SIST EN ISO/IEC 17021-1:2015
(Main)Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements (ISO/IEC 17021-1:2015)
Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements (ISO/IEC 17021-1:2015)
This part of ISO/IEC 17021 contains principles and requirements for the competence, consistency and
impartiality of bodies providing audit and certification of all types of management systems.
Certification bodies operating to this part of ISO/IEC 17021 do not need to offer all types of management
system certification.
Certification of management systems is a third-party conformity assessment activity (see
ISO/IEC 17000:2004, 5.5) and bodies performing this activity are therefore third-party conformity
assessment bodies.
NOTE 1 Examples of management systems include environmental management systems, quality management
systems and information security management systems.
NOTE 2 In this part of ISO/IEC 17021, certification of management systems is referred to as “certification” and
third-party conformity assessment bodies are referred to as “certification bodies”.
NOTE 3 A certification body can be non-governmental or governmental, with or without regulatory authority.
NOTE 4 This part of ISO/IEC 17021 can be used as a criteria document for accreditation, peer assessment or
other audit processes.
Konformitätsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren und zertifizieren - Teil 1: Anforderungen (ISO/IEC 17021-1:2015)
Diese Internationale Norm enthält Grundsätze für und Anforderungen an die Kompetenz, Folgerichtigkeit und Unparteilichkeit von Stellen, die Audits und Zertifizierungen von Managementsystemen jeglicher Art (z. B. Umweltmanagementsystem, Qualitäts¬managementsystem, Informationssicherheitsmanagementsystem) ausführen. Zertifizierungsstellen, die nach dieser Internationalen Norm arbeiten, müssen nicht alle Arten von Managementsystem-Zertifizierungen anbieten.
Zertifizierung von Managementsystemen, in dieser Internationalen Norm als „Zertifizierung“ bezeichnet, ist eine Konformitätsbewertungstätigkeit durch eine dritte Seite (siehe ISO/IEC 17000:2004, 5.5). Stellen, die diese Tätigkeit anbieten, sind daher Konformitätsbewertungsstellen und werden in dieser Internationalen Norm verkürzt als „Zertifizierungsstellen“ bezeichnet.
ANMERKUNG 1 Eine Zertifizierungsstelle kann nichtstaatlich oder staatlich sein mit oder ohne regelsetzender Kompetenz.
ANMERKUNG 2 Diese Internationale Norm kann als Vorgabe für die Akkreditierung, Begutachtung unter Gleichrangigen oder für andere Auditprozesse genutzt werden.
Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management - Partie 1: Exigences (ISO/IEC 17021-1:2015)
L'ISO/IEC 17021-1:2015 spécifie les principes et les exigences relatifs à la compétence, à la cohérence et à l'impartialité des organismes procédant à l'audit et à la certification de tous les types de systèmes de management.
Les organismes de certification conformes à l'ISO/IEC 17021-1:2015 ne sont pas tenus de proposer tous les types de certification de système de management.
La certification de systèmes de management est une activité d'évaluation de la conformité par tierce partie et les organismes exerçant cette activité sont par conséquent des organismes d'évaluation de la conformité par tierce partie.
Ugotavljanje skladnosti - Zahteve za organe, ki presojajo in certificirajo sisteme vodenja - 1. del: Zahteve (ISO/IEC 17021-1:2015)
Ta del standarda ISO/IEC 17021 določa načela in zahteve za usposobljenost, doslednost in nepristranskost organov, ki presojajo in certificirajo vse vrste sistemov vodenja.
Certifikacijskim organom, ki delujejo v skladu s tem delom ISO/IEC 17021, ni treba ponujati vseh vrst certificiranja sistemov vodenja.
Certificiranje sistemov vodenja je dejavnost ugotavljanja skladnosti, ki jo opravljajo tretje osebe (glej točko 5.5 standarda ISO/IEC 17000:2004); organi, ki izvajajo to aktivnost, so zato zunanji organi za ugotavljanje skladnosti.
OPOMBA 1: Primeri sistemov vodenja zajemajo sisteme ravnanja z okoljem, sisteme vodenja kakovosti in sisteme upravljanja informacijske varnosti.
OPOMBA 2: V tem delu standarda ISO/IEC 17021 se certificiranje sistemov vodenja imenuje »certificiranje«, zunanji organi za ugotavljanje skladnosti pa se imenujejo »certifikacijski organi«.
OPOMBA 3: Certifikacijski organ je lahko nevladni ali vladni organ z regulativno močjo ali brez nje.
OPOMBA 4: Ta del standarda ISO/IEC 17021 je mogoče uporabiti kot dokument z merili za akreditacijo, medsebojno ocenjevanje ali druge procese presojanja.
General Information
Relations
Buy Standard
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN ISO/IEC 17021-1:2015
01-oktober-2015
1DGRPHãþD
SIST EN ISO/IEC 17021:2011
Ugotavljanje skladnosti - Zahteve za organe, ki presojajo in certificirajo sisteme
vodenja - 1. del: Zahteve (ISO/IEC 17021-1:2015)
Conformity assessment - Requirements for bodies providing audit and certification of
management systems - Part 1: Requirements (ISO/IEC 17021-1:2015)
Konformitätsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren
und zertifizieren - Teil 1: Anforderungen (ISO/IEC 17021-1:2015)
Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la
certification des systèmes de management - Partie 1: Exigences (ISO/IEC 17021-
1:2015)
Ta slovenski standard je istoveten z: EN ISO/IEC 17021-1:2015
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
SIST EN ISO/IEC 17021-1:2015 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 17021-1:2015
---------------------- Page: 2 ----------------------
SIST EN ISO/IEC 17021-1:2015
EUROPEAN STANDARD
EN ISO/IEC 17021-1
NORME EUROPÉENNE
EUROPÄISCHE NORM
July 2015
ICS 03.120.20 Supersedes EN ISO/IEC 17021:2011
English Version
Conformity assessment - Requirements for bodies providing
audit and certification of management systems - Part 1:
Requirements (ISO/IEC 17021-1:2015)
Évaluation de la conformité - Exigences pour les Konformitätsbewertung - Anforderungen an Stellen, die
organismes procédant à l'audit et à la certification des Managementsysteme auditieren und zertifizieren - Teil 1:
systèmes de management - Partie 1: Exigences (ISO/IEC Anforderungen (ISO/IEC 17021-1:2015)
17021-1:2015)
This European Standard was approved by CEN on 6 June 2015.
CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving
this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning
such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre
has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland, Turkey and United Kingdom.
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 All rights of exploitation in any form and by any means reserved Ref. No. EN ISO/IEC 17021-1:2015 E
CEN/CENELE worldwide for CEN national Members and for CENELEC Members.
