Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SADCASRef.No:
CHECKLISTISO/IEC17021:2011
ConformityAssessmentRequirementsforBodiesProvidingAudit
andCertificationofManagementSystems
Date(s)ofEvaluation:
Assessor(s)&Observer(s):
Organization:
Area/FieldofOperation:
OrganizationsRepresentative:
Thereportcoversthefollowing:
DocumentReviewonly
5
5.1
5.1.1
Implementationon
SiteVisitonly
ISO/IEC17021REQUIREMENTS
Generalrequirements
Legalandcontractualmatters
DocumentReviewand
SiteVisit
CBS
REFERENCES
Assessmentof
CompanyFiles
COMMENTBYASSESSOR
Legalresponsibility
5.1.2 Certificationagreement
AremultipleofficesofaCBormultiplesites
of a certified customer covered by the
agreement?
Areallthesitescoveredbythescopeofthe
certification?
5.1.3
Responsibilityforcertificationdecisions
DoesCBretainauthorityandresponsibility
for its decisions relating to certification?
e.g. granting, maintaining, renewing,
extending, reducing, suspending and
withdrawing.
IssueNo:1
Page1of41
Date:20130118
SADCASF40(a)
5.2
5.2.1
ISO/IEC17021REQUIREMENTS
Managementofimpartiality
CBS
REFERENCES
COMMENTBYASSESSOR
Importanceofimpartiality
Conflictofinterestand
Objectivityofitsmanagementsystem
certificationactivities?
5.2.2
Areconflictofinterestsidentified,nalyzed
anddocumentedandmanagedthrough
thesystem?
5.2.3
Not
offering
certification
when
relationships that threaten impartiality
cannotbeeliminatedorminimized.
SeeNote5.2.2
5.2.5
5.2.6
DoestheCBprovideinternalauditstoits
certifiedcustomers?
DoestheCBcertifyamanagementsystem
onwhichitprovidedinternalauditswithin
2 years following the end of the internal
audits?
This applies also to that part of
governmentidentifiedasCB.
SeeNote5.2.2
5.2.7
IssueNo:1
Page2of41
Date:20130118
SADCASF40(a)
5.2.8
5.2.9
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Does the CB outsource audits to a
management
system
consultancy
organization? (Unacceptable threat to
impartiality.See7.5).
This clause does not apply to individuals
contractedasauditorscoveredin7.3
Are the CBs activities marketed or linked
withmanagementsystemconsultancy?
CB takes action to correct inappropriate
claimsbyanyconsultancyorganization?
Are there any implications by CB that
certification would be simpler, easier,
faster or less expensive if a specified
consultancyorganizationisused?
5.2.11
COMMENTBYASSESSOR
5.2.12DoesallCBpersonnel,internal,externalor
committees act impartially and does the
CB allow commercial, financial or other
pressuretocompromiseimpartiality?
5.2.13DoestheCBrequireallpersonneltoreveal
anyconflictofinterestsituations?
5.3LiabilityandFinancing
5.3.2DoestheCBevaluateitsfinancesandsources
ofincomeanddemonstratetothecommittee
specified in 6.2 that initially and on an on
going basis, commercial, financial or other
pressuresdonotcompromiseitsimpartiality?
IssueNo:1
Page3of41
Date:20130118
SADCASF40(a)
6.
6.1
6.1.1
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Structuralrequirements
Organizationalstructureandtop
management
Organizational structure documented
including duties, responsibilities and
authoritiesforpersonnelandcommittees;
andrelationshipstootherpartswithinthe
samelegalentity?
6.1.2
DoestheCBidentifythetopmanagement
(board, group of persons, or person)
havingoverallauthorityandresponsibility
foreachofthefollowing:
a) development of policies relating to the
operationofthebody?
b) supervision of the implementation of
policiesandprocedures?
c) supervisionofthefinancesofthebody?
d) development of management system
certificationservicesandschemes?
e) performance of audits and certification
andresponsivenesstocomplaints?
f) decisionsoncertification?
g) delegationofauthoritytocommitteesor
individuals,asrequired,toundertake
definedactivitiesonitsbehalf?
h) contractualarrangements?
i)providingadequateresourcesfor
certificationactivities?
