EN ISO IEC 17021-1-2015 en Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1 Requirements《合格评定 对管理体系提供审核和认证的机构的要求 第1部.pdf

1、BSI Standards PublicationBS EN ISO/IEC 17021-1:2015Conformity assessment -Requirements for bodiesproviding audit andcertification of managementsystemsPart 1: RequirementsBS EN ISO/IEC 17021-1:2015 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN ISO/IEC17021-1:20

2、15. It supersedes BS EN ISO/IEC 17021:2011 which iswithdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee CAS/1, Conformity assessment.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to

3、include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2015. Published by BSI StandardsLimited 2015ISBN 978 0 580 85342 5ICS 03.120.20Compliance with a British Standard cannot confer immunity fromlegal obligations.This B

4、ritish Standard was published under the authority of theStandards Policy and Strategy Committee on 31 July 2015.Amendments issued since publicationDate Text affectedEUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO/IEC 17021-1 July 2015 ICS 03.120.20 Supersedes EN ISO/IEC 17021:2011 English V

5、ersion Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements (ISO/IEC 17021-1:2015) valuation de la conformit - Exigences pour les organismes procdant laudit et la certification des systmes de management - Partie 1: Exigences (

6、ISO/IEC 17021-1:2015) Konformittsbewertung - Anforderungen an Stellen, die Managementsysteme auditieren und zertifizieren - Teil 1: Anforderungen (ISO/IEC 17021-1:2015) This European Standard was approved by CEN on 6 June 2015. CEN and CENELEC members are bound to comply with the CEN/CENELEC Interna

7、l Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CE

8、N and CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same stat

9、us as the official versions. CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland,

10、 Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2015 CEN/CENELEC All rights of exploitation in any form a

11、nd by any means reserved worldwide for CEN national Members and for CENELEC Members. Ref. No. EN ISO/IEC 17021-1:2015 E BS EN ISO/IEC 17021-1:2015EN ISO/IEC 17021-1:2015 (E) 3 European foreword This document (EN ISO/IEC 17021-1:2015) has been prepared by Technical Committee ISO/CASCO “Committee on c

12、onformity assessment“ in collaboration with Technical Committee CEN-CENELEC/TC 1 “Criteria for conformity assessment bodies” the secretariat of which is held by BSI. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement,

13、 at the latest by January 2016, and conflicting national standards shall be withdrawn at the latest by January 2016. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying

14、any or all such patent rights. This document supersedes EN ISO/IEC 17021:2011. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. According to the CEN-CENELEC Internal Regulations, the national standards organizations of t

15、he following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Nether

16、lands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/IEC 17021-1:2015 has been approved by CEN as EN ISO/IEC 17021-1:2015 without any modification. BS EN ISO/IEC 17021-1:2015ISO/IEC 17021-1:2015(E)

17、Foreword vIntroduction vi1 Scope . 12 Normative references 13 Terms and definitions . 14 Principles . 44.1 General . 44.2 Impartiality 44.3 Competence . 54.4 Responsibility 54.5 Openness 54.6 Confidentiality . 64.7 Responsiveness to complaints . 64.8 Risk-based approach 65 General requirements . 65.

18、1 Legal and contractual matters . 65.1.1 Legal responsibility . 65.1.2 Certification agreement . 75.1.3 Responsibility for certification decisions . 75.2 Management of impartiality 75.3 Liability and financing 96 Structural requirements 96.1 Organizational structure and top management . 96.2 Operati

19、onal control . 97 Resource requirements 107.1 Competence of personnel . 107.1.1 General considerations 107.1.2 Determination of competence criteria .107.1.3 Evaluation processes .107.1.4 Other considerations .107.2 Personnel involved in the certification activities .107.3 Use of individual external

20、auditors and external technical experts .117.4 Personnel records 127.5 Outsourcing. 128 Information requirements 128.1 Public information 128.2 Certification documents . 138.3 Reference to certification and use of marks . 148.4 Confidentiality 158.5 Information exchange between a certification body

21、and its clients 158.5.1 Information on the certification activity and requirements .158.5.2 Notice of changes by a certification body 168.5.3 Notice of changes by a certified client 169 Process requirements 169.1 Pre-certification activities 169.1.1 Application . 169.1.2 Application review 169.1.3 A

22、udit programme .179.1.4 Determining audit time . 189.1.5 Multi-site sampling .189.1.6 Multiple management systems standards 19 ISO/IEC 2015 All rights reserved iiiContents PageBS EN ISO/IEC 17021-1:2015ISO/IEC 17021-1:2015(E)9.2 Planning audits 199.2.1 Determining audit objectives, scope and criteri

23、a .199.2.2 Audit team selection and assignments 199.2.3 Audit plan 219.3 Initial certification 229.3.1 Initial certification audit 229.4 Conducting audits 239.4.1 General. 239.4.2 Conducting the opening meeting 239.4.3 Communication during the audit .249.4.4 Obtaining and verifying information .249.

