ISEAL Code of Good Practice
for Sustainability Systems

The scheme owner defines and documents:

1. the desired short, medium, and long-term sustainability outcomes and impacts it aims to achieve
2. the scheme components and strategies it will use to achieve those outcomes and impacts, or to back-up the claims it makes or allows clients of the scheme to make
3. the causal pathways through which its scheme components and related activities and strategies are expected to contribute to intended outcomes and impacts

In documenting the causal pathways, the scheme owner identifies major assumptions inherent in these pathways.

To inform its decisions on sustainability outcomes, impacts, and strategies, the scheme owner assesses:

1. the most important sustainability issues within its geographic and sectoral scope
2. emerging sustainability risks and opportunities
3. the possible unintended negative effects of its scheme
4. where it is and is not well-placed to exert influence

In assessing the possible unintended negative effects of its scheme, the scheme owner seeks input from stakeholders who have an interest in or could be affected by the scheme, and documents the results of this consultation.

At least once every 5 years, the scheme owner:

1. updates its background assessment (1.2)
2. reviews and, where necessary, revises its intended outcomes, impacts, strategies, activities, and causal pathways (1.1) to ensure they remain relevant and valid

The scheme owner decides how its scheme is intended to support corporate sustainability due diligence and publicly documents the specific supporting roles it intends to play.

The scheme owner ensures that its Board, standards committee or equivalent, executive leadership, and the staff members responsible for each of the scheme components and related strategies have received an orientation to the scheme’s desired outcomes and impacts, the articulation of its causal pathways, and the background assessment informing these intended results (1.1 and 1.2).

The scheme owner ensures that all staff members have easy access to these materials.

The scheme owner makes information about its purpose and strategies publicly available and easily accessible, including at least its desired sustainability outcomes and impacts and how its scheme is expected to achieve those outcomes and impacts. (1.1)

The scheme owner maintains the following records to support scheme governance and operations:

1. registration as a legal entity of the organisation responsible for the scheme
2. overview of the scheme's corporate and governance structure
3. terms of reference for all decision-making bodies (including selection criteria for members of the decision-making bodies)
4. list of members of each decision-making body

The scheme owner has the following policies in place that apply to its governing and decision-making bodies, staff, and consultants:

1. impartiality policy (which should address conflicts of interest)
2. diversity, equity, and inclusion policy
3. safeguarding policy
4. whistleblower protection policy
5. complaints policy

The scheme owner delineates roles and responsibilities for developing, implementing, and revising its policies and procedures for each scheme component and related strategies.

The scheme owner has processes to:

1. regularly define the qualifications and competency requirements for its staff who deliver scheme components and related strategies, and for personnel of implementing partners, e.g., assessors; for personnel of assurance providers and oversight bodies, these qualifications include in-depth knowledge of the scheme's standard(s) and assurance requirements
2. regularly evaluate staff against these competency requirements and require this also of implementing partners; for implementing partners, this includes witnessing of assessment personnel carrying out assessments
3. ensure provision of training and ongoing professional development where necessary

The scheme owner has a risk management plan that:

1. identifies threats to the impartiality and integrity of each component of its scheme and related strategies
2. quantifies risk associated with those threats, based, where feasible, on data analysis
3. outlines preventive or mitigating measures appropriate to the scale and severity of each of the most significant threats identified
4. includes a review and revision schedule that is responsive to new threats arising or changes to risk ratings

The scheme owner has systems in place to assess and manage the risks of associating with its existing and proposed business partners, and incorporates these in its risk management plan.

The scheme owner establishes legally enforceable contracts with implementing partners that include control measures for all delegated functions, as well as clear expectations for good data management, confidentiality and sharing of data with the scheme owner.

The scheme owner also requires its implementing partners to have legally enforceable contracts with their respective clients, including steps to address any arising fraudulent behaviour.

The scheme owner defines and follows a schedule to review each component of its scheme at least every five years and, where necessary, to revise that scheme component.

