Conformity assessment - Requirements for bodies providing audit and certification of management systems (ISO/IEC 17021:2006)

ISO/IEC 17021:2006 contains principles and requirements for the competence, consistency and impartiality of the audit and certification of management systems of all types (e.g. quality management systems or environmental management systems) and for bodies providing these activities. Certification bodies operating to this International Standard need not offer all types of management system certification.
Certification of management systems is a third-party conformity assessment activity. Bodies performing this activity are therefore third-party conformity assessment bodies.

Konformitätsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren und zertifizieren (ISO/IEC 17021:2006)

Diese Internationale Norm enthält Grundsätze für und Anforderungen an die Kompetenz, Folgerichtigkeit und Unparteilichkeit von Audits und Zertifizierungen von Managementsystemen jeglicher Art (z. B. Qualitäts¬management¬systemen oder Umweltmanagementsystemen) und für Stellen, die diese Tätigkeiten ausführen. Zertifizierungsstellen, die nach dieser Internationalen Norm arbeiten, müssen nicht alle Arten von Managementsystem-Zertifizierungen anbieten.
Zertifizierung von Managementsystemen (in dieser Internationalen Norm als Zertifizierung bezeichnet) ist eine Konformitätsbewertungstätigkeit durch eine dritte Seite (siehe ISO/IEC 17000:2004, 5.5). Stellen, die diese Tätigkeit anbieten, sind daher Konformitäts¬bewertungsstellen und werden in dieser Internationalen Norm verkürzt als Zertifizierungsstellen bezeichnet.
ANMERKUNG 1   Diese Anmerkung gilt nur für den englischen Text.
ANMERKUNG 2   Eine Zertifizierungsstelle kann nichtstaatlich oder staatlich sein (mit oder ohne regelsetzender Kompetenz).
ANMERKUNG 3   Diese Internationale Norm kann als Vorgabe für die Akkreditierung oder Begutachtung unter Gleichrangigen bzw. für andere Auditprozesse genutzt werden.

Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la certification de systèmes de management (ISO/IEC 17021:2006)

L'ISO/CEI 17021:2006 spécifie les principes et les exigences relatives à la compétence, à la cohérence et à l'impartialité lors des audits et lors de la certification de systèmes de management de tous types (par exemple systèmes de management de la qualité ou systèmes de management environnemental) et relatives aux organismes fournissant cette activité. Les organismes de certification conformes à la présente Norme internationale ne sont pas tenus de proposer tous les types de certification de système de management.
La certification de systèmes de management est une activité d'évaluation de la conformité par tierce partie. Les organismes exerçant cette activité sont par conséquent des organismes d'évaluation de la conformité par tierce partie.

Ugotavljanje skladnosti – Zahteve za organe, ki presojajo in certificirajo sisteme vodenja (ISO/IEC 17021:2006)

General Information

Status
Withdrawn
Publication Date
14-Sep-2006
Withdrawal Date
31-Jan-2011
Current Stage
9960 - Withdrawal effective - Withdrawal
Due Date
01-Feb-2011
Completion Date
01-Feb-2011

RELATIONS

Buy Standard

Standard
EN ISO/IEC 17021:2006
English language
33 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN ISO/IEC 17021:2006
01-december-2006
1DGRPHãþD
SIST EN 45012:1998

Ugotavljanje skladnosti – Zahteve za organe, ki presojajo in certificirajo sisteme

vodenja (ISO/IEC 17021:2006)

Conformity assessment - Requirements for bodies providing audit and certification of

management systems (ISO/IEC 17021:2006)

Konformitätsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren

und zertifizieren (ISO/IEC 17021:2006)

Évaluation de la conformité - Exigences pour les organismes procédant a l'audit et a la

certification de systemes de management (ISO/IEC 17021:2006)
Ta slovenski standard je istoveten z: EN ISO/IEC 17021:2006
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
SIST EN ISO/IEC 17021:2006 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
EUROPEAN STANDARD
EN ISO/IEC 17021
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2006
ICS 03.120.20 Supersedes EN 45012:1998
English version
Conformity assessment - Requirements for bodies providing
audit and certification of management systems (ISO/IEC
17021:2006)

Évaluation de la conformité - Exigences pour les Konformitätsbewertung - Anforderungen an Stellen, die

organismes procédant à l'audit et à la certification de Managementsysteme auditieren und zertifizieren (ISO/IEC

systèmes de management (ISO/IEC 17021:2006) 17021:2006)
This European Standard was approved by CEN/CENELEC on 14 August 2006.

