Requirements to be acknowledged as a governing body of auditors
What you need to be acknowledged by the Chief Prevention Officer under the Supporting Ontario’s Safe Employers program.
On this page Skip this page navigation
Employers applying for Chief Prevention Officer (CPO) recognition, under the Supporting Ontario’s Safe Employers program, need to complete a third-party audit of their workplace.
The audit must be done by a lead auditor that is certified with a certification body either:
- accredited to ISO 17021 -1 Conformity assessment – Requirements for bodies providing audit and certification of management systems – and the supplement ISO 17021-10: Competence requirements for auditing and certification of occupational health and safety management systems (ISO 17021),
- accredited to ISO 17024 – Conformity assessment – General requirements for bodies operating certification of persons (ISO 17024)
- acknowledged by the CPO as an acceptable governing body of auditors
A Chief Prevention Officer-acknowledged governing body of auditors is an organization that is acceptable to the CPO by meeting all CPO governing body of auditor requirements.
If an auditor is certified with an organization that is a Chief Prevention Officer-acknowledged governing body of auditors, it does not mean that the auditor is certified to ISO 17024 or any other standard.
Who needs to apply
A certification body must apply for acknowledgement by the CPO if it:
- wishes employers seeking CPO employer recognition to be able to hire its members as third-party lead auditors
- is not ISO 17021 accredited
- is not ISO 17024 accredited
A certification body that is accredited to the ISO 17021 or ISO 17024 standard does not need to complete the CPO governing body of auditors’ application.
However, the employer must demonstrate in its CPO employer recognition application that the third-party lead auditor is registered and in good standing with a certification body that is ISO 17021 or ISO 17024 accredited. See the Lead auditor requirements in the employer recognition criteria for details.
If your organization is not certified to ISO 17021 or ISO 17024 for certifying occupational health and safety auditors, see Section 3.2 below for requirements on how to be acknowledged by the CPO as a governing body of auditors.
Chief Prevention Officer requirements
3.1 Acknowledged by the Chief Prevention Officer as an accepted governing body of auditors
Being acknowledged by the CPO as a governing body for the Supporting Ontario’s Safe Employers Program does not mean that your organization meets the full requirements of the ISO 17021 or ISO 17024 standard. It only ensures that a lead auditor is qualified and governed by a governing body acceptable to the CPO to conduct third-party audits.
By applying to be accepted by the Chief Prevention Officer as a governing body of auditors, the applicant agrees to participate in the:
- governing body annual reporting process
- quality assurance review process
This participation is necessary to maintain Chief Prevention Officer governing body status.
The Chief Prevention Officer may acknowledge the certification process of a governing body of auditors that meets the CPOs requirements.
If you are applying to be acknowledged by the CPO, we strongly recommend obtaining a copy of the ISO 17024 standard for full details on the requirements and the definition of its terms.
To be acknowledged by the CPO as a governing body, the applicant must meet the requirements laid out by the Ministry of Labour, Training and Skills Development in section 3.2 below. These requirements are based on ISO 17024.
An organization seeking CPO governing body acknowledgement must have their requirements evaluated by the ministry.
3.2 Requirements for acknowledgment by the Chief Prevention Officer as a governing body of auditors
3.2.1 Management of impartiality
Structured process, policies and procedures must meet the requirements of Section 4.3 of ISO 17024. This ensures impartiality during certification activities.
3.2.2 Finance and liability
Financial resources necessary for the certification process must meet the requirements of Section 4.4 of ISO 17024. There must also be adequate arrangements to cover items such as insurance.
3.2.3 Structure of the certification body in relation to training
Education and training that are prerequisites for certification eligibility must meet the requirements of Section 5.2 of ISO 17024.
3.2.4 Personnel management
This refers to performance of all personnel, including but not limited to:
- confidentiality (ISO 17024, Section 7.3)
- security of information (ISO 17024, Section 7.4)
- competency and conflict of interest requirements (ISO 17024, Section 6.2.3)
3.2.5 Certification scheme
This refers to Section 8 of ISO 17024. The certification program must address:
- a code of ethics or code of conduct
- certification scope
- lead auditor competence (for example, if the lead auditor uses an industry-based standard as their audit criteria, the lead auditor must be competent in that same standard and registered with a governing body that can audit according to that same standard)
3.2.6 Certification process
The certification body must have the following:
- an application process (Section 9.1 of ISO 17024)
- an assessment process (Section 9.2 of ISO 17024)
- an examination process (Section 9.3. of ISO 17024)
- selection of examiners (Section 6.2.2. of ISO 17024)
- decision on certification (Section 9.4 of ISO 17024)
3.2.7 Recertification, suspension, withdrawal and reducing process
The certification body must have:
- a process for recertification (Section 9.6 of ISO 17024)
- a process for suspension, withdrawal or reductions of certification (Section 9.5 of ISO 17024)
3.3.8 Appeals and complaints process
The certification body must have:
- an appeals process (Section 9.8 of ISO 17024)
- a process to receive, evaluate and make decisions on appeals or complaints (Section 9.9 of ISO 17024)
3.3.9 Records management and Information request process
The certification body must have:
- a records management process, (Section 7.1 of ISO 17024)
- a process to verify and provide information upon request (Section 7.2.1 of ISO 17024)
Apply for Chief Prevention Officer governing body acknowledgement
Once you have a Chief Prevention Officer-accredited occupational health and safety management system in place, you can hire a third-party lead auditor from a certification body. If the certification body is not ISO 17021 or ISO 17024 accredited, they must apply for and receive CPO governing body acknowledgement.
If the certification body is ISO 17021 or ISO 17024 accredited, it does not need to complete the application and the employer can go ahead and apply for CPO employer recognition.
However, the employer must demonstrate that the lead auditor they used for the third-party audit is registered with a certification body that is accredited to ISO 17021 or ISO 17024. See the third-party audit requirements in the CPO employer recognition criteria for details.
Get the application to become a Chief Prevention Officer-acknowledged governing body of auditors. You may apply to become a governing body of auditor acknowledge by the CPO through the ministry’s Application Portal.
Maintain your status
To maintain status as a CPO-acknowledged governing body of auditors, certification bodies need to:
- submit an annual report every year by the anniversary date on which they received CPO acknowledgement
- submit a yearly attestation that they continue to meet the requirements by the anniversary date on which they received CPO acknowledgement; and
- participate in, and pass, a quality assurance review when requested by the CPO
Remove governing body status
The Chief Prevention Officer may no longer accept a certification body’s governing body of auditors status for the following reasons:
- the certification body has not submitted an annual report by the anniversary date of receiving governing body status
- the certification body fails to participate in a quality assurance review process requested by the CPO
- the certification body no longer meets CPO governing body requirements;
- the CPO becomes aware of false information, reference, and attestations, or forged documents that the certification body submitted to the ministry