Conformity assessment - Requirements for bodies providing audit and certification of management systems and requirements for third-party certification auditing of management systems - Part 2: Requirements for third party certification auditing of management systems (ISO/IEC/DIS 17021-2:2009)

This International Standard supplements the existing requirements of ISO/IEC 17021-1 for third-party certification of management systems and provides additional requirements with respect to the audit process and the management of competence.  This International Standard provides a framework for the development of specific criteria for third-party certification auditing and management of competence for different types of management systems or sector applications.  The generic requirements in this International Standard take into account the relevant guidance given in ISO 19011:2002 in order to promote harmony between these three documents (ISO/IEC 17021-1, ISO/IEC 17021-2 and ISO 19011).

Konformitätsbewertung - Teil 2: Anforderungen an Stellen, die Managementsysteme auditieren und zertifizieren, und Anforderungen an Drittparteien-Zertifizierungsaudits von Managementsystemen (ISO/IEC DIS 17021-2:2009)

Diese Internationale Norm enthält Grundsätze für und Anforderungen an die Kompetenz, Folgerichtigkeit und Unparteilichkeit von Audits und Zertifizierungen von Managementsystemen jeglicher Art (z. B. Qualitätsmana-gementsystemen oder Umweltmanagementsystemen) und für Stellen, die diese Tätigkeiten ausführen. Zertifizierungsstellen, die nach dieser Internationalen Norm arbeiten, müssen nicht alle Arten von Management-system-Zertifizierungen anbieten.
Zertifizierung von Managementsystemen (in dieser Internationalen Norm als "Zertifizierung" bezeichnet) ist eine Konformitätsbewertungstätigkeit durch eine dritte Seite (siehe ISO/IEC 17000:2004, 5.5). Stellen, die diese Tätigkeit anbieten, sind daher Konformitätsbewertungsstellen und werden in dieser Internationalen Norm verkürzt als "Zertifizierungsstellen" bezeichnet.
ANMERKUNG 1   Diese Anmerkung gilt nur für den englischen Text.
ANMERKUNG 2   Eine Zertifizierungsstelle kann nichtstaatlich oder staatlich sein (mit oder ohne regelsetzender Kom-petenz).
ANMERKUNG 3   Diese Internationale Norm kann als Vorgabe für die Akkreditierung oder Begutachtung unter Gleich-rangigen bzw. für andere Auditprozesse genutzt werden.
Diese Internationale Norm ergänzt die bestehenden Anforderungen von ISO/IEC 17021:2006 und enthält zusätzliche Anforderungen in Bezug auf den Auditprozess und das Kompetenzmanagement. Diese Internatio-nale Norm stellt einen Rahmen für die Entwicklung von speziellen Kriterien für Drittparteien-Zertifizierungs-audits und das Kompetenzmanagement für unterschiedliche Arten von Managementsystemen oder branchen-spezifische Anwendungen zur Verfügung.

Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management et exigences pour l'audit de certification par une tierce partie de systèmes de management - Partie 2: Exigences pour l'audit de certification par une tierce partie de systèmes de management (ISO/IEC/DIS 17021-2:2009)

Ugotavljanje skladnosti - Zahteve za organe, ki presojajo in certificirajo sisteme vodenja, in zahteve za tretje stranke, ki presojajo certificiranje sistemov vodenja - 2. del: Zahteve za tretje stranke, ki presojajo certificiranje sistemov vodenja (ISO/IEC/DIS 17021-2:2009)

General Information

Status
Not Published
Current Stage
4098 - Decision to abandon - Enquiry
Due Date
14-Jul-2010
Completion Date
14-Jul-2010

RELATIONS

Buy Standard

Draft
prEN ISO/IEC 17021-2:2009
English language
61 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
oSIST prEN ISO/IEC 17021-2:2009
01-november-2009

Ugotavljanje skladnosti - Zahteve za organe, ki presojajo in certificirajo sisteme

vodenja, in zahteve za tretje stranke, ki presojajo certificiranje sistemov vodenja -

2. del: Zahteve za tretje stranke, ki presojajo certificiranje sistemov vodenja
(ISO/IEC/DIS 17021-2:2009)

Conformity assessment - Requirements for bodies providing audit and certification of

management systems and requirements for third-party certification auditing of

management systems - Part 2: Requirements for third party certification auditing of

management systems (ISO/IEC/DIS 17021-2:2009)

