Derogation 7: Chain of Custody Labour Audit Risk Revision

28 May 2021
1 Objective of the derogation

1.1 This derogation allows Chain of Custody certificate holders, where applicable, to demonstrate compliance to the CoC labour requirements in one of two ways:
a. By complying with the current CoC labour requirements, or
b. By completing a self-assessment of labour practices that covers all sites in the certificate.
1.2 This derogation applies to certificate holders, applicants and subcontractors identified as Standard Risk according to Tables 5 and 6 of the MSC CoC Certification Requirements v3.1.

2 Derogation requirements – certificate holders
2.1 Organisations identified as Standard Risk shall either:
a. Follow CoC Standard 5.7.2/5.8.2 (Default v5.0; Group and CFO v2.0) and complete a third-party labour audit and comply with the CoC labour requirements, or
b. Submit an MSC Chain of Custody Labour Self-Assessment Formas part of their CoC audit and agree to complete a labour audit if called upon to do by the MSC.
2.2 If an organisation proceeds with 2.1.b, they shall:
a. Complete one self-assessment per certificate.
b. For organisations with multiple sites and/or subcontractors, complete the self-assessment information shall cover all sites that will be covered by this derogation.

Guidance 2.2.b
A separate self-assessment may be completed by subcontractor(s) when it is impractical or impossible to include with the organisation.
c. Follow the instructions in the self-assessment form.
d. Complete the form by the day of the CoC audit.
e. Agree to complete a labour audit if required to do so by the MSC.


3 Derogation requirements – CABS
3.1 The CAB shall send a form to Standard Risk clients when scheduling the CoC audit to determine whether their client has opted for 2.1.a or 2.1.b.
3.2 The CAB shall document the client's response in the Chain of Custody audit checklist (Default and Group v4.1; CFO v2.1).
3.3 If the certificate holder opted to apply clause 2.1.a, the CAB shall follow the MSC Third-Party Labour Audit Requirements v1.0.
3.4 If the certificate holder opted to apply clause 2.1.b, the CAB shall:
a. Send the certificate holder a copy of the self-assessment in advance of the CoC audit.
b. Check that the self-assessment is complete by the day of the CoC audit.
c. Upload the self-assessment to the MSC scheme database with the final CoC audit report.

Guidance 3.4
The self-assessment should be completed ahead of the audit by the certificate holder.
Guidance 3.4.b
The CAB is not responsible for verifying the accuracy of the responses provided in the questionnaire, only for ensuring it is complete and all questions answered.

3.5 The CAB shall maintain a list of certificate holders where this derogation has been applied which shall be made available for MSC or ASI on request.


FAQs and further guidance

1. What is the objective of this derogation?
The objective of the derogation is to allow for greater flexibility in how affected CoC certificate holders may comply with the CoC labour requirements, given the uncertainty created by the Covid-19 pandemic, while maintaining a mechanism for the MSC to have oversight of where risks or issues may be present in certified supply chains and to respond accordingly.

2. When do certificate holders have to complete a labour audit and how will this be verified by the Conformity Assessment Body (CAB)?
Certificate holders will now have a choice whether to complete a labour audit or to complete a self-assessment.
If a certificate holder chooses to complete a labour audit instead of a self-assessment, then they will need to complete a labour audit by their next CoC audit. The auditor will then verify compliance against the MSC Third-Party Labour Audit Requirements.
If a certificate holder was expecting to complete a labour audit by 28 March 2021 (now extended until 28 May 2021) as per the original derogation and subsequent extension, please note that this will be superseded by the new derogation. Therefore, certificate holders will only need to complete a labour audit by their next CoC audit. This will ensure alignment in expectation between those that opt for an audit vs. a self-assessment.

3. If a Group certificate is stratified and/or uses subcontractors, do all these activities need to be covered in the self-assessment?
Yes. If the scope of a certificate includes sites and/or subcontractors that would be classified as Standard Risk, then these activities should be reflected in the content of the self-assessment. Information in the self-assessment should be comprehensive and inclusive to the best of the certificate holders' ability.
If it is not possible to include any subcontractor(s), the subcontractor can complete a separate self-assessment. In such cases, the certificate holder would still be responsible for the subcontractor's compliance as per CoC Standard (Default v5.0; Group and CFO v2.0) clause 5.3.1.

4. Is the CAB required to audit the self-assessment?
No, the CAB is required to check the completeness of the self-assessment only.

5. Who will pay for the audit if required by the MSC?
For certificate holders that opt to complete a self-assessment, the MSC reserves the right to commission a labour audit. A labour audit may be commissioned if there are concerns stemming from the content provided in the self-assessment or by random selection. Labour audits in this instance will be funded by the MSC.

6. Where do I find the self-assessment?
The self-assessment is available on the MSC website at: www.msc.org/for-business/certification-bodies/supporting-documents.

7. How often does the self-assessment need to be completed?
The self-assessment shall be completed annually as part of the CoC audit process. Content should be updated to reflect any changes such as engagement with a new social audit program or changes to the CoC certificate such as new sites added.