The scheme owner ensures that for changes to the scheme that will affect stakeholders (e.g., changes to the standard or scheme requirements), procedures set out when changes will come into effect, allowing adequate time for stakeholders to comply, and how the changes will be communicated to those affected.

The scheme owner makes the following information about the scheme's governance and operations publicly available and easily accessible:

1. legal ownership of the scheme (2.1)
2. the scheme's scope of operations (sector, geography, segment of the supply chain, life cycle stage, etc.)
3. composition of the scheme's primary governance bodies
4. summary of income sources for the scheme

The scheme owner defines categories of stakeholders who may have an interest in or could be affected by the scheme.

The scheme owner retains contact information for stakeholders who have engaged with the scheme and provides an accessible mechanism for new stakeholders to identify themselves and their interests.

The scheme owner uses these records as a resource for public consultation or engagement processes.

The scheme owner identifies contact points for each scheme component and related strategies and makes this information publicly available and easily accessible.

At a minimum, the scheme owner provides stakeholders the opportunity to easily provide input on the:

1. scheme's intended impacts and strategies (1.1)
2. scheme's possible unintended effects (1.2)
3. guiding framework for MEL activities (5.1)
4. development and revision of standards (6.5 and 6.13)
5. assessments of clients' conformity or performance (7.2.6)
6. clarity, relevance, and accuracy of claims the scheme makes and allows clients to make (8.8.6)

The scheme owner informs stakeholders about these opportunities and how their input will be taken into account. When desired by the stakeholder, the scheme owner ensures they can provide information securely and confidentially.

The scheme owner seeks to address barriers to participation and engagement faced by under-engaged and under-represented stakeholder groups. The scheme owner proactively seeks their contributions to the opportunities identified in 3.3.

The scheme owner has a documented dispute resolution system that is open and accessible to all stakeholders and that facilitates and supports the impartial handling and remediation of complaints and grievances about clients, members, implementing partners, and the scheme itself. The procedure governing the dispute resolution system includes timelines by which complaints and grievances are to be assessed.

At a minimum, the system accepts complaints and grievances related to standards development and maintenance, assurance processes and decisions, codes of conduct or policies of association for clients or members, and claims processes and controlled claims.

The scheme owner ensures that the confidentiality of a complainant is protected when requested by the complainant or when it is otherwise prudent.

The scheme owner retains overall responsibility for management of the dispute resolution system and ensures that implementing partners have their own dispute resolution systems that feed into the overall approach, so that complaints and grievances are submitted and managed at the appropriate level.

The scheme owner or, where relevant, implementing partners are required by the dispute resolution system to:

1. investigate and take appropriate action regarding relevant complaints and grievances within defined timelines
2. elevate any complaints or grievances that cannot be resolved, e.g., from assurance provider to oversight body to scheme owner
3. take or assign any necessary corrective actions
4. disclose decisions at least to the complainants or aggrieved parties
5. keep a record for at least five years of all complaints and grievances, and resulting actions, to be made available for internal audits and other internal review processes
6. on a regular basis, publicly report a summary of all concluded complaints and grievances, and resulting actions, ensuring confidentiality of complainants or aggrieved parties, where requested or prudent

The scheme owner has a data and information management system that facilitates analysis and use of data for, at minimum:

1. monitoring and evaluating client performance (5.2.2), scheme sustainability performance (5.2.4) and variations in scheme effectiveness, outcomes, and reach (5.2.6)
2. managing risks to the scheme's integrity (2.5)
3. stakeholder engagement (3.1 and 6.5)
4. assurance (section 7)
5. claims management (8.5)

Documentation for the data and information management system includes how internal and external data are gathered, organised, and securely stored.

The scheme owner gathers data and information from different sources as needed to achieve at least the purposes outlined in 4.1. The scheme owner maintains lists of data and information sources used for each scheme component.

The scheme owner has data quality control procedures that ensure consistency and integrity for the data it manages.

The scheme owner has measures in place to ensure that implementing partners and service providers follow adequate data quality control procedures (including indicator protocols) to ensure data consistency and integrity for the data they manage on the scheme owner's behalf.