C
---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 17021-1:2015
EN ISO/IEC 17021-1:2015 (E)
Contents Page
European foreword .3
2
---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 17021-1:2015
EN ISO/IEC 17021-1:2015 (E)
European foreword
This document (EN ISO/IEC 17021-1:2015) has been prepared by Technical Committee ISO/CASCO
"Committee on conformity assessment" in collaboration with Technical Committee CEN-CENELEC/TC 1
“Criteria for conformity assessment bodies” the secretariat of which is held by BSI.
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by January 2016, and conflicting national standards shall be withdrawn at
the latest by January 2016.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO/IEC 17021:2011.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Endorsement notice
The text of ISO/IEC 17021-1:2015 has been approved by CEN as EN ISO/IEC 17021-1:2015 without any
modification.
3
---------------------- Page: 5 ----------------------
SIST EN ISO/IEC 17021-1:2015
---------------------- Page: 6 ----------------------
SIST EN ISO/IEC 17021-1:2015
INTERNATIONAL ISO/IEC
STANDARD 17021-1
First edition
2015-06-15
Conformity assessment —
Requirements for bodies
providing audit and certification of
management systems —
Part 1:
Requirements
Évaluation de la conformité — Exigences pour les organismes
procédant à l’audit et à la certification des systèmes de management —
Partie 1: Exigences
Reference number
ISO/IEC 17021-1:2015(E)
©
ISO/IEC 2015
---------------------- Page: 7 ----------------------
SIST EN ISO/IEC 17021-1:2015
ISO/IEC 17021-1:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved
---------------------- Page: 8 ----------------------
SIST EN ISO/IEC 17021-1:2015
ISO/IEC 17021-1:2015(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 4
4.1 General . 4
4.2 Impartiality . 4
4.3 Competence . 5
4.4 Responsibility . 5
4.5 Openness . 5
4.6 Confidentiality . 6
4.7 Responsiveness to complaints . 6
4.8 Risk-based approach . 6
5 General requirements . 6
5.1 Legal and contractual matters . 6
5.1.1 Legal responsibility . 6
5.1.2 Certification agreement . 7
5.1.3 Responsibility for certification decisions . 7
5.2 Management of impartiality . 7
5.3 Liability and financing . 9
6 Structural requirements . 9
6.1 Organizational structure and top management . 9
6.2 Operational control . 9
7 Resource requirements .10
7.1 Competence of personnel .10
7.1.1 General considerations .10
7.1.2 Determination of competence criteria .10
7.1.3 Evaluation processes .10
7.1.4 Other considerations .10
7.2 Personnel involved in the certification activities .10
7.3 Use of individual external auditors and external technical experts .11
7.4 Personnel records.12
7.5 Outsourcing.12
8 Information requirements .12
8.1 Public information .12
8.2 Certification documents .13
8.3 Reference to certification and use of marks .14
8.4 Confidentiality .15
8.5 Information exchange between a certification body and its clients .15
8.5.1 Information on the certification activity and requirements .15
8.5.2 Notice of changes by a certification body .16
8.5.3 Notice of changes by a certified client .16
9 Process requirements .16
9.1 Pre-certification activities .16
9.1.1 Application .16
9.1.2 Application review .16
9.1.3 Audit programme .17
9.1.4 Determining audit time .18
9.1.5 Multi-site sampling .18
9.1.6 Multiple management systems standards .19
© ISO/IEC 2015 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST EN ISO/IEC 17021-1:2015
ISO/IEC 17021-1:2015(E)
9.2 Planning audits .19
9.2.1 Determining audit objectives, scope and criteria .19
9.2.2 Audit team selection and assignments .19
9.2.3 Audit plan .21
9.3 Initial certification .22
9.3.1 Initial certification audit .22
9.4 Conducting audits .23
9.4.1 General.23
9.4.2 Conducting the opening meeting .23
9.4.3 Communication during the audit .24
9.4.4 Obtaining and verifying information .24
9.4.5 Identifying and recording audit findings .25
9.4.6 Preparing audit conclusions .25
9.4.7 Conducting the closing meeting .25
9.4.8 Audit report .26
9.4.9 Cause analysis of nonconformities .27
9.4.10 Effectiveness of corrections and corrective actions .27
9.5 Certification decision .27
9.5.1 General.27
9.5.2 Actions prior to making a decision .28
9.5.3 Information for granting initial certification .28
9.5.4 Information for granting recertification .28
9.6 Maintaining certification .28
9.6.1 General.28
9.6.2 Surveillance activities .29
9.6.3 Recertification .30
9.6.4 Special audits .31
9.6.5 Suspending, withdrawing or reducing the scope of certification .31
9.7 Appeals .31
9.8 Complaints .32
9.9 Client records .33
10 Management system requirements for certification bodies .34
10.1 Options .34
10.2 Option A: General management system requirements .34
10.2.1 General.34
10.2.2 Management system manual .34
10.2.3 Control of documents .34
10.2.4 Control of records .35
10.2.5 Management review .35
10.2.6 Internal audits .36
10.2.7 Corrective actions .36
10.3 Option B: Management system requirements in accordance with ISO 9001.36
10.3.1 General.36
10.3.2 Scope .37
10.3.3 Customer focus .37
10.3.4 Management review .37
Annex A (normative) Required knowledge and skills .38
Annex B (informative) Possible evaluation methods .41
Annex C (informative) Example of a process flow for determining and maintaining competence .43
Annex D (informative) Desired personal behaviour .45
Annex E (informative) Audit and certification process .46
Bibliography .48
iv © ISO/IEC 2015 – All rights reserved
---------------------- Page: 10 ----------------------
SIST EN ISO/IEC 17021-1:2015
ISO/IEC 17021-1:2015(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of conformity assessment, ISO and IEC develop joint ISO/IEC documents under the
management of the ISO Committee on Conformity assessment (ISO/CASCO).
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
ISO/IEC 17021-1 was prepared by the ISO Committee on Conformity Assessment (CASCO). It was circulated
for voting to the national bodies of both ISO and IEC, and was approved by both organizations.
This first edition of ISO/IEC 17021-1 cancels and replaces ISO/IEC 17021:2011, which has been
technically revised.
ISO/IEC 17021 consists of the following parts, under the general title Conformity assessment —
Requirements for bodies providing audit and certification of management systems:
— Part 1: Requirements
— Part 2: Competence requirements for auditing and certification of environmental management systems
[Technical Specification]
— Part 3: Competence requirements for auditing and certification of quality management systems
[Technical Specification]
— Part 4: Competence requirements for auditing and certification of event sustainability management
systems [Technical Specification]
— Part 5: Competence requirements for auditing and certification of asset management systems [Technical
Specification]
— Part 6: Competence requirements for auditing and certification of business continuity management
systems [Technical Specification]
— Part 7: Competence requirements for auditing and certification of road traffic safety management
systems [Technical Specification]
© ISO/IEC 2015 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST EN ISO/IEC 17021-1:2015
ISO/IEC 17021-1:2015(E)
Introduction
Certification of a management system, such as the environmental management system, quality
management system or information security management system of an organization, is one means
of providing assurance that the organization has implemented a system for the management of the
relevant aspects of its activities, products and services, in line with the organization’s policy and the
requirements of the respective international management system standard.
