Complaints & Appeals

Guardian Middle East LLC operates a structured Complaints & Appeals process under ISO/IEC 17021-1 §9.7 (Appeals) and §9.8 (Complaints). Complaints (about audit conduct, service, impartiality, or other matters) and Appeals (against certification decisions) are reviewed by personnel independent of the audit team and certification decision-maker. Acknowledgement within 5 business days; substantive response typically within 30 business days. External recourse is available through accreditation bodies (UAF, IAS, QS) and regulators where applicable.

Definitions — Complaint, Appeal, Feedback

Three types of input are handled through different routes. Identifying which one applies determines the process used.

Type	Definition + When to Use
Complaint	Definition (ISO/IEC 17021-1 §3.6) – expression of dissatisfaction, other than appeal, by any person or organisation, to a certification body, relating to the activities of that body or of a certified client, where a response is expected. When to use – concerns about audit conduct, audit-team behaviour, service quality, impartiality, communication, the operation of a certified client (e.g., misuse of marks), or any other matter falling outside the scope of an Appeal. Process – five-stage Complaints process (§13).
Appeal	Definition (ISO/IEC 17021-1 §3.5) – request by the provider of an object of conformity assessment to the certification body for reconsideration of any decision it has made relating to that object. When to use – challenge to a certification decision (grant, conditional grant, defer, refuse, suspend, withdraw), challenge to a nonconformity classification, or challenge to a scope variation decision. Process – four-stage Appeals process (§14).
Feedback	Definition – comment, observation, or suggestion that does not require a response. When to use – general observations on Guardian’s service, suggestions for improvement, kind words, or commentary that does not require investigation or formal handling. Process – recorded for management consideration; no formal response process applies.

Where the type of input is unclear, Guardian’s Compliance Function determines the appropriate process based on the substance of the matter raised — not the title used by the submitter. The submitter is informed of the determination.

The Complaints Process

Stage 1 — Notice of Intent to Appeal

An appeal must be filed within a defined timeframe of the decision being appealed:

Certification decisions (grant, conditional grant, defer, refuse) — within 21 calendar days of the decision communication.
Suspension or withdrawal decisions — within 21 calendar days of the decision communication.
Nonconformity classification disputes — within 14 calendar days of the audit report finalisation.
Scope variation decisions — within 21 calendar days of the decision communication.

Appeals filed beyond these windows may not be considered substantively but will be acknowledged and the complainant signposted to alternative routes.

Stage 2 — Acknowledgement

Within 5 business days of appeal receipt, the appellant receives:

Confirmation that the appeal has been received.
Reference number for tracking.
Indicative timeline for substantive response.
Identification of the appeal reviewer(s) — independent of the audit team and the original decision-maker.
Confirmation that the underlying decision is not affected by the existence of the appeal (e.g., a refused certification remains refused during the appeal review).

Stage 3 — Independent Review

The appeal is reviewed by personnel structurally independent of:

The audit team that conducted the underlying audit.
The certification decision-maker who made the decision being appealed.
The Compliance Function personnel who handled any related complaint.
Any individual with a financial, professional, or personal interest in the outcome.

The reviewer evaluates the appeal on grounds of:

Procedural fairness — whether Guardian followed its documented procedures.
Factual accuracy — whether the audit findings or decision were based on accurate evidence.
Application of standards — whether the standard’s requirements and ISO/IEC 17021-1 §9.4 nonconformity classifications were correctly applied.
Procedural breach — whether any breach of Guardian’s procedures has occurred.

Appeals on commercial grounds are NOT within scope. ‘We paid for certification, we should get it’ is not a valid appeal ground. Appeals must identify procedural fairness, factual error, or application-of-standard concerns.

Stage 4 — Outcome & Closure

Outcome — typically within 60 business days of acknowledgement. Outcome options: appeal upheld (decision overturned or revised); appeal partly upheld (specific aspect revised); appeal not upheld (original decision stands).
Communication — written outcome with reasoning, evidence considered, and any consequent action.
Implementation — where the appeal results in revision of a decision, the revision is implemented promptly. IAF CertSearch entries are updated where applicable.
External recourse — appellants who remain dissatisfied may approach the accreditation body (UAF, IAS, QS) or regulator (QFCA, QFCRA, court system) — see §16.
Records retention — appeal records retained for 9 years per Guardian’s records framework.

