SIST EN ISO/IEC 17021:2006
(Main)Conformity assessment - Requirements for bodies providing audit and certification of management systems (ISO/IEC 17021:2006)
Conformity assessment - Requirements for bodies providing audit and certification of management systems (ISO/IEC 17021:2006)
This International Standard contains principles and requirements for the competence, consistency and impartiality of the audit and certification of management systems of all types (e.g. quality management systems or environmental management systems) and for bodies providing these activities. Certification bodies operating to this International Standard need not offer all types of management system certification. Certification of management systems (named in this International Standard "certification") is a third-party conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party conformity assessment bodies (named in this International Standard "certification body/bodies").
Konformitätsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren und zertifizieren (ISO/IEC 17021:2006)
Diese Internationale Norm enthält Grundsätze für und Anforderungen an die Kompetenz, Folgerichtigkeit und Unparteilichkeit von Audits und Zertifizierungen von Managementsystemen jeglicher Art (z. B. Qualitäts¬management¬systemen oder Umweltmanagementsystemen) und für Stellen, die diese Tätigkeiten ausführen. Zertifizierungsstellen, die nach dieser Internationalen Norm arbeiten, müssen nicht alle Arten von Managementsystem-Zertifizierungen anbieten.
Zertifizierung von Managementsystemen (in dieser Internationalen Norm als Zertifizierung bezeichnet) ist eine Konformitätsbewertungstätigkeit durch eine dritte Seite (siehe ISO/IEC 17000:2004, 5.5). Stellen, die diese Tätigkeit anbieten, sind daher Konformitäts¬bewertungsstellen und werden in dieser Internationalen Norm verkürzt als Zertifizierungsstellen bezeichnet.
ANMERKUNG 1 Diese Anmerkung gilt nur für den englischen Text.
ANMERKUNG 2 Eine Zertifizierungsstelle kann nichtstaatlich oder staatlich sein (mit oder ohne regelsetzender Kompetenz).
ANMERKUNG 3 Diese Internationale Norm kann als Vorgabe für die Akkreditierung oder Begutachtung unter Gleichrangigen bzw. für andere Auditprozesse genutzt werden.
Évaluation de la conformité - Exigences pour les organismes procédant a l'audit et a la certification de systemes de management (ISO/IEC 17021:2006)
L'ISO/CEI 17021:2006 spécifie les principes et les exigences relatives à la compétence, à la cohérence et à l'impartialité lors des audits et lors de la certification de systèmes de management de tous types (par exemple systèmes de management de la qualité ou systèmes de management environnemental) et relatives aux organismes fournissant cette activité. Les organismes de certification conformes à la présente Norme internationale ne sont pas tenus de proposer tous les types de certification de système de management.
La certification de systèmes de management est une activité d'évaluation de la conformité par tierce partie. Les organismes exerçant cette activité sont par conséquent des organismes d'évaluation de la conformité par tierce partie.
Ugotavljanje skladnosti – Zahteve za organe, ki presojajo in certificirajo sisteme vodenja (ISO/IEC 17021:2006)
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN ISO/IEC 17021:2006
01-december-2006
1DGRPHãþD
SIST EN 45012:1998
Ugotavljanje skladnosti – Zahteve za organe, ki presojajo in certificirajo sisteme
vodenja (ISO/IEC 17021:2006)
Conformity assessment - Requirements for bodies providing audit and certification of
management systems (ISO/IEC 17021:2006)
Konformitätsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren
und zertifizieren (ISO/IEC 17021:2006)
Évaluation de la conformité - Exigences pour les organismes procédant a l'audit et a la
certification de systemes de management (ISO/IEC 17021:2006)
Ta slovenski standard je istoveten z: EN ISO/IEC 17021:2006
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
SIST EN ISO/IEC 17021:2006 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
EUROPEAN STANDARD
EN ISO/IEC 17021
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2006
ICS 03.120.20 Supersedes EN 45012:1998
English version
Conformity assessment - Requirements for bodies providing
audit and certification of management systems (ISO/IEC
17021:2006)
Évaluation de la conformité - Exigences pour les Konformitätsbewertung - Anforderungen an Stellen, die
organismes procédant à l'audit et à la certification de Managementsysteme auditieren und zertifizieren (ISO/IEC
systèmes de management (ISO/IEC 17021:2006) 17021:2006)
This European Standard was approved by CEN/CENELEC on 14 August 2006.
CEN/CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such
national standards may be obtained on application to the Central Secretariat or to any CEN/CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN/CENELEC member into its own language and notified to the Central Secretariat has the same status as
the official versions.
CEN/CENELEC members are the national standards bodies and national electrotechnical committees, respectively, of Austria, Belgium,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United
Kingdom.
