1、Conformity assessment Guidelines for determining the duration of management system certification audits valuation de la conformit Lignes directrices pour la dtermination de la dure des audits de certification dun systme de management ISO 2013 TECHNICAL SPECIFICATION ISO/IEC TS 17023 First edition 20
2、13-08-01 Reference number ISO/IEC TS 17023:2013(E) ISO/IEC TS 17023:2013(E)ii ISO 2013 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2013 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electroni
3、c or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41
4、 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ISO/IEC TS 17023:2013(E) ISO 2013 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 Terms and definitions . 1 4 Factors for the determination of
5、the duration of management system certification audits .2 4.1 General . 2 4.2 Relevant management system standard(s) and other requirements 2 4.3 Size and location(s) of the client organization 3 4.4 Complexity of the clients organization and management system . 3 4.5 Technological and regulatory co
6、ntext . 3 4.6 Activities included in the scope of the management system. 4 4.7 Maturity and effectiveness of the management system 4 4.8 Risks associated with the products, processes or activities of the client organization . 4 4.9 Culture 4 4.10 Integrated management system. 5 4.11 Composition of t
7、he audit team 5 4.12 Other considerations . 5 5 Methodology for the calculation of the duration of management system certification audits . 5 5.1 General . 5 5.2 Development of a methodology . 5 5.3 Implementation of the methodology . 6 Bibliography 7 ISO/IEC TS 17023:2013(E) Foreword ISO (the Inter
8、national Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees establis
9、hed by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the fi
10、eld of conformity assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of International Standards and Guides. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. Draft International Standards adopted b
11、y the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In other circumstances, particularly when there is an urgent market requirement for such documents, a technical
12、committee may decide to publish other types of document: an ISO/IEC Publicly Available Specification (ISO/IEC PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication if it is approved by more than 50 % of the members of the parent committee cast
13、ing a vote; an ISO/IEC Technical Specification (ISO/IEC TS) represents an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/PAS or ISO/TS is reviewed after three years in order to dec
14、ide whether it will be confirmed for a further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an International Standard or be withdrawn.
15、Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC TS 17023 was prepared by the ISO Committee on conformity assessment (CASCO). It was circulate
16、d for voting to the national bodies of both ISO and IEC, and was approved by both organizations.iv ISO 2013 All rights reserved ISO/IEC TS 17023:2013(E) Introduction This Technical Specification provides guidance on the application of the relevant requirements of ISO/IEC 17021:2011 for determining t
17、he duration of management system certification audits. It provides certification bodies with a framework for achieving a basic level of consistency for determining the duration of management system certification audits. It can be also considered for the determination of duration of other types of au
18、dits. The growth in the number of management system standards and certification schemes has highlighted the need for a document providing guidance to ensure that the factors influencing the duration of management system certification audits are considered. This Technical Specification enables client
19、s of certification bodies and other interested parties (e.g. scheme owners, regulators, accreditation bodies) to understand how different factors contribute to the duration of management system certification audits. This Technical Specification does not define tables, formulas, or other methods to c
20、alculate the duration of management system certification audits for specific schemes, but it identifies factors to be considered when such tables or formulas are developed. In this Technical Specification, the following verbal forms are used: “should” indicates a recommendation; “may” indicates a pe
21、rmission; “can” indicates a possibility or a capability. The verbal form “shall”, which indicates a requirement, is not used in this Technical Specification because only guidance is provided. Further details can be found in the ISO/IEC Directives, Part 2. ISO 2013 All rights reserved v Conformity as
22、sessment Guidelines for determining the duration of management system certification audits 1 Scope This Technical Specification provides guidelines for determining the duration of management system certification audits, to the bodies providing audit and certification of management systems and to tho
23、se that develop and maintain certification schemes. NOTE 1 This Technical Specification is also intended to address the needs of other interested parties (e.g. regulators, accreditation bodies) when determining the duration of management system certification audits. NOTE 2 Where additional specific
24、requirements related to the duration of management system certification audits have been established for a specific certification scheme (e.g. ISO/TS 22003 for food safety management systems) or other requirements as established by scheme owners or regulators, these can be applied. 2 Normative refer
25、ences The following referenced documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments)
26、 applies. ISO/IEC 17000, Conformity assessment Vocabulary and general principles ISO/IEC 17021:2011, Conformity assessment Requirements for bodies providing audit and certification of management systems 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO
27、/IEC 17000, ISO/IEC 17021:2011 and the following apply. 3.1 scheme owner person or organization responsible for developing and maintaining a specific certification scheme (3.2) Note 1 to entry: The scheme owner can be the certification body itself, a governmental authority, a trade association, a gr
28、oup of certification bodies or others. SOURCE: ISO/IEC 17065:2012, 3.11 3.2 certification scheme conformity assessment system related to management systems to which the same specified requirements, specific rules and procedures apply SOURCE: ISO/IEC 17000:2004, 2.8, modified 3.3 client organization
