Steps to Certification

By becoming signatories, companies that adopt the Cyanide Code must have their operations audited by independent third-party auditors to determine the status of Cyanide Code implementation. Those operations that meet the Cyanide Code requirements can be certified. Audit results are made public to inform stakeholders of the status of cyanide management practices at the audited operation.

The first step in the certification process is typically for operations to ensure that they have fully implemented the Code.  This is usually in the form of a gap analysis which is conducted either internally or by an external auditor.  ICMI has Verification Protocols for mining, transportation, and production operations, that provide detailed questions to help an auditor determine whether an operation is in compliance with each of the Cyanide Code’s Standards of Practice.  Guidance documents for use of the Mining Operations Verification Protocol, the Transportation Operations Verification Protocol, and the Production Operations Verification Protocol are available to assist in the use of the Verification Protocols and in evaluating compliance.  Operations implementing the Cyanide Code and preparing for certification should review and familiarize themselves with these documents as they prepare for compliance audits.

For initial certification audits the on-site portion of an audit must be completed within three years of the date the signatory company designates (i.e. lists) an operation for certification. For operations that are already certified, the on-site portion of the recertification audit must be conducted within three years of the date of the operation’s current certification.

Other scheduling requirements are in place for operations that change ownership during a certification period, have gone into temporary closure or withdrawn from participation in the program, and for operations that have been listed for certification before being active but are not seeking pre-operational certification. Additional and full details on the timing of audit requirements are included in ICMI’s Signatory and Certification Process document

Operations of companies that are signatories to the Cyanide Code must be audited to determine if they can be certified as in compliance with the Cyanide Code’s Principles and Standards of Practice.  Audits for certification under the Cyanide Code must be conducted by independent third-party auditors meeting ICMI requirements for experience, expertise and lack of conflicts of interest.  Full details of requirements for lead auditors, technical auditors, and audit teams are included in ICMI’s Auditor Criteria document.

ICMI does not contract with auditors for the compliance audits.  Auditors are chosen, contracted, and paid by the company or operation for which they will perform the audit.  However, those auditors must meet ICMI’s strict requirements for auditors.

ICMI maintains an Auditor List, containing the names of auditors who have submitted their credentials and been accepted by ICMI to conduct Cyanide Code audits. Although auditors are not required to appear on the list, ICMI recommends that companies contracting auditors who do not appear on the list ensure that their auditors have the necessary qualifications by asking the auditors to submit their qualifications to ICMI for approval prior to being contracted to perform an audit.

Operations planning Cyanide Code certification audits must notify ICMI of the planned audit date and the auditors planned or already contracted to conduct the audit no later than 60 days prior to the planned audit date.  Notification to ICMI must be made using the Audit Notification Form available on the Cyanide Code website.

This notification prior to the audit is to allow ICMI to review the planned auditors for potential conflicts of interest, and for potential violations of the restrictions on performing consecutive audits.  Notification also provides ICMI with early warning of audit scheduling issues.  If ICMI has not been notified of an upcoming audit 60 days in advance of an operation’s audit due date, ICMI will have time to remind the operation of its audit obligations.

Auditors conducting Cyanide Code certification audits evaluate an operation against the applicable ICMI Verification Protocol to determine whether an operation is adhering to the Principles and Standards of Practice of the Code.  Separate Verification Protocols exist for Mining Operations, Transport Operations, and Production Operations   The goal of each Verification Protocol is to encourage and support a thorough and probing inquiry by the auditor.

The Verification Protocols are each supported by a guidance document for their use.  The guidance documents are designed to assist operations in understanding their obligations in implementing the International Cyanide Management Code and to aid auditors in evaluating operational compliance with the Code.

During an initial verification audit, an operation’s compliance at the time of the audit is evaluated. Subsequent recertification audits evaluate compliance during the period between the preceding and current audits.

Audits are required to be conducted using standard and accepted practices for health, safety and environmental audits. This includes auditors visiting the operation to inspect facilities, directly interview management and employees, and review documents and records in order to verify that an operation is in compliance with the Cyanide Code’s requirements.

A mining operation, cyanide production facility, or cyanide transport operation that is not yet active but that is sufficiently advanced in its planning and design phases can seek pre-operational certification.

An operation audited pre-operationally and found in full compliance will be certified conditionally and remains so until the findings of its subsequent operational audit become effective. An on-site audit is required within one year of a mining operation’s first receipt of cyanide at the site to confirm that the operation has been constructed and is being operated in compliance with the Cyanide Code.

On-site audits of pre-operationally certified cyanide production facilities and pre-operationally certified cyanide transport operations are required within six months of their start of cyanide production or cyanide transportation activities. A new three-year certification period begins when the findings of the operational audit become effective.

Pre-operationally certified mining operations must advise ICMI within 90 days of the date of the first receipt of cyanide at a mining operation.  Pre-operationally certified cyanide production or transport operations must advise ICMI at the commencement of cyanide production and cyanide transportation activities.

Auditors make separate findings for each Standard of Practice.  These individual findings determine the overall finding for the operation and its certification status. The Verification Protocol does not have a numerical score.  Compliance with the Code and its Standards of Practice is a “Pass/Fail” situation, but there are two passing categories: full compliance and substantial compliance.