The scheme owner has procedures that control document integrity and guide the management, distribution and storage of scheme documents and records. Document controls include change logs to record when and what changes are made to scheme documents.

The scheme owner defines who has rights to different types of data within the scheme scope, including what data is available to whom and under what conditions. For data that is available externally, the scheme owner makes this information publicly available.

The scheme owner has measures in place to ensure compliance with applicable legal requirements for the gathering, storage, and use of data relevant to the implementation of its scheme. This includes procedures to protect and securely store confidential and proprietary data.

The scheme owner takes steps to address any barriers preventing its access to, or use of data required for implementation of its scheme, e.g., through contracts with implementing partners. This includes having the necessary permissions for access and use of relevant data.

The scheme owner defines a guiding framework for its monitoring, evaluation, and learning (MEL) activities that includes at least:

1. he objectives of its MEL activities
2. the priority topics that MEL activities seek to address (5.2)
3. the current and intended scope of MEL activities (5.4)
4. how findings and learning will be used to support continual improvement of the scheme (5.6)
5. how findings and learning will be made public (5.7)

The scheme owner's MEL activities are planned to generate findings and learning on the priority topics it defines. Over a five-year period, the MEL activities result in at least one publicly available output related to each priority topic.

The scheme owner's priority topics include at least the following:

1. whether components of the scheme are working as intended (scheme effectiveness)
2. whether clients demonstrate improved practices and/or sustainability outcomes and impacts in alignment with the scheme’s objectives (client performance)
3. occurrence of unintended negative effects
4. whether the scheme contributes to its intended sustainability outcomes and impacts (scheme sustainability performance)
5. validity of the scheme's causal pathways and assumptions
6. whether there are differences in scheme effectiveness, reach, outcomes, and impacts by gender and/or other groupings of special relevance to the scheme

At least some of the MEL activities and published outputs consider causality by employing methodologies that help to assess the extent to which observed changes are attributable to the scheme.

The scheme owner takes measures to ensure that the MEL activities it implements or commissions produce accurate, reliable, and relevant findings. At minimum, this includes:

1. defining the specific research and learning question(s) to be answered through each MEL activity
2. ensuring that research methodologies and approaches to data analysis are appropriate for answering the research and learning questions
3. maintaining indicator, data collection, and analysis protocols to guide consistent implementation of any MEL activities that will be repeated on a regular basis
4. ensuring that each published MEL output includes a clear description of both positive and negative findings, the methodology and data sources behind the analysis, any possible limitations to the analysis, and any recommendations for improvement

The scheme owner aims to carry out MEL activities that address all scheme components and strategies, and that cover the full product, sectoral, and geographic scope of its scheme.

Where this is not feasible, the scheme owner has a clear rationale for any exclusion from the MEL scope and has a plan to address and mitigate any associated risks and to expand the scope over time.

The scheme owner defines and applies ethics guidelines to govern any MEL activities that study or involve individuals.

The scheme owner uses the outputs and learning from its MEL activities to inform review and improvement of its standards (6.14) and other scheme components (2.8) and strategies, and its risk management plan and activities (2.5).

To facilitate this, the scheme owner shares at least annually with its Board, executive leadership, standards committee or equivalent, and staff members responsible for risk management and all scheme components, the findings, learning, and recommendations from its MEL activities within the scheme.

The scheme owner makes the following information about its MEL system publicly available and easily accessible:

1. MEL guiding framework (5.1)
2. information on planned and ongoing MEL activities (5.2)
3. list of all indicators being regularly reported on (5.3)
4. MEL outputs related to each priority topic (5.2)

In addition, at least once every two years, the scheme owner makes publicly available to stakeholders a summary of the findings, learning, and recommendations from MEL activities, and a management response that includes an explanation of the changes and improvements that have been and will be made as a result.