CEN Management Centre: CENELEC Central Secretariat:
rue de Stassart, 36 B-1050 Brussels rue de Stassart, 35 B-1050 Brussels
© 2006 CEN/CENELEC All rights of exploitation in any form and by any means reserved Ref. No. EN ISO/IEC 17021:2006 E
worldwide for CEN national Members and for CENELEC
Members.
---------------------- Page: 2 ----------------------
EN ISO/IEC 17021:2006 (E)
Foreword
This document (EN ISO/IEC 17021:2006) has been prepared by CASCO "Committee on
conformity assessment" in collaboration with Technical Committee CEN/CLC/TC 1 "Criteria for
conformity assessment bodies", the secretariat of which is held by SN.
This European Standard shall be given the status of a national standard, either by publication of
an identical text or by endorsement, at the latest by March 2007, and conflicting national
standards shall be withdrawn at the latest by March 2007.
This document supersedes EN 45012:1998.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of
the following countries are bound to implement this European Standard: Austria, Belgium,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary,
Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
Endorsement notice
The text of ISO/IEC 17021:2006 has been approved by CEN as EN ISO/IEC 17021:2006 without
any modifications.
2
---------------------- Page: 3 ----------------------
INTERNATIONAL ISO/IEC
STANDARD 17021
First edition
2006-09-15
Conformity assessment — Requirements
for bodies providing audit and
certification of management systems
Évaluation de la conformité — Exigences pour les organismes
procédant à l'audit et à la certification de systèmes de management
Reference number
ISO/IEC 17021:2006(E)
©
ISO 2006
---------------------- Page: 4 ----------------------
ISO/IEC 17021:2006(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO 2006
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2006 — All rights reserved
---------------------- Page: 5 ----------------------
ISO/IEC 17021:2006(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 1
4 Principles. 2
4.1 General. 2
4.2 Impartiality. 3
4.3 Competence . 3
4.4 Responsibility . 3
4.5 Openness. 3
4.6 Confidentiality. 4
4.7 Responsiveness to complaints . 4
5 General requirements. 4
5.1 Legal and contractual matters. 4
5.2 Management of impartiality . 4
5.3 Liability and financing. 6
6 Structural requirements . 6
6.1 Organizational structure and top management. 6
6.2 Committee for safeguarding impartiality. 6
7 Resource requirements. 7
7.1 Competence of management and personnel. 7
7.2 Personnel involved in the certification activities .7
7.3 Use of individual external auditors and external technical experts . 8
7.4 Personnel records . 9
7.5 Outsourcing. 9
8 Information requirements . 9
8.1 Publicly accessible information. 9
8.2 Certification documents. 10
8.3 Directory of certified clients . 10
8.4 Reference to certification and use of marks. 10
8.5 Confidentiality. 11
8.6 Information exchange between a certification body and its clients. 12
9 Process requirements . 13
9.1 General requirements. 13
9.2 Initial audit and certification . 15
9.3 Surveillance activities . 17
9.4 Recertification . 18
9.5 Special audits. 19
9.6 Suspending, withdrawing or reducing the scope of certification . 19
9.7 Appeals . 20
9.8 Complaints . 20
9.9 Records of applicants and clients . 21
10 Management system requirements for certification bodies. 22
10.1 Options . 22
10.2 Option 1: Management system requirements in accordance with ISO 9001. 22
10.3 Option 2: General management system requirements. 23
Bibliography . 26
© ISO 2006 — All rights reserved iii
---------------------- Page: 6 ----------------------
ISO/IEC 17021:2006(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity
assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of
International Standards and Guides.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
Draft International Standards are circulated to the national bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 17021 was prepared by the ISO Committee on conformity assessment (CASCO).
It was circulated for voting to the national bodies of both ISO and IEC, and was approved by both
organizations.
This first edition of ISO/IEC 17021 cancels and replaces ISO/IEC Guide 62:1996 and ISO/IEC Guide 66:1999,
which have been combined and technically revised.
iv © ISO 2006 — All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 17021:2006(E)
Introduction
Certification of a management system, such as a quality or environmental management system of an
organization, is one means of providing assurance that the organization has implemented a system for the
management of the relevant aspects of its activities, in line with its policy.
This International Standard specifies requirements for certification bodies. Observance of these requirements
is intended to ensure that certification bodies operate management system certification in a competent,
consistent and impartial manner, thereby facilitating the recognition of such bodies and the acceptance of their
certifications on a national and international basis. This International Standard serves as a foundation for
facilitating the recognition of management system certification in the interests of international trade.
Certification of a management system provides independent demonstration that the management system of
the organization
a) conforms to specified requirements,
b) is capable of consistently achieving its stated policy and objectives, and
c) is effectively implemented.
