Dear Ladies and Gentlemen,
As communicated in our system updates as of 20 February and 12 March 2020, ISCC has decided to allow audits to be conducted remotely (i.e. on a desk basis) due to the ongoing coronavirus pandemic (COVID-19). This exception is valid for all regions worldwide and shall ensure the health and safety of everyone involved in conducting ISCC audits. We herewith specify the approach on how to conduct remote audits and clarify questions that were submitted by individual certification bodies (CBs) or auditors to ISCC in the recent days.
For remote audits the following conditions must generally be met:
1. ISCC EU: According to a communication from the European Commission (EC) to all recognised voluntary schemes, remote audits in the framework of the Renewable Energy Directive (RED) can only be conducted for re-certification audits and surveillance audits. Recertification audits are audits following requests for renewal of certification in the case when an economic operator has already been certified under the voluntary scheme to which the request is addressed but the certificate has recently expired (expired from 01 March 2020) or is due to expire soon. Surveillance audits are audits that are carried out between the date of the initial audit and the date of the end of validity of the certificate. Furthermore, the EC has specified that this exception is allowed until the 1st of July 2020. After the 1st of July 2020, CBs will be required to complement remote audits conducted during the period up to that date with the on-site audits that would have normally been carried out within a period of three months. The EC will review the situation in due course. This means, first (initial) audits under ISCC EU cannot be conducted remotely for the time being.
2. ISCC PLUS: Under ISCC PLUS, not only re-certification audits but also first (initial) certification audits may be conducted remotely. For first (initial) certification audits under ISCC PLUS a written approval by ISCC is required prior to the audit. The CB must provide a written justification to ISCC that the new ISCC system user falls into a regular risk category (lowest risk category) and that the certification scope and the unit are of low complexity. This justification shall follow a risk assessment of the individual operator and shall be provided to ISCC before the certification audit will be conducted remotely. Based on an internal risk assessment ISCC may deny the approval to conduct a first certification audit remotely independent from the opinion of the CB. If the risk assessment by the CB or by ISCC indicates a higher risk level than regular, a remote audit shall not be possible.
3. The auditor conducting a remote audit shall clearly indicate in the ISCC audit procedure that the audit was conducted remotely by stating “remote audit” in the field “Place of the audit”. The duration of the (remote) audit shall be stated in the ISCC audit procedure in the field “Duration of the on-site audit”.
4. The auditor has to be able to evaluate the system user’s compliance with the ISCC requirements remotely. It is the system user’s obligation to provide the required evidence to the auditor, for example via email or in a video conference. The system user must agree to submit specific evidence to the auditor if this is requested by the auditor. The auditor needs to state in the section “findings” of the ISCC audit procedure which evidence was presented by the system user to prove compliance for each individual ISCC requirement. If compliance with individual requirements cannot be verified equivalently to an on-site audit, the auditor has to state “verification not (entirely) possible” in the section “findings” of the respective requirement. In this case, the auditor may still indicate in the ISCC audit procedure that the requirement was in conformity.
5. If an audit has been conducted remotely, an on-site audit (“field audit”) generally has to be carried out at the next possibility. Under ISCC EU, the guidelines from the European Commission apply (see item No. 1). Further clarification regarding the process to conduct the respective on-site audits (e.g. regarding applicable transition periods) will be communicated by ISCC after the CBs have submitted an analysis regarding remote audits to ISCC (see item No. 7).
6. A precondition to conduct farm or plantation audits remotely is the availability of geo-coordinates (“shape files”) of the entire land of a farm or plantation including fields owned and leased by the farmer. The risk of a violation of ISCC principle 1, particularly the risk of land use change after January 2008, must always be assessed with GRAS (www.gras-system.org) or a similarly adequate tool. The respective assessment must be submitted to ISCC by the CB together with the certification documents. If this assessment indicates a land use change after January 2008, the CB must perform an in-depth analysis and inform ISCC immediately and prior to the issuance of a certificate. For farms or plantations complying with the European Union’s cross-compliance rules, an on-site audit at the next possibility according to item 6 will usually not be required unless the risk assessment indicates a land-use change after January 2008.
7. All CBs conducting remote audits under ISCC shall submit a scope-specific analysis regarding the remote audits to ISCC (“scope-specific” refers to the different audit scopes e.g. first gathering point, processing unit, farm). In this analysis the CB shall indicate in detail which ISCC requirements can be verified equivalently to an on-site audit, what kind of evidence can be verified, and which ISCC requirements cannot (or not entirely) be verified remotely. In addition, the CB shall describe problems that occurred when conducting remote audits. This analysis must be submitted to ISCC until the 1st of May 2020 the latest. Based on this analysis, ISCC will decide on the further process regarding the “follow-up” on-site audits and if there may be exceptions to this rule. Submitting this analysis to ISCC will also be a precondition for each CB to be able to continue conducting remote audits if this should be required after the 1st of May 2020.
We hope that these guidelines help to ensure a consistent verification of the ISCC standard during these exceptional times.