This part of ISO/IEC 17021 specifies requirements for bodies providing audit and certification of
management systems. It gives generic requirements for such bodies performing audit and certification in
the field of quality, the environment and other types of management systems. Such bodies are referred to
as certification bodies. Observance of these requirements is intended to
...
SLOVENSKI SIST EN ISO/IEC 17021-1
STANDARD
oktober 2015
Ugotavljanje skladnosti – Zahteve za organe, ki presojajo in certificirajo
sisteme vodenja – 1. del: Zahteve (ISO/IEC 17021-1:2015)
Conformity assessment – Requirements for bodies providing audit and certification
of management systems – Part 1: Requirements (ISO/IEC 17021-1:2015)
Évaluation de la conformité – Exigences pour les organismes procédant à l’audit
et à la certification des systèmes de management – Partie 1: Exigences
(ISO/IEC 17021-1:2015)
Konformitätsbewertung – Anforderungen an Stellen, die Managementsysteme
auditieren und zertifizieren – Teil 1: Anforderungen (ISO/IEC 17021-1:2015)
Referenčna oznaka
ICS 03.120.20 SIST EN ISO/IEC 17021-1:2015 (sl, en)
Nadaljevanje na strani II in od 1 do 87
© 2016-10: Slovenski inštitut za standardizacijo. Razmnoževanje ali kopiranje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
NACIONALNI UVOD
Standard SIST EN ISO/IEC 17021-1 (sl,en), Ugotavljanje skladnosti – Zahteve za organe, ki presojajo
in certificirajo sisteme vodenja – 1. del: Zahteve (ISO/IEC 17021-1:2015), 2015, ima status slovenskega
standarda in je istoveten evropskemu standardu EN ISO/IEC 17021-1, Conformity assessment –
Requirements for bodies providing audit and certification of management systems – Part 1: Requirements
(ISO/IEC 17021-1:2015), 2015.
NACIONALNI PREDGOVOR
Besedilo standarda EN ISO/IEC 17021-1:2015 je pripravil tehnični odbor ISO/CASCO "Odbor za
ugotavljanje skladnosti" v sodelovanju s tehničnim odborom CEN/CLC/TC 1 "Merila za organe za
ugotavljanje skladnosti", katerega sekretariat vodi BSI. Slovenski standard SIST EN ISO/IEC 17021-1:2015
je prevod angleškega besedila evropskega standarda EN ISO/IEC 17021-1:2015. V primeru spora glede
besedila slovenskega prevoda v tem standardu je odločilen izvirni evropski standard v angleškem jeziku.
Slovensko-angleško izdajo standarda je pripravil SIST/TC UGA Ugotavljanje skladnosti.
ZVEZE S STANDARDI
S privzemom tega evropskega standarda veljajo za omejeni namen referenčnih standardov vsi
standardi, navedeni v izvirniku, razen standardov, ki so že sprejeti v nacionalno standardizacijo:
SIST EN ISO 9000:2015 (sl,en) Sistemi vodenja kakovosti – Osnove in slovar (ISO
9000:2015)
SIST EN ISO/IEC 17000:2005 (sl,en,ne,fr) Ugotavljanje skladnosti – Slovar in splošna načela
(enakovreden ISO/IEC 17000:2004)
OSNOVA ZA IZDAJO STANDARDA
– Privzem standarda EN ISO/IEC 17021-1:2015.
PREDHODNA IZDAJA
– SIST EN ISO/IEC 17021:2011.
OPOMBE
– Povsod, kjer se v besedilu standarda uporablja izraz “mednarodni standard”, v SIST EN ISO/IEC
17021-1:2015 to pomeni “slovenski standard”.
– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.
– Ta nacionalni dokument je istoveten EN ISO/IEC 17021-1:2015 in je objavljen z dovoljenjem
CEN
Avenue Marnix 17
1050 Bruselj
Belgija
This national document is identical with EN ISO/IEC 17021-1:2015 and is published with the
permission of
CEN
Avenue Marnix 17
1050 Bruxelles
Belgium
II
---------------------- Page: 2 ----------------------
EVROPSKI STANDARD EN ISO/IEC 17021-1
EUROPEAN STANDARD
EUROPÄISCHE NORM
NORME EUROPÉENNE julij 2015
ICS: 03.120.20 Nadomešča EN ISO/IEC 17021:2011
Slovenska izdaja
Ugotavljanje skladnosti – Zahteve za organe, ki presojajo in certificirajo
sisteme vodenja – 1. del: Zahteve
(ISO/IEC 17021-1:2015)
Conformity assessment – Évaluation de la conformité – Exigences Konformitätsbewertung –
Requirements for bodies providing pour les organismes procédant à l’audit Anforderungen an Stellen, die
audit and certification of et à la certification des systèmes de Managementsysteme auditieren und
management systems – Part 1: management – Partie 1: Exigences zertifizieren – Teil 1: Anforderungen
Requirements (ISO/IEC 17021- (ISO/IEC 17021-1:2015) (ISO/IEC 17021-1:2015)
1:2015)
Ta evropski standard je CEN sprejel 6. junija 2015.
Člani CEN in CENELEC morajo izpolnjevati določila notranjih predpisov CEN/CENELEC, s katerimi je
predpisano, da mora biti ta standard brez kakršnih koli sprememb sprejet kot nacionalni standard.
Najnovejši seznami teh nacionalnih standardov in njihovi bibliografski podatki se na zahtevo lahko dobijo
pri Upravnem centru CEN-CENELEC ali kateremkoli članu CEN in CENELEC.
Ta evropski standard obstaja v treh uradnih izdajah (angleški, francoski in nemški). Izdaje v drugih
jezikih, ki jih člani CEN in CENELEC na lastno odgovornost prevedejo in izdajo ter prijavijo pri Upravnem
centru CEN-CENELEC, veljajo kot uradne izdaje.
Člani CEN in CENELEC so nacionalni organi za standarde in nacionalni elektrotehniški odbori Avstrije,
Belgije, Bolgarije, Cipra, Češke republike, Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske,
Islandije, Italije, Latvije, Litve, Luksemburga, Madžarske, Malte, Nekdanje jugoslovanske republike
Makedonije, Nemčije, Nizozemske, Norveške, Poljske, Portugalske, Romunije, Slovaške, Slovenije,
Španije, Švedske, Švice, Turčije in Združenega kraljestva.