Conformity assessment such as certification of a management system thereby provides value to the
organization, its customers and interested parties.
In this International Standard, Clause 4 describes the principles on which credible certification is based. These
principles help the reader to understand the essential nature of certification and they are a necessary prelude
to Clauses 5 to 10. These principles underpin all the requirements in this International Standard, but such
principles are not auditable requirements in their own right. Clause 10 describes two alternative ways of
supporting and demonstrating the consistent achievement of the requirements in this International Standard
through the establishment of a management system by the certification body.
This International Standard is intended for use by bodies that carry out audit and certification of management
systems. It gives generic requirements for such certification bodies performing audit and certification in the
field of quality, environmental and other forms of management systems. Such bodies are referred to as
certification bodies. This wording should not be an obstacle to the use of this International Standard by bodies
with other designations that undertake activities covered by the scope of this document.
Certification activities involve the audit of an organization's management system. The form of attestation of
conformity of an organization's management system to a specific management system standard or other
normative requirements is normally a certification document or a certificate.
© ISO 2006 — All rights reserved v
---------------------- Page: 8 ----------------------
INTERNATIONAL STANDARD ISO/IEC 17021:2006(E)
Conformity assessment — Requirements for bodies providing
audit and certification of management systems
1 Scope
This International Standard contains principles and requirements for the competence, consistency and
impartiality of the audit and certification of management systems of all types (e.g. quality management
systems or environmental management systems) and for bodies providing these activities. Certification bodies
operating to this International Standard need not offer all types of management system certification.
Certification of management systems (named in this International Standard “certification”) is a third-party
conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore
third-party conformity assessment bodies (named in this International Standard “certification body/bodies”).
NOTE 1 Certification of a management system is sometimes also called “registration”, and certification bodies are
sometimes called “registrars”.
NOTE 2 A certification body can be non-governmental or governmental (with or without regulatory authority).
NOTE 3 This International Standard can be used as a criteria document for accreditation or peer assessment or other
audit processes.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 9000:2005, Quality management systems — Fundamentals and vocabulary
1)
ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9000, ISO/IEC 17000 and the
following apply.
3.1
certified client
organization whose management system has been certified
1) References in this document to the relevant guidance in ISO 19011 apply to the auditing of all other types of
management systems.
© ISO 2006 — All rights reserved 1
---------------------- Page: 9 ----------------------
ISO/IEC 17021:2006(E)
3.2
impartiality
actual and perceived presence of objectivity
NOTE 1 Objectivity means that conflicts of interest do not exist or are resolved so as not to adversely influence
subsequent activities of the certification body.
NOTE 2 Other terms that are useful in conveying the element of impartiality are: objectivity, independence, freedom
from conflict of interests, freedom from bias, lack of prejudice, neutrality, fairness, open-mindedness, even-handedness,
detachment, balance.
3.3
management system consultancy
participation in designing, implementing or maintaining a management system
EXAMPLES are
a) preparing or producing manuals or procedures, and
b) giving specific advice, instructions or solutions towards the development and implementation of a management
system.
NOTE Arranging training and participating as a trainer is not considered consultancy, provided that, where the course
relates to management systems or auditing, it is confined to the provision of generic information that is freely available in
the public domain; i.e. the trainer should not provide company-specific solutions.
4 Principles
4.1 General
4.1.1 These principles are the basis for the subsequent specific performance and descriptive requirements
in this International Standard. This International Standard does not give specific requirements for all situations
that can occur. These principles should be applied as guidance for the decisions that may need to be made
for unanticipated situations. Principles are not requirements.
4.1.2 The overall aim of certification is to give confidence to all parties that a management system fulfils
specified requirements. The value of certification is the degree of public confidence and trust that is
established by an impartial and competent assessment by a third-party. Parties that have an interest in
certification include, but are not limited to
a) the clients of the certification bodies,
b) the customers of the organizations whose management systems are certified,
c) governmental authorities,
d) non-governmental organizations, and
e) consumers and other members of the public.
4.1.3 Principles for inspiring confidence include
⎯ impartiality,
⎯ competence,
⎯ responsibility,
2 © ISO 2006 — All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC 17021:2006(E)
⎯ openness,
⎯ confidentiality, and
⎯ responsiveness to complaints.
4.2 Impartiality
4.2.1 Being impartial, and being perceived to be impartial, is necessary for a certification body to deliver
certification that provides confidence.
4.2.2 It is recognized that the source of revenue for a certification body is its client paying for certification,
and that this is a potential threat to impartiality.
4.2.3 To obtain and maintain confidence, it is essential that a certification body's decisions be based on
objective evidence of conformity (or nonconformity) obtained by the certification body, and that its decisions
are not influenced by other interests or by other parties.
