SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
Chapter 1: Review of SA8000: 2014 Revision Webinar Part 1:
Changes to the Standard
Slide 1
In this chapter, we will briefly review Revision Webinar Part 1: Changes to the Standard. If you want to
review this information in more detail, you can access Revision Webinar Part 1 on your SAI training
center account.

Slide 2
To review, no significant changes were made to the elements on child labor, freedom of association &
right to collective bargaining, disciplinary practices or working hours. Minor changes were made to the
elements on discrimination and remuneration and significant changes were made to the elements on
forced or compulsory labor, health and safety and management system.

Slide 3
On this slide, we can see a general overview of the significant changes to elements 2, 3, and 9.
In element 2, forced or compulsory labor, we have added a new requirement that prohibits the payment
of employment fees or other costs by workers.
Element 3, health and safety, was reorganized in order to flow as a process, beginning with a risk
assessment to understand the workplace health and safety risks. In addition, there was an expansion of
the requirements and a new requirement on a health and safety committee.
Element 9, management system, was also reorganized and expanded. A couple new requirements
include a joint worker-manager Social Performance Team with new duties and increased internal
communication. This webinar focuses on element 9.

Slide 4
In particular, the changes to element 9 include the creation of a joint worker-manager social
performance team, which is responsible for conducting a risk assessment for SA8000 compliance,
monitoring the workplace for SA8000 compliance, facilitating internal audits, and maintaining records
for SA8000 non-conformances, including root causes and the results of corrective and preventive
actions. Some of the expanded requirements include a non-retaliatory grievance mechanism for all
personnel and interested parties, and training and capacity building.

Slide 5
This webinar will focus on the management system element, as we mentioned earlier. But first of all,
what is a management system? A management system is the set of policies, procedures and processes
that enable an organization to meet its objectives. Management systems must be developed and
implemented. Management system development is the creation of policies, procedures, and processes often this is the companys documentation. Management system implementation is the trained,
committed people who routinely follow the policies, procedures, and processes on a daily basis to
implement the management system for the organization.

Slide 6
1|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
Management systems are central to sustained SA8000 compliance. Through the management system,
SA8000 certified organizations can demonstrate their commitment to the Standard, create a plan to
implement the standard, and then train their staff to implement that plan on a daily basis. It also
enables them to continually evaluate performance so that they continually improve and sustain
compliance.

Slide 7
The SA8000: 2014 Management System requirements include the components of an effective
management system. We will review these components in a later chapter. They emphasize the
importance of system development and implementation, the difference between documentation and
application. Organizations cant just have the documents in place, they also need to implement the
content of those documents on a daily basis. There is also an emphasis on stakeholder engagement and
especially worker engagement. Lastly, the requirements help organizations set clear criteria for
measuring and improving their performance.

Slide 8
For more information on the changes to SA8000: 2014 standard, you can view Revision Webinar Part 1
on your SAI training center account. You can also review the SA8000: 2014 Guidance, which is available
in your resource folder for your course and on the SAI website.

Chapter 2: What is Social Fingerprint?

Slide 1
In this chapter, well tell you more about what Social Fingerprint is and how it is applicable to the
SA8000 Standard.

Slide 2
Social Fingerprint is a set of tools that help an organization measure and improve their management
systems for social performance. It breaks a management system down into 10 categories and 5 maturity
levels. Well cover those in more detail in a minute. There are really 3 key tools to Social Fingerprint.
There is a self-assessment, which is completed by the organization; an independent evaluation, which is
completed by the auditor; and a rating chart that explains the maturity level for each of the 10
categories. Well review all of this in more detail in the coming slides.

Slide 3
The philosophy behind Social Fingerprint is that you cant improve what you dont measure. You have to
be able to understand the current state of your management system to help you identify weaknesses
and areas to improve. Once you do this, then you can make targeted improvements and allocate your
resources in the areas that will pay back the greatest return.
Let me give you a couple examples. One would be reducing blood pressure: If you go to the doctor and
the doctor says that you have high blood pressure - thats a measurement. But then what do you do to
reduce your blood pressure? You could change your diet, you could exercise more, or you could stop
smoking. All of those are ways to improve - but you have to have that measurement as your baseline to
start. Then, you need to check your blood pressure on an ongoing basis to be able to see how youre
doing and if youre actually driving improvement. Its the same thing with running a marathon. If you
2|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
decide to run a marathon, you need to start by measuring a baseline how far can you run? How long
will it take? And then you can work your way up from there and make improvements.

Slide 4
Social Fingerprint breaks the management system concept down into 10 key categories. These are the
components of an effective management system. Think of these categories as the activities or the things
that you need to do or put in place in order to develop and implement a management system. Look at
these 10 categories here. Youll see they match with the SA8000: 2014 Element 9 requirements. Well go
into each of these in more detail in the next few slides.

Slide 5
In the previous slide, we talked about the 10 different categories of the management system. Social
Fingerprint also rates these categories on a scale of 1 to 5, with 1 being the lowest level of maturity, and
5 being the highest. So if you look at level 1, you can see that the organizations at this level have no
awareness of SA8000 and almost no system in place to manage social performance. Level 2
organizations start to have some practices in place they may have a partially developed management
system but implementation is still sporadic and mostly reactive. As you work your way up the levels,
organizations become more mature. At a level 3, organizations have a fully developed management
system, but theres still some implementation lacking. At level 4, the management system is fully
developed and being implemented consistently and regularly. Level 5 is above and beyond at this
level, the management system is not only developed and being implemented on a daily basis, the
organization is also continually improving the system itself.