The scheme owner's procedures for standards development and maintenance address at least:

1. the processes for developing, reviewing, and revising standards, including the processes for stakeholder engagement (6.5 to 6.8)
2. decision-making roles, responsibilities, and procedures where these are not addressed elsewhere (6.9 and 6.10)
3. the conditions and process for urgent substantive revisions, if the scheme allows for these (6.12)
4. the conditions and process for non-substantive changes to the standard, e.g., to clarify language (6.11)
5. protocols for changes in the standard, including timelines by which changes come into effect and mechanisms to communicate those changes to affected stakeholders

Procedures for standards development and maintenance apply to all of a scheme's standards that are applied to its clients or members.

At the outset of a standard's development or revision, the scheme owner identifies external standards with overlapping scopes and assesses whether there are opportunities to strengthen alignment or complementarity.

At the outset of a standard's development or revision, the scheme owner defines the objectives of the development or revision process. These objectives are consistent with the scheme's intended impacts and strategies.

The scheme owner also develops or updates a terms of reference for the standard that includes at least:

1. the intended scope of the standard
2. the intended sustainability outcomes of the standard, consistent with the scheme's sustainability impacts and strategies (1.1)
3. a justification of the need for the standard, including how the standard complements existing external standards with overlapping scopes
4. the intended sustainability claims that the standard will substantiate (8.1.3)

During a standard development or revision process, the scheme owner makes a summary of the process easily accessible to stakeholders, that includes:

1. a summary of the terms of reference for the standard, including its proposed scope and intended sustainability outcomes (6.3)
2. the objectives of the development or revision process (6.3)
3. an outline of the steps in the process, including timelines and clearly identified opportunities for contributing (6.5)
4. an overview of the decision-making procedures, including how decisions are made and by whom (6.9 and 6.10)

The scheme owner holds public consultations that include:

1. at least two rounds of input on initial standards development
2. at least one round of input on standards revision

Stakeholders are informed in a timely manner of opportunities to engage. Each round is of sufficient length and format to provide stakeholders adequate time and opportunity to review material and submit comments.

Where substantive, unresolved issues persist after the consultation rounds, or where insufficient feedback was received in total or from specific stakeholder groups, the scheme owner carries out additional public and/or targeted consultation, as necessary.

The scheme owner ensures that the consultation process:

1. is open to all stakeholders
2. aims to gather input from a balanced and diverse group of stakeholders with an interest in the subject matter and geographic scope of the standard, or who are affected by its implementation
3. addresses barriers faced by stakeholder groups who are under-engaged or under-represented and proactively seeks their contributions

At the close of a consultation round, the scheme owner:

1. makes publicly available all comments received during the consultation or, at a minimum, accurate summaries of these comments, along with an explanation of how each material issue was considered
2. notifies all parties who submitted comments (and who opted to receive further communications) that the comments and explanations are available

The scheme owner assesses the feasibility and auditability of the proposed standard as part of the standards development process, and when there are significant changes introduced during standards revisions.

The scheme owner ensures that there is a governance body responsible for making decisions on the content of the standard and that this body:

1. is open to all stakeholders
2. constitutes a balanced and diverse group of stakeholders, including those that are directly affected by implementation of the scheme or by the sector the scheme seeks to impact

The scheme owner ensures that its decision-making procedure:

1. promotes consensus decision-making on the content of the standard
2. defines alternative decision-making procedures in advance and criteria for when these should come into effect in the event that consensus cannot be achieved

Procedures include decision-making thresholds that ensure no one stakeholder group can control decision-making.

The scheme owner has mechanisms that allow for non-substantive changes to the standard (e.g., to clarify language).

The scheme owner ensures that stakeholders are made aware during the next full review and revision process of any non-substantive changes made in the intervening period.

If the scheme owner allows for urgent substantive revisions to the content of the standard outside a full review and revision process, it has a procedure in place that defines the conditions for triggering these urgent revisions.

If the procedure allows for decisions on urgent revisions to be made without public consultation, the scheme owner ensures that the level of urgency is justified and publicly documented and includes the revisions for consultation in the next review and revision process.