CEN CENELEC
Evropski komite za standardizacijo Evropski komite za standardizacijo v elektrotehniki
European Committee for Standardization European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Normung Europäisches Komitee für Elektrotechnische Normung
Upravni center CEN-CENELEC: Avenue Marnix 17, B-1000 Bruselj
© 2015. Lastnice avtorskih pravic so vse države članice CEN in CENELEC Ref. št. EN ISO/IEC 17021-1:2015 E
---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
Predgovor k evropskemu standardu European foreword
Ta dokument (EN ISO/IEC 17021-1:2015) je This document (EN ISO/IEC 17021-1:2015) has
pripravil tehnični odbor ISO/CASCO “Odbor za been prepared by Technical Committee
ugotavljanje skladnosti” v sodelovanju s ISO/CASCO "Committee on conformity
tehničnim odborom CEN-CENELEC/TC 1 "Merila assessment" in collaboration with Technical
za organe za ugotavljanje skladnosti", katerega Committee CEN-CENELEC/TC 1 “Criteria for
sekretariat vodi BSI. conformity assessment bodies” the secretariat of
which is held by BSI. N ISO/IEC 17021-1:2015)
Ta evropski standard mora dobiti status This European Standard shall be given the
nacionalnega standarda z objavo istovetnega status of a national standard, either by
besedila ali z razglasitvijo najpozneje do januarja publication of an identical text or by
2016, nacionalne standarde, ki so v nasprotju s endorsement, at the latest by January 2016, and
tem standardom, pa je treba umakniti najpozneje conflicting national standards shall be withdrawn
do januarja 2016. at the latest by January 2016.
Opozoriti je treba na možnost, da je lahko nekaj Attention is drawn to the possibility that some of
elementov tega dokumenta predmet patentnih the elements of this document may be the
pravic. CEN [in/ali CENELEC] ne prevzema subject of patent rights. CEN [and/or CENELEC]
odgovornosti za identifikacijo katerih koli ali vseh shall not be held responsible for identifying any
takih patentnih pravic. or all such patent rights.
Ta dokument nadomešča EN ISO/IEC This document supersedes EN ISO/IEC 17021:
17021:2011. 2011.
Ta dokument je bil pripravljen v okviru mandata, This document has been prepared under a
ki sta ga CEN podelila Evropska komisija in mandate given to CEN by the European
Evropsko združenje za prosto trgovino. Commission and the European Free Trade
Association.
V skladu z notranjimi predpisi CEN/CENELEC According to the CEN-CENELEC Internal
morajo ta evropski standard obvezno uvesti Regulations, the national standards organizations
nacionalne organizacije za standardizacijo of the following countries are bound to
naslednjih držav: Avstrije, Belgije, Bolgarije, implement this European Standard: Austria,
Cipra, Češke republike, Danske, Estonije, Finske, Belgium, Bulgaria, Croatia, Cyprus, Czech
Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Republic, Denmark, Estonia, Finland, Former
Latvije, Litve, Luksemburga, Madžarske, Malte, Yugoslav Republic of Macedonia, France,
Nekdanje jugoslovanske republike Makedonije, Germany, Greece, Hungary, Iceland, Ireland,
Nemčije, Nizozemske, Norveške, Poljske, Italy, Latvia, Lithuania, Luxembourg, Malta,
Portugalske, Romunije, Slovaške, Slovenije, Netherlands, Norway, Poland, Portugal,
Španije, Švedske, Švice, Turčije in Združenega Romania, Slovakia, Slovenia, Spain, Sweden,
kraljestva. Switzerland, Turkey and the United Kingdom.
Razglasitvena objava Endorsement notice
Besedilo ISO/IEC 17021-1:2015 je CEN odobril The text of ISO/IEC 17021-1:2015 has been
brez sprememb kot EN ISO/IEC 17021-1:2015. approved by CEN as EN ISO/IEC 17021-1:2015
without any modification.
2
---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
Vsebina Stran Contents Page
Predgovor . 7 Foreword. 7
Uvod . 9 Introduction . 9
1 Področje uporabe . 11 1 Scope . 11
2 Zveze s standardi . 11 2 Normative references . 11
3 Izrazi in definicije. 12 3 Terms and definitions . 12
4 Načela . 15 4 Principles . 15
4.1 Splošno . 15 4.1 General . 15
4.2 Nepristranskost . 15 4.2 Impartiality . 15
4.3 Kompetentnost . 16 4.3 Competence . 16
4.4 Odgovornost . 17 4.4 Responsibility . 17
4.5 Odprtost . 17 4.5 Openness . 17
4.6 Zaupnost . 17 4.6 Confidentiality 17
4.7 Odzivnost na pritožbe . 17 4.7 Responsiveness to complaints . 17
4.8 Pristop na podlagi tveganja . 18 4.8 Risk-based approach . 18
5 Splošne zahteve . 18 5 General requirements . 18
5.1 Pravne in pogodbene zadeve . 18 5.1 Legal and contractual matters . 18
5.1.1 Pravna odgovornost . 18 5.1.1 Legal responsibility . 18
5.1.2 Pogodba o certificiranju . 18 5.1.2 Certification agreement . 18
5.1.3 Odgovornost za odločitve 5.1.3 Responsibility for certification
o certifikaciji . 19 decisions . 19
5.2 Obvladovanje nepristranskosti . 19 5.2 Management of impartiality . 19
5.3 Obveznosti in financiranje . 22 5.3 Liability and financing . 22
6 Strukturne zahteve . 22 6 Structural requirements . 22
6.1 Organizacijska struktura in 6.1 Organizational structure and top
najvišje vodstvo . 22 management . 22
6.2 Operativni nadzor . 23 6.2 Operational control . 23
7 Zahteve glede virov . 23 7 Resource requirements . 23
7.1 Kompetentnost osebja . 23 7.1 Competence of personnel . 23
7.1.1 Splošno . 23 7.1.1 General considerations . 23
7.1.2 Določanje kriterijev kompetentnosti . 24 7.1.2 Determination of competence criteria . 24
7.1.3 Procesi vrednotenja . 24 7.1.3 Evaluation processes . 24
7.1.4 Drugi razmisleki . 25 7.1.4 Other considerations . 25
7.2 Osebje, vključeno v aktivnosti 7.2 Personnel involved in the certification
certificiranja . 25 activities . 25
7.3 Vključitev posameznih zunanjih 7.3 Use of individual external auditors
presojevalcev in zunanjih tehničnih and external technical experts . 27
strokovnjakov . 27
7.4 Zapisi o osebju . 27 7.4 Personnel records . 27
7.5 Oddajanje del zunanjim izvajalcem . 27 7.5 Outsourcing . 27
8 Zahteve glede informacij . 28 8 Information requirements . 28
3
---------------------- Page: 5 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
8.1 Javne informacije . 28 8.1 Public information . 28
8.2 Certifikacijske listine . 29 8.2 Certification documents . 29
8.3 Sklicevanje na certifikacijo in 8.3 Reference to certification and use
uporaba znakov . 30 of marks . 30
8.4 Zaupnost . 32 8.4 Confidentiality . 32