Slide 6
This is the full Social Fingerprint Rating Chart, which shows the levels for each of the 10 categories. This
is just a snapshot of the chart. Well show you each of the categories and levels in more detail in the
following slides.

Slide 7
The first category is Policies, Procedures and Records. This is how the organization defines its principles,
objectives and commitment to SA8000 and how it instructs its personnel to implement those principles
on a day-to-day basis. The content of this category covers the organizations expectations of its
personnel related to SA800, and how it sets objectives and performance targets. As an auditor, some of
the things to be thinking about or looking for in this category are senior management commitment, the
level of internal and external communication, and whether or not that organization really conducts a
management review and understands the idea of continual improvement.

Slide 8
Here we take a look at the different maturity levels for Policies, Procedures and Records. We are looking
in more detail at that large chart you saw before. At the lower levels, there are no policies, procedures
or records related to labor standards in place; this is pretty easy to identify. As you work your way up
the levels, you start to see that that there is some system development at a level 3, with written policies
and procedures. But implementation starts to occur at level 4 and level 5. Take a look here at the
different levels and youll get a feel for how the maturity levels advance in this category.
3|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
Slide 9
The next category is Social Performance Team. This is the group of trained people who lead and
facilitate the organizations SA8000 implementation. The Standard covers whos on the team; this
should be a dedicated peer-selected team of workers and managers. The Standard also defines the
teams roles, responsibilities and authority with respect to SA8000 implementation. An important factor
to consider is whether the team has balanced representation between workers and managers.
Remember, a management system is all about making sure that there is consistent application of
SA8000, even with the constant change thats typical in the facility context. Thats why its important to
have balanced representation and to have workers and managers involved. Also, its important that the
team is trained to ensure that they have the appropriate attitudes, skills and knowledge so that they can
effectively carry out their implementation responsibilities.

Slide 10
Here we zoom in on levels 1 through 5 for the Social Performance Team category. Youll see that at a
level 1, the team is not formally assigned and nobody is really in charge of SA8000 implementation. At a
level 2, you do start to see a few individuals, or maybe one or two departments, with some primary
responsibility for labor standards, but most of the focus is on legal or customer code compliance. As you
go up the levels, you see that there is more multi-departmental involvement, and that there is more
worker representation. At a level 5, you see that there is real senior management commitment and
involvement with the Social Performance Team. At this level, the team is truly cross functional and
balanced and the team members roles and responsibilities are structured and assessed as part of their
performance reviews.

Slide 11
The next category is the Identification and Assessment of Risks. This category looks at how the
organization determines its risks and prioritizes the actions to take to address those risks. From a
content standpoint, the first step is to determine the risks. What are the risks that the organization
faces? Then, the organization assesses the likelihood and severity of negative impacts. Thats a critical
stage in the risk assessment. From there, its important for the organization to start to prioritize what
actions could be taken to reduce or mitigate the risks. Finally, the organization should be thinking both
about internal risks and also those of its supply chain members. Here are some important factors for you
to consider as you think about this category. First, the risk assessment should be a dynamic and ongoing
process. Its not a one-time thing, especially at a mature level in a company; it should be ongoing. Two,
it should involve workers and external stakeholders in that determination of the likelihood and severity.
And, finally, there should be some proactive element to the risk assessment. We dont like to see
companies that are only conducting a risk assessment in response to a negative event.

Slide 12
Now were going to zoom in on the maturity levels for risk assessment. At the lower levels, there is no
formal identification and assessment of risks at all. At a level 2, you might see a company that has
conducted risk assessment for specific areas. In many cases, they might have done an OHS risk
assessment or there could be a risk assessment in response to a law, but really nothing systematic in
what they do. As we work our way up from there, at a 3, we are starting to see a more systematic risk
assessment where the organization is identifying the risks and starting to prioritize key areas. At a 4 or 5,
4|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
were really getting to the next level organizations at this level have not only done a thorough risk
assessment, but they also start to identify ways that they can mitigate or reduce the risk along the way.

Slide 13
The next category is Monitoring. This category looks at how the organization tracks its SA8000
implementation and performance to achieve its objectives and targets. Once the organization has made
its SA8000 commitment and its plan and set its targets, it actually needs to check on how well its doing
in order to make necessary adjustments to strengthen its implementation. Some important factors to
consider: make sure the organization checks process indicators and performance indicators. Often
process indicators might be easier to track. Examples of process indicators are: the number of trainings
conducted or the number of workers trained on health and safety standards. But then you also need to
check performance indicators and determine if, for example, the training was actually effective? Or, did
the number of injuries or accidents reduce as a result of that training? You should also check that
monitoring is included as part of senior management review and the results of monitoring activities are
actually driving some sort of continual improvement.

Slide 14
Now well zoom in on the five levels for Monitoring. At the lower levels, for example at a level 2, youll
see that monitoring is very limited. It might be conducted for specific areas, such as OHS, or in
preparation for an external or customer audit. At level 3, you get more comprehensive coverage. The
monitoring may cover most of the SA8000 elements and the organization would have procedures in
place, but they monitoring may not be conducted regularly. At a level 4, monitoring has become routine.
At this level, you will see routine monitoring of SA8000 implementation and formal internal audits. At a
level 5, the organization goes above and beyond. Such organizations not only monitor on a regular basis,
but also use the results for monitoring for overall business strategy and planning and the monitoring
process itself is regularly reviewed and updated.