The scheme owner has a process for stakeholders to submit comments and feedback or to seek clarifications on the standard at any time. The scheme owner documents and acknowledges receipt of this feedback and considers it as input in any subsequent review process.

The scheme owner reviews each standard covered by the ISEAL Code at least every five years, drawing on relevant data and information (6.15) to assess:

1. continued relevance of the standard's sustainability outcomes against the scheme's intended sustainability outcomes and impacts (1.1)
2. the standard's continued effectiveness in meeting its stated objectives

If the review determines that a revision is necessary, the scheme owner updates the standard's objectives as necessary and then revises the standard in a timely manner, in line with the relevant requirements in the ISEAL Code.

If the review determines that a revision is not necessary, the scheme owner reaffirms the standard, communicates publicly about the decision and rationale, and establishes the date for the next review.

As input to the standard's review and revision, the scheme owner compiles and analyses relevant data and information, including at least learning since the last revision from:

1. MEL activities, including assessments of the effectiveness of the standard (5.2.1), client sustainability performance (5.2.2), and occurrence of unintended negative effects (5.2.3)
2. assessments of clients' conformity to or performance against the standard (7.3)
3. analysis of feedback received from clients, assessment personnel and other stakeholders, particularly with respect to the standard's effectiveness, implementation, and scope (3.3)
4. any urgent substantive revisions implemented since the last revision of the standard (6.12)
5. external research and industry best practices, including assessments of emerging sustainability risks and opportunities (1.2)
6. changes to relevant legislation across the full scope of the standard.

The scheme owner ensures the standard is structured to meet its intended sustainability outcomes and to be consistently interpreted and applied. This includes ensuring that the content of its standard meets the following requirements:

1. the requirements in the standard are auditable, verifiable, or measurable, and easily understood
2. the standard contains requirements that address all of the standard’s intended sustainability outcomes
3. only requirements that are relevant to meeting these outcomes are included, and administrative requirements related to assurance, claims or labels or other matters not connected to sustainability outcomes are presented separately
4. requirements are at least as stringent as existing regulatory requirements in the countries where the standard is applied
5. the intellectual source of content is attributed or cited, where relevant

Where the scheme owner develops adaptations of its standard (e.g., for national or regional relevance, scale of enterprise, or for specific products or sectors), it does so through multistakeholder consultation processes.

The scheme owner documents the justification for any substantive differences between the adapted version and the standard and makes this documentation publicly available.

The scheme owner prepares guidance that is detailed enough to support consistent interpretation and implementation of the standard's requirements across its scope of application.

Where the scheme owner recognises an existing standard as partially or fully equivalent to its standard, this is based on:

1. a determination of the equivalence of sustainability performance between the two standards
2. an assessment that the existing standard is relevant and applicable to the contexts in which it is applied

The scheme owner makes consultation drafts and final versions of its standards freely available and easily accessible in the scheme’s official languages. In addition, it makes the following supporting information publicly available:

1. date by which a standard comes into effect and planned dates of any subsequent standards review
2. any additional translations of the standards to support accessibility and uptake
3. procedures for standards development and revision, including decision-making roles and responsibilities (6.1)
4. terms of reference for its standards (6.3)
5. comments received during the consultations or, at a minimum, accurate summaries of these comments, along with explanations of how the comments were considered (6.5)
6. any interpretations or variances to the standard arising from its implementation
7. if applicable, the justification and the details of any urgent substantive revisions made to its standards since the last review and revision (6.12)

The scheme owner establishes an assurance structure and assessment models consistent with:

1. the scope of the scheme and the risks inherent to its scope (e.g., sector, geography, part of value chain, types of chain of custody, etc.)
2. intended impacts and strategies of the scheme (1.1)
3. strategies for how the scheme intends to create value for clients
4. types of claims allowed by the scheme (8.1.3)

The scheme owner documents a rationale for its choice of structure and assessment models, based on the above characteristics. It also has a process in place for checking consistency with relevant regulatory requirements.