8.5 Izmenjava informacij med certifikacijskim 8.5 Information exchange between a certification
organom in njegovimi strankami . 33 body and its clients . 33
8.5.1 Informacije o aktivnosti in zahtevah 8.5.1 Information on the certification activity and
certificiranja . 33 requirements . 33
8.5.2 Obvestilo certifikacijskega organa o 8.5.2 Notice of changes by a certification
spremembah . 33 body . 33
8.5.3 Obvestilo certificirane stranke o 8.5.3 Notice of changes by a certified
spremembah . 34 client . 34
9 Zahteve glede procesov . 34 9 Process requirements . 34
9.1 Aktivnosti pred certificiranjem . 34 9.1 Pre-certification activities . 34
9.1.1 Vloga . 34 9.1.1 Application . 34
9.1.2 Pregled vloge . 35 9.1.2 Application review . 35
9.1.3 Program presoj . 35 9.1.3 Audit programme . 35
9.1.4 Določanje časa presoje . 37 9.1.4 Determining audit time . 37
9.1.5 Vzorčenje na več lokacijah . 38 9.1.5 Multi-site sampling . 38
9.1.6 Standardi za več sistemov 9.1.6 Multiple management systems
vodenja . 38 standards . 38
9.2 Planiranje presoj . 38 9.2 Planning audits . 38
9.2.1 Določanje ciljev, obsega in kriterijev 9.2.1 Determining audit objectives, scope and
presoje . 38 criteria . 38
9.2.2 Izbira in imenovanje presojevalske 9.2.2 Audit team selection and assignments . 39
skupine . 39
9.2.3 Plan presoje . 41 9.2.3 Audit plan . 41
9.3 Začetno certificiranje . 43 9.3 Initial certification . 43
9.3.1 Začetna certifikacijska presoja. 43 9.3.1 Initial certification audit . 43
9.4 Izvajanje presoj . 45 9.4 Conducting audits . 45
9.4.1 Splošno . 45 9.4.1 General . 45
9.4.2 Izvedba uvodnega sestanka . 45 9.4.2 Conducting the opening meeting . 45
9.4.3 Komuniciranje med presojo . 46 9.4.3 Communication during the audit . 46
9.4.4 Pridobivanje in preverjanje informacij . 47 9.4.4 Obtaining and verifying information . 47
9.4.5 Identificiranje in zapisovanje 9.4.5 Identifying and recording audit
ugotovitev presoje . 47 findings . 47
9.4.6 Priprava sklepov presoje . 48 9.4.6 Preparing audit conclusions . 48
9.4.7 Izvedba zaključnega sestanka . 48 9.4.7 Conducting the closing meeting . 48
9.4.8 Poročilo o presoji . 49 9.4.8 Audit report . 49
9.4.9 Analiza vzrokov neskladnosti . 50 9.4.9 Cause analysis of nonconformities . 50
9.4.10 Učinkovitost korekcij in korektivnih 9.4.10 Effectiveness of corrections and
ukrepov . 50 corrective actions . 50
4
---------------------- Page: 6 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
9.5 Odločitev o certifikaciji . 51 9.5 Certification decision . 51
9.5.1 Splošno . 51 9.5.1 General . 51
9.5.2 Aktivnosti pred sprejemanjem 9.5.2 Actions prior to making a
odločitve . 52 decision . 52
9.5.3 Informacije za podelitev začetne 9.5.3 Information for granting initial
certifikacije . 52 certification . 52
9.5.4 Informacije za obnovitev certifikacije . 53 9.5.4 Information for granting recertification . 53
9.6 Vzdrževanje certifikacije . 53 9.6 Maintaining certification . 53
9.6.1 Splošno . 53 9.6.1 General . 53
9.6.2 Nadzorne aktivnosti . 53 9.6.2 Surveillance activities . 53
9.6.3 Obnovitev certifikacije . 54 9.6.3 Recertification . 54
9.6.4 Posebne presoje . 56 9.6.4 Special audits . 56
9.6.5 Začasni odvzem, preklic ali krčenje 9.6.5 Suspending, withdrawing or reducing the
obsega certifikacije . 56 scope of certification . 56
9.7 Prizivi . 57 9.7 Appeals . 57
9.8 Pritožbe . 58 9.8 Complaints . 58
9.9 Zapisi o strankah . 59 9.9 Client records . 59
10 Zahteve za sistem vodenja 10 Management system requirements for
certifikacijskih organov . 60 certification bodies . 60
10.1 Možnosti . 60 10.1 Options . 60
10.2 Možnost A: Splošne zahteve 10.2 Option A: General management system
za sistem vodenja . 61 requirements . 61
10.2.1 Splošno . 61 10.2.1 General . 61
10.2.2 Poslovnik sistema vodenja . 61 10.2.2 Management system manual . 61
10.2.3 Obvladovanje dokumentov . 61 10.2.3 Control of documents . 61
10.2.4 Obvladovanje zapisov . 62 10.2.4 Control of records . 62
10.2.5 Vodstveni pregled . 62 10.2.5 Management review . 62
10.2.6 Notranje presoje . 63 10.2.6 Internal audits . 63
10.2.7 Korektivni ukrepi . 64 10.2.7 Corrective actions . 64
10.3 Možnost B: Zahteve za sistem 10.3 Option B: Management system
vodenja v skladu z ISO 9001 . 64 requirements in accordance with
ISO 9001 . 64
10.3.1 Splošno . 64 10.3.1 General . 64
10.3.2 Obseg . 64 10.3.2 Scope . 64
10.3.3 Osredotočenost na odjemalce . 65 10.3.3 Customer focus . 65
10.3.4 Vodstveni pregled . 65 10.3.4 Management review . 65
Dodatek A (normativni): Potrebno znanje Annex A (normative) Required knowledge and
in veščine . 66 skills . 67
Dodatek B (informativni): Možne metode Annex B (informative) Possible evaluation
vrednotenja . 72 methods . 73
Dodatek C (informativni): Primer poteka Annex C (informative) Example of a process flow
procesa za ugotavljanje in vzdrževanje for determining and maintaining
kompetentnosti . 76 competence . 77
5
---------------------- Page: 7 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
Dodatek D (informativni): Zaželeno osebno Annex D (informative) Desired personal
vedenje . 80 behaviour . 81
Dodatek E (informativni): Proces Annex E (informative) Audit and certification
presoje in certificiranja . 82 process . 83
Literatura . 86 Bibliography . 87
6
---------------------- Page: 8 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
Predgovor Foreword
ISO (Mednarodna organizacija za standardizacijo) ISO (the International Organization for
in IEC (Mednarodna elektrotehniška komisija) Standardization) and IEC (the International
tvorita specializiran sistem za svetovno Electrotechnical Commission) form the specialized
standardizacijo. Nacionalni organi, ki so člani system for worldwide standardization. National
ISO ali IEC, sodelujejo pri pripravi mednarodnih bodies that are members of ISO or IEC participate
standardov prek tehničnih odborov, ki jih za in the development of International Standards
obravnavanje določenih strokovnih področij through technical committees established by the
ustanovi ustrezna organizacija. Tehnični odbori respective organization to deal with particular fields
ISO in IEC sodelujejo na področjih skupnega of technical activity. ISO and IEC technical
interesa. Pri delu sodelujejo tudi druge committees collaborate in fields of mutual interest.
