaningful
level of assurance for a decision regarding compliance with the 4C
requirements is available. The auditor and evaluator must establish at
least a “limited assurance engagement” in the context with the nature
and complexity of the 4C Unit’s activities. A “limited assurance
engagement” implies a reduction in assurance engagement risk to an
acceptable level as the basis for a negative form of expression of the
auditor or evaluator’s conclusion2.
• Auditors are not permitted to make ultimate certification decisions
regarding audits they have performed themselves.

1 ISO 19011:2018 Guidelines for auditing management systems

2 ISAE 3000

© 4C Services GmbH
 27

4C CERTIFICATION BODY REGULATIONS

6.2 General Qualifications of Auditors and Evaluators
Auditors and evaluators who are and will be involved in 4C audits have to have
at least the following qualifications:

• At least two years of work experience in the coffee sector; all in all, at Qualification
requirements
least three years of work experience.
• Successfully completed training programs that cover generic auditor
knowledge and skills. At least 40 hours of audit training (e.g. according
to ISO 19011).
• Knowledge of applicable local legislation and international conventions
and the ability to apply it during the audit.
• Knowledge of the local context and ability to apply it during the audit.
• Knowledge in the handling, evaluation, and assessment of the
plausibility of data sources.
• Knowledge about risk analysis methodologies, tools, and relevant
databases, especially knowledge of the evaluation of satellite data.
• Knowledge in traceability verification and relevant databases, chain of
custody options, supply chain logistics.
• Competence in group certification, risk-based audits, and sampling
principles.

6.3 Specific Qualifications of Auditors and Evaluators

In addition to the general requirements and qualifications, auditors and
evaluators who are and will be involved in 4C audits must at least have
competences in one of the following areas:

• Knowledge in agriculture production and post-harvest processing Qualification

requirements
• Knowledge in food processing
• Knowledge in chain of custody
• Knowledge in social development
• Knowledge on pedology (soil science) is recommended.
Required competence can be evidenced through: Evidence of
qualification
• Completed studies at a university or a technical college, or a
comparable qualification in one of the following areas (areas with a
comparable content are also eligible):
o Horticulture, agricultural sciences, agriculture engineering,
agricultural economics
o Agroecology, geology, geological sciences, geoecology,
landscape ecology, life sciences, et al.
o Spreadsheet analysis, accounting, enterprise resource planning
(ERP) systems, logistics, supplier and supply chain management

• Or having conducted at least three complete certification audits on

agriculture production as an officially approved auditor in any of the
schemes or combination thereof in auditing other schemes and
management systems (such as the Rainforest Alliance, Fairtrade,

© 4C Services GmbH
 28

4C CERTIFICATION BODY REGULATIONS

Global G.A.P, organic, ISO 9001/ ISO 14001/ SA8000, etc.) within the
last three consecutive years.

© 4C Services GmbH
 29

4C CERTIFICATION BODY REGULATIONS

7 Contractual Relationship between Certification
Bodies and 4C System Users
4C does not manage nor control Service Contracts between CBs and 4C Change of CBs
System users, such as with MEs, Intermediary Buyers (IB), or Final Buyers
(FB). 4C System users may freely choose 4C cooperating CBs to perform an
audit (e.g. certification audit, addendum audit for 4C Units, or chain of custody
audit for IB and FB), AU evaluation, or annual surveillance in the case of chain
of custody certification according to 4C requirements. In case of change the
CB, requirements with regard to the integrity of the system must be met as
described in chapter 5.2.4 of the 4C System Regulations. These measures
are taken to address a 4C System users’ certification history appropriately and
to reduce the risk that CBs are changed with the intent to cover up
infringements or violations of 4C requirements (“CB hopping”).
A change of CB during an audit or evaluation process of AUs is not allowed.

In case a 4C Unit has already been certified according to 4C requirements Transfer of last
and intends to become recertified under 4C by a different cooperating CB or audit results
change the CB within a three-year certification period for having an addendum
audit or surveillance audit conducted, or AUs evaluated, the newly contracted
CB must receive the relevant audit documents of the last audit from the old
CB. The audit report and documents from the last or previous audit must be
considered during the audit or AU evaluation process performed by the newly
contracted CB. 4C is also entitled to provide the relevant audit results of the
previous audit(s) to the newly contracted CB. Both CBs (the new and the old
CB) are obliged to cooperate in case of questions arising during the audits
and evaluation of AUs which concern the audit history of the 4C Unit.
A CB remains responsible for the certificates it has issued to 4C System users Responsibility for
until the respective certificates expire, are terminated by the holder, or are certificate issued
withdrawn by the issuing CB. In case the Service Contract is terminated, either
by 4C System users or by the CB, the certificate issued by the old CB will
remain valid until and be withdrawn automatically on the day the new
certificate is issued by the newly contracted CB. One CB cannot take
responsibility for certificates issued by another CB.

© 4C Services GmbH
 30

4C CERTIFICATION BODY REGULATIONS

Annex: Declaration on Fulfilment of Requirements
for Certification Bodies

We herewith declare towards

4C Services GmbH (4C)
Hohenzollernring 72
D-50672 Köln, Germany

that we as a Certification Body fulfil the following requirements for a

cooperation agreement with 4C:
(1) Accreditation against ISO/IEC 17065 establishing requirements for
bodies operating product certification systems *
(2) Conducting audits in conformity with standard ISO 19011 establishing
guidelines for quality and / or environmental management systems
auditing
(3) Conducting audits in conformity with standard ISO/IEC Guide 60
establishing good practices for conformity assessment
(4) Appointment of competent employees in terms of the requirements in
the 4C Certification Body Regulations
By signing this declaration, the Certification Body agrees to inform 4C
immediately in case of any changes to the fulfilment of the requirements,
especially with regard to the accreditation by an accreditation body which is a
member of IAF.

Name and address of the Certification Body:

{Name of the CB}

{Street, number}
{Postcode, town, country}

_____________________________________________________________
Stamp, date, and signature of the certification body

* Please include a copy of the respective certificate

© 4C Services GmbH