Você está na página 1de 27

ISO/IEC 17021—the IAF Perspective

Presented by Randy Dougherty

at the
Seventh IRCA International Forum
15 June 2008

ISO/IEC 17021:2006
z Developed by ISO/CASCO Working Group 21

z Co-conveners
– Alister Dalrymple, France-AFNOR
z AFAQ, a management system certification body
– Randy Dougherty, US-ANSI
z ANAB, an accreditation body for management system
certification bodies

Note: CASCO is the Conformity Assessment Committee

ISO/IEC 17021:2006
Intent of WG21 for 17021
z To replace Guides 62 and 66
z To be applicable to any management systems
z To incorporate IAF guidance
z To incorporate latest technology
z To be consistent with the common elements
z Principles-based performance requirements
(where possible)
ISO/IEC 17021:2006
ISO/IEC 17021:2006
Conformity assessment—Requirements for
bodies providing audit and certification of
management systems

Published 15 September 2006

ISO/IEC 17021:2006
z Contents
– 1 Scope
– 2 Normative references
– 3 Terms and definitions
– 4 Principles
– 5 General requirements
– 6 Structural requirements
– 7 Resource requirements
– 8 Information requirements
– 9 Process requirements
– 10 Management system requirements for CBs 5
ISO/IEC 17021:2006
What is new?
– regarding the standard?

z Section 4 Principles [for third party

– Subsequent requirements are based on the
– The principles are not auditable

ISO/IEC 17021:2006
What is new?
– regarding CB and audit team competence?

z Requirements that result in a process for ensuring the

assignment of competent audit team
– competence analysis (7.1 & 7.2)
– records justifying decision to accept the client
– application review—competence needed (
– audit team selection—competence provided (
– competence to make certification decision (

ISO/IEC 17021:2006
What is new?
– regarding the certification process?

z Certification and audit program (9.1.1)

– two-stage audit for initial certification
– three year certification cycle begins with certification
or re-certification decision
– surveillance audits in first and second years
– re-certification audit in the third year prior to
ISO/IEC 17021:2006
What is new?
– regarding the certification process?

z stage 1 audit (

– Establishes seven objectives to be fulfilled during the
stage 1 audit
– Recommended, but not required, that at least part of
the stage 1 audit be carried out at client’s premises

ISO/IEC 17021:2006
What is new?
– regarding impartiality?

z Eliminated the definition for, and use of the

term, “related body”, and instead describe
activities/relationships that are a threat to
ISO/IEC 17021:2006
What is new?
– regarding management system requirements for a

z Option 1—ISO 9001:2000 (10.2)

z Option 2—general management system requirements
– documented MS, polices and objectives
– control of documents and records
– internal audits & management review
– corrective & preventive actions

ISO/IEC 17021:2006

z published 15 September 2006

z plan for implementation?

ISO/IEC 17021:2006 and IAF
– In November 2006, IAF resolved that the that
the transition to ISO/IEC 17021:2006 be
effective 24 months after publication
z based on the publication date of 15 September 2006,
the deadline is 15 September 2008
z the annexes to IAF GD2 and IAF GD6 should
continue to be applied until superseded
z NOT to develop any IAF guidance on the
application of ISO/IEC 17021

ISO/IEC 17021:2006 and IAF
z InMarch 2007, established seven IAF TC
TFs to review GD2 and GD6 annexes:
– Scopes of Accreditation for QMS
– Duration of Audits to ISO 9001:2000
– Duration of Audits to ISO 14001:2004
– Certification of Multiple Sites based on Sampling
– Transfer of Certification
– Advanced Surveillance and Recertification Procedures
– Computer Assisted Audit Techniques (CAAT)

ISO/IEC 17021:2006 and IAF
z In May 2007, published IAF GD 8:2007
Informative Guidance on the Transition to
ISO/IEC 17021 Accreditation from ISO/IEC
Guide 62 and ISO/IEC Guide 66
– ABs…date for not accepting applications…to 62 or 66
– Verify implementation during normal AB surveillance
– Nonconformities to be resolved prior to transition
– CBs advised to make a transition plan and seek
agreement of their AB
– CBs advised to gain agreement with their AB for any
phased approach

ISO/IEC 17021:2006 and IAF
z IAF MD 1:2007 Certification of Multiple Sites
Based on Sampling
– Published 2007/11/20, Effective 2008/09/15
z IAF MD 2:2007 Transfer of Accredited
Certification of Management Systems
– Published 2007/12/14, Effective 2008/09/15
z IAF MD 3:2008 Advanced Surveillance and
Recertification Procedures (ASRP)
– Published 2008/02/01, Effective 2008/09/15

ISO/IEC 17021:2006—
IAF and Competence
z 1 March 2008 Training Workshop Sponsored
by IAF
z Presented by Tim Inman & Randy Dougherty
z Purpose—To promote consistent
understanding and application of ISO/IEC
17021:2006 by accreditation body personnel,
including accreditation assessors, and by
certification body personnel.