Slide 15
Now, were going to take a look at Internal Involvement and Communication. This category looks at the
organizations methods and channels for communicating with workers and getting workers input on
SA8000 implementation. You need to make sure that this involvement includes all personnel, both
directly and indirectly employed. Some important factors to think about are: make sure workers are
actually using and understanding the channels. This is a key thing for you to focus on. Next, is the
channel actually strengthening the relationship between management and workers? And finally, is the
worker input being used to improve SA8000 implementation? We want to look at the existence of the
channel, but also the effective use of the channel towards SA8000 implementation.

Slide 16
Now, lets zoom in and look at the levels of maturity related to Internal Involvement and
Communication. At the lower levels, 1 or 2, we see that theres either no communication channel or its
really informal and mostly verbal. During interviews, managers may say that they talk to workers from
time to time about labor issues. At level 3, we start to see something more formal. We start to see that
there is actually a communication channel between management and at least the directly employed
workers. At a level 4, we start to see that the channel is extended so that all workers, directly and
indirectly employed, are included in the channel and theres an evaluation of the workers understanding
5|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
of SA8000. Level 5 really goes above and beyond. It starts to look at the input from the workers and
whether that input is being included in annual improvement plans. So, this category is really important
to assess the existence of channels, but also the effectiveness of their use and whether the worker input
is actually used in implementing SA8000.

Slide 17
The next category is Complaint Management and Resolution. This category looks at how the
organization receives and addresses grievances or other suggestions from workers or interested parties.
Its important that the organization understands that effective complaint and management resolution
can actually be beneficial to help the management understand problems before they become crises.
Some important factors to consider: that the system is responsive and transparent. Its not just about
receiving the complaints; the company should actually address the complaints effectively and then
communicate about what the process looks like and what the results of the complaint were. Its also
important that the system is proactive and inclusive. Quite often, we hear from companies that they
have a suggestion box - but then its important to ask about the types of complaints actually get filed
through that suggestion box. Its important to have more proactive channels and to make sure that
workers actually trust the channels and that the management actually uses the whole process to
improve the SA8000 implementation.

Slide 18
Now, well zoom in on the levels for Complaint Management and Resolution. At the lower levels, for
example level 2, youll see that the complaints are addressed on a case-by-case basis and there is no real
formal method. At a level 3, the organization should have written complaint management procedures
that clearly lays out how complaints are received and addressed, and there should be multiple channels.
At a level 4, the effectiveness of the system is really measured and improved on a continual basis. There
are multiple channels, they are confidential, the company takes measures to ensure that there is no
retaliation, and the results are reviewed by senior management and available to interested parties. At a
level 5, the company goes above and beyond. The complaint management system itself is regularly
reviewed and updated; its widely trusted; its widely accessible; and the results are routinely used to
identify root causes and areas to continually improve SA8000 implementation.

Slide 19
Now, were going to take look at External Verification and Stakeholder Engagement. This category looks
at how the organization cooperates with external auditors, or involves interested parties to get
comprehensive input into the SA8000 implementation. Is the organization conducting any identification
and mapping of external stakeholders? Do they build these relationships to try to help to improve
implementation of labor standards? Some important factors for you to think about- do you see
proactive engagement of external stakeholders? Is there any sign of regular communication with
external stakeholders? And, finally, is it part of the process used to drive continual improvement?

Slide 20
Now, were going to zoom in and take a look at the 5 levels of maturity related to External Verification
and Stakeholder Engagement. Obviously at the low levels, level 1 and level 2, its really reactive. There
may be some cooperation with external auditors at level 2 but really everything else is reactive. At level
3, we start to see some procedures in place to cooperate with external auditors and possibly a little sign
6|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
of some kind of proactive outreach to external, interested parties. At a level 4, you start to see full
cooperation with external auditors and, importantly, we start to see stakeholder identification and
mapping being conducted to proactively involve interested parties in SA8000 implementation. Level 5
goes above and beyond. Organizations at this level should have proactive, regular engagement with
external parties and involve them in the whole process of labor standards performance inside the
organization.

Slide 21
The next category is Corrective and Preventive Actions. This looks at how the organization addresses
risks and gaps in its SA8000 implementation and makes system changes to prevent reoccurrence and
drive continual improvement. This means that they establish action plans to improve labor practices
and implement system changes to prevent reoccurrence of issues. So its important that the
organization conduct root cause analysis to understand the underlying causes for the issues. Once they
are identified, the action plan should not only identify the actions to take, but also the objectives,
targets, timeframes and proper allocation of resources to get it done. It also means that responsible
people need to be assigned and held accountable.

Slide 22
Now, well look at the levels for Corrective and Preventive Actions. At the lower levels, youll see that
the actions are mostly reactive and driven by customers and other auditors telling the company what to
do. Its typically a quick fix approach. At a level 3, you get more comprehensive procedures in place for
corrective actions. Records of actions are maintained and there is some follow-up, but for the most part,
the actions are still the primary responsibility of 1 or 2 departments, like HR or OHS. At a level 4, you see
that the organization takes not only corrective actions, but also preventive actions that look at root
causes and attempt to avoid reoccurrence. At this level, the organization monitors timelines and
properly allocates resources, so there is evidence that the corrective and preventive actions are actually
effective. And a level 5, there is continual improvement. The organization uses the risk assessment to
predict potential issues, and pre-empt them. Also, the corrective and preventive action processes
themselves are regularly reviewed and updated.