Konformitätsbewertung - Teil 2: Anforderungen an Drittparteien - Zertifizierungsaudits

von Managementsystemen (ISO/IEC/DIS 17021-2:2009)

Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la

certification des systèmes de management et exigences pour l'audit de certification par

une tierce partie de systèmes de management - Partie 2: Exigences pour l'audit de

certification par une tierce partie de systèmes de management (ISO/IEC/DIS 17021-

2:2009)
Ta slovenski standard je istoveten z: prEN ISO/IEC 17021-2
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
oSIST prEN ISO/IEC 17021-2:2009 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
---------------------- Page: 2 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
EUROPEAN STANDARD
DRAFT
prEN ISO/IEC 17021-2
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2009
ICS 03.120.20
English version
Conformity assessment - Requirements for bodies providing
audit and certification of management systems and
requirements for third-party certification auditing of management
systems - Part 2: Requirements for third party certification
auditing of management systems (ISO/IEC/DIS 17021-2:2009)

Évaluation de la conformité - Exigences pour les Konformitätsbewertung - Teil 2: Anforderungen an

organismes procédant à l'audit et à la certification des Drittparteien - Zertifizierungsaudits von

systèmes de management et exigences pour l'audit de Managementsystemen (ISO/IEC/DIS 17021-2:2009)

certification par une tierce partie de systèmes de
management - Partie 2: Exigences pour l'audit de
certification par une tierce partie de systèmes de
management (ISO/IEC/DIS 17021-2:2009)

This draft European Standard is submitted to CEN members for parallel enquiry. It has been drawn up by the Technical Committee

CEN/CLC/TC 1.

If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal

Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A version in any

other language made by translation under the responsibility of a CEN and or CENELEC member into its own language and notified to the

CEN Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees, respectively, of Austria,

Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and

United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to

provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and

shall not be referred to as a European Standard.
CEN Management Centre: CENELEC Central Secretariat:
Avenue Marnix 17, B-1000 Brussels Avenue Marnix 17, B-1000 Brussels

© 2009 CEN/CENELEC All rights of exploitation in any form and by any means reserved Ref. No. prEN ISO/IEC 17021-2:2009 E

worldwide for CEN national Members and for CENELEC
Members.
---------------------- Page: 3 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
prEN ISO/IEC 17021-2:2009 (E)
Contents Page

Foreword ..............................................................................................................................................................3

---------------------- Page: 4 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
prEN ISO/IEC 17021-2:2009 (E)
Foreword

This document (prEN ISO/IEC 17021-2:2009) has been prepared by Technical Committee ISO/CASCO

"Committee on conformity assessment" in collaboration with Technical Committee CEN/CLC/TC 1 “Criteria for

conformity assessment bodies” the secretariat of which is held by BSI.
This document is currently submitted to the parallel Enquiry.
Endorsement notice

The text of ISO/IEC/DIS 17021-2:2009 has been approved by CEN as a prEN ISO/IEC 17021-2:2009 without

any modification.
---------------------- Page: 5 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
---------------------- Page: 6 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
DRAFT INTERNATIONAL STANDARD ISO/IEC 17021-2
CASCO Secretariat: ISO/CS
Voting begins on Voting terminates on
2009-09-17 2010-02-17

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION

INTERNATIONAL ELECTROTECHNICAL COMMISSION • МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОММИСИЯ • COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE

Conformity assessment — Requirements for bodies providing
audit and certification of management systems and requirements
for third-party certification auditing of management systems —
Part 2:
Requirements for third party certification auditing of management
systems

Evaluation de la conformité — Exigences pour les organismes procédant à l'audit et à la certification des systèmes

de management et exigences pour l'audit de certification par une tierce partie de systèmes de management —

Partie 2: Exigences pour l'audit de certification par tierce partie de systèmes de management

ICS 03.120.20
ISO/CEN PARALLEL PROCESSING

This draft has been developed within the International Organization for Standardization (ISO), and

processed under the ISO-lead mode of collaboration as defined in the Vienna Agreement.

This draft is hereby submitted to the ISO member bodies and to the CEN member bodies for a parallel

five-month enquiry.

Should this draft be accepted, a final draft, established on the basis of comments received, will be

submitted to a parallel two-month approval vote in ISO and formal vote in CEN.
This draft is submitted to a parallel enquiry in ISO and a CDV vote in the IEC.