4.2.4 Threats to impartiality include the following.
a) Self-interest threats: threats that arise from a person or body acting in their own interest. A concern
related to certification, as a threat to impartiality, is financial self-interest.
b) Self-review threats: threats that arise from a person or body reviewing the work done by themselves.
Auditing the management systems of a client to whom the certification body provided management
systems consultancy would be a self-review threat.
c) Familiarity (or trust) threats: threats that arise from a person or body being too familiar with or trusting of
another person instead of seeking audit evidence.
d) Intimidation threats: threats that arise from a person or body having a perception of being coerced openly
or secretively, such as a threat to be replaced or reported to a supervisor.
4.3 Competence
Competence of the personnel supported by the management system of the certification body is necessary to
deliver certification that provides confidence. Competence is the demonstrated ability to apply knowledge and
skills.
4.4 Responsibility
4.4.1 The client organization, not the certification body, has the responsibility for conformity with the
requirements for certification.
4.4.2 The certification body has the responsibility to assess sufficient objective evidence upon which to
base a certification decision. Based on audit conclusions, it makes a decision to grant certification if there is
sufficient evidence of conformity, or not to grant certification if there is not sufficient evidence of conformity.
NOTE Any audit is based on sampling within an organization's management system and therefore is not a guarantee
of 100 % conformity with requirements.
4.5 Openness
4.5.1 A certification body needs to provide public access to, or disclosure of, appropriate and timely
information about its audit process and certification process, and about the certification status (i.e. the granting,
extending, maintaining, renewing, suspending, reducing the scope of, or withdrawing of certification) of any
organization, in order to gain confidence in the integrity and credibility of certification. Openness is a principle
of access to, or disclosure of, appropriate information.
© ISO 2006 — All rights reserved 3
---------------------- Page: 11 ----------------------
ISO/IEC 17021:2006(E)
4.5.2 To gain or maintain confidence in certification, a certification body should provide appropriate access
to, or disclosure of, non-confidential information about the conclusions of specific audits (e.g. audits in
response to complaints) to specific interested parties.
4.6 Confidentiality
To gain the privileged access to information that is needed for the certification body to assess conformity to
requirements for certification adequately, it is essential that a certification body keep confidential any
proprietary information about a client.
4.7 Responsiveness to complaints
Parties that rely on certification expect to have complaints investigated and, if these are found to be valid,
should have confidence that the complaints will be appropriately addressed and that a reasonable effort will
be made to resolve the complaints. Effective responsiveness to complaints is an important means of
protection for the certification body, its clients and other users of certification against errors, omissions or
unreasonable behaviour. Confidence in certification activities is safeguarded when complaints are processed
appropriately.
NOTE An appropriate balance between the principles of openness and confidentiality, including responsiveness to
complaints, is necessary in order to demonstrate integrity and credibility to all users of certification.
5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility
The certification body shall be a legal entity, or a defined part of a legal entity, such that it can be held legally
responsible for all its certification activities. A governmental certification body is deemed to be a legal entity on
the basis of its governmental status.
5.1.2 Certification agreement
The certification body shall have a legally enforceable agreement for the provision of certification activities to
its client. In addition, where there are multiple offices of a certification body or multiple sites of a client, the
certification body shall ensure there is a legally enforceable agreement between the certification body granting
certification and issuing a certificate, and all the sites covered by the scope of the certification.
5.1.3 Responsibility for certification decisions
The certification body shall be responsible for, and shall retain authority for, its decisions relating to
certification, including the granting, maintaining, renewing, extending, reducing, suspending and withdrawing
of certification.
5.2 Management of impartiality
5.2.1 The certification body shall have top management commitment to impartiality in management system
certification activities. The certification body shall have a publicly accessible statement that it understands the
importance of impartiality in carrying out its management system certification activities, manages conflict of
interest and ensures the objectivity of its management system certification activities.
5.2.2 The certification body shall identify, analyse and document the possibilities for conflict of interests
arising from provision of certification including any conflicts arising from its relationships. Having relationships
does not necessarily present a certification body with a conflict of interest. However, if any relationship creates
a threat to impartiality, the certification body shall document and be able to demonstrate how it eliminates or
4 © ISO 2006 — All rights reserved
---------------------- Page: 12 ----------------------
ISO/IEC 17021:2006(E)
minimizes such threats. This information shall be made available to the committee specified in 6.2. The
demonstration shall cover all potential sources of conflict of interests that are identified, whether they arise
from within the certification body or from the activities of other persons, bodies or organizations.
NOTE A relationship that threatens the impartiality of the certification body can be based on ownership, governance,
management, personnel, shared resources, finances, contracts, marketing and payment of a sales commission
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.