Slide 23
The next category is Training and Capacity Building. This category looks at how the organization trains its
personnel, and develops their attitudes, skills and knowledge to effectively implement SA8000. One of
the important things is to look at the nature of the training is it ongoing and regular? Does it involve all
personnel workers, supervisors, managers and senior management? Some things to consider as you
focus on this category: is the training being monitored to see if its effective? And next, is the training
progressive? Meaning, does it build on employees skills so that they can fulfill their duties related to
SA80000 implementation? Lastly, is training and capacity building tailored to the needs of different
departments, so that they are also able to most effectively contribute to the SA8000 certification
process?

Slide 24
Now, lets zoom in and take a look at the maturity level for Training and Capacity Building. At level 1,
there is really no mention of labor practices in the training of any kind. The organization may have
orientation and job training, but nothing really related to labor practices. At level 2, the organization
7|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
may have some training in place, but it is probably related to occupational health and safety and might
be a one-time brief mention of it during employee orientation. As we work our way up into level 3, we
start to see training plans in place. So, a good indicator for you to check would be the existence of a
training plan. And then, specifically, you may ask if there is some kind of specialized training for those
that are actually running the SA8000 implementation. At the level 4, we start to see routine
implementation of the training plan. We see that the training is being conducted regularly; there is
specialized training for the social performance team; and there is record-keeping related to training that
is tracked to measure the effectiveness of the training. At the level 5, the organization would be able to
show evidence of continual improvement. So, not only are they doing all the things at level 4, but they
are also conducting an analysis to see how they can improve the program and improving it on some kind
of regular basis.

Slide 25
The 10th and final category is Management of Suppliers and Contractors. This category looks at how the
organization conducts due diligence on its business partners and encourages them to implement SA8000
and improve. Now, you might find this overwhelming and think that the organization has to audit every
aspect of its supply chain. But the Standard requires that the organization simply conduct a supply chain
mapping and understand its greatest risks. Then, it should communicate about the expectations of
SA8000 to its supply chain members and make reasonable efforts to ensure that these risks are
addressed. Important factors to consider: is there senior management commitment both within the
organization and also from the organizations senior management to the senior management of its
business partners? Is there integration with business decision making? So, does the organizations
sourcing decisions and business decisions align with its policies regarding SA8000 integration in the
supply chain? And finally, does the organization effectively monitor its supply chain and then support
the efforts towards implementation with training and capacity building for its business partners?

Slide 26
Now, we zoom in on the levels for Management of Suppliers and Contractors. At the lowest level, level
1, you see that there is little or no consideration of labor risks in the supply chain. At a level 2, there may
be some informal conversations between the business partners about labor standard requirements, but
typically this is informal and fairly reactive. At a level 3, the organization wouldve done some
preliminary mapping of its supply chain to identify its highest risk areas and start monitoring the most
significant business partners activities. The partners are informed of labor standards requirements and
must convey acceptance. At a level 4, the communication with business partners about SA8000 and
expectations is routine and actually incorporated into all aspects of the business relationship and
business discussions. The organization maps its supply chain and conducts risk assessment and due
diligence across all areas of its supply chain to understand the priorities and where it should prioritize
resources to improve the SA8000 implementation across its business partners. At a level 5, business
partners SA80000 implementation is incorporated into the organizations overall business planning and
sourcing decisions, with incentives for high performance. And, local groups are engaged to improve
transparency and understanding of the risks and needs across the supply chain.

Chapter 3: Integration of Social Fingerprint into SA8000: 2014

Slide 1
In this chapter, well go over why Social Fingerprint is integrated into SA8000: 2014.
8|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
Slide 2
In our extensive experience, weve learned that stronger management systems lead to better social
performance. So, Social Fingerprint has been integrated into SA8000: 2014 to help applicant and
certified organizations improve their management systems so they can improve their social
performance and SA8000 implementation. Overall, this will increase the integrity and effectiveness of
the SA8000 system.

Slide 3
How does Social Fingerprint strengthen SA8000: 2014 Certification? First of all, it establishes a direct
relationship between SAI and certified organizations. This allows SAI to collect and analyze data about
certified organizations, including areas in which organizations require assistance so that SAI can create
guidance, issue specific training modules and conduct impact assessments of SA8000 certification.
Secondly, Social Fingerprint emphasizes capacity building before certification by providing organizations
and certification bodies with a consistent methodology to assess if the organizations are ready for
SA8000 certification. If they are not, capacity building is encouraged as a way to fill gaps identified by
the social fingerprint assessment. SAI can then provide specific tools and guidance that target identified
weak areas and improve SA8000 implementation overall. This is how Social fingerprint encourages and
systematizes capacity building. Finally, SF emphasizes continual improvement during the course of
certification through data collection and analysis, providing gap assessments so that organizations can
focus on the specific areas they need to improve and providing guidance for organizations to use in
order to improve specific areas.

Slide 4
Social Fingerprint is integrated into SA8000: 2014 in the following three ways. First, the SA8000: 2014
management system criteria are aligned with the Social Fingerprint categories. Second, all SA8000: 2014
applicants and certified organizations complete a Social Fingerprint self-assessment as part of the
application, transition or recertification process. Third, auditors conduct a Social Fingerprint
independent evaluation as part of SA8000: 2014 audits.