The scheme owner ensures policies and procedures for the assurance system include at least:

1. decision-making roles, responsibilities, and procedures where these are not addressed elsewhere
2. criteria for accepting assurance providers to the scheme and for assurance providers to remain in the scheme, including that they are registered legal entities
3. criteria for accepting clients to the scheme
4. types of assessments used in the scheme and a methodology for each (7.3)
5. types of chain of custody allowed by the scheme, where relevant, and an assessment procedure for each (8.4)
6. procedures for engaging stakeholders in the assurance system (3.3)
7. procedures for regulating exceptions to the standard and exceptions to the assessment procedures, including how stakeholders can provide input on proposed exceptions
8. requirements for the certificate/verification results (7.3) and/or claims related to assurance status of clients (8.1.3)
9. scheme-related requirements for the assurance system implementing partners
10. a mechanism for oversight of assurance activities and providers (7.18)
11. models of legal contracts with implementing partners and with clients, that delineate responsibilities and obligations, including data sharing, data use and confidentiality, and repercussions for fraudulent behaviour (2.7)
12. document and record control for the assurance system
13. protocols for changes in the assurance system, including timelines by which changes come into effect and mechanisms to communicate those changes to stakeholders

The scheme owner includes in scope of its assurance system all its standards that are implemented by its clients.

The scheme owner defines requirements and procedures for each type of assessment implemented within the assurance system, addressing at least the following:

1. frequency and intensity of assessment
2. knowledge, skills, and experience required in an assessor or assessment team
3. minimum set of criteria or requirements that need to be checked in every assessment
4. the role of remote auditing techniques within the assessment
5. a means or parameters for calculating the time needed for an assessment
6. sources of data and information that feed into the assessment; this includes specification of how stakeholders are to be consulted, as one source of information
7. how data sources are to be combined to provide an understanding of sustainability performance and risk, and how this informs the assessment process
8. minimum content of assessment reports including, at least, a list of non-conformities
9. timelines for submission of completed reports, following assessments
10. how to consider exceptions to the standard or assessment process

Where a risk-based approach is used to determine assessment frequency, intensity, or focus in either assurance or oversight, the scheme owner has a documented risk management procedure to assess the risk level of clients and/or assurance providers and the resulting assessment frequency and intensity. The procedure provides instructions on how to assess threats of non-conformity and the implications for the assessment of different levels of risk. The scheme owner requires use of the procedure by assurance providers and/or oversight bodies.

The scheme owner develops a sampling protocol for assurance providers and oversight bodies to use during assessments that includes, at a minimum, a description of when sampling is to be employed in the assessment, what influences the depth and intensity of sampling, and the type of sampling to be employed in each instance.

The scheme owner defines a decision-making protocol that enables consistent determination of conformity or performance status, the severity of non-conformities, and repercussions for each level of non-conformity. The scheme owner requires assurance providers and oversight bodies to implement this protocol.

The scheme owner requires assurance providers to provide sufficient information to clients to enable those clients to derive insights about their performance. At a minimum, this includes detailed information about any non-conformities.

The scheme owner requires assurance providers to implement a publicly available appeals procedure where clients can appeal their assurance decisions. It also requires oversight bodies to implement this for assurance providers.

The scheme owner defines consistent procedures for addressing non-conformities. At a minimum, the procedures:

1. define the action required to address different types of non-conformity, and whose responsibility it is to take that action, e.g., scheme owners have a legal obligation to report some types of non-conformities to local authorities
2. include guidelines for determining whether corrective actions adequately address non-conformities
3. define time limits for implementing corrective actions
4. define steps for verifying corrective actions
5. define repercussions where non-conformities are not adequately addressed

Where the scheme owner allows for group assessments, it specifies requirements for assurance providers to consistently evaluate the effectiveness of a group's internal management system in identifying and resolving non-conformities within the group.

