CODE OF PRACTICE
1 INTRODUCTION
These Codes of Practice have been written in accordance with the requirements of the various national accreditation bodies under whose approval CITADEL currently operates, including UKAS and IAF CITADEL complies with all Codes of Practice applicable to the Accreditation Bodies' requirements and the standards for which it offers certification
2. SCOPE
CITADEL provides independent audit and certification of management systems operated by companies against the requirements of the following relevant International Standards:
Quality Management Systems (QMS) - ISO 9001:2015
Environmental Management Systems (EMS) – ISO 14001:2015
Occupational Health and Safety Management Systems (OH&S) – ISO 45001:2018
3. CONFIDENTIALITY
CITADEL is responsible for ensuring that privacy is maintained by its employees and agents concerning all confidential information they may encounter through their contact with clients Where disclosure to a third party is required by law or for accreditation purposes (e g , to Accreditation Bodies), CITADEL will inform the client unless prohibited by law CITADEL complies with all applicable data protection regulations, including GDPR
4. ORGANIZATION
A copy of CITADEL's Organisation Chart, showing the reporting structure of the company, is available upon request.
5. GENERAL CONDITIONS
The basic conditions for acquiring and retaining certification with CITADEL are as follows:
All necessary information must be made available by the applicant company for the completion of the relevant audit program
CITADEL will inform the applicant company of any unmet requirements for certification
Corrective actions must be taken within the specified time limit CITADEL will verify corrections either through documentation or by repeating specific parts of the audit
Failure to take corrective action within the specified time may require a full audit at additional cost to the applicant company
Certification applies only to the audited sites and the scope stated on the certificate
Fees must be paid as specified in the proposal Certification may be suspended or withdrawn for non-payment of fees
Registered companies must conduct management reviews and internal audits at least once per year
Certified clients must comply with CITADEL's Use of Accreditation and Certification Marks
Accredited Offices retain authority for certification decisions, including granting, maintaining, renewing, extending, reducing, suspending, and withdrawing certification
6. APPLICATION FOR CERTIFICATION AND POSSIBLE REFUSAL
Upon receipt of a completed questionnaire, CITADEL will provide a proposal outlining the scope, costs, and estimated man-days for the three-year certification cycle Once the signed application form, necessary documents, and fees are received, the project will be assigned to an audit team.
CITADEL may refuse certification under the following circumstances:
The applicant requires certification under ISO/IEC 17025
Insufficient information is provided to plan the certification program
The applicant company is not legally registered in the country of operation
Any refusal will be communicated to the applicant in writing, stating the reasons
7. AUDIT
Audits are conducted in two stages:
Stage 1: A preliminary review of the management system's readiness, including documentation
Stage 2: A detailed audit to ensure that the management system complies with the documented procedures and standards
Audits are based on sampling and do not guarantee 100% conformity. If major non-conformities are not resolved within six months of the Stage 2 audit, a new Stage 2 audit may be required.
SHAHRIYAR MAJLESEIN CHIEF
CODE OF PRACTICE
8 CERTIFICATION AND SURVEILLANCE
Upon successful audit review, certification will be granted, and a Registration Certificate will be issued The certificate remains the property of CITADEL and may only be reproduced with written permission Certification cycles last three years, with periodic surveillance audits Surveillance visits must occur no later than 12 months after the previous audit Failure to undergo re-audit before the certification expiry date will result in the lapse of certification Certified clients must maintain a complaint register and make it available to CITADEL upon request.
9. RENEWAL OF REGISTRATION
CITADEL will issue a new proposal three months before the end of the certification cycle Re-audits are required to renew certification, and fees will be detailed in the new proposal
10. EXTENSION OR REDUCTION OF CERTIFICATE SCOPE
Clients seeking an extension or reduction of their certification scope must notify CITADEL and submit the necessary documentation Extensions may require additional audits, while reductions will be assessed to determine the necessary changes An amended certificate will be issued following successful review and/or audit
11. NOTIFICATION OF CHANGE IN COMPANY ACTIVITIES
Certified companies must inform CITADEL of changes to:
Legal, commercial, or organizational status
Management or ownership.
Contact details or site locations
Scope of certified operations
Significant changes to the management system.
Failure to notify CITADEL may result in certificate suspension or withdrawal.
12 PUBLICITY BY CERTIFICATE HOLDERS
Certified companies may publicize their certification but must adhere to CITADEL's "Use of Accreditation and Certification Marks" guidelines Certification marks may not be used on products or packaging
13. MISUSE OF CERTIFICATES
Incorrect use of certificates or marks will result in appropriate actions, including suspension or withdrawal of certification, legal proceedings, and/or public notification.
14 SUSPENSION OF CERTIFICATE
A certificate may be suspended for reasons such as:
Failure to maintain management system requirements
Non-payment of fees
Failure to conduct re-certification or surveillance audits
Falsification of records
Suspension conditions and required corrective actions will be communicated in writing Failure to address suspension conditions may result in certificate withdrawal
SHAHRIYAR MAJLESEIN CHIEF EXECUTIVE OFFICER ( CEO )
CODE OF PRACTICE
15 WITHDRAWAL OF CERTIFICATE
Certificates may be withdrawn if suspension conditions are not met Reinstatement will require a full re-audit and payment of fees
16. CANCELLATION OF CERTIFICATE
Certificates may be canceled if the client company ceases operations or requests cancellation. All promotional materials using certification marks must be withdrawn immediately.
17 FEES
Fees will be outlined in the proposal and are subject to change Additional fees may apply for unscheduled audits or changes to scope Travel and accommodation expenses are charged separately unless otherwise stated
18.
APPEALS AND DISPUTES
Clients may appeal certification decisions by submitting a formal, documented appeal within 14 days of receiving the decision. Appeals will be reviewed by an impartial committee, and the decision of the appeals committee is final.
19. COMPLAINTS
Complaints regarding CITADEL’s services or certified clients must be submitted in writing CITADEL will acknowledge receipt and investigate complaints within 30 days Certified clients must maintain records of complaints and corrective actions.
20. DIRECTORY OF CERTIFIED COMPANIES
CITADEL maintains a directory of certified companies, which is publicly available upon request and on the CITADEL website
21. CERTIFICATION REGISTER
CITADEL-certified companies are listed in the UKAS certification register Requests to limit publicly available information for security reasons must be submitted to the local accreditation office.
22 LIABILITY
CITADEL audits provide a snapshot of compliance at the time of the audit and do not guarantee full legal or regulatory compliance Clients remain responsible for their own compliance obligations CITADEL reserves the right to amend these Codes of Practice
CITADEL is committed to upholding the highest ethical standards in all its activities Our processes are designed to ensure impartiality, transparency, and integrity Any conflicts of interest are actively identified and managed to maintain the credibility of our certification services
If the resolution of a complaint does not meet client expectations, the issue can be escalated to the Group Certification Manager or an external accreditation body (e g , UKAS) Details of escalation procedures can be provided upon request
All CITADEL policies, procedures, and directories are accessible through our website Certified clients may log in to their accounts to download certificates or access updates to the Codes of Practice.
CITADEL integrates sustainability into its operations by minimizing environmental impacts and encouraging certified clients to adopt sustainable practices aligned with ISO 14001.
CITADEL applies robust data security measures to protect client information, including encryption, controlled access, and regular system audits. These measures comply with GDPR and other relevant regulations.
SHAHRIYAR MAJLESEIN CHIEF EXECUTIVE OFFICER ( CEO )