COMMENTBYASSESSOR
6.2
Committeeforsafeguardingimpartiality
6.2.1
DoesthestructureoftheCBsafeguardthe
impartialityoftheactivitiesoftheCBand
doesitprovideforacommitteeto:
a)assistindevelopingthepoliciesrelatingto
impartialityofitscertificationactivities?
b) counteract any tendency on the part of a
CB to allow commercial or other
considerations to present the consistent
objective provision of certification
activities?
c) advise on matters affecting confidence
includingopennessandpublicperception?
d) conduct an annual review of the
impartiality of the audit, certification and
decisionmakingprocessesoftheCB?
IssueNo:1
Page4of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
6.2.2
Is the composition, terms of reference,
duties, authorities, competence of
members and responsibilities of this
committee formally documented and
authorized by top management of the CB
toensure:
a) representationofabalanceofinterests?
b) access to all the information (see also
5.2.2&5.3.2)
c) the right to take independent action,
where the top management of the CB
does not respect the advice of the
committee (e.g. informing authorities,
ABs,stakeholders)?
Isconfidentialitymaintainedwhentaking
independentactions?See8.5
6.2.3
7
7.1
7.1.1
7.1.2
COMMENTBYASSESSOR
Arekeyinterestsidentifiedandinvitedto
thiscommittee?
Resourcerequirements
Competenceofmanagementand
personnel
7.1.3 Evaluationprocesses
DoestheCBhavedocumentedprocesses
fortheinitialcompetenceevaluationand
ongoingmonitoringofcompetenceand
performanceofallpersonnelinvolvedin
themanagementandperformanceof
auditsandcertification?
Arethesemethodseffective?
IssueNo:1
Page5of41
Date:20130118
SADCASF40(a)
CBS
ISO/IEC17021REQUIREMENTS
REFERENCES
7.1.4 Otherconsiderations
COMMENTBYASSESSOR
7.2
Personnelinvolvedinthecertification
activities
7.2.1
7.2.2
7.2.4 DoestheCBhavedefinedprocessesfor:
Selecting
Training
Formallyauthorizingauditorsand
Selectingtechnicalexperts?
Doestheinitialcompetenceevaluationof
an auditor include the ability to apply
required knowledge and skill during
audits, as determined by a competent
evaluator observing (witnessing) the
auditorconductinganaudit?
7.2.5 DoestheCBhaveaprocesstoachieveand
demonstrate effective auditing, including
theuseofauditorsandauditteamleaders
possessing generic auditing skills and
knowledgeaswellasskillsandknowledge
appropriate for auditing in specific
technicalareas?
IssueNo:1
Page6of41
Date:20130118
SADCASF40(a)
7.2.6
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Does the CB define the knowledge and
skills for specific certification functions as
perAnnexureAofISO/IEC17021:2011?
Are auditors and technical experts
knowledgeable of the CBs audit
processes, certification scheme and its
requirements and other relevant
requirements?
Does the CB give auditors and technical
experts access to an uptodate set of
documented procedures giving audit
instructions and all relevant information
onthecertificationactivities?
COMMENTBYASSESSOR
7.2.8 Aretrainingneedsidentifiedforfunctions
performed?
Wherethereisneed,istrainingofferedor
provided?
7.2.9
applicablestandard;
certificationrequirements;
IssueNo:1
Page7of41
Date:20130118
SADCASF40(a)
7.3
ISO/IEC17021REQUIREMENTS
Useofindividualexternalauditorsand
externaltechnicalexperts
CBS
REFERENCES
COMMENTBYASSESSOR
DoesaCBhaveawrittenagreementwith
external auditors and external technical
experts in place by which they commit
themselves to comply with applicable
policiesandproceduresasdefined?