The scheme owner:

1. defines consequences for non-conformities detected at the level of individual group members
2. ensures that non-conformities are issued against the group as a whole when there is a systemic problem with the group's internal management system, including when the number of non-conformities identified within a sample of individual group members signifies a systemic failure

Where the scheme owner accepts as equivalent or partially equivalent assurance results of another scheme, it defines the steps taken or the additional assurance activities or documentation required to have confidence in the results of the other scheme.

The scheme owner requires that assurance providers and oversight bodies:

1. conduct annual internal audits of their performance relative to the requirements of the scheme
2. share the results of these internal audits and how any findings were addressed with the scheme owner

The scheme owner requires that assurance providers and oversight bodies retain:

1. authority for assessment decisions
2. responsibility for ensuring the quality and integrity of all assurance activities they outsource to other parties

The scheme owner requires assurance providers to implement calibration activities that support consistent interpretation of the standard by auditors and assurance personnel, including sub-contracted personnel. Where the scheme owner works with multiple oversight bodies, it requires a similar programme of calibration for the auditors working for these bodies.

The scheme owner requires that interpreters or technical experts contracted by assurance providers or oversight bodies are independent of the client or assurance provider being assessed and do not have conflicts of interest. The scheme owner can allow for exceptions due to logistical constraints such as absence of alternative options, and in such cases, requires that exceptions are justified and recorded.

Where the scheme owner allows assessors or other assurance personnel to provide information to clients about improving performance, the scheme owner documents the types of information that can be provided and the steps taken to avoid conflicts of interest.

The scheme owner requires that assurance providers and oversight bodies assign competent personnel other than the assessor or assessment team to review assessment findings and any other relevant information and make impartial decisions about the client or assurance provider's assurance status.

The scheme owner defines an approach to oversight of assurance activities and assurance providers, ensuring this is consistent with the scheme's assurance models (7.1). The scheme owner defines:

1. its oversight mechanism, including roles and responsibilities for different oversight functions
2. the frequency of oversight activities
3. the oversight procedures to be followed
4. the process that oversight bodies should follow for assessing the performance of assurance providers, including a decision-making protocol that enables levels of non-conformity to be determined consistently
5. the consequences of non-compliance with performance requirements by assurance providers
6. The requirements for oversight bodies to report back to the scheme owner

The scheme owner ensures that its oversight mechanism, including any oversight bodies, is independent of the assurance providers being assessed.

The scheme owner ensures that its oversight mechanism, including any oversight bodies, has responsibility and authority to enforce actions or rules regarding non-compliance of assurance providers.

Where the scheme owner is the assurance provider, it defines measures to mitigate the conflict of interest, ensuring that issues raised by an oversight body are addressed by the scheme owner.

Where the scheme owner relies on accreditation bodies for its oversight, it ensures that accreditation bodies conform to the current version of ISO/IEC 17011 in addition to the requirements in the ISEAL Code that apply to oversight bodies.

Where the scheme owner accepts an assurance provider's accreditation against other similar standards as a proxy for the assurance provider's competence, it requires that these assurance providers carry out regular internal audits against the scheme-specific scope and share the findings and any resulting actions with the scheme owner.

The scheme owner takes additional measures to ensure these assurance providers meet its personnel competence requirements (2.4).

The scheme owner makes the following information about its assurance system publicly available and easily accessible:

1. a description of the structure of the assurance system (7.1), including the oversight mechanism (7.18) and decision-making roles and responsibilities (7.2.1)
2. criteria and procedures for accepting assurance providers and clients to the scheme, including the rationale behind any restrictions on access (7.2.2 and 7.2.3)
3. current list of implementing partners that are approved to work in the assurance system
4. details on how potential clients can access information about fees for assurance
5. description of each assessment methodology: type(s) of assessment employed, how clients are assessed, how often and by whom, and the basis for decisions (7.3)
6. description of how the scheme manages information provision (knowledge sharing) to clients by assurance providers (7.7)
7. description of how stakeholders can provide input to assurance processes (7.2.6)
8. description of the consequences for different levels of non-conformity (7.6)
9. description of the steps the scheme has taken to have confidence in the results of other schemes deemed equivalent or partially equivalent (7.11)
10. current list of clients, the scope of their assessments, and the expiry date of their certificate or assurance claim (where expiry dates are used)
11. at least basic information about the results of assessments of clients and assurance providers, that includes, at a minimum, information about the client's assurance status
12. list of past clients withdrawn from the scheme within the last five years, and the date of their withdrawal

