1、Conformity assessment Requirements for bodies providing audit and certification of management systems Part 9: Competence requirements for auditing and certification of anti-bribery management systems PD ISO/IEC TS 17021-9:2016 BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2
2、013 15:06National foreword This Published Document is the UK implementation of ISO/IEC TS 17021-9:2016. The UK participation in its preparation was entrusted to Technical Committee CAS/1, Conformity assessment. A list of organizations represented on this committee can be obtained on request to its s
3、ecretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 96334 6 ICS 03.100.01; 03.120.20 Compliance with a Brit
4、ish Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 November 2016. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD ISO/IEC TS 17021-9:2016Con
5、formity assessment Requirements for bodies providing audit and certification of management systems Part 9: Competence requirements for auditing and certification of anti- bribery management systems valuation de la conformit Exigences pour les organismes procdant laudit et la certification des systme
6、s de management Partie 9: Exigences de comptence pour laudit et la certification des systmes de management anti-corruption TECHNICAL SPECIFICATION ISO/IEC TS 17021-9 First edition 2016-10-15 Reference number ISO/IEC TS 17021-9:2016(E) ISO/IEC 2016 PD ISO/IEC TS 17021-9:2016 ii ISO/IEC 2016 All right
7、s reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the interne
8、t or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 co
9、pyrightiso.org www.iso.org ISO/IEC TS 17021-9:2016(E) PD ISO/IEC TS 17021-9:2016 ISO/IEC TS 17021-9:2016(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 Terms and definitions . 1 4 Generic competence requirements . 1 5 Competence requirements for ABMS audit teams . 2 5.1 General
10、. 2 5.2 Bribery concepts . 2 5.3 Context of the organization 2 5.4 Laws, regulations and other requirements 3 5.5 Bribery risk assessment and due diligence 3 5.6 Bribery risks 3 5.7 Anti-bribery controls . 3 5.8 Anti-bribery management systems (ABMS) 3 6 Competence requirements for personnel conduct
11、ing the application review, those reviewing audit reports and those making certification decisions (other personnel) 3 6.1 General . 3 6.2 Bribery concepts . 3 6.3 Context of the organization 3 Annex A (informative) Knowledge for ABMS auditing and certification . 4 Bibliography 5 ISO/IEC 2016 All ri
12、ghts reserved iii Contents Page PD ISO/IEC TS 17021-9:2016 ISO/IEC TS 17021-9:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members
13、of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organiz
14、ations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity assessment, ISO and IEC develop joint ISO/IEC documents under the management of the ISO Committee on Conformity assessment (ISO/CASCO). The procedures used to develop this d
15、ocument and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives
16、, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the dev
17、elopment of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of I
18、SO specific terms and expressions related to conformit y assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html. ISO/IEC/TS 17021-9 was prepared by Project
19、Committee ISO/TC 278, Anti-bribery management systems, and the ISO Committee on conformity assessment (CASCO). It was circulated for voting to the national bodies of both ISO and IEC, and was approved by both organizations. A list of all parts in the ISO/IEC 17021 series can be found on the ISO webs
20、ite.iv ISO/IEC 2016 All rights reserved PD ISO/IEC TS 17021-9:2016 ISO/IEC TS 17021-9:2016(E) Introduction This document complements ISO/IEC 17021-1. In particular, it clarifies the requirements for the competence of personnel involved in the certification process set out in ISO/IEC 17021-1:2015, An
21、nex A. The guiding principles in ISO/IEC 17021-1:2015, Clause 4, are the basis for the requirements in this document. Certification bodies have a responsibility to interested parties, including their clients and the customers of the organizations whose management systems are certified, to ensure tha
22、t only those auditors who demonstrate relevant competence are allowed to conduct anti-bribery management system (ABMS) audits. It is intended that all ABMS auditors possess the generic competencies described in ISO/IEC 17021-1, as well as the specific ABMS competencies described in this document. Ce
23、rtification bodies will need to identify the specific audit team competence needed for the scope of each ABMS audit. In this document, the following verbal forms are used: “shall” indicates a requirement; “should” indicates a recommendation; “may” indicates a permission; “can” indicates a possibilit
24、y or a capability. Further details can be found in the ISO/IEC Directives, Part 2 For the purposes of research, users are encouraged to share their views on this document and their priorities for changes to future editions. Click on the link below to take part in the online survey: https:/ / ISO/IEC
25、 2016 All rights reserved v PD ISO/IEC TS 17021-9:2016 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 9: Competence requirements for auditing and certification of anti-bribery management systems 1 Scope This document complements the existin
26、g requirements of ISO/IEC 17021-1. It includes specific competence requirements for personnel involved in the certification process for anti-bribery management systems (ABMS). 2 Normative references The following documents are referred to in the text in such a way that some or all of their content c
27、onstitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 17021-1:2015, Conformity assessment Requirements for bodies providing audit and certificat
28、ion of management systems Part 1: Requirements ISO 37001:2016, Anti-bribery management systems Requirements with guidance for use 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 37001 and ISO/IEC 17021- 1 apply. ISO and IEC maintain terminological da
29、tabases for use in standardization at the following addresses: ISO Online browsing platform: available at http:/ /www.iso.org/obp IEC Electropedia: available at http:/ /www.electropedia.org/ 4 Generic competence requirements The certification body shall define the competence requirements for each ce