An operation can be found in full compliance with the Code only if all Standards of Practice are found in full compliance. The operation will then be certified by the auditor as complying with the Cyanide Code if the auditor concludes that it is in full compliance with the Code’s Principles and Standards of Practice for mining, cyanide production, or cyanide transportation, as applicable.

The certification becomes effective when the ICMI announces the certification and posts the Summary Audit Report and the credentials of the auditor(s) on the Cyanide Code website.

An operation is in substantial compliance with the Code if any Standard of Practice is found in substantial compliance and none are in non-compliance.  Operations that are found in substantial compliance with the Cyanide Code are conditionally certified. Substantial compliance means that the operation has made a good-faith effort to comply with the Cyanide Code and that the deficiencies identified by the auditor can be readily corrected and do not present an immediate or substantial risk to employee or community health, safety, or the environment.

Operations that are found in substantial compliance must develop and implement a Corrective Action Plan to correct the deficiencies identified by the audit. Correction of deficiencies must occur within one year from the date on which ICMI posts the operation’s Summary Audit Report on the Cyanide Code website. The auditor must submit the Corrective Action Plan to the Institute for posting on the Institute’s website along with the Summary Audit Report. ICMI’s Corrective Action Plan Requirements provide instructions for developing and submitting Corrective Action Plans.

An operation that is neither in full nor substantial compliance with a Standard of Practice is in non-compliance. Operations that are audited and found in non-compliance, and those that have not fully implemented a Corrective Action Plan by the applicable deadline, are in non-compliance with the Cyanide Code. To be certified, these operations must fully implement their Corrective Action Plans.  Operations that do not fully implement their Corrective Action Plans within three years of the date their Summary Audit Report was posted on the Institute’s website also must submit to the Institute the report of a new audit with a finding of full compliance in order to be certified.

The development and implementation of a Corrective Action Plan is required as an integral part of any audit for Cyanide Code certification of a mining operation, cyanide production operation or cyanide transportation operation where the auditor, based on the audit findings, determines that the operation is in substantial compliance and is certified conditionally, or is in non-compliance and cannot be certified.  Upon completion of all corrective actions necessary for the operation to be in full compliance, and auditor must submit a Corrective Action Plan Completion Report which indicates that all necessary Corrective actions have been completed, and that the operation is in full compliance.   

Within 90 days of the completion of the site inspection portion of the audit, lead auditors must submit to ICMI electronic copies of a Detailed Audit Findings Report, a Summary Audit Report, and electronic and hard copies of an Auditor Credentials Form that includes information for each member of the audit team.  The lead auditor’s signature on the Auditor Credentials Form must be certified by notarization or its equivalent. A Corrective Action Plan for operations found in substantial compliance or non-compliance with the Code must also be submitted.  A letter must also be submitted from the owner or authorized representative of the audited operation granting the ICMI permission to post the Summary Audit Report and Corrective Action Plan (if required) on the Code web site.

Upon receipt of the required documents, ICMI will conduct a review of the submitted documentation for “completeness.”  This review is intended to ensure that all necessary information has been provided for all Verification Protocol questions and that adequate evidence has been included in support of the auditor’s findings.  ICMI’s “Completeness Review” of the Detailed Audit Findings Report determines whether all relevant questions have been answered and confirms that sufficient details are provided in support of the auditor’s findings.  The Summary Audit Report is reviewed to ensure that it accurately represents the results of the Detailed Audit Findings Report and that it includes sufficient information to demonstrate the basis for each finding.  The review does not address the substantive issues of Code compliance.  ICMI does not make a separate decision regarding an operation’s certification. 

If the documentation is complete, ICMI informs the auditor and operation and posts the Summary Audit Report, Auditor Credentials Forms, and, if required, the Corrective Action Plan on the Cyanide Code website.  If the documentation is incomplete, ICMI advises the auditor and operation of the deficiencies and requests that revised documentation be submitted within 30 days.

Upon receipt of ICMI’s Completeness Review, auditors must address the Institute’s comments and resubmit the revised documents to the Institute.  ICMI conducts a final review of the revisions and advises the auditor and the operation when the audit report has been accepted as complete.

The certification becomes effective when, upon receipt of the final versions of all necessary audit documents, the Institute announces the certification and places the Summary Audit Report, the Auditor Credentials Form, and the Corrective Action Plan (if necessary) on the Cyanide Code web site.

The Detailed Audit Findings Report is the confidential property of the operation and is not released by the Institute in any fashion without the written consent of the signatory and/or audited operation.

In order to maintain certification, a certified operation must meet the following conditions:

  • The site inspection component of a recertification audit must be conducted within three years of the date of the operation’s current certification.
  • The auditor must conclude that the operation is either in full compliance or substantial compliance with the Cyanide Code.
  • An operation found in substantial compliance must submit a Corrective Action Plan to correct its deficiencies.

A mining operation or an individual cyanide facility at an operation is no longer subject to certification after decommissioning of the cyanide facilities. A producer or transporter is no longer subject to certification after it no longer produces or transports cyanide for use in the gold or silver mining industries.


CodeCasts is a series of short (10 to 15 minute) podcasts developed to explore and explain specific topics within the Cyanide Code and its expectations. CodeCasts are designed to supplement other forms of training that ICMI offers.

Click here to explore more