Slide 5
This chart illustrates how Social Fingerprint fits into SA8000 certification for new clients. Organizations
interested in Social Fingerprint and SA8000 have 2 avenues for entering the system. One option is for
organizations to take the Social Fingerprint self-assessment directly from the SAI website. The other
option is for organizations to sign a contract with a certification body (CB) as an applicant for SA8000:
2014. In this case, the CB will then direct the organization to the SAI website to complete the Social
Fingerprint self-assessment. After the organization completes the self-assessment, it can decide to
continue to pursue certification or not. At this point, some organizations may realize their management
system is not ready for SA8000 and decide to pursue further capacity building and improve their systems
before advancing further. SAI encourages organizations to fully consider the maturity of their
management systems before moving forward in the process. If they do decide to pursue certification,
they will contact a certification body who will review the organizations self-assessment score. Based on
this review, the certification body may counsel the organization to improve their management system or
may decide that the organization is ready to proceed to the Stage 1 audit.

Slide 6
9|Page

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
Now lets review the SA8000: 2014 certification process for new clients beginning September 1, 2015.
Before the Stage 1 audit, during the application process, the client completes a Social Fingerprint selfassessment, which generates a self-assessment score. The client can complete the self-assessment
through the SAI website or through the CB, as we discussed earlier. Next, if the organization decides to
proceed, an auditor will conduct a Social Fingerprint independent evaluation during the Stage 1 audit
and generate an Independent evaluation score. Based on that score and the audit results, the
organization or the CB will decide if the organization is ready to advance to the Stage 2 audit. During the
Stage 2 audit, the auditor again conducts an independent evaluation and generates a score. Based on
the results of that independent evaluation, and of the audit, the CB will determine if the organization
can become SA8000 certified. If the organization does become certified, the auditors will complete a
Social Fingerprint independent evaluation during the Surveillance 1 audit, 6 months after certification
and at the Surveillance 3 audit, 18 months after certification. After the initial 3-year certification cycle,
the Social Fingerprint self-assessment and independent evaluation are required during the
recertification audit, every three years. Well talk more about this process and what the Social
Fingerprint scores mean in Chapter 7.

Slide 7
For clients that are up for recertification between September 1, 2015 and December 31, 2016, the
process is a little different. The client completes the self-assessment before the recertification audit and
generates a self-assessment score. During the recertification audit, the auditor conducts a Social
Fingerprint independent evaluation and generates a score. The auditor then completes the independent
evaluation again at the Surveillance 1 audit, 6 months after the recertification audit, and the
Surveillance 3 audit, 18 months after the recertification audit. After the initial 3-year certification cycle,
the Social Fingerprint self-assessment and an independent evaluation will be required during the
recertification audits every 3 years.

Slide 8
All other clients must transition to SA8000: 2014 by December 31, 2016. This slides outlines the process
for transition audits and Social Fingerprint. The client completes the self-assessment before the
transition audit and generates a Social Fingerprint self-assessment score. During the transition audit, the
auditor conducts a Social Fingerprint independent evaluation and generates the independent evaluation
score. Then, depending on when the transition audit takes place during the certification cycle, the next
independent evaluation may occur during the surveillance 3 audit and/or the recertification audit. If the
transition audit occurs during a Surveillance 1 or 2 audit, the auditors will conduct a Social Fingerprint
independent evaluation at the Surveillance 3 audit and the recertification audit. If the transition audit
occurs during a Surveillance 3, 4, or 5 audit, the recertification audit will include the full Social
Fingerprint process, including the self-assessment and independent evaluation. After that initial 3 year
cycle, the Social Fingerprint self-assessment and independent evaluation are required during the next
recertification audits.

Slide 9
For more information on transition requirements for certified organizations, you can refer to SAAS
Advisory 4A, which can be found in your resources folder for this course and on the SAAS website.

10 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
Chapter 4: The Social Fingerprint Tools: Self-Assessment,
Independent Evaluation and Rating Chart
Slide 1
In this chapter, well go through the Social Fingerprint tools: the self-assessment, the independent
evaluation and the rating chart.

Slide 2
The Social Fingerprint self-assessment should be completed in the SAI online training center by the
organization. The Social Fingerprint independent evaluation is also completed in the SAI training center
online by the lead auditor at the time of the audit. The Social Fingerprint rating chart goes over the 10
categories of Social Fingerprint and explains the 5 levels of maturity for each category. The rating chart
may be used by auditors and organizations as guidance.

Slide 3
The self-assessment has benefits for the organizations and for the auditors. For the organization, it really
functions as a capacity building tool. It enables the organization to understand the components of an
effective management system and be able to see how those pieces work together to be able to develop
and implement a management system for SA8000 certification. It also provides an opportunity for selfreflection and learning. Remember, we talked before about the idea that you cant improve what you
dont measure. This self-assessment is the first measurement along the way so the organization can get
a sense for where they stand today this provides them with a baseline for where they are so they can
see where they need to improve and how they should to allocate resources and time to focus on the
parts of the system that they need to work on the most. Finally, it helps the organization to prepare for
the audit. Theyll be aware of the documentation required for the audit and they also should have good
idea of the types of things that they should have in place before the SA8000 certification audit.
There are also a lot of benefits for the auditors. For the auditor, the self-assessment helps to illustrate
how the organization views itself. Where do they think they stand in terms of their system maturity,
both development and implementation? Also, it gives you real insight into how well they actually
understand the idea of a management system. Youll be able to tell based on their answers if they really
understand the idea of a management system and the idea of implementation. And finally, it will help
you to identify areas during the audit you should investigate in more detail. If you see weaknesses in
certain categories, you might want to focus on them. If you see high scores in another area that seems
out of place to you, you might want to investigate that.