mednarodne, vladne in nevladne organizacije, ki Other international organizations, governmental
so povezane z ISO in IEC. Na področju and non-governmental, in liaison with ISO and
ugotavljanja skladnosti ISO in IEC pripravljata IEC, also take part in the work. In the field of
skupne dokumente pod vodstvom Odbora conformity assessment, ISO and IEC develop joint
ISO/IEC za ugotavljanje skladnosti ISO/IEC documents under the management of the
(ISO/CASCO). ISO Committee on Conformity assessment
(ISO/CASCO).
Postopki, uporabljeni pri razvoju tega The procedures used to develop this
dokumenta, in postopki, predvideni za njegovo document and those intended for its further
nadaljnje vzdrževanje, so opisani v Direktivah maintenance are described in the ISO/IEC
ISO/IEC, 1. del. Posebna pozornost naj se Directives, Part 1. In particular the different
nameni različnim kriterijem odobritve, potrebnim approval criteria needed for the different types
za različne vrste dokumentov. Ta dokument je bil of document should be noted. This document
pripravljen skladno z uredniškimi pravili Direktiv was drafted in accordance with the editorial
ISO/IEC, 2. del (glej www.iso.org/directives). rules of the ISO/IEC Directives, Part 2 (see
w w w.iso.org/directives).
Opozoriti je treba na možnost, da je lahko nekaj Attention is drawn to the possibility that some
elementov tega dokumenta predmet patentnih of the elements of this document may be the
pravic. ISO in IEC ne prevzemata odgovornosti subject of patent rights. ISO and IEC shall not
za prepoznavanje katerihkoli ali vseh takih be held responsible for identifying any or all
patentnih pravic. Podrobnosti o morebitnih such patent rights. Details of any patent rights
patentnih pravicah, prepoznanih med pripravo identified during the development of the
tega dokumenta, bodo navedene v uvodu in/ali document will be in the Introduction and/or on the
na seznamu patentnih izjav, ki jih je prejela ISO list of patent declarations received (see
organizacija ISO (glej www.iso.org/patents). w w w.iso.org/patents).
Morebitna trgovska imena, uporabljena v tem Any trade name used in this document is
dokumentu, so informacije za uporabnike in ne information given for the convenience of users
pomenijo podpore blagovni znamki. and does not constitute an endorsement.
Za razlago pomena specifičnih izrazov in For an explanation on the meaning of ISO
terminov ISO, povezanih z ugotavljanjem specific terms and expressions related to
skladnosti, ter informacije o tem, kako ISO conformity assessment, as well as information
spoštuje načela Mednarodne trgovinske about ISO’s adherence to the WTO principles in
organizacije (WTO) v Tehničnih ovirah pri the Technical Barriers to Trade (TBT) see the
trgovanju (TBT), glej naslednji naslov URL: following URL: Foreword – Supplementary
Foreword – Supplementary information. information
ISO/IEC 17021-1 je pripravil Odbor ISO za ISO/IEC 17021-1 was prepared by the ISO
ugotavljanje skladnosti (CASCO). Poslan je bil v Committee on Conformity Assessment
glasovanje nacionalnim organom ISO in IEC in (CASCO). It was circulated for voting to the
obe organizaciji sta ga odobrili. national bodies of both ISO and IEC, and was
approved by both organizations.
7
---------------------- Page: 9 ----------------------
SIST EN ISO/IEC 17021-1 : 2015
Ta prva izdaja ISO/IEC 17021-1 razveljavlja in This first edition of ISO/IEC 17021-1 cancels and
nadomešča ISO/IEC 17021:2011, ki je bil replaces ISO/IEC 17021:2011, which has been
strokovno revidiran. technically revised.
Standard ISO/IEC 17021 s splošnim naslovom ISO/IEC 17021 consists of the following parts,
Ugotavljanje skladnosti – Zahteve za organe, ki under the general title Conformity assessment
presojajo in certificirajo sisteme vodenja, je – Requirements for bodies providing audit and
sestavljen iz naslednjih delov: certification of management systems:
– 1. del: Zahteve – Part 1: Requirements
– 2. del: Zahteve glede kompetentnosti za – P
...
SLOVENSKI STANDARD
oSIST prEN ISO/IEC 17021-1:2014
01-april-2014
Ugotavljanje skladnosti - Zahteve za organe, ki presojajo in certificirajo sisteme
vodenja - 1. del: Zahteve (ISO/IEC/DIS 17021-1:2014)
Conformity assessment - Requirements for bodies providing audit and certification of
management systems - Part 1: Requirements (ISO/IEC/DIS 17021-1:2014)
Évaluation de la conformité - Exigences pour les organismes procédant à l'audit et à la
certification des systèmes de management - Partie 1: Exigences (ISO/IEC/DIS 17021-
1:2014)
Ta slovenski standard je istoveten z: prEN ISO/IEC 17021-1
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
oSIST prEN ISO/IEC 17021-1:2014 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
---------------------- Page: 2 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
DRAFT INTERNATIONAL STANDARD
ISO/IEC DIS 17021-1
ISO/CASCO Secretariat: ISO
Voting begins on: Voting terminates on:
2014-02-05 2014-05-05
Conformity assessment — Requirements for bodies
providing audit and certification of management
systems —
Part 1:
Requirements
Évaluation de la conformité — Exigences pour les organismes procédant à l’audit et à la certification des
systèmes de management —
Partie 1: Exigences
[Revision of second edition (ISO/IEC 17021:2011)]
ICS: 03.120.20
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/IEC DIS 17021-1:2014(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO/IEC 2014
---------------------- Page: 3 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1:2014(E)
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as
permitted under the applicable laws of the user’s country, neither this ISO draft nor any extract
from it may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, photocopying, recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO 2014 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
Contents Page
Foreword . vi
Introduction . vii
1 Scope .2
2 Normative references .2
3 Terms and definitions .2
4 Principles .5
4.1 General .5
4.2 Impartiality .6
4.3 Competence .6
4.4 Responsibility .6
4.5 Openness .6
4.6 Confidentiality .7
4.7 Responsiveness to complaints .7
4.8 Risk-based approach .7
5 General requirements .7
5.1 Legal and contractual matters .7
5.2 Management of impartiality .8
5.3 Liability and financing . 10
6 Structural requirements . 10
6.1 Organizational structure and top management . 10
7 Resource requirements . 11
7.1 Competence of management and personnel . 11
7.2 Personnel involved in the certification activities . 12
7.3 Use of individual external auditors and external technical experts . 13
7.4 Personnel records . 13
7.5 Outsourcing . 13
8 Information requirements . 14
8.1 Public information . 14
8.2 Certification documents . 15
8.3 Reference to certification and use of marks . 15
8.4 Confidentiality . 16
8.5 Information exchange between a certification body and its clients . 17
9 Process requirements . 18
9.1 Pre-Certification Activities . 18
9.2 Initial Certification. 21
9.3 Planning Audits . 22
9.4 Conducting Audits . 25
9.5 Certification Decision . 29
9.6 Maintaining Certification . 31
10 Management system requirements for certification bodies . 36
10.1 Options . 36
10.2 Option A: General management system requirements . 36
10.3 Option B: Management system requirements in accordance with ISO 9001 . 39
Annex A (normative) Required knowledge and skills . 40
Annex B (informative) Possible evaluation methods . 43
iv © ISO 2011 — All rights reserved
---------------------- Page: 5 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
Annex C (informative) Example of a process flow for determining and maintaining competence . 45
Annex D (informative) Desired personal behaviours . 47
Annex E (informative) Third-party audit and certification process . 48
Bibliography . 50
© ISO 2011 — All rights reserved v
---------------------- Page: 6 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 17021 was prepared by Technical Committee ISO/TC CASCO, , Subcommittee SC , .