29、entity or defined part of an entity operating a management system TECHNICAL SPECIFICATION ISO/IEC TS 17023:2013(E) ISO 2013 All rights reserved 1 ISO/IEC TS 17023:2013(E) 3.4 permanent site location (physical or virtual) where a client organization (3.3) performs work or provides a service on a cont
30、inuing basis 3.5 temporary site location (physical or virtual) where a client organization (3.3) performs specific work or provides a service for a finite period of time and which is not intended to become a permanent site (3.4) 3.6 audit time time needed to plan and accomplish a complete and effect
31、ive audit of the client organizations (3.3) management system 3.7 duration of management system certification audits part of audit time (3.6) spent conducting audit activities from the opening meeting to the closing meeting, inclusive Note 1 to entry: Audit activities normally include: conducting th
32、e opening meeting; performing document review while conducting the audit; communicating during the audit; assigning roles and responsibilities of guides and observers; collecting and verifying information; generating audit findings; preparing audit conclusions; conducting the closing meeting. 4 Fact
33、ors for the determination of the duration of management system certifi- cation audits 4.1 General The following text is based on the aspects specified in the relevant clauses of ISO/IEC 17021:2011. The factors listed in 4.2 to 4.12 should be used when defining processes for the determination of the
34、duration of management system certification audits. These factors can be used for the determination of the duration of management system certification audits for specific audits. The particular factors to be taken into account should depend on the type and scope of audit. NOTE The time spent travell
35、ing to and from the site(s) is not included in the determination of the duration of management system certification audits. 4.2 Relevant management system standard(s) and other requirements The duration of management system certification audits can depend on relevant management system standard(s) an
36、d certification scheme requirements and the type of audit (e.g. initial audit, surveillance, recertification, special audit, follow up audit, transfer audit). NOTE 1 When an audit is done in two stages, the duration of management system certification audits is the sum of stage one and stage two.2 IS
37、O 2013 All rights reserved ISO/IEC TS 17023:2013(E) NOTE 2 Other audits (e.g. special audits, transfer audits) can be performed and the duration of such audits is usually established on a case by case basis depending on the objectives of such audits. 4.3 Size and location(s) of the client organizati
38、on 4.3.1 The following factors can be relevant when determining the duration of management system certification audits: the physical size of the client organization (large or small); the number of people involved in the activities of the client organization in relation to the scope of the audit incl
39、uding, when relevant, part-time, seasonal contract and casual personnel; complicated logistics (e.g. university with various campuses, oil platforms); the number of sites to be audited. 4.3.2 The duration of management system certification audits may further be affected by: the level of central cont
40、rol; the commonalities of processes and products; the linked processes; seasonal and climate conditions. 4.4 Complexity of the clients organization and management system The following factors can be relevant when determining the duration of management system certification audits: accessibility to ma
41、nagement system documentation and records (e.g. remote or on-site); structure of the management system, including levels of controls, reporting and internal communication; the number and range of people representing various levels within the client organization to be interviewed; activities that req
42、uire visiting temporary sites; complexity of the interaction between the client organizations activities; prior knowledge about the client organization (e.g. other management system certified by the same certification body); activities which are repetitive (commonality of processes or unique process
43、); changes to the client organization (e.g. relocation, management change, merging); the control and type of shift work; the client organizations occupational health and safety and security conditions. 4.5 Technological and regulatory context The following factors can be relevant when determining th
44、e duration of management system certification audits: the complexity and amount of applicable regulations (e.g. food, pharmaceutical, aerospace, nuclear power industries); ISO 2013 All rights reserved 3 ISO/IEC TS 17023:2013(E) the complexity of the technology used in the client organization; the co
45、mplexity of design processes; the level of automation. 4.6 Activities included in the scope of the management system The following factors can be relevant when determining the duration of management system certification audits: the applicable requirements of the management system standard, including
46、 considerations of eligible exclusion of requirements; the scope of certification with respect to product, services, activities, processes and sites, including consideration of their complexity; the activities outsourced by the client organization (e.g. extent, level of control, significance, comple
47、xity). 4.7 Maturity and effectiveness of the management system The following factors can be relevant when determining the duration of management system certification audits: the results and effectiveness of any prior audits performed by the certification body; the results and effectiveness of any pr
48、ior external audits conducted by parties other than the certification body; the effectiveness of the client organizations internal audit and management review processes; the level of understanding and commitment to the management system within the client organization; existing certified management s
49、ystems; reliable public information (e.g. media reports, customer feedback, regulatory information or sanctions); the period for which the management system has been in operation; the capacity of the client organization to achieve its management system objectives. 4.8 Risks associated with the products, processes or activities of the client organization The following factors can be relevant when determining the duration of management system cert