Slide 4
The independent evaluation also has benefits for the organization and for the auditor. For the
organization, it provides an externally-validated evaluation. It gives them a chance to see how the expert
opinion of the auditor compares to their own self-assessment. That really can be an eye-opener and a
valuable learning experience for the organization. Of course, it helps the organization identify its
strengths and weaknesses. Each of those categories is actually a path to improvement for the
organization; each level is a step in the journey. This helps the understand the path they need to take to
improve and move up specific levels in maturity. Finally, it helps to connect the idea of performance
issues to gaps in the management system.
11 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
For the auditors, the independent evaluation has certain benefits as well. It provides a clear, consistent
method for auditors to assess management systems for labor compliance in a factory. It enables you to
break the management system down into component parts and be able to understand the relative
strength and weakness of each part so you can determine how well the organization is developing and
implementing each part of the management system. It also gives you a way to consolidate that
information to take a holistic look at the overall system the company has in place for SA8000. And
finally, it provides data for the audit findings. That data is really useful in identifying the current state of
the management system and being able to track it over the full certification cycle.

Slide 5
As SA8000 auditors, its important for you to clearly understand the function of the independent
evaluation and be able to explain it to clients. The Social Fingerprint independent evaluation is a holistic
assessment of an organizations management system. Youre all experienced management systems
auditors. The independent evaluation is not a new way of doing the management systems audit. Youre
going to continue to conduct the SA8000 management systems audit and evaluate the management
system as youve always done. The Social Fingerprint independent evaluation is simply a new way of
structuring and scoring the management systems maturity so that there is a consistent way for all of us
to report and to compare findings. The independent evaluation is not a checklist of the organizations
compliance with SA8000. You already know this, because you are experienced auditors and the way that
you evaluate and conduct the audits is not a checklist approach. The independent evaluation is not a
replacement for the submission of findings or non-conformances. Youll still conduct the certification
audit, evaluate the management systems and submit non-conformances as needed. The Social
Fingerprint score is simply a piece of data that supports your audit findings and any con-conformances
identified. Again, the Social Fingerprint independent evaluation score is a piece of data that supports the
audit findings. You cant just submit the Social Fingerprint score as a con-conformance. For example, if
the organization scores a 2 in policies, procedures and records, you still need to write a nonconformance for that areas, identifying the gaps and explaining the evidence to support the nonconformance.

Slide 6
So remember, both the Social Fingerprint self-assessment and independent evaluation are designed to
assess the maturity of the organizations management system. Both the self-assessment and
independent evaluation use the same 10 categories; and they both use the same questions and answer
options to be able to generate that maturity score. Were going to go into more detail later on how you
answer the questions, but for now, we just want to you to keep in mind that you basically will be going
through the exact same assessment that the company did, but you will provide your expert opinion
based on audit including the interviews, the tour of the facility and the document review.

Slide 7
As we covered before, Social Fingerprint rates the management system on a 5-level maturity scale. Both
the self-assessment and the independent evaluation follow the same maturity levels.

Slide 8
The third tool is the rating chart. This integrates the 10 categories and the 5 levels. It helps you to
visualize where the scores are both for the self-assessment and the independent evaluation. Theres a
12 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
description in each box that describes the maturity level related to that category. We went over these
before in an earlier chapter.

Slide 9
Here are some additional resources for you to use. They can all be found in the resource folder for this
course. The next chapters will go through how to use Social Fingerprint during all stages of the audit
process. However, if youre curious now about what Social Fingerprint looks like online, you can click the
tile for Chapter 8 at any time to view a video demo.

Chapter 5: Before the Audit: Reviewing the Self-Assessment

Slide 1
In this chapter, we are going to review how you use the Social Fingerprint self-assessment and how you
should review it before the audit.

Slide 2
Youll be able to access a question and answer form that looks like this. This will show you how the
organization answered each of the Social Fingerprint questions, and the point values associated with
each of the answers that they chose.

Slide 3
Auditors are able to use the self-assessment results to get an idea of how well the organization
understands what a management system is and how the organization sees the maturity of its own
system. If the self-assessment score is less than a 3, this indicates that the organization has less mature
management system in place; this should be taken into account in audit planning. The system may have
significant weaknesses that require certain audit techniques in order to expose where the gaps lie. For
these sections, auditors may recommend further capacity building to the organization before it decides
to pursue certification.

Slide 4
As you review the self-assessment, there are some important things to keep in mind. First, who actually
completed the self-assessment for the company? Which group of people or which person completed it?
You want to make sure to talk to them during the audit. Next, which categories have either low or high
scores? Is there anything that you see in the scores that are contradictory? These are really important
things to look at as you start to plan the audit. Categories that have particularly low scores are areas you
may want to concentrate on during the audit, because the company acknowledged that it is relatively
weak in that area. You may also want to focus on areas with high scores to make sure that you would
agree with the organizations assessment of its own system maturity. One of the other things to check is
inconsistent maturity levels from category to category. If you see a company that has, for example,
really high scores in training, but really low scores in policies, procedures and records that may be an
indicator that something isnt quite right.