Does the agreement address all relevant
aspects?
7.4
Personnelrecords
7.4
DoestheCBmaintainuptodate
personnelrecordsincluding:
Relevantqualifications;
Training;
Experience;
Affiliations;
Professionalstatus;
Competence;and
Anyrelevantconsultancyservices?
Doesthisincludemanagementand
administrativepersonnelinadditionto
thoseperformingcertificationactivities?
Personnelrecords(cont.)
7.5
Outsourcing
7.5.3 DoestheCB:
7.5.1
IssueNo:1
Page8of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
7.5.4 Documented procedures for the
qualification and monitoring of all
outsourced services used for certification
activities?
8
Informationrequirements
8.1
Publiclyaccessibleinformation
8.1.1
COMMENTBYASSESSOR
8.2
Certificationdocuments
8.2.1
8.1.2
8.2.3 Doesthecertificationdocument(s)
identifythefollowing:
a)thenameandgeographiclocationofeach
client and any sites within the scope of a
multisitecertification?
b) the dates of granting, extending or
renewingcertification?
c)theexpirydateorrecertificationduedate
consistentwiththerecertificationcycle?
d)auniqueidentificationcode?
e) the standard and/or other normative
document including issue number and/or
revisionusedforthecertifiedcustomer?
IssueNo:1
Page9of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
8.2.3
cont.
8.3
Directoryofcertifiedcustomers
Referencetocertificationanduseof
marks
Isthemarkusedonaproductorproduct
packagingseenbytheconsumer?
8.4.2 DoestheCBpermititsmarktobeapplied
to laboratory test, calibration or
inspectionreports?
8.4
IssueNo:1
COMMENTBYASSESSOR
Page10of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
cont..
CBS
REFERENCES
8.4.3
8.5
Confidentiality
8.5.1/8.5.5
WheretheCBisrequiredbylawtorelease
confidentialinformationtoathirdparty,is
the customer or individual concerned,
unless regulated by law, notified in
advanceoftheinformationprovided?
8.5.4 Isinformationabouttheclienttreatedas
confidential,consistentwiththeCBs
policy?
IssueNo:1
COMMENTBYASSESSOR
Page11of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
8.5.5 DoallpersonnelactingontheCBsbehalf
keepconfidentialallinformationobtained
or created during the performance of the
CBsactivities?
8.6
InformationexchangebetweenaCBand
itscustomers
8.6.1
a)
b)
c)
d)
Informationonthecertificationactivity
andrequirements
COMMENTBYASSESSOR
DoestheCBprovideandupdateclientson
thefollowing:
a detailed description of the initial and
continuing certification activity including
the application, initial audits, surveillance
audits and the process for granting,
maintaining,
reducing,
extending,
suspending, withdrawing certification and
recertification?
The normative requirements for
certification?
Informationaboutthefeesforapplication,
initial certification and continuing
certification?
TheCBsrequirementsfortheprospective
customer:
1 To
comply
with
certification
requirements?
2 To make all necessary arrangements
fortheconductoftheauditsincluding
provision
for
examining
documentation and the access to all
processes and areas, records and
personnel for the purposes of initial
certification,
surveillance,
re
certification and resolution of
complaints,and?
3 To make provisions where applicable
to accommodate the presence of
observers (e.g. accreditation auditors
ortraineeauditors)?
IssueNo:1
Page12of41
Date:20130118
SADCASF40(a)
e)
f)
8.6.2
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Documents describing the rights and
duties of certified clients including
requirements when making reference to
its certification in communication of any
kindinlinewiththerequirementsin8.4?
Information on procedures for handling
complaintsandappeals?
NoticeofchangesbyaCB
COMMENTBYASSESSOR
SeeNote
8.6.3
Noticeofchangesbyaclient
Legallyenforceablearrangementsto
ensurethatthecertifiedcustomerinforms
theCBofmattersthatmayaffectthe
managementsystemsabilitytocontinue
tofulfilltherequirementsofthestandard
usedforcertification?