The scheme owner ensures the documented claims system includes at least:

1. a list of the scheme's registered copyrights and trademarks
2. procedures that govern the scheme's development and substantiation of the claims it uses and the claims it allows clients to use
3. a list of all claims that the scheme allows and, where relevant, disallows clients to use, including sustainability claims and claims about assurance status
4. rules and procedures for client use of claims, including specifications about who is allowed to make which types of claims and where they can appear (8.3)
5. procedures for approving claims and renewing approvals (8.5)
6. procedures for monitoring use of claims and addressing misuse (8.7)
7. procedures for suspending and withdrawing permissions to use claims (8.7.3)
8. a list of all approved users of claims (e.g., licensees/certificate holders/clients) and the specific approvals granted
9. where relevant, procedures addressing the roles and responsibilities of implementing partners in the claims system

The scheme owner ensures that the claims it makes about its scheme and the claims that it allows clients to make are clear, relevant, and accurate. At a minimum, this includes ensuring that allowed claims are consistent with:

1. the scheme's scope, sustainability outcomes and strategies (1.1)
2. the requirements defined in its standard(s), including performance levels, where relevant (6.16)
3. the scheme's assurance model (7.1)
4. the chain of custody models allowed by the scheme, where relevant (8.4)
5. the scope of assurance, e.g., assurance of an enterprise, product, etc.
6. sustainability performance data from monitoring and evaluation (5.2)

The scheme owner defines the information that determines when each type of allowed claim can be made. The scheme owner takes into account at least the following information:

1. the requirements to be met by the client
2. the scheme's assurance model (7.1)
3. assurance status of clients
4. assessment results on client sustainability performance
5. the types of chain of custody models employed, when applicable (8.4)
6. findings on scheme performance, e.g., its contributions towards its intended sustainability outcomes and impacts (5.2)

Scheme owners with improvement-focused standards and claims should also take into account client progress over time when determining when claims can be made."

Where the scheme incorporates supply chain traceability, the scheme owner determines which types of chain of custody are fit for purpose and appropriate for the claims the scheme enables clients to make, and documents a rationale for its choice.

The scheme owner makes publicly available a summary of how each of the scheme's chain of custody models works and what controls it has in place to manage their integrity.

The scheme owner has or delegates to implementing partners a mechanism to approve clients' use of claims and to require clients to report on any changes that would affect their ability to make claims.

The scheme owner specifies what supporting information must accompany or be linked to approved claims and any requirements or conditions for how this information is provided or displayed. The scheme owner ensures that this supporting information is accessible to stakeholders and supports their understanding of the claim.

The scheme owner has procedures for monitoring the use of claims that include at least:

1. steps taken to monitor the misuse of claims in the market, including a publicly available and easily accessible mechanism for stakeholders to report misuse of claims
2. investigating and acting on identified cases of misuse of claims
3. suspending and withdrawing permissions to use claims, including defining the conditions and actions that lead to the suspension and withdrawal of permissions
4. monitoring that suspended or former clients have stopped making claims

The scheme owner makes the following information about its claims system publicly available and easily accessible:

1. rules and procedures for client use of claims (e.g., claims and logo use guide) (8.1)
2. general information on fees associated with claims use
3. procedures for approving claims and renewing approvals (8.5)
4. procedures for monitoring use of claims and addressing misuse (8.7)
5. procedures for suspending and withdrawing permissions to use claims (8.7.3)
6. opportunities for stakeholder input on the clarity, relevance, and accuracy of the scheme's allowed claims (3.3)
7. the mechanism for reporting misuse of claims (8.7)"