This second/third/. edition cancels and replaces the first/second/. edition (), [clause(s) / subclause(s) /
table(s) / figure(s) / annex(es)] of which [has / have] been technically revised.
vi © ISO 2011 — All rights reserved
---------------------- Page: 7 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
Introduction
Certification of a management system, such as a quality or environmental management system of an
organization is one means of providing assurance that the organization has implemented a system for the
management of the relevant aspects of its activities, in line with the organisation’s policy.
This International Standard specifies requirements for bodies providing audits and certification of
management systems. Observance of these requirements is intended to ensure that certification bodies
operate management system certification in a competent, consistent and impartial manner, thereby facilitating
the recognition of such bodies and the acceptance of their certifications on a national and international basis.
This International Standard serves as a foundation for facilitating the recognition of management system
certification in the interests of international trade.
Certification of a management system provides independent demonstration that the management system of
the organization
a) conforms to specified requirements,
b) is capable of consistently achieving its stated policy and objectives, and
c) is effectively implemented.
Conformity assessment such as certification of a management system thereby provides value to the
organization, its customers and interested parties.
In this International Standard, Clause 4 describes the principles on which credible certification is based. These
principles help the reader to understand the essential nature of certification and they are a necessary prelude
to Clauses 5 to 10. These principles underpin all the requirements in this International Standard, but such
principles are not auditable requirements in their own right. Clause 10 describes two alternative ways of
supporting and demonstrating the consistent achievement of the requirements in this International Standard
through the establishment of a management system by the certification body.
This International Standard is intended for use by bodies that provide audit and certification of management
systems. It gives generic requirements for such bodies performing audit and certification in the field of quality,
environmental and other forms of management systems. Such bodies are referred to as certification bodies.
Certification activities involve the audit of an organization's management system. The form of attestation of
conformity of an organization's management system to a specific management system standard or other
normative requirements is normally a certification document or a certificate.
This International Standard is applicable to the auditing and certification of any type of management system. It
is recognized that some of the requirements, and in particular those related to auditor competence, can be
supplemented with additional criteria in order to achieve the expectations of the interested parties.
In this International Standard, the following verbal forms are used:
- “shall” indicates a requirement;
- “should” indicates a recommendation;
- “may” indicates a permission;
- “can” indicates a possibility or a capability.
Further details can be found in the ISO/IEC Directives, Part 2.
© ISO 2011 — All rights reserved vii
---------------------- Page: 8 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
Conformity assessment — Requirements for bodies providing
audit and certification of management systems
Part 1:
Requirements
1 Scope
This International Standard contains principles and requirements for the competence, consistency and
impartiality of the audit and certification of management systems of all types (e.g. quality management
systems, environmental management systems) and for bodies providing these activities. Certification bodies
operating to this International Standard need not offer all types of management system certification.
Certification of management systems (named in this International Standard “certification”) is a third-party
conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore
third-party conformity assessment bodies (named in this International Standard “certification bodies”).
NOTE 1 A certification body can be non-governmental or governmental (with or without regulatory authority).
NOTE 2 This International Standard can be used as a criteria document for accreditation or peer assessment or other
audit processes.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 9000, Quality management systems — Fundamentals and vocabulary
ISO/IEC 17000, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9000, ISO/IEC 17000 and the
following apply.
3.1
certified client
organization whose management system has been certified
3.2
impartiality
presence of objectivity
NOTE 1 Objectivity means that conflicts of interest do not exist or are resolved so as not to adversely influence
subsequent activities of the certification body.
ICS 03.120.20
Price based on 44 pages
© ISO 2011 — All rights reserved
---------------------- Page: 9 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
NOTE 2 Other terms that are useful in conveying the element of impartiality are: objectivity, independence, freedom
from conflict of interests, freedom from bias, lack of prejudice, neutrality, fairness, open-mindedness, even-handedness,
detachment, balance.
3.3
management system consultancy
participation in establishing, implementing or maintaining a management system
EXAMPLES
a) preparing or producing manuals or procedures, and
b) giving specific advice, instructions or solutions towards the development and implementation of a management
system.
NOTE Arranging training and participating as a trainer is not considered consultancy, provided that, where the course
relates to management systems or auditing, it is confined to the provision of generic information that is freely available in
the public domain; i.e. the trainer should not provide company-specific solutions.
3.4
third-party certification audit
audit carried out by an auditing organization independent of the client and the user, for the purpose of
certifying the client's management system
NOTE 1 In the definitions which follow, the term “audit” has been used for simplicity to refer to third-party certification
audit.
NOTE 2 Third-party certification audits include initial, surveillance, re-certification audits, and can also include special
audits.
NOTE 3 Third-party certification audits are typically conducted by audit teams of those bodies providing certification of
conformity to the requirements of management system standards.
NOTE 4 A joint audit is when two or more auditing organizations cooperate to audit a single client.
NOTE 5 A combined audit is when a client is being audited against the requirements of two or more management
systems standards together.
NOTE 6 An integrated audit is when a client has integrated the application of requirements of two or more
management systems standards into a single management system and is being audited against more than one standard.
