ISO/IEC 17021:2006

SASQ Annual General MeetingD. Iain Muir

9 March 2007

ISO/IEC 17021:2006

1. Developed by ISO/CASCO Working Group 21

CASCO is the Conformity Assessment Committee of ISO

Co-conveners• Alister Dalrymple, France-AFNOR

– AFAQ, a management system certification body• Randy Dougherty, US-ANSI

– ANAB, an accreditation body for management system certification bodies

ISO/IEC 17021:2006

Intent of WG21 for ISO 17021

To be applicable to any management systems

To incorporate IAF guidance

To incorporate latest technology

To be consistent with the common elements (WG23)

Principles-based performance requirements (where possible)

To replace ISO Guides 62 and 66

ISO/IEC 17021:2006

ISO/IEC 17021:2006

Conformity assessment—Requirements for bodies

providing audit and certification of management

systems

Published 15 September 2006

SANS 17021 published November 2006

ISO/IEC 17021:2006

1. Contents• 1 Scope• 2 Normative references• 3 Terms and definitions• 4 Principles• 5 General requirements• 6 Structural requirements• 7 Resource requirements• 8 Information requirements• 9 Process requirements• 10 Management system requirements for CBs

ISO/IEC 17021:2006

What is new regarding the standard?

Section 4 Principles [for third party certification]

Subsequent requirements are based on the principles

The principles are not auditable

ISO/IEC 17021:2006

Section 4 Principles

competence

responsibility

openness

confidentiality

responsiveness to complaints

impartiality

ISO/IEC 17021:2006

What is new regarding CB and audit team competence?

Requirements that result in a process for ensuring the assignment of competent audit team

competence analysis (7.1 & 7.2)

records justifying decision to accept the client (9.2.2.1.f)

application review—competence needed (9.2.2.2)

audit team selection—competence provided (9.2.2.3)

competence to make certification decision (9.2.2.4)

ISO/IEC 17021:2006

What is new regarding the certification process?

The process approach for certification audits

plan the audit

conduct the audit

report the audit

review and decision regarding certification

ISO/IEC 17021:2006

Certification and audit program

What is new regarding the certification process?

two-stage audit for initial certification

three year certification cycle begins with certification or re-certification decision

surveillance audits in first and second years

re-certification audit in the third year prior to expiration

ISO/IEC 17021:2006

Stage 1 audit (9.2.3.1)

What is new regarding the certification process?

Establishes seven objectives to be fulfilled during the stage 1 audit

Recommended, but not required, that at least part of the stage 1 audit be carried out at client’s premises

ISO/IEC 17021:2006

What is new regarding impartiality?

Eliminated the definition for, and use of the term, “related body”, and instead describes activities and or relationships that are a threat to impartiality

CB shall provide for a committee to safeguard impartiality (6.2)

Impartiality analysis (5.2.2)

Financial/liability analysis (5.3.2)

ISO/IEC 17021:2006

Publicly available statement by Top Management of the CB (5.2.1)

Understands importance of impartialityManages conflict of interestEnsures objectivity

What is new regarding impartiality?

A CB shall not outsource audits to a management system

consultancy organization (5.2.8)

ISO/IEC 17021:2006

A CB shall not provide internal audits to its certified clients.

What is new regarding impartiality?

A CB shall not certify a management system on which

it provided internal audits for at least two years (5.2.6)

Personnel records shall include any relevant

consultancy services that may have been provided (7.4)

ISO/IEC 17021:2006

Applicants for certification to provide information concerning

any management system consultancy received (9.2.1f)

What is new regarding impartiality?

ISO/IEC 17021:2006

auditor time for an effective audit (9.1.4)

What is new regarding the certification process?

documented process for determination of auditor time, as determined by the CB, and justification, to be recorded

flexibility to adjust the audit program based on demonstrated effectiveness of the client’s management system (9.1.1)

in addition to physical locations, “on-site” may include remote access to electronic sites (note 1 to 9.1.9)

ISO/IEC 17021:2006

What is new regarding the certification documents?

an expiry date consistent with the re-certification cycle (8.2.3.c)

ISO/IEC 17021:2006

What is new regarding publicly accessible information?

certifications granted, suspended or withdrawn (8.1.3)

ISO/IEC 17021:2006

What is new regarding management system requirements for a CB?

Option 1—ISO 9001:2000 (10.2)

Option 2—general management system requirements (10.3)

documented MS, polices and objectivescontrol of documents and recordsinternal audits & management reviewcorrective & preventive actions

Transition to ISO 17021 Planning and Implementation

Transition

The General Assembly, acting on the recommendation of the TechnicalCommittee, resolved that the transition period for conforming to ISO/IEC

17021:2006 be 24 months from the date of publication of the standard by ISO.

Therefore, on 15 September 2008, accreditation to ISO/IEC Guide 62:1996 and ISO/IEC Guide 66:1999 will no longer be valid.

The annexes of IAF GD2 and IAF GD6 should continue to be applied until superseded.

IAF Resolution 2006-09 Transition Period for ISO/IEC 17021

Joint IAF-ISO Communique

Transition plan

End of transition and Accreditation Certificate Issue

On 15 September 2008, twenty four months after publication of the new standard, all accredited Certification Bodies are expected to be in full compliance with ISO/IEC 17021 and a new accreditation certificate issued.

Promotion

Promotion

Thanks for listening

Any questions?