In accordance with the provisions of Council Resolution 15/1993 this document is circulated

in the English language only.

Conformément aux dispositions de la Résolution du Conseil 15/1993, ce document est

distribué en version anglaise seulement.

To expedite distribution, this document is circulated as received from the committee

secretariat. ISO Central Secretariat work of editing and text composition will be undertaken at

publication stage.

Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu du

secrétariat du comité. Le travail de rédaction et de composition de texte sera effectué au

Secrétariat central de l'ISO au stade de publication.

THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE REFERRED TO

AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.

IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT

INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO WHICH

REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.

RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH THEY

ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION.
© International Organization for Standardization, 2009
---------------------- Page: 7 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not

be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading

this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in

this area.
Adobe is a trademark of Adobe Systems Incorporated.

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the

unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

Copyright notice

This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted

under the applicable laws of the user’s country, neither this ISO draft nor any extract from it may be reproduced,

stored in a retrieval system or transmitted in any form or by any means, electronic, photocopying, recording or

otherwise, without prior written permission being secured.

Requests for permission to reproduce should be addressed to either ISO at the address below or ISO’s member

body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO 2009 – All rights reserved
---------------------- Page: 8 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
Contents Page

Foreword ............................................................................................................................................................vi

Introduction.......................................................................................................................................................vii

1 Scope......................................................................................................................................................1

2 Normative references............................................................................................................................1

3 Terms and definitions ...........................................................................................................................2

4 Principles ...............................................................................................................................................3

4.1 General ...................................................................................................................................................3

4.2 Impartiality .............................................................................................................................................4

4.3 Competence ...........................................................................................................................................4

4.4 Responsibility........................................................................................................................................4

4.5 Openness ...............................................................................................................................................4

4.6 Confidentiality........................................................................................................................................5

4.7 Responsiveness to complaints............................................................................................................5

5 General requirements ...........................................................................................................................5

5.1 Legal and contractual matters .............................................................................................................5

5.1.1 Legal responsibility...............................................................................................................................5

5.1.2 Certification agreement ........................................................................................................................5

5.1.3 Responsibility for certification decisions...........................................................................................5

5.2 Management of impartiality..................................................................................................................5

5.3 Liability and financing...........................................................................................................................7

6 Structural requirements........................................................................................................................7

6.1 Organizational structure and top management .................................................................................7

6.2 Committee for safeguarding impartiality ............................................................................................7

7 Resource requirements ........................................................................................................................8

7.1 Competence of management and personnel .....................................................................................8

7.1.1 General considerations.........................................................................................................................8

7.1.2 Determination of competence criteria.................................................................................................8

7.1.3 Evaluation processes............................................................................................................................9

7.1.4 Other considerations ............................................................................................................................9

7.2 Personnel involved in the certification activities...............................................................................9

7.3 Use of individual external auditors and external technical experts...............................................10

7.4 Personnel records...............................................................................................................................10

7.5 Outsourcing .........................................................................................................................................11

8 Information requirements...................................................................................................................11

8.1 Publicly accessible information.........................................................................................................11

8.2 Certification documents .....................................................................................................................12

8.3 Directory of certified clients...............................................................................................................12

8.4 Reference to certification and use of marks.....................................................................................12

8.5 Confidentiality......................................................................................................................................13

8.6 Information exchange between a certification body and its clients ..............................................14

8.6.1 Information on the certification activity and requirements.............................................................14

8.6.2 Notice of changes by a certification body ........................................................................................14

8.6.3 Notice of changes by a client.............................................................................................................14

9 Process requirements.........................................................................................................................15

9.1 General requirements .........................................................................................................................15

9.1.1 Audit programme.................................................................................................................................15

9.1.2 Audit plan .............................................................................................................................................15

© ISO/IEC 2009 – All rights reserved iii
---------------------- Page: 9 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2

9.1.3 Audit team selection and assignments ............................................................................................ 16

9.1.4 Determining audit time....................................................................................................................... 17

9.1.5 Multi-site sampling ............................................................................................................................. 17

9.1.6 Communication of audit team tasks................................................................................................. 17

9.1.7 Communication concerning audit team members.......................................................................... 18

9.1.8 Communication of audit plan ............................................................................................................ 18