Seeexamplesa)toe)inthestandard
9.1.1
Auditprogramme
9
9.1
Processrequirements
Generalrequirements
9.1.1.2 Doestheauditprogrammeincludeatwo
stage initial audit, surveillance audits in
the1stand2ndyearsandarecertification
auditinthe3rdyearpriortoexpirationof
certification? (The 3year certification
cycle begins with the certification or re
certificationdecision).
9.1.2.1General
Isanauditplanestablishedforeachaudit
to provide the basis for agreement
regarding the conduct and scheduling of
theauditactivities?
IssueNo:1
Page13of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Is the audit plan based on documented
requirementsofthecertificationbody?
COMMENTBYASSESSOR
9.1.2.3 Preparingtheauditplan
Is the audit plan appropriate to the
objectivesandthescopeoftheauditand
IssueNo:1
Page14of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.2.3 Preparingtheauditplan(cont.)
SeeNotes1and2
9.1.3 Auditteamselectionandassignments
9.1.3.2 Indecidingthesizeandcompositionofthe
auditteamwasthefollowingconsidered:
9.1.3.3Wherethenecessaryknowledgeandskillof
the audit team leader and auditors was
supplemented by technical experts,
translators and interpreters, were they
selected such that they do not unduly
influencetheaudit?
IssueNo:1
COMMENTBYASSESSOR
Page15of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.3.4 Where auditorsintraining are included in
the audit team as participants, was an
evaluatorappointed?
Wastheevaluatorcompetenttotakeover
thedutiesandhavefinalresponsibilityfor
theactivitiesandfindingsoftheauditorin
training?
COMMENTBYASSESSOR
9.1.3.5Doestheauditteamleader,inconsultation
with the audit team assign to each team
member responsibility for specific
processes, functions, sites, areas or
activities and are such assignments taking
intoaccounttheneedforcompetence?
9.1.4 Determiningaudittime
Indeterminingtheaudittime,doestheCB
consider among other things the following
aspects:
IssueNo:1
Page16of41
Date:20130118
SADCASF40(a)
9.1.5
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Multisitesampling
COMMENTBYASSESSOR
9.1.6 Communicationofauditteamtasks
9.1.8
Communicationofauditplan
9.1.9 Conductingonsiteaudits
9.1.9.1 General
DoestheCBhaveaprocessforconducting
IssueNo:1
Page17of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.9.1 General(cont.)
Onsiteaudits?
Does the process include opening meeting
atthestartoftheauditandclosingmeeting
attheconclusionoftheaudit?
9.1.9.2 Conductingtheopeningmeeting
Doestheauditteamhaveaformalopening
meetingwiththeclientsmanagementand
those responsible for the functions or
processestobeaudited?
Are the opening meeting conducted by the
Leadauditor?
Are audit activities explained including the
following:
IssueNo:1
Page18of41
COMMENTBYASSESSOR
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.9.2(cont.)
l)confirmationofthestatusoffindingsofthe
previousrevieworaudit,ifapplicable
m) methods and procedures to be used to
conducttheauditbasedonsampling
n) confirmation of the language to be used
duringtheaudit
o confirmation that during the audit the
client will be kept informed of audit
progressandanyconcerns
p)opportunityfortheclienttoaskquestions
9.1.9.3 Communicationduringtheaudit
Istheoutcomeoftheactiontakenreported
totheCB?
9.1.9.3.3 Doestheteamleaderreviewwiththeclient
any need for changes to the audit scope
which becomes apparent as onsite
auditing activities progress and report this
totheCB?
9.1.9.4 ObserversandGuides
COMMENTBYASSESSOR
9.1.9.4.1Observers
9.1.9.4.2Guides
Doeseachauditoraccompaniedbyaguide,
unless otherwise agreed to by the audit
teamleaderandtheclient?