CEN/CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this

European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such

national standards may be obtained on application to the Central Secretariat or to any CEN/CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CEN/CENELEC member into its own language and notified to the Central Secretariat has the same status as

the official versions.

CEN/CENELEC members are the national standards bodies and national electrotechnical committees, respectively, of Austria, Belgium,

Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United

Kingdom.
CEN Management Centre: CENELEC Central Secretariat:
rue de Stassart, 36 B-1050 Brussels rue de Stassart, 35 B-1050 Brussels

© 2006 CEN/CENELEC All rights of exploitation in any form and by any means reserved Ref. No. EN ISO/IEC 17021:2006 E

worldwide for CEN national Members and for CENELEC
Members.
---------------------- Page: 2 ----------------------
EN ISO/IEC 17021:2006 (E)
Foreword
This document (EN ISO/IEC 17021:2006) has been prepared by CASCO "Committee on

conformity assessment" in collaboration with Technical Committee CEN/CLC/TC 1 "Criteria for

conformity assessment bodies", the secretariat of which is held by SN.

This European Standard shall be given the status of a national standard, either by publication of

an identical text or by endorsement, at the latest by March 2007, and conflicting national

standards shall be withdrawn at the latest by March 2007.
This document supersedes EN 45012:1998.

According to the CEN/CENELEC Internal Regulations, the national standards organizations of

the following countries are bound to implement this European Standard: Austria, Belgium,

Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary,

Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,

Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.

Endorsement notice

The text of ISO/IEC 17021:2006 has been approved by CEN as EN ISO/IEC 17021:2006 without

any modifications.
---------------------- Page: 3 ----------------------
INTERNATIONAL ISO/IEC
STANDARD 17021
First edition
2006-09-15
Conformity assessment — Requirements
for bodies providing audit and
certification of management systems
Évaluation de la conformité — Exigences pour les organismes
procédant à l'audit et à la certification de systèmes de management
Reference number
ISO/IEC 17021:2006(E)
ISO 2006
---------------------- Page: 4 ----------------------
ISO/IEC 17021:2006(E)
PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but

shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In

downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat

accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In

the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

© ISO 2006

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2006 — All rights reserved
---------------------- Page: 5 ----------------------
ISO/IEC 17021:2006(E)
Contents Page

Foreword............................................................................................................................................................ iv

Introduction ........................................................................................................................................................ v

1 Scope ..................................................................................................................................................... 1

2 Normative references ........................................................................................................................... 1

3 Terms and definitions........................................................................................................................... 1

4 Principles............................................................................................................................................... 2

4.1 General................................................................................................................................................... 2

4.2 Impartiality............................................................................................................................................. 3

4.3 Competence .......................................................................................................................................... 3

4.4 Responsibility ....................................................................................................................................... 3

4.5 Openness............................................................................................................................................... 3

4.6 Confidentiality....................................................................................................................................... 4

4.7 Responsiveness to complaints ........................................................................................................... 4

5 General requirements........................................................................................................................... 4

5.1 Legal and contractual matters............................................................................................................. 4

5.2 Management of impartiality ................................................................................................................. 4

5.3 Liability and financing.......................................................................................................................... 6

6 Structural requirements ....................................................................................................................... 6

6.1 Organizational structure and top management................................................................................. 6

6.2 Committee for safeguarding impartiality............................................................................................ 6

7 Resource requirements........................................................................................................................ 7

7.1 Competence of management and personnel..................................................................................... 7

7.2 Personnel involved in the certification activities ..............................................................................7

7.3 Use of individual external auditors and external technical experts ................................................ 8

