INTERNATIONAL ISO/IEC STANDARD 17021 First edition 2008-09-15 Conformity assessment — Requirements for bodies providing audit and certification of management systems Evaluation de la conformité — Exigonces pour les organismes procédant a audi et la certification de systémes de management Reference number ISONEC 17021:2006(E) FIGsISOMEC 17021:2006(E) PDF disclaimer This POF fle may contain embedded typefaces. in accordance with Adobe's Hcensing poly, this fle may be printed of viewed but shall not be edited unless the typefaces which are embedded ate licensed to and installed on tne computer performing the editing. In downloading this fl, parties accept therein the responsibilty of not infinging Adobe's licensing potcy. The ISO Central Secretariat ‘accepts no lability in ths area. Adobe is a vademark of Adobe Systems Incorporated, Details of the software products used to create this POF file can be found in the Genera Info relative to the fie; the POF-creation parameters were optimized for printing. Every care has been taken to ensure that the fle is suitable for use by ISO member bodies. In the unlikely event that a problem relating ois found, please inform the Cental Secretariat al tne address given below. © 1802006 All ights reserved. Unless otherwise speciid, no part ofthis publication may be reproduced or utilized in any form or by any means, onic or mechanical, cluding photocopying and microfim, without permission In wring fom either ISO at the address below or 150s momiber body inthe country ofthe requester, 180 copyright office (Case postale 56 « CH-1211 Geneva 20 Tol +8122 74901 11 Fax +41 227490947 E-mail copyright@ieo.or9 Web wis. Published in Switzetand ii © 150 2008 — Al rights reservedISOMEC 17021:2006(E) Contents Page Forewor Introduction 1 Scope 2 Normative references. 3 Terms and definition 4 Principles 44° General 42 Impartalit 43 Competence 44 Responsi 4.5 Opennes: 46 Confidentiality 47 Responsiveness to complaints 5 General requirements. 54 Legal and contractual matter 5.2 Management of impa 5.3 Liability and financing. 6 Structural requirements . 6.1 Organizational structure and top management. 6.2 Committee for safeguarding 7 Resource requirements 74 Competence of management and personnel 72 Personnel involved in the certification activiti 7.3. Use of individual external auditors and external technical experts. 74 Personnel records 75 Outsourcing. 8 Information requirements 8.4 Publicly accessible information. 82 Certification documents. 8.3 Directory of certified clients . 8.4 Reference to certification and use of marks. 85 Confidentiality 8.6 _ Information exchange between a certification body and its clients. 9 _ Process requirements .. 9.4 General requirement 9.2 Initial audit and certification . 93 Surveillance activities . 9.4 Recertification 9.5 Special audits. 9.6 Suspending, withdrawing or reducing the scope of certification 19 9.7 Appeals. 20 9.8 Complaint 20 9.9 Records of applicants and clients . 2 10 Management system requirements for cor 2 10.1 Options . 10.2 Option 1: Management system requirements in accordance with ISO 900° 10.3 Option 2: General management system requirements. Bibliography {© 180 2006 — All rights reserves il