ISO/IEC 17021:2006—
IAF and Competence
z The publication of ISO 19011:2002 initiated the
change from qualifications to competence
– 3.14 competence — demonstrated personal
attributes and demonstrated ability to apply
knowledge and skills (ISO 19011)

– Note: In ISO 9000 and ISO/IEC 17021, competence is defined

as the demonstrated ability to apply knowledge and skills

ISO/IEC 17021:2006—
IAF and Competence
z ISO 19011:2002, Table 1 and 7.4
reinforce qualifications—education, work
experience, auditor training and audit
– Or do they?
z “…education sufficient to acquire the knowledge
and skills…(7.4.1a)
z “…work experience that contributes to the
development of the knowledge and
ISO/IEC 17021:2006—
IAF and Competence
z IAF guidance introduced some of the current
concepts of competence as currently required in
ISO/IEC 17021:2006—for EMS first, and then for
– Expectation of a CB to determine types of management
systems (e.g, the standards) and the technical areas a CB is
competent to operate in (eg. GD2 – G.2.2.2 & G.2.2.3)
z Note, as there is no standardization or harmonization of
‘technical areas’ for any standard, this remains a source of
– Expectation to determine the competence needed by an
audit team based on needs of a specific client
– Assigning a team collectively possessing the necessary

ISO/IEC 17021:2006—
IAF and Competence
z ISO/IEC 17021:2006 requirements include
the concepts from IAF guidance, but also
references ISO 19011:2002
– Reinforces the concept of competence rather than
z Qualifications can provide information on knowledge and
skills that is useful in the determination of competence
– Each CB is to specify its processes and
requirements for competence
z Promotes ownership and encourages innovation

ISO/IEC 17021 Part 2
z In response to demand from
stakeholders, especially industry end-
users of ISO 9001 accredited
certification, ISO/CASCO WG21 is
developing part 2 of 17021 to replace
references to ISO 19011, and to specify
requirements for competence

ISO/IEC 17021 Part 2
z To replace references to ISO 19011 guidelines
with requirements applicable to any third
party MS audit
– Audit process
– CB management of competence, including the
competence of audit teams
z Template for specific auditing requirements
that can be applied to other ISO TCs
– TC 176 for ISO 9001, TC 207 for ISO 14001, TC 34
for ISO 22000, etc.

ISO/IEC Generic Requirements for 3rd Party
17021 Auditing & Management of Competence
Part 2 (based on 19011)

Framework for Developing Specific Requirements for 3rd Party

Auditing & Management of Competence

QMS Competent EMS Competent FSMS Competent ISMS Competent xMS Competent
Body, e.g. Body, e.g. Body, e.g. Body e.g.

QMS Specific EMS Specific FSMS Specific ISMS Specific xMS Specific
Competence Competence Competence Competence Competence
Requirements Requirements Requirements Requirements Requirements

Developed by a competent body using the 17021

Included in 17021 Part 2, developed by Part 2 framework, in consultation with CASCO, and
WG 21 with input from competent bodies published as separate sector documents24
ISO/IEC 17021 Part 2
z WG21 Meetings on Part 2
– December 2006
– February 2007
– June 2007
z Initial working draft
– October 2007
– January 2008
z Committee draft (CD1) for comment closing 2008/07/12
– October 2008
z To address comments and CD2 for comment and ballot?

ISO/IEC 17021 Part 2
z 7 Management of competence
z 7.1 Competence criteria determination process
– “…CB shall have a documented process for
determining competence criteria…for each type of
management system, for each technical area, and for
each function…”
– “…the output of the process shall be the required
personal attributes, knowledge and skills necessary to
effectively perform…”

ISO/IEC 17021 Part 2
z 7 Management of competence
z 7.3 Evaluation processes
– “…CB shall have process for initial competence
evaluation, and on-going monitoring of continuing
competence and performance…”
– “…number of evaluation methods that may be used to
evaluate the knowledge, skills and attributes…”
– “…CB shall validate that its processes, including the
evaluation methods that is uses, are effective…”