7.4 Personnel records ................................................................................................................................ 9

7.5 Outsourcing........................................................................................................................................... 9

8 Information requirements .................................................................................................................... 9

8.1 Publicly accessible information.......................................................................................................... 9

8.2 Certification documents..................................................................................................................... 10

8.3 Directory of certified clients .............................................................................................................. 10

8.4 Reference to certification and use of marks.................................................................................... 10

8.5 Confidentiality..................................................................................................................................... 11

8.6 Information exchange between a certification body and its clients.............................................. 12

9 Process requirements ........................................................................................................................ 13

9.1 General requirements......................................................................................................................... 13

9.2 Initial audit and certification .............................................................................................................. 15

9.3 Surveillance activities ........................................................................................................................ 17

9.4 Recertification ..................................................................................................................................... 18

9.5 Special audits...................................................................................................................................... 19

9.6 Suspending, withdrawing or reducing the scope of certification ................................................. 19

9.7 Appeals ................................................................................................................................................ 20

9.8 Complaints .......................................................................................................................................... 20

9.9 Records of applicants and clients .................................................................................................... 21

10 Management system requirements for certification bodies........................................................... 22

10.1 Options ................................................................................................................................................ 22

10.2 Option 1: Management system requirements in accordance with ISO 9001................................ 22

10.3 Option 2: General management system requirements................................................................... 23

Bibliography ..................................................................................................................................................... 26

© ISO 2006 — All rights reserved iii
---------------------- Page: 6 ----------------------
ISO/IEC 17021:2006(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity

assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of

International Standards and Guides.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

Draft International Standards are circulated to the national bodies for voting. Publication as an International

Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 17021 was prepared by the ISO Committee on conformity assessment (CASCO).

It was circulated for voting to the national bodies of both ISO and IEC, and was approved by both

organizations.

This first edition of ISO/IEC 17021 cancels and replaces ISO/IEC Guide 62:1996 and ISO/IEC Guide 66:1999,

which have been combined and technically revised.
iv © ISO 2006 — All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 17021:2006(E)
Introduction

Certification of a management system, such as a quality or environmental management system of an

organization, is one means of providing assurance that the organization has implemented a system for the

management of the relevant aspects of its activities, in line with its policy.

This International Standard specifies requirements for certification bodies. Observance of these requirements

is intended to ensure that certification bodies operate management system certification in a competent,

consistent and impartial manner, thereby facilitating the recognition of such bodies and the acceptance of their

certifications on a national and international basis. This International Standard serves as a foundation for

facilitating the recognition of management system certification in the interests of international trade.

Certification of a management system provides independent demonstration that the management system of

the organization
a) conforms to specified requirements,
b) is capable of consistently achieving its stated policy and objectives, and
c) is effectively implemented.

Conformity assessment such as certification of a management system thereby provides value to the

organization, its customers and interested parties.

In this International Standard, Clause 4 describes the principles on which credible certification is based. These

principles help the reader to understand the essential nature of certification and they are a necessary prelude

to Clauses 5 to 10. These principles underpin all the requirements in this International Standard, but such

principles are not auditable requirements in their own right. Clause 10 describes two alternative ways of

supporting and demonstrating the consistent achievement of the requirements in this International Standard

through the establishment of a management system by the certification body.

This International Standard is intended for use by bodies that carry out audit and certification of management

systems. It gives generic requirements for such certification bodies performing audit and certification in the

field of quality, environmental and other forms of management systems. Such bodies are referred to as

certification bodies. This wording should not be an obstacle to the use of this International Standard by bodies

with other designations that undertake activities covered by the scope of this document.

Certification activities involve the audit of an organization's management system. The form of attestation of

conformity of an organization's management system to a specific management system standard or other

normative requirements is normally a certification document or a certificate.
© ISO 2006 — All rights reserved v
---------------------- Page: 8 ----------------------
INTERNATIONAL STANDARD ISO/IEC 17021:2006(E)
Conformity assessment — Requirements for bodies providing
audit and certification of management systems
1 Scope

This International Standard contains principles and requirements for the competence, consistency and

impartiality of the audit and certification of management systems of all types (e.g. quality management

systems or environmental management systems) and for bodies providing these activities. Certification bodies

operating to this International Standard need not offer all types of management system certification.