Doestheauditteamensurethatguidesdo
not influence or interfere in the audit
processoroutcomeoftheaudit?
SeeNote
IssueNo:1
Page19of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.9.5 Collectingandverifyinginformation
9.1.9.6 Identifyingandrecordingauditfindings
9.1.9.7 Preparingauditconclusions
Priortotheclosingmeetingdoestheaudit
team:
a)
COMMENTBYASSESSOR
b)
IssueNo:1
Page20of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.9.7 (cont.)
c) identifyanynecessaryfollowupactions
d) confirm the appropriateness of the audit
programme or identify any modification
required (e.g. scope, audit time or dates,
surveillancefrequency,competence)
9.1.9.8 Conducttheclosingmeeting
Isattendancerecorded?
Areunresolveddivergingopinionsrecorded
andreferredtotheCB?
9.1.10 Auditreport
IssueNo:1
COMMENTBYASSESSOR
Page21of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.10.2 Does the team leader ensure that the
report is prepared and takes responsibility
ofthecontentofthereport?
a) identificationofthecertificationbody
b) name and address of the clients
managementrepresentative
c) type of audit (e.g. initial, surveillance or
recertification)
d) auditcriteria
e) auditobjectives
f) audit scope, particularly identification of
the organizational of functional units or
processesauditedandthetimeoftheaudit
g) identification of the audit team leader,
audit team members and any
accompanyingpersons
h) dates andplaces where the audit activities
(onsiteofoffsite)wereconducted
i) audit findings, evidence and conclusions,
consistent with the requirements of the
typeofaudit
j) anyunresolvedissues,ifidentified
9.1.11 Causeanalysisofnonconformities
Does the CB require the client to analyze
the cause and describe the specific
correction and corrective actions taken or
planned to be taken to eliminate detected
nonconformitieswithinadefinetimeline?
9.1.12 Effectivenessofcorrectionsandcorrective
actions
DoestheCBverifytheeffectivenessofany
correctionandcorrectiveactiontaken?
Doestheclientgetinformedoftheresultof
thereviewandverification?
SeeNote
IssueNo:1
Page22of41
COMMENTBYASSESSOR
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.1.13 Certificationdecision
9.1.15 Actionspriortomakingadecision
a)
Theinformationprovidedbytheauditteam
issufficient?
It has reviewed, accepted and verified the
effectiveness of corrections and corrective
actions for all nonconformities that
represent:
failure to fulfill one or more requirements
ofthemanagementsystemstandard?or
a situation that raises significant doubt
about the ability of the customers
management system to achieve its
intendedoutputs
It has reviewed and accepted the clients
planned correction and corrective action
foranyothernonconformity?
COMMENTBYASSESSOR
b)
1
2
c)
9.2
Initialauditandcertification
9.2.1
Application
Does the CB require an authorized
representativeoftheapplicantorganization
to provide the necessary information to
enableittoestablish:
a)
b)
c)
Thedesiredscopeofthecertification?
The general features of the applicant
organization including its name and the
address(es) of its physical location(s),
significant aspects of its process and
operations and any relevant legal
obligations?
General information relevant for the field
of certification applied for, concerning the
applicantorganization,suchasitsactivities,
human and technical resources, functions
and relationship in a larger corporation, if
any?
IssueNo:1
Page23of41
Date:20130118
SADCASF40(a)
9.2.1
d)
ISO/IEC17021REQUIREMENTS
(cont.)
CBS
REFERENCES
COMMENTBYASSESSOR
9.2.2 Applicationreview
a)Theinformationabouttheapplicantandits
management system is sufficient for the
conductoftheaudit?
b) The requirements for certification are
clearly defined and documented and have
been provided to the applicant
organization?
c) Any known difference in understanding
between the CB and the applicant
organizationisresolved?
d) The CB has the competence and ability to
performthecertificationactivity?
e) The scope of certification sought, the
location(s) of the applicants organizations
operations, time required to complete
auditsandanyotherpointsinfluencingthe
certificationactivityaretakenintoaccount
(language, safety conditions, threats to
impartiality,etc)?
f) Recordsofthejustificationforthedecision
toundertaketheauditshallbemaintained?