Slide 5
Lets take a more careful look at some of the things youll see with self-assessment scores. One, keep in
mind that self-assessment scores are typically higher than the independent evaluation scores that youre
13 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
going to rate. Why does this happen? Well first, it may be because of a lack of knowledge about
management systems on the part of the company. Secondly, the company may have put undo emphasis
on system development, which is the documentation piece, and may not really be focusing on
implementation of the system. Thirdly, the questionnaire may have been completed by personnel that
dont have the relevant experience. Lastly, the company may simply have a positive bias and feel that
they are better at things than you as an expert think they are. As an auditor, you should be prepared to
discuss these issues during the closing meeting and explain there might be a gap in the score that you
generate versus the organizations self-assessment score.

Chapter 6: During the Audit: Completing the Independent

Evaluation
Slide 1
In this chapter, well go over how to complete the independent evaluation as part of the SA8000
certification audit.

Slide 2
Now, keep in mind that the independent evaluation is not a completely new activity within the SA8000
certifications. It is simply a new way of structuring the management systems portion of the SA8000
certification audit. Youll be conducting an SA8000 management systems audit as usual, with the
opening meeting, the collection of objective evidence, including document review, interviews with
workers, manager and stakeholders, and site observation, and the closing meeting. During the closing
meeting, you might discuss the reasons for differences in the self-assessment score and your
independent evaluation scores. You want to keep the Social Fingerprint questions in mind as you
conduct the audit so youll make sure to collect enough evidence to answer the questions in the
independent evaluation scoring. That doesnt mean that this becomes the management systems
checklist. Youre still conducting the SA8000 management system audit as comprehensively and
holistically as you usually would. However, at the end, the questionnaire helps you to systematically
evaluate the components of the management system, question by question for each category, and
generate the independent evaluation score.

Slide 3
Completing the independent evaluation scoring is the next step after collecting the evidence. The lead
auditor is responsible for answering the questions of the independent evaluation. This should be done
onsite during the audit or offsite if need be. You need to answer all of the questions in each chapter. You
can see on the right side of the slide the way the chapters will look in the online tool. Cased on the
answers that you provide to each multiple choice question, the Social Fingerprint score is going to be
automatically generated.

Slide 4
Here is an example of a question from the Social Performance Team category. The question is: The
people managing our labor practices actively manage the following types of activities. There are 5
answer options, A through E, each of which matches up to one of the five maturity levels. Youll see that
this is written from the perspective of the organization. Thats because this is the same set of questions
and answers as the self-assessment. As the auditor, you complete your management systems evaluation
14 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
and now go question by question and choose one of the answer options. Again, its written from the
perspective of the organization - you just need to choose the best answer for the organization.
Sometimes you might have trouble deciding which to select - maybe one of the answer options doesnt
exactly match the situation. In that case, you might want to think about the maturity levels - 1, 2, 3, 4
and 5. Thatll help you think about what level the company is at, and you can choose the answer option
that best fits.

Slide 5
Now, were going to take a look at the same question from a different perspective. Over on the right
hand side of the slide, youll see a column with examples of the type of evidence that you may find that
would support your decision to answer a question a certain way. This could come from interviews or
from document review conducted during the audit. Lets look at the evidence at level 2. Here maybe you
found that they have an organizational chart that designates some people with responsibility for OHS or
some kind of labor compliance related things; maybe in an interview with HR, the employee mentions
some kind of policies or procedures that they have about labor compliance, or their responsibility for
that area. If we work our way up the levels, we can look at level 4 at this level, you might find that
there are actually management meeting minutes discussing implementation of the Standard, and that
there might be policies that actually refer to the social performance team. You might have actually
conducted interviews with team members and reviewed reports to senior management. All of this
would be evidence of a fully functioning social performance team that would support your selection of
the answer choice A, B, C, D or E.

Slide 6
We just covered one question and gave you an idea of the way the questions and answer options are
aligned with the maturity levels. We gave you some examples of the evidence that you might look for at
various levels. We need you to take that approach and carry it forward throughout the audit and
throughout the independent evaluation scoring.
Here are some other tips based on our experience conducting independent evaluation: One is the idea
of triangulation of information. If youre getting information that supports one idea - are you able to get
information in another area that supports or disputes that original piece of information? Thats one key
thing and thats something youre probably very familiar with as a management system auditor. Another
thing to think about is related to the document review and the interviews. Do you see consistency
between what youre learning from the different sources of information? If a person is telling you,
Sure, we have procedures covering all aspects of SA8000, but you dont see anything in the
documents, or you ask to see the procedures and they only give you a brief policy statement; that would
indicate that they dont really have the procedures in place. These are some of the types of things that
we think about. The other thing to think about is the idea of system development versus
implementation. Documents alone are not sufficient to generate high scores or high maturity levels. You
need to see evidence of the system being implemented. Again that can come from interviews,
observations during the facility visit, or from document review but evidence of implementation is
important. As you go through and answer the questions one by one, there may be times that there is
not a perfect fit. You might think to yourself, Im not sure if I should answer A or B or B and C. Most
often, youre going to be stuck between B and C or C and D and you may be a little confused about
which way to go. In these cases, you should really focus on in your expert opinion what do you think
15 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
happens when youre not there at the company? What do you see in terms of development and
implementation that would lead you to believe that they are able to continue to have a strong system
when you are not there? When in doubt between two choices, we typically would recommend that you
choose the lower maturity answer to avoid score inflation. Another tip is not to let the self-assessment
score overly influencing the way that you generate the independent evaluation score. Of course youre
going to be looking at the self-assessment score prior to the audit and will be familiar with roughly
where the company sees itself, but as youre actually going through the independent evaluation process,
its important not to be overly focused on their score. Because if they gave themselves a 5 or ended up
at a 5, you might feel influenced by this score and just downgrade them to a 4 or a 3 when, in reality, the
evidence might suggest that they should be at a level 2. So thats another tip thats really important to
keep in mind - really do this as an independent evaluation. Its not a verification of the existing selfassessment.