9.1.9 Conducting on-site audits ................................................................................................................. 18

9.1.10 Audit report ......................................................................................................................................... 21

9.1.11 Cause analysis of nonconformities .................................................................................................. 22

9.1.12 Effectiveness of corrections and corrective actions ...................................................................... 22

9.1.13 Additional audits................................................................................................................................. 22

9.1.14 Certification decision ......................................................................................................................... 22

9.1.15 Actions prior to making a decision................................................................................................... 22

9.2 Initial audit and certification.............................................................................................................. 22

9.2.1 Application .......................................................................................................................................... 22

9.2.2 Application review .............................................................................................................................. 23

9.2.3 Initial certification audit ..................................................................................................................... 24

9.2.4 Initial certification audit conclusions ............................................................................................... 25

9.2.5 Information for granting initial certification..................................................................................... 25

9.3 Surveillance activities ........................................................................................................................ 25

9.3.1 General................................................................................................................................................. 25

9.3.2 Surveillance audit ............................................................................................................................... 26

9.3.3 Maintaining certification .................................................................................................................... 26

9.4 Recertification..................................................................................................................................... 26

9.4.1 Recertification audit planning ........................................................................................................... 26

9.4.2 Recertification audit ........................................................................................................................... 27

9.4.3 Information for granting recertification............................................................................................ 27

9.5 Special audits...................................................................................................................................... 27

9.5.1 Extensions to scope........................................................................................................................... 27

9.5.2 Short-notice audits ............................................................................................................................. 27

9.6 Suspending, withdrawing or reducing the scope of certification ................................................. 27

9.7 Appeals ................................................................................................................................................ 28

9.8 Complaints .......................................................................................................................................... 28

9.9 Records of applicants and clients .................................................................................................... 29

10 Management system requirements for certification bodies .......................................................... 30

10.1 Options ................................................................................................................................................ 30

10.2 Option 1: Management system requirements in accordance with ISO 9001................................ 30

10.2.1 General................................................................................................................................................. 30

10.2.2 Scope ................................................................................................................................................... 30

10.2.3 Customer focus................................................................................................................................... 30

10.2.4 Management review............................................................................................................................ 30

10.2.5 Design and development ................................................................................................................... 31

10.3 Option 2: General management system requirements................................................................... 31

10.3.1 General................................................................................................................................................. 31

10.3.2 Management system manual............................................................................................................. 31

10.3.3 Control of documents ........................................................................................................................ 31

10.3.4 Control of records............................................................................................................................... 32

10.3.5 Management review............................................................................................................................ 32

10.3.6 Internal audits ..................................................................................................................................... 32

10.3.7 Corrective actions............................................................................................................................... 33

10.3.8 Preventive actions .............................................................................................................................. 33

Annex A (normative). Table of minimum body of knowledge and skills.................................................... 34

Annex B (informative) One example of determining competence criteria for a management

systems certification body ................................................................................................................ 35

B.1 Competence criteria determination process ................................................................................... 35

B.2 Proficiency levels of knowledge ....................................................................................................... 35

B.3 Competence requirements for specific functions........................................................................... 36

Annex C (informative) Possible evaluation methods ................................................................................... 38

iv © ISO/IEC 2009 – All rights reserved
---------------------- Page: 10 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2

C.1 General .................................................................................................................................................38

C.2 Review of records................................................................................................................................38

C.3 Feedback ..............................................................................................................................................38

C.4 Interviews .............................................................................................................................................39

C.5 Observations........................................................................................................................................39

C.6 Examinations .......................................................................................................................................39

Annex D (informative) Examples of evaluating competence of certification personnel ...........................40

D.1 General .................................................................................................................................................40

D.2 Competence evaluation process .......................................................................................................41

Annex E (informative) Desired personal behaviours ....................................................................................45

Annex F (informative) Third-party audit and certification process..............................................................46

Annex G (informative) Additional items for consideration: audit programme, scope or plan..................48

G.1 General .................................................................................................................................................48

G.2 List of items for consideration...........................................................................................................48

Bibliography......................................................................................................................................................50

© ISO/IEC 2009 – All rights reserved v
---------------------- Page: 11 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity

assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of

International Standards and Guides.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

Draft International Standards are circulated to the member bodies for voting. Publication as an International

Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that so
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.