24、4.5 Identifying and recording audit findings .259.4.6 Preparing audit conclusions . 259.4.7 Conducting the closing meeting 259.4.8 Audit report .269.4.9 Cause analysis of nonconformities 279.4.10 Effectiveness of corrections and corrective actions .279.5 Certification decision 279.5.1 General. 279.5

25、.2 Actions prior to making a decision . 289.5.3 Information for granting initial certification 289.5.4 Information for granting recertification .289.6 Maintaining certification . 289.6.1 General. 289.6.2 Surveillance activities .299.6.3 Recertification .309.6.4 Special audits . 319.6.5 Suspending, w

26、ithdrawing or reducing the scope of certification .319.7 Appeals . 319.8 Complaints . 329.9 Client records 3310 Management system requirements for certification bodies .3410.1 Options 3410.2 Option A: General management system requirements .3410.2.1 General. 3410.2.2 Management system manual 3410.2.

27、3 Control of documents .3410.2.4 Control of records 3510.2.5 Management review 3510.2.6 Internal audits .3610.2.7 Corrective actions 3610.3 Option B: Management system requirements in accordance with ISO 9001.3610.3.1 General. 3610.3.2 Scope . 3710.3.3 Customer focus .3710.3.4 Management review 37An

28、nex A (normative) Required knowledge and skills .38Annex B (informative) Possible evaluation methods .41Annex C (informative) Example of a process flow for determining and maintaining competence 43Annex D (informative) Desired personal behaviour .45Annex E (informative) Audit and certification proce

29、ss 46Bibliography .48iv ISO/IEC 2015 All rights reservedBS EN ISO/IEC 17021-1:2015ISO/IEC 17021-1:2015(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies

30、 that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other int

31、ernational organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity assessment, ISO and IEC develop joint ISO/IEC documents under the management of the ISO Committee on Conformity assessment (ISO/CASCO).The procedures used

32、to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the I

33、SO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identifie

34、d during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on th

35、e meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationISO/IEC 17021-1 was prepared by the ISO Committee on

36、 Conformity Assessment (CASCO). It was circulated for voting to the national bodies of both ISO and IEC, and was approved by both organizations.This first edition of ISO/IEC 17021-1 cancels and replaces ISO/IEC 17021:2011, which has been technically revised.ISO/IEC 17021 consists of the following pa

37、rts, under the general title Conformity assessment Requirements for bodies providing audit and certification of management systems: Part 1: Requirements Part 2: Competence requirements for auditing and certification of environmental management systems Technical Specification Part 3: Competence requi

38、rements for auditing and certification of quality management systems Technical Specification Part 4: Competence requirements for auditing and certification of event sustainability management systems Technical Specification Part 5: Competence requirements for auditing and certification of asset manag

39、ement systems Technical Specification Part 6: Competence requirements for auditing and certification of business continuity management systems Technical Specification Part 7: Competence requirements for auditing and certification of road traffic safety management systems Technical Specification ISO/

40、IEC 2015 All rights reserved vBS EN ISO/IEC 17021-1:2015ISO/IEC 17021-1:2015(E)IntroductionCertification of a management system, such as the environmental management system, quality management system or information security management system of an organization, is one means of providing assurance th

41、at the organization has implemented a system for the management of the relevant aspects of its activities, products and services, in line with the organizations policy and the requirements of the respective international management system standard.This part of ISO/IEC 17021 specifies requirements fo

42、r bodies providing audit and certification of management systems. It gives generic requirements for such bodies performing audit and certification in the field of quality, the environment and other types of management systems. Such bodies are referred to as certification bodies. Observance of these

43、requirements is intended to ensure that certification bodies operate management system certification in a competent, consistent and impartial manner, thereby facilitating the recognition of such bodies and the acceptance of their certifications on a national and international basis. This part of ISO

44、/IEC 17021 serves as a foundation for facilitating the recognition of management system certification in the interests of international trade.Certification of a management system provides independent demonstration that the management system of the organization:a) conforms to specified requirements;b

45、) is capable of consistently achieving its stated policy and objectives;c) is effectively implemented.Conformity assessment, such as the certification of a management system, thereby provides value to the organization, its customers and interested parties.Clause 4 describes the principles on which c

46、redible certification is based. These principles help the user to understand the essential nature of certification and they are a necessary prelude to Clauses 5 to 10. These principles underpin the requirements in this part of ISO/IEC 17021, but such principles are not auditable requirements in thei

47、r own right. Clause 10 describes two alternative ways of supporting and demonstrating the consistent achievement of the requirements in this part of ISO/IEC 17021 through the establishment of a management system by the certification body.Certification activities are the individual activities that ma

48、ke up the entire certification process, from application review to termination of certification. Annex E provides an illustration of the way in which many of these activities can interact.Certification activities involve the audit of an organizations management system. The form of attestation of con

49、formity of an organizations management system to a specific management system standard or other normative requirements is usually a certification document or a certificate.This part of ISO/IEC 17021 is applicable to the auditing and certification of any type of management system. It is recognized that some of the requirements, in particular those related to auditor competence, can be supplemented with additional criteria in order to achieve the expectations of the interested parties.In this part of ISO/IEC 17021, the following verbal form