Slide 7
As soon as youve completed all the questions and answers in the independent evaluation, youll be able
to view the scorecard. You can see here that there will be a rating for each of the 10 categories from a
level 1 through 5, then there will be the overall rating with an average of the 10 categories. Youll see
more detail in the next chapter about how this independent evaluation score is incorporated into the
rest of the audit report.

Slide 8
In the previous slides, weve talked about incorporating the independent evaluation into full SA8000
certification audits to cover all 10 categories of the management system. You might be wondering what
this looks like for surveillance audits since surveillance audits are limited management system audits
that only assess specific sections of the organizations management system. According to SAAS
procedure 200, about 3 of the 10 management systems components do not need to be audited at every
surveillance audits. These are social performance team, external verification and stakeholder
engagement and management of suppliers and contactors. So, unless these 3 categories had conconformances in the last audit, the auditor can just use the evidence from the previous audit to
complete the independent evaluation scoring for these 3 categories during the appropriate surveillance
audit.

Slide 9
Here are additional resources that you can find in the resources folder for this course. They go into a lot
more detail about these issues Im sure you have a lot more questions, so happy reading.

Chapter 7: After the Audit: Audit Findings and Results

Slide 1
In this chapter, we explain how Social Fingerprint is incorporated into SA8000: 2014 audits after the
audit and how it is incorporated into audit findings and results.

Slide 2
24 hours after the independent evaluation is complete, auditors will be able to view a side-by-side
report with the companys self-assessment question answers and the independent evaluations question
16 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
answers. Usually, the independent evaluations scores are lower than the self-assessment scores. For
example, for another SAI Social Fingerprint program, the average self-assessment score is a 3.3 and the
independent evaluation average is a 2.6.

Slide 3
A Social Fingerprint score is one piece of data to consider in completing the audit report. It gives an
overall assessment of the management system and can support your general findings about the
management system. For example, if you find in the audit that the company has serious gaps in
complaint management system, this will be evident with a low score in that area. However, youll still
need to write a finding or a non-conformance if appropriate about this gap. Keep in mind that Social
Fingerprint does not replace the submission of audit findings and non-conformances and auditors
cannot write non-conformances against the scores. Non-conformances must be written against the
requirements of the Standard.

Slide 4
Stage 1 audits, also referred to as readiness assessments, determine if the organization has the right
systems in place to proceed to the Stage 2 audit. The independent evaluation helps determine how
ready the organization for the next stage. If the score is less than 3, then the management system may
not be mature enough for SA8000. Before proceeding to Stage 2, the organization should engage in
capacity building to fill the gaps identified by the independent evaluation. If the CB allows the
organization to proceed to the Stage 2 audit with an independent evaluation score that is less than 3,
the justification for this decision should be recorded in the Stage 1 audit report.

Slide 5
The Stage 2 independent evaluation score assesses readiness for certification. If the independent
evaluation score is 1, organizations will likely have major non-conformances and are not ready for
certification. If the score is 2, organizations will likely have a small number of major non-conformances
and numerous minor non-conformances. Organizations at this level are likely not ready for certification
but maybe able to make some improvements to become ready over time. If the independent evaluation
score is 3, organizations will likely have minor non-conformances and areas of improvement and maybe
1 or 2 major non-conformances. Organizations at this level may be ready for certification if they make
significant improvements to their system. The auditor should provide justification for providing
certification to organizations at this level. If the score is 4, organizations may have a small number of
minor non-conformances but should be ready for certification, provided that they meet the other
requirements of the Standard. It is unlikely, although possible, for an organization to achieve a score a 5
after the Stage 2 audit because they must demonstrate evidence of continual improvement against their
targets and objectives. The auditors will review any management system gaps identified by the
independent evaluation during the next surveillance audit.

Slide 6
Surveillance audits ensure ongoing compliance with the Standard. The independent evaluation score is
another piece of data that supports surveillance audit findings. If the organization is effectively
implementing improvements, the scores should go up. If the organization is ineffective in implementing
improvements, the score may stay the same or go down. The most likely causes of Social Fingerprint
scores going down during surveillance audits would be poor implementation of the management system
17 | P a g e

SA8000:2014 Revision Webinar Part 2: Social Fingerprint

Webinar Transcript
itself. For example, the development of this system may remain the same, but implementation may
waver depending on a number of factors, such as inconsistent implementation; loss of resources, such
as the turnover of trained people responsible for portions of implementation; or a significant event that
pulled people away from implementation in order to focus on other things.

Slide 7
Recertification audits ensure that the organization is sustaining compliance with SA8000 and continually
improving. The independent evaluation score tracks that improvement over the 3 year cycle. We would
expect companies to get higher recertification scores at each certification cycle. They would be expected
to close out non-conformances and improve SA8000 implementation over recertification cycles as their
management systems become more mature.

18 | P a g e