The COR® Certification Process

COR® certification follows a straightforward cycle designed to help companies build, verify, and maintain an effective health and safety management system. The process includes internal audits conducted by a company’s NSA Registered Auditor and periodic external audits conducted by an NSA-approved accredited external auditor.

The program is designed to support companies as they develop and strengthen their safety programs.

Prerequisite

Before registering for the COR® Program, employers should have a documented health and safety program in place and actively implemented in the workplace. The program should outline how the company manages workplace hazards and protects the health and safety of workers. At a minimum, it should include clear policies, safe work procedures, hazard identification, workplace inspections, incident reporting, and worker participation.

Employers should also be able to demonstrate that the program is being followed through regular inspections, hazard reporting, and incident investigations as part of daily operations.

Steps to Achieving COR® Certification

  • Employers begin the COR® certification process by registering with the Northern Safety Association. Registration confirms the company’s intent to pursue COR® certification and provides access to program guidance and resources.

  • To begin the certification process, a company must assign an employee (on company payroll) to become an NSA Registered Auditor.

    To become an NSA Registered Auditor, the individual must complete the following:

    • Principles of Health and Safety Management (PHSM) - currently offered at no charge by the NSA.

    • Leadership for Safety Excellence (LSE) - the only WSCC Supervisor OHS Familiarization course available ONLINE is at NSA

    • Auditor Training Program (ATP)

    • A Student Audit is completed as part of the auditor training process to demonstrate that the auditor understands how to use the NSA COR® Audit Tool. During training, auditors complete this audit using a fictitious company scenario. The purpose of this audit is to qualify the auditor, not to certify the company.

    Companies that do not have a Registered NSA Auditor may hire the Northern Safety Association to conduct their internal audits.

  • A company’s first internal audit, called a Baseline Audit is performed by the company assigned Internal Auditor. It helps identify gaps in the health and safety program and prepares the company for certification.

  • After completing the Baseline Internal Audit, employers review the results and address any deficiencies identified. Corrective Action Plan should be implemented to improve the health and safety program and ensure the required audit standards can be met. Once it has been implemented, you can request an External Audit within 45 days.

  • When the company is ready, an external auditor assigned by the Northern Safety Association will conduct the COR® External Audit.

    To achieve COR® certification:

    • The score must be 80% overall

  • Employers who achieve the required audit score and meet COR® program requirements are issued COR® certification by the Northern Safety Association.

  • After completing the External Aufit, employers review the results and address any deficiencies identified. Corrective Action Plan should be implemented to improve the health and safety program and ensure the required audit standards can be met.

  • After a company becomes COR® certified, it must complete yearly Internal Audits to maintain certification.

    These audits are called Internal Audits and confirm that the company’s health and safety management system continues to operate effectively.

    Internal Audits:

    • Are conducted by the company’s Internal Auditor

    • Are submitted to the Northern Safety Association for quality assurance review

    • Must achieve 80% overall score

    • Submit Corrective Action Plan

    These annual audits help ensure the safety program remains active, effective, and aligned with COR® standards.

  • To maintain certification over time, companies must complete an External Audit every third year. For example if you received your external audit in 2026, your next external audit is 2029.

    This audit is conducted by an NSA-approved external auditor and verifies that the company’s health and safety management system continues to meet national COR® standards.

    During the recertification audit, the external auditor reviews:

    • Health and safety documentation and procedures

    • Implementation of the safety program

    • Worker knowledge and participation

    • Worksite safety practices and observations

    • Previous Corrective Action Plans

    To successfully renew COR® certification:

    • The audit must achieve an overall score of at least 80%.

    Once completed successfully, the company’s COR® certification is renewed and the audit cycle continues.

    Letter of Good Standing

    Following completion of the external audit and issuance of certification, the Northern Safety Association will issue a Letter of Good Standing every three years confirming that the organization’s health and safety management system remains active and compliant with recognized safety standards.

Types of Audits

    1. Baseline Audit

      The Baseline Audit is the first ever internal audit completed by a company as it prepares for COR® certification. This audit helps the company identify gaps in its health and safety management system and determine what improvements may be needed before requesting an external audit.

    2. Maintenance Audit

      After an external audit and certification is achieved, companies must complete annual internal audits to maintain certification.

      These audits are called Internal Audits and confirm that the company’s health and safety management system continues to operate effectively.

      Internal Audits must achieve a minimum 80% overall score.

    3. Self/Qualification Audit

      A Self or Qualification Audit allows a student or auditor to become familiar with the NSA COR® Audit Tool and how it is used.

      This audit may be completed in the following situations:

      • Out-of-province COR® certified companies that need to understand and use the NSA COR® Audit Tool when working in the Northwest Territories or Nunavut.

      • New Internal Auditors who have completed the auditor training program and need practice using the NSA Audit Tool.

      The purpose of this audit is to build familiarity with the NSA audit process and tool. It is not used to certify the company.

    1. COR® Certification Audit


      A COR® Certification Audit is an external audit conducted by a NSA External Auditor to achieve or maintain COR® certification. This audit is used both for initial certification and recertification every 3 years.

      The audit evaluates whether the company’s health and safety management system meets COR® program requirements and minimum scoring standards (80%). It includes a review of documentation, interviews with workers and supervisors, and observation of workplace practices to confirm the system is implemented and operating effectively.

  • All COR® audits are completed using the NSA audit tool.

    This is the standardized audit questionnaire used to evaluate a company’s health and safety management system.

    The audit tool guides the auditor through a series of questions covering key areas of a company’s safety program, including:

    • Policies and procedures
    • Training and supervision
    • Hazard identification and control
    • Incident reporting and investigation
    • Worker participation and safety practices

    Each section is scored to determine how effectively the company’s health and safety management system is implemented.

    The same audit tool is used for all COR® audits. The auditor simply selects the audit type within the system. See below for audit types.

COR® REGISTRATION FORM
BECOME A COMPANY INTERNAL AUDITOR
INTERNAL PRE-AUDIT CHECKLIST
EXTERNAL PRE-AUDIT CHECKLIST
REQUEST A COMPANY AUDIT