Independence of Reviewers

ISO/IEC 17021-1 §9.7 (Appeals) and §9.8 (Complaints) require that complaints and appeals be handled by personnel independent of the matter being reviewed. Guardian operates the following independence framework:

Complaints Reviewers

Not part of the audit team whose conduct is the subject of the complaint.
Not the certification decision-maker for the engagement to which the complaint relates.
Without prior involvement in the engagement other than as required by the review.
Conflict of interest declaration signed before commencing investigation.
Where independence cannot be established within Guardian, external reviewers may be appointed.

Appeals Reviewers

Not part of the audit team that conducted the underlying audit.
Not the certification decision-maker who made the decision being appealed.
Not part of any related complaint review for the same matter.
Independent of the Compliance Function personnel who handled prior stages, where the prior stages were within the same engagement.
Of equivalent or higher seniority to the original decision-maker — to ensure equivalent authority to make a different determination.
Conflict of interest declaration signed before commencing review.

Where the matter is sufficiently sensitive or complex, the Impartiality Committee may appoint or oversee the reviewer to ensure independence is fully demonstrated.

External Recourse

Where the complainant or appellant remains dissatisfied with Guardian’s outcome, external recourse routes are available depending on the nature of the matter:

Recourse Route	When to Use
Accreditation Body — UAF	Where the matter relates to Tier 1, Tier 2 (excluding ISO 22301), or Tier 3 certifications and concerns Guardian’s compliance with UAF accreditation requirements. UAF can investigate the certification body’s conduct against accreditation criteria.
Accreditation Body — IAS	Where the matter relates to ISO 22301 (Tier 2) issued by the Third-Party CB (IAS-Accredited under MSCB 154) or to other IAS-related matters.
Accreditation Body — QS	Where the matter relates to QS Recognition (RB066-26) for Tier 1 certifications.
QFCA / QFCRA	Where the matter concerns Guardian’s QFC licensing compliance, AML/CFT compliance, data protection compliance, or other regulatory matters within the QFC remit.
Compliance and Data Protection Department (Qatar)	Where the matter concerns Guardian’s compliance with Qatar PDPPL Law 13/2016.
Qatar Courts	Where the matter constitutes a legal claim under applicable law and is not resolved through other routes.

Guardian Middle East LLC will cooperate with any external review by an accreditation body, regulator, or court — providing documentation and access as required. Cooperation with external review is part of Guardian’s accreditation and licensing commitments.

Confidentiality & Anti-Retaliation

Confidentiality

Submissions are handled under confidentiality. Specific controls:

Identity disclosed only to personnel necessary for investigation.
Where disclosure to a third party is required (e.g., for investigation purposes), the submitter is informed in advance where practicable.
Records retained securely under access controls aligned with ISO/IEC 27001 principles.
Personal data handled per the Privacy Notice and PDPPL.

Anti-Retaliation Commitment

Submitting a complaint, appeal, or feedback in good faith does not adversely affect the relationship with Guardian:

Active clients raising concerns will not see retaliatory effects on their certification engagements — including audit conduct, audit team appointments, or certification decisions.
Personnel and contractors raising concerns are protected under Guardian’s whistleblowing framework.
Members of the public raising concerns will not be subject to any adverse action by Guardian.

This anti-retaliation commitment is monitored by the Impartiality Committee. Suspected retaliation can itself be raised as a complaint and is investigated as a serious matter.

Records Retention

Records of complaints, appeals, and feedback are retained for the periods stated:

Complaints — 9 years from closure, per Guardian’s records framework aligned with audit-record retention.
Appeals — 9 years from closure, per the same framework.
Feedback — 3 years from receipt, where retained for management consideration.
External-recourse correspondence — 9 years from closure, per accreditation requirements.

Records are retained securely with access limited to personnel authorized under Guardian’s procedures. Personal data within these records is handled per the Privacy Notice and may be subject to data subject rights.

Frequently Asked Questions

Q1. What is the difference between a complaint and an appeal?

A complaint is an expression of dissatisfaction about the activities of Guardian or a certified client, where a response is expected. An appeal is a formal request for reconsideration of a specific decision (typically a certification decision, suspension, withdrawal, or nonconformity classification). The two have different processes — complaints follow the 5-stage process; appeals follow the 4-stage process. Guardian's Compliance Function determines the applicable process based on the substance of the matter.