Certification of management systems (named in this International Standard “certification”) is a third-party

conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore

third-party conformity assessment bodies (named in this International Standard “certification body/bodies”).

NOTE 1 Certification of a management system is sometimes also called “registration”, and certification bodies are

sometimes called “registrars”.

NOTE 2 A certification body can be non-governmental or governmental (with or without regulatory authority).

NOTE 3 This International Standard can be used as a criteria document for accreditation or peer assessment or other

audit processes.
2 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

document (including any amendments) applies.
ISO 9000:2005, Quality management systems — Fundamentals and vocabulary

ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing

ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 9000, ISO/IEC 17000 and the

following apply.
3.1
certified client
organization whose management system has been certified

1) References in this document to the relevant guidance in ISO 19011 apply to the auditing of all other types of

management systems.
© ISO 2006 — All rights reserved 1
---------------------- Page: 9 ----------------------
ISO/IEC 17021:2006(E)
3.2
impartiality
actual and perceived presence of objectivity

NOTE 1 Objectivity means that conflicts of interest do not exist or are resolved so as not to adversely influence

subsequent activities of the certification body.

NOTE 2 Other terms that are useful in conveying the element of impartiality are: objectivity, independence, freedom

from conflict of interests, freedom from bias, lack of prejudice, neutrality, fairness, open-mindedness, even-handedness,

detachment, balance.
3.3
management system consultancy
participation in designing, implementing or maintaining a management system
EXAMPLES are
a) preparing or producing manuals or procedures, and

b) giving specific advice, instructions or solutions towards the development and implementation of a management

system.

NOTE Arranging training and participating as a trainer is not considered consultancy, provided that, where the course

relates to management systems or auditing, it is confined to the provision of generic information that is freely available in

the public domain; i.e. the trainer should not provide company-specific solutions.

4 Principles
4.1 General

4.1.1 These principles are the basis for the subsequent specific performance and descriptive requirements

in this International Standard. This International Standard does not give specific requirements for all situations

that can occur. These principles should be applied as guidance for the decisions that may need to be made

for unanticipated situations. Principles are not requirements.

4.1.2 The overall aim of certification is to give confidence to all parties that a management system fulfils

specified requirements. The value of certification is the degree of public confidence and trust that is

established by an impartial and competent assessment by a third-party. Parties that have an interest in

certification include, but are not limited to
a) the clients of the certification bodies,
b) the customers of the organizations whose management systems are certified,
c) governmental authorities,
d) non-governmental organizations, and
e) consumers and other members of the public.
4.1.3 Principles for inspiring confidence include
⎯ impartiality,
⎯ competence,
⎯ responsibility,
2 © ISO 2006 — All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC 17021:2006(E)
⎯ openness,
⎯ confidentiality, and
⎯ responsiveness to complaints.
4.2 Impartiality

4.2.1 Being impartial, and being perceived to be impartial, is necessary for a certification body to deliver

certification that provides confidence.

4.2.2 It is recognized that the source of revenue for a certification body is its client paying for certification,

and that this is a potential threat to impartiality.

4.2.3 To obtain and maintain confidence, it is essential that a certification body's decisions be based on

objective evidence of conformity (or nonconformity) obtained by the certification body, and that its decisions

are not influenced by other interests or by other parties.
4.2.4 Threats to impartiality include the following.

a) Self-interest threats: threats that arise from a person or body acting in their own interest. A concern

related to certification, as a threat to impartiality, is financial self-interest.

b) Self-review threats: threats that arise from a person or body reviewing the work done by themselves.

Auditing the management systems of a client to whom the certification body provided management

systems consultancy would be a self-review threat.

c) Familiarity (or trust) threats: threats that arise from a person or body being too familiar with or trusting of

another person instead of seeking audit evidence.

d) Intimidation threats: threats that arise from a person or body having a perception of being coerced openly

or secretively, such as a threat to be replaced or reported to a supervisor.
4.3 Competence

Competence of the personnel supported by the management system of the certification body is necessary to

deliver certification that provides confidence. Competence is the demonstrated ability to apply knowledge and

skills.
4.4 Responsibility

4.4.1 The client organization, not the certification body, has the responsibility for conformity with the

requirements for certification.