3.5
Client
organization whose management system is being audited for certification purposes
3.6
auditor
person who conducts an audit
3.7
competence
ability to apply knowledge and skills to achieve intended results
3.8
guide
person appointed by the client to assist the audit team
3.9
observer
person who accompanies the audit team but does not audit
© ISO 2011 — All rights reserved iii
---------------------- Page: 10 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
3.10
technical area
area characterized by commonalities of processes relevant to a specific type of management system and its
desired intent
3.11
Non Conformity
Non fulfillment of a requirement
NOTE A non conformity exists when an applicable requirement has not been addressed, a practice differs from the
defined management system or the management system is not effective.
3.12
Major non conformity
Non fulfilment of one or more requirements of the management system that impacts the capability of the
management system to achieve the intended outcomes.
NOTE classifying non conformities as major could be as follows:
- a significant doubt that effective process control is in place or products or services will meet specified requirements.
- a number of minor non conformities associated with the same requirement or issue could demonstrate a systemic failure
and thus constitute a major non conformity
- a minor non-conformity that is persistent (or not corrected as agreed by the organisation) may be up-graded to major non
conformity
3.13
Minor non conformity
Non fulfillment of one or more requirement which does not impact the capability of the management system to
achieve the intended outcomes.
3.14
technical expert
person who provides specific knowledge or expertise to the audit team
NOTE 1 Specific knowledge or expertise is that which relates to the organization, the process or activity to be audited,
or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team
3.15
certification scheme
conformity assessment system related to management systems to which the same specified requirements,
specific rules and procedures apply
3.16
audit time
time needed to plan and accomplish a complete and effective audit of the client organization’s management
system
3.17
duration of management system certification audits
part of audit time spent conducting audit activities from the opening meeting to the closing
meeting, inclusive
ICS 03.120.20
Price based on 44 pages
© ISO 2011 — All rights reserved
---------------------- Page: 11 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
Note 1 to entry: Audit activities normally include:
— conducting the opening meeting;
— performing document review while conducting the audit;
— communicating during the audit;
— assigning roles and responsibilities of guides and observers;
— collecting and verifying information;
— generating audit findings;
— preparing audit conclusions;
— conducting the closing meeting.
4 Principles
4.1 General
4.1.1 These principles are the basis for the subsequent specific performance and descriptive requirements
in this International Standard. This International Standard does not give specific requirements for all situations
that can occur. These principles should be applied as guidance for the decisions that may need to be made
for unanticipated situations. Principles are not requirements.
4.1.2 The overall aim of certification is to give confidence to all parties that a management system fulfils
specified requirements. The value of certification is the degree of public confidence and trust that is
established by an impartial and competent assessment by a third-party. Parties that have an interest in
certification include, but are not limited to
a) the clients of the certification bodies,
b) the customers of the organizations whose management systems are certified,
c) governmental authorities,
d) non-governmental organizations, and
e) consumers and other members of the public.
4.1.3 Principles for inspiring confidence include
impartiality,
competence,
responsibility,
openness,
confidentiality, and
responsiveness to complaints
risk-based approach.
© ISO 2011 — All rights reserved v
---------------------- Page: 12 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
NOTE This International Standard sets out the principles of certification in clause 4, whereas the corresponding
principles related to auditing can be found in ISO 19011 clause 4
4.2 Impartiality
4.2.1 Being impartial, and being perceived to be impartial, is necessary for a certification body to deliver
certification that provides confidence. It is important that all internal and external personnel are aware of the
need for impartiality.
4.2.2 It is recognized that the source of revenue for a certification body is its client paying for certification,
and that this is a potential threat to impartiality.
4.2.3 To obtain and maintain confidence, it is essential that a certification body's decisions be based on
objective evidence of conformity (or nonconformity) obtained by the certification body, and that its decisions
are not influenced by other interests or by other parties.
4.2.4 Threats to impartiality may include but are not limited to
a) Self-interest: threats that arise from a person or body acting in their own interest. A concern related to
certification, as a threat to impartiality, is financial self-interest.
b) Self-review: threats that arise from a person or body reviewing the work done by themselves. Auditing
the management systems of a client to whom the certification body provided management systems
consultancy would be a self-review threat.
c) Familiarity (or trust): threats that arise from a person or body being too familiar with or trusting of another
person instead of seeking audit evidence.
d) Intimidation: threats that arise from a person or body having a perception of being coerced openly or
secretively, such as a threat to be replaced or reported to a supervisor.
4.3 Competence
Competence of the personnel supported by the management system of the certification body is necessary to
deliver certification that provides confidence.
4.4 Responsibility
4.4.1 The client organization, not the certification body, has the responsibility for conformity with the
requirements for certification.
4.4.2 The certification body has the responsibility to assess sufficient objective evidence upon which to
base a certification decision. Based on audit conclusions, it makes a decision to grant certification if there is
sufficient evidence of conformity, or not to grant certification if there is not sufficient evidence of conformity.
NOTE Any audit is based on sampling within an organization's management system and therefore is not a guarantee
of 100 % conformity with requirements.
4.5 Openness
4.5.1 A certification body needs to provide public access to, or disclosure of, appropriate and timely
information about its audit process and certification process, and about the certification status (i.e. the
granting, refusing, maintaining of certification, extending or reducing the scope of certification, renewing,
suspending or restoring, or withdrawing of certification) of any organization, in order to gain confidence in the
ICS 03.120.20
Price based on 44 pages
© ISO 2011 — All rights reserved
---------------------- Page: 13 ----------------------
oSIST prEN ISO/IEC 17021-1:2014
ISO/IEC DIS 17021-1
integrity and credibility of certification. Openness is a principle of access to, or disclosure of, appropriate
information.
4.5.2 To gain or maintain confidence in certification, a certification body should provide appropriate access
to, or disclosure of, non-confidential information about the conclusions of specific audits (e.g. audits in
response to complaints) to specific interested parties.
4.6 Confidentiality
To gain the privileged access to information that is needed for the certification body to assess conformity to
requirements for certification adequately, it is essential that a certification body keep confidential any
proprietary information about a client.
4.7 Responsiveness to complaints
Parties that rely on certification expect to have complaints investigated and, if these are found to be valid,
should have confidence that the complaints will be appropriately addressed and that a reasonable effort will
be made to resolve the complaints. Effective responsiveness to complaints is an important means of
protection for the certification body, its clients and other users of certification against errors, omissions or
unreasonable behaviour. Confidence in certification activities is safeguarded when complaints are processed
appropriately.
NOTE An appropriate balance between the principles of openness and confidentiality, including responsiveness to
complaints, is necessary in order to demonstrate integrity and credibility to all users of certification.
4.8 Risk-based approach
Certification Bodies need to take into account the uncertainty of achieving their objectives. Risks may include
those associated with:
the objectives of the audit
real and perceived impartiality
legal, regulatory and liability issues
the risks of the client organization being audited and its operating environment
impact of the audit on the client organization and its activities
health and safety of the audit teams
perception of interested parties
claims of the client
use of marks
5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility
5.1.1.1 The certification body shall be a legal entity, or a defined part of a legal entity that can be held
leg
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.