Q2. Who can submit a complaint?

Anyone — clients, former clients, auditors, suppliers, members of the public, regulators, or any other interested party. Guardian's complaints process is open and not restricted to clients. Anonymous complaints are accepted but are more difficult to investigate effectively without a route to clarify or follow up. Where the matter is suitable for investigation, Guardian will proceed regardless of source.

Q3. Who can submit an appeal?

Appeals are submitted by the provider of the object of conformity assessment — typically the client whose certification decision is being challenged. Specific grounds: certification decisions (grant, conditional grant, defer, refuse), suspension or withdrawal, nonconformity classification disputes, scope variation decisions. Appeals must be filed within the timeframes stated in §14 — typically 21 calendar days of decision communication.

Q4. Can I appeal on commercial grounds?

No. Appeals on commercial grounds — for example, 'we paid for certification, we should get it', 'this decision will damage our business', 'we need certification urgently for a tender' — are not within scope of the Appeals process. Appeals must identify procedural fairness concerns, factual errors, application-of-standard concerns, or procedural breach. Commercial considerations are not relevant to the certification framework.

Q5. How long does the process take?

Acknowledgement within 5 business days of submission. Complaints: substantive response typically within 30 business days. Appeals: substantive response typically within 60 business days, given the deeper review required. Complex matters may take longer; where this is anticipated, the submitter is informed of the extended timeline. External recourse routes have their own timelines independent of Guardian's process.

Q6. Who reviews my complaint or appeal?

Reviewers are structurally independent of the matter being reviewed. For complaints: independent of the audit team or personnel whose conduct is the subject. For appeals: independent of the audit team that conducted the underlying audit AND the original certification decision-maker. Reviewers sign Conflict of Interest declarations before commencing the review. Where independence cannot be established within Guardian, external reviewers may be appointed.

Q7. Will my submission be confidential?

Yes. Submissions are handled under confidentiality. Identity is disclosed only to personnel necessary for the investigation. Where disclosure to a third party is required, the submitter is informed where practicable. Records are retained securely under access controls. Personal data is handled per the Privacy Notice and Qatar PDPPL Law 13/2016.

Q8. Will I face retaliation for raising a concern?

No. Submitting a complaint, appeal, or feedback in good faith does not adversely affect the relationship with Guardian. Active clients raising concerns will not see retaliatory effects on certification engagements. Personnel raising concerns are protected under Guardian's whistleblowing framework. Members of the public raising concerns are not subject to any adverse action. Suspected retaliation can itself be raised as a complaint and is investigated as a serious matter.

Q9. What if I'm not satisfied with the outcome?

External recourse routes are available depending on the matter: accreditation bodies (UAF, IAS, QS — for accreditation-related concerns); QFCA / QFCRA (for QFC regulatory matters including AML/CFT or licensing); Compliance and Data Protection Department of Qatar (for PDPPL data-protection matters); Qatari courts (for legal claims). The full external-recourse map is in §16. Guardian cooperates with any external review by an accreditation body, regulator, or court.

Q10. Does the underlying decision change while my appeal is reviewed?

No. The underlying decision is not affected by the existence of the appeal. A refused certification remains refused during the appeal review. A suspended certificate remains suspended. A nonconformity remains classified as raised. If the appeal is upheld, the decision is revised and any consequent actions (e.g., IAF CertSearch entry update) are implemented promptly. Interim status is preserved to maintain the integrity of the certification framework.

Q11. Can I challenge the audit team during the audit itself?

Yes. Audit findings can be challenged during the audit closing meeting against objective evidence — the audit team will reconsider findings. This in-audit challenge is not a complaint or appeal — it is part of the standard audit conduct. Disagreements that cannot be resolved at audit level can subsequently be raised through the Complaints process (for conduct issues) or Appeals process (for nonconformity classification, once finalised in the audit report).

Q12. How long do you keep complaints and appeals records?

Complaints and appeals records are retained for 9 years from closure, per Guardian's records framework aligned with audit-record retention requirements. External-recourse correspondence is retained for 9 years from closure per accreditation requirements. Personal data within these records is handled per the Privacy Notice and may be subject to data subject rights, with retention obligations potentially overriding deletion requests.