4.4.2 The certification body has the responsibility to assess sufficient objective evidence upon which to

base a certification decision. Based on audit conclusions, it makes a decision to grant certification if there is

sufficient evidence of conformity, or not to grant certification if there is not sufficient evidence of conformity.

NOTE Any audit is based on sampling within an organization's management system and therefore is not a guarantee

of 100 % conformity with requirements.
4.5 Openness

4.5.1 A certification body needs to provide public access to, or disclosure of, appropriate and timely

information about its audit process and certification process, and about the certification status (i.e. the granting,

extending, maintaining, renewing, suspending, reducing the scope of, or withdrawing of certification) of any

organization, in order to gain confidence in the integrity and credibility of certification. Openness is a principle

of access to, or disclosure of, appropriate information.
© ISO 2006 — All rights reserved 3
---------------------- Page: 11 ----------------------
ISO/IEC 17021:2006(E)

4.5.2 To gain or maintain confidence in certification, a certification body should provide appropriate access

to, or disclosure of, non-confidential information about the conclusions of specific audits (e.g. audits in

response to complaints) to specific interested parties.
4.6 Confidentiality

To gain the privileged access to information that is needed for the certification body to assess conformity to

requirements for certification adequately, it is essential that a certification body keep confidential any

proprietary information about a client.
4.7 Responsiveness to complaints

Parties that rely on certification expect to have complaints investigated and, if these are found to be valid,

should have confidence that the complaints will be appropriately addressed and that a reasonable effort will

be made to resolve the complaints. Effective responsiveness to complaints is an important means of

protection for the certification body, its clients and other users of certification against errors, omissions or

unreasonable behaviour. Confidence in certification activities is safeguarded when complaints are processed

appropriately.

NOTE An appropriate balance between the principles of openness and confidentiality, including responsiveness to

complaints, is necessary in order to demonstrate integrity and credibility to all users of certification.

5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility

The certification body shall be a legal entity, or a defined part of a legal entity, such that it can be held legally

responsible for all its certification activities. A governmental certification body is deemed to be a legal entity on

the basis of its governmental status.
5.1.2 Certification agreement

The certification body shall have a legally enforceable agreement for the provision of certification activities to

its client. In addition, where there are multiple offices of a certification body or multiple sites of a client, the

certification body shall ensure there is a legally enforceable agreement between the certification body granting

certification and issuing a certificate, and all the sites covered by the scope of the certification.

5.1.3 Responsibility for certification decisions

The certification body shall be responsible for, and shall retain authority for, its decisions relating to

certification, including the granting, maintaining, renewing, extending, reducing, suspending and withdrawing

of certification.
5.2 Management of impartiality

5.2.1 The certification body shall have top management commitment to impartiality in management system

certification activities. The certification body shall have a publicly accessible statement that it understands the

importance of impartiality in carrying out its management system certification activities, manages conflict of

interest and ensures the objectivity of its management system certification activities.

5.2.2 The certification body shall identify, analyse and document the possibilities for conflict of interests

arising from provision of certification including any conflicts arising from its relationships. Having relationships

does not necessarily present a certification body with a conflict of interest. However, if any relationship creates

a threat to impartiality, the certification body shall document and be able to demonstrate how it eliminates or

4 © ISO 2006 — All rights reserved
---------------------- Page: 12 ----------------------
ISO/IEC 17021:2006(E)

minimizes such threats. This information shall be made available to the committee specified in 6.2. The

demonstration shall cover all potential sources of conflict of interests that are identified, whether they arise

from within the certification body or from the activities of other persons, bodies or organizations.

NOTE A relationship that threatens the impartiality of the certification body can be based on ownership, governance,

management, personnel, shared resources, finances, contracts, marketing and payment of a sales commission

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.