oSIST prEN ISO/IEC 17021-2:2009

SLOVENSKI STANDARD
oSIST prEN ISO/IEC 17021-2:2009
01-november-2009
Ugotavljanje skladnosti - Zahteve za organe, ki presojajo in certificirajo sisteme
vodenja, in zahteve za tretje stranke, ki presojajo certificiranje sistemov vodenja -
2. del: Zahteve za tretje stranke, ki presojajo certificiranje sistemov vodenja
(ISO/IEC/DIS 17021-2:2009)
Conformity assessment - Requirements for bodies providing audit and certification of
management systems and requirements for third-party certification auditing of
management systems - Part 2: Requirements for third party certification auditing of
management systems (ISO/IEC/DIS 17021-2:2009)
Konformitätsbewertung - Teil 2: Anforderungen an Drittparteien - Zertifizierungsaudits
von Managementsystemen (ISO/IEC/DIS 17021-2:2009)
Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la
certification des systèmes de management et exigences pour l'audit de certification par
une tierce partie de systèmes de management - Partie 2: Exigences pour l'audit de
certification par une tierce partie de systèmes de management (ISO/IEC/DIS 17021-
2:2009)
Ta slovenski standard je istoveten z: prEN ISO/IEC 17021-2
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
oSIST prEN ISO/IEC 17021-2:2009 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO/IEC 17021-2:2009

---------------------- Page: 2 ----------------------
oSIST prEN ISO/IEC 17021-2:2009



EUROPEAN STANDARD
DRAFT
prEN ISO/IEC 17021-2
NORME EUROPÉENNE

EUROPÄISCHE NORM

September 2009
ICS 03.120.20

English version
Conformity assessment - Requirements for bodies providing
audit and certification of management systems and
requirements for third-party certification auditing of management
systems - Part 2: Requirements for third party certification
auditing of management systems (ISO/IEC/DIS 17021-2:2009)
Évaluation de la conformité - Exigences pour les Konformitätsbewertung - Teil 2: Anforderungen an
organismes procédant à l'audit et à la certification des Drittparteien - Zertifizierungsaudits von
systèmes de management et exigences pour l'audit de Managementsystemen (ISO/IEC/DIS 17021-2:2009)
certification par une tierce partie de systèmes de
management - Partie 2: Exigences pour l'audit de
certification par une tierce partie de systèmes de
management (ISO/IEC/DIS 17021-2:2009)
This draft European Standard is submitted to CEN members for parallel enquiry. It has been drawn up by the Technical Committee
CEN/CLC/TC 1.

If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A version in any
other language made by translation under the responsibility of a CEN and or CENELEC member into its own language and notified to the
CEN Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees, respectively, of Austria,
Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and
United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.



CEN Management Centre: CENELEC Central Secretariat:
Avenue Marnix 17, B-1000 Brussels Avenue Marnix 17, B-1000 Brussels
© 2009 CEN/CENELEC All rights of exploitation in any form and by any means reserved Ref. No. prEN ISO/IEC 17021-2:2009 E
worldwide for CEN national Members and for CENELEC
Members.

---------------------- Page: 3 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
prEN ISO/IEC 17021-2:2009 (E)
Contents Page
Foreword .3

2

---------------------- Page: 4 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
prEN ISO/IEC 17021-2:2009 (E)
Foreword
This document (prEN ISO/IEC 17021-2:2009) has been prepared by Technical Committee ISO/CASCO
"Committee on conformity assessment" in collaboration with Technical Committee CEN/CLC/TC 1 “Criteria for
conformity assessment bodies” the secretariat of which is held by BSI.
This document is currently submitted to the parallel Enquiry.
Endorsement notice
The text of ISO/IEC/DIS 17021-2:2009 has been approved by CEN as a prEN ISO/IEC 17021-2:2009 without
any modification.

3

---------------------- Page: 5 ----------------------
oSIST prEN ISO/IEC 17021-2:2009

---------------------- Page: 6 ----------------------
oSIST prEN ISO/IEC 17021-2:2009

DRAFT INTERNATIONAL STANDARD ISO/IEC 17021-2
CASCO Secretariat: ISO/CS

Voting begins on Voting terminates on
2009-09-17 2010-02-17
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION  • МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОММИСИЯ  • COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE



Conformity assessment — Requirements for bodies providing
audit and certification of management systems and requirements
for third-party certification auditing of management systems —
Part 2:
Requirements for third party certification auditing of management
systems
Evaluation de la conformité — Exigences pour les organismes procédant à l'audit et à la certification des systèmes
de management et exigences pour l'audit de certification par une tierce partie de systèmes de management —
Partie 2: Exigences pour l'audit de certification par tierce partie de systèmes de management
ICS 03.120.20

ISO/CEN PARALLEL PROCESSING
This draft has been developed within the International Organization for Standardization (ISO), and
processed under the ISO-lead mode of collaboration as defined in the Vienna Agreement.
This draft is hereby submitted to the ISO member bodies and to the CEN member bodies for a parallel
five-month enquiry.
Should this draft be accepted, a final draft, established on the basis of comments received, will be
submitted to a parallel two-month approval vote in ISO and formal vote in CEN.

This draft is submitted to a parallel enquiry in ISO and a CDV vote in the IEC.

In accordance with the provisions of Council Resolution 15/1993 this document is circulated
in the English language only.
Conformément aux dispositions de la Résolution du Conseil 15/1993, ce document est
distribué en version anglaise seulement.

To expedite distribution, this document is circulated as received from the committee
secretariat. ISO Central Secretariat work of editing and text composition will be undertaken at
publication stage.
Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu du
secrétariat du comité. Le travail de rédaction et de composition de texte sera effectué au
Secrétariat central de l'ISO au stade de publication.

THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE REFERRED TO
AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO WHICH
REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH THEY
ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION.
© International Organization for Standardization, 2009

---------------------- Page: 7 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not
be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading
this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in
this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the
unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
































Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted
under the applicable laws of the user’s country, neither this ISO draft nor any extract from it may be reproduced,
stored in a retrieval system or transmitted in any form or by any means, electronic, photocopying, recording or
otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO’s member
body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.

ii © ISO 2009 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
Contents Page
Foreword .vi
Introduction.vii
1 Scope.1
2 Normative references.1
3 Terms and definitions .2
4 Principles .3
4.1 General .3
4.2 Impartiality .4
4.3 Competence .4
4.4 Responsibility.4
4.5 Openness .4
4.6 Confidentiality.5
4.7 Responsiveness to complaints.5
5 General requirements .5
5.1 Legal and contractual matters .5
5.1.1 Legal responsibility.5
5.1.2 Certification agreement .5
5.1.3 Responsibility for certification decisions.5
5.2 Management of impartiality.5
5.3 Liability and financing.7
6 Structural requirements.7
6.1 Organizational structure and top management .7
6.2 Committee for safeguarding impartiality .7
7 Resource requirements .8
7.1 Competence of management and personnel .8
7.1.1 General considerations.8
7.1.2 Determination of competence criteria.8
7.1.3 Evaluation processes.9
7.1.4 Other considerations .9
7.2 Personnel involved in the certification activities.9
7.3 Use of individual external auditors and external technical experts.10
7.4 Personnel records.10
7.5 Outsourcing .11
8 Information requirements.11
8.1 Publicly accessible information.11
8.2 Certification documents .12
8.3 Directory of certified clients.12
8.4 Reference to certification and use of marks.12
8.5 Confidentiality.13
8.6 Information exchange between a certification body and its clients .14
8.6.1 Information on the certification activity and requirements.14
8.6.2 Notice of changes by a certification body .14
8.6.3 Notice of changes by a client.14
9 Process requirements.15
9.1 General requirements .15
9.1.1 Audit programme.15
9.1.2 Audit plan .15
© ISO/IEC 2009 – All rights reserved iii

---------------------- Page: 9 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
9.1.3 Audit team selection and assignments . 16
9.1.4 Determining audit time. 17
9.1.5 Multi-site sampling . 17
9.1.6 Communication of audit team tasks. 17
9.1.7 Communication concerning audit team members. 18
9.1.8 Communication of audit plan . 18
9.1.9 Conducting on-site audits . 18
9.1.10 Audit report . 21
9.1.11 Cause analysis of nonconformities . 22
9.1.12 Effectiveness of corrections and corrective actions . 22
9.1.13 Additional audits. 22
9.1.14 Certification decision . 22
9.1.15 Actions prior to making a decision. 22
9.2 Initial audit and certification. 22
9.2.1 Application . 22
9.2.2 Application review . 23
9.2.3 Initial certification audit . 24
9.2.4 Initial certification audit conclusions . 25
9.2.5 Information for granting initial certification. 25
9.3 Surveillance activities . 25
9.3.1 General. 25
9.3.2 Surveillance audit . 26
9.3.3 Maintaining certification . 26
9.4 Recertification. 26
9.4.1 Recertification audit planning . 26
9.4.2 Recertification audit . 27
9.4.3 Information for granting recertification. 27
9.5 Special audits. 27
9.5.1 Extensions to scope. 27
9.5.2 Short-notice audits . 27
9.6 Suspending, withdrawing or reducing the scope of certification . 27
9.7 Appeals . 28
9.8 Complaints . 28
9.9 Records of applicants and clients . 29
10 Management system requirements for certification bodies . 30
10.1 Options . 30
10.2 Option 1: Management system requirements in accordance with ISO 9001. 30
10.2.1 General. 30
10.2.2 Scope . 30
10.2.3 Customer focus. 30
10.2.4 Management review. 30
10.2.5 Design and development . 31
10.3 Option 2: General management system requirements. 31
10.3.1 General. 31
10.3.2 Management system manual. 31
10.3.3 Control of documents . 31
10.3.4 Control of records. 32
10.3.5 Management review. 32
10.3.6 Internal audits . 32
10.3.7 Corrective actions. 33
10.3.8 Preventive actions . 33
Annex A (normative). Table of minimum body of knowledge and skills. 34
Annex B (informative)   One example of determining competence criteria for a management
systems certification body . 35
B.1 Competence criteria determination process . 35
B.2 Proficiency levels of knowledge . 35
B.3 Competence requirements for specific functions. 36
Annex C (informative) Possible evaluation methods . 38
iv © ISO/IEC 2009 – All rights reserved

---------------------- Page: 10 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
C.1 General .38
C.2 Review of records.38
C.3 Feedback .38
C.4 Interviews .39
C.5 Observations.39
C.6 Examinations .39
Annex D (informative) Examples of evaluating competence of certification personnel .40
D.1 General .40
D.2 Competence evaluation process .41
Annex E (informative) Desired personal behaviours .45
Annex F (informative) Third-party audit and certification process.46
Annex G (informative) Additional items for consideration: audit programme, scope or plan.48
G.1 General .48
G.2 List of items for consideration.48
Bibliography.50

© ISO/IEC 2009 – All rights reserved v

---------------------- Page: 11 ----------------------
oSIST prEN ISO/IEC 17021-2:2009
ISO/IEC DIS 17021-2
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity
assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of
International Standards and Guides.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
Draft International Standards are circulated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that so
...