30、rtification function as referenced in ISO/IEC 17021-1:2015, Table A.1. When defining these competence requirements, the certification body shall take into account all the requirements specified in ISO/IEC 17021-1, as well as those specified in Clauses 5 and 6. NOTE 1 Annex A provides an overview of
31、the competence requirements for personnel involved in specific certification functions. NOTE 2 Information on the principles of auditing is provided in ISO 19011. TECHNICAL SPECIFICATION ISO/IEC TS 17021-9:2016(E) ISO/IEC 2016 All rights reserved 1 PD ISO/IEC TS 17021-9:2016 ISO/IEC TS 17021-9:2016(
32、E) 5 Competence requirements for ABMS audit teams 5.1 General All personnel involved in ABMS auditing shall have a level of competence that includes the generic competencies described in ISO/IEC 17021-1, understand the requirements of ISO 37001 and the relationship between those requirements, as wel
33、l as the ABMS knowledge described in 5.2 to 5.8. NOTE 1 It is not necessary for each auditor in the audit team to have the same competence, however, the collective competence of the audit team needs to be sufficient to achieve the audit objectives. 5.2 Bribery concepts 5.2.1 The audit team shall hav
34、e knowledge of bribery concepts including at least the following: a) direct and indirect payments; b) facilitation payments; c) non-financial benefits or advantages (e.g. benefits or opportunities to family members); d) conflicts of interests. 5.2.2 The audit team shall have knowledge of risks of br
35、ibery associated with third parties, such as public officials, agents, consultants, subcontractors, family or relations. 5.2.3 The audit team shall have knowledge of bribery scenarios related to at least the following: a) personnel, recruiting, hiring and remuneration; b) commercial activities; c) t
36、ravel, gifts, and hospitality; d) donations and sponsorship; e) procurement and contracting; f) sales and marketing; g) manufacturing and supply chain; h) outsourced processes; i) merging and acquisitions. 5.2.4 The audit team shall have knowledge of bribery indicators (red flags). NOTE Lists of bri
37、bery indicators (red flags) are available, for example, from the International Chamber of Commerce (ICC), the Organization for Economic Co-operation and Development (OECD) and the World Bank. 5.2.5 The audit team shall have knowledge of controls used to prevent, detect and respond to bribery and of
38、the consequences of inadequate or missing controls. 5.3 Context of the organization 5.3.1 The audit team shall have knowledge of the context in which the organization operates, including ISO 37001:2016, Clause 4.2 ISO/IEC 2016 All rights reserved PD ISO/IEC TS 17021-9:2016 ISO/IEC TS 17021-9:2016(E)
39、 5.3.2 The audit team shall have the knowledge and skills necessary to conduct independent research related to the organization to identify and understand, for example, recent bribery allegations or issues, industry-related bribery risks, or levels of government interaction or regulation. 5.3.3 The
40、audit team shall have the knowledge of corporate structures, for example mergers and acquisitions, joint ventures and investment vehicles. 5.4 Laws, regulations and other requirements The audit team shall have knowledge to determine whether an organizations procedures for identifying and evaluating
41、its compliance with applicable legal requirements and other requirements applicable to its anti-bribery management system are adequate and have been implemented. 5.5 Bribery risk assessment and due diligence The audit team shall have knowledge about how bribery risk assessments as described in ISO 3
42、7001:2016, 4.5, are conducted, including the understanding of different methodologies and their associated limitations and challenges, as well as an understanding of due diligence (ISO 37001:2016, 8.2) and the risks of bribery associated with business associate(s) (ISO 37001:2016, 8.5). 5.6 Bribery
43、risks The audit team shall have knowledge of the methods and skills for evaluating and controlling bribery risks that are described in ISO 37001:2016, Clauses 7 and 8. 5.7 Anti-bribery controls The audit team shall have knowledge and skills in designing and evaluating anti-bribery controls and inves
44、tigating bribery. 5.8 Anti-bribery management systems (ABMS) The audit team shall have knowledge and skills in designing or implementing an ABMS or a similar compliance management or internal control system. 6 Competence requirements for personnel conducting the application review, those reviewing a
45、udit reports and those making certification decisions (other personnel) 6.1 General Other personnel shall have the generic competence described in ISO/IEC 17021-1, understand the requirements of ISO 37001 and the relationship between those requirements, and the ABMS knowledge requirements described
46、in 6.2 and 6.3. 6.2 Bribery concepts Other personnel shall have knowledge of bribery concepts and risks. 6.3 Context of the organization Other personnel shall have knowledge of the context in which the organization operates, including the information described in ISO 37001:2016, Clause 4. ISO/IEC 20
47、16 All rights reserved 3 PD ISO/IEC TS 17021-9:2016 ISO/IEC TS 17021-9:2016(E) Annex A (informative) Knowledge for ABMS auditing and certification Table A.1 provides an overview of the knowledge required for ABMS auditing and certification but is informative because it only identifies the areas of k
48、nowledge for specific certification functions. The competence requirements for each function are stated in Clauses 4, 5 and 6 and Table A.1 gives the reference to the specific requirement. Table A.1 Knowledge for ABMS auditing and certification Knowledge Certification functions Conducting the applic
49、ation review to determine audit team competence required, to select the audit team members, and to determine the audit time Reviewing audit reports and making certification decisions The audit team General 6.1 6.1 5.1 Bribery concepts 6.2 6.2 5.2 Context of the organiza- tion 6.3 6.3 5.3 Laws, regulations and other requirements N/A N/A 5.4 Bribery risk assessment and due diligence N/A N/A 5.5 Bribery risks N/A N/A 5.6 Anti-bribery controls N/A N/A 5.7 Anti-bribery manage- ment