SeeNote
e)
f)
IssueNo:1
Page24of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.2.2.3 Based on this review does the CB
determine the competences it needs to
includeinitsauditteam(see7.2.7)andfor
thecertificationdecision(see7.2.9)?
9.2.3
Initialcertificationaudit
COMMENTBYASSESSOR
9.2.3.1Stage1audit
9.2.3.1.1 Isthestage1auditperformed:
IssueNo:1
Page25of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.2.3.1.1 (cont.)
9.2.3.1.2 AreStage1auditfindingsdocumentedand
communicated to the client organization
including identification of any areas of
concern that could be classified as non
conformityduringStage2audit?
9.2.3.2 Stage2audit
Doesitincludeatleastthefollowing:
a) Informationandevidenceaboutconformity
to all requirements of the applicable
management system standard or other
normativedocument?
IssueNo:1
Page26of41
COMMENTBYASSESSOR
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.2.3.2.1(cont.)
9.2.4 Initialcertificationauditconclusions
Doestheauditteamanalyzeallinformation
and audit evidence gathered during the
Stage 1 and Stage 2 audits to review the
audit findings and agree on the audit
conclusions?
9.2.5 Informationforgrantinginitial
certification
9.2.5.1Doestheinformationprovidedbytheaudit
teamtotheCBforthecertificationdecision
includeasaminimum:
a) theauditreports?
b) comments on the nonconformities and,
where applicable, the correction and
correctiveactionstakenbytheclient?
c)confirmationontheinformationprovidedto
the certification body used in the
applicationreview?(See9.2.2)and
d) arecommendationwhetherornottogrant
certification together with any conditions
orobservations?
9.2.5.2 DoestheCBmakethecertificationdecision
on the basis of an evaluation of the audit
findings and conclusions and any other
relevant
information
(e.g.
public
information,commentsontheauditreport
fromthecustomer)?
IssueNo:1
Page27of41
COMMENTBYASSESSOR
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
Surveillanceactivities
CBS
REFERENCES
9.3
9.3.1 General
9.3.1.1 DidtheCBdevelopitssurveillanceactivities
so that representative areas and functions
covered by the scope of the management
system are monitored on a regular basis
and take into account changes to its
certified client and its management
system?
Othersurveillanceactivitiesmayinclude:
9.3.2 Surveillanceaudit
a) Internalauditsandmanagementreview?
b) Reviewofactiontakenonnonconformities
identifiedduringthepreviousaudits?
c) Treatmentofcomplaints?
d) Effectiveness of the management system
with regard to achieving the certified
clientsobjectives?
e) Progress of planned activities aimed at
continualimprovement?
IssueNo:1
COMMENTBYASSESSOR
Page28of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.3.2.1 (cont.)
f)continuingoperationalcost?
g)reviewofanychanges?and
h)useofmarksand/oranyotherreferenceto
certification?
Maintainingcertification
COMMENTBYASSESSOR
DoestheCBmaintaincertificationbasedon
demonstration that the client continues to
satisfy the requirements of the
managementsystemstandard?
a)
b)
9.4
Recertification
9.4.1
Recertificationcycle
9.4.1.2Doestherecertificationauditconsiderthe
performance of the management system
overtheperiodofcertificationandinclude
the review of previous surveillance audit
reports?
IssueNo:1
Page29of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
COMMENTBYASSESSOR
9.4.1.4 Inthecaseofmultiplesitesorcertification
multiple management system standards
being provided by the CB, does the
planningfortheauditensureadequateon
siteauditcoveragetoprovideconfidencein
thecertification?
9.4.2 Recertificationaudit
9.4.3 Informationforgrantingrecertification
Theresultsofrecertificationaudit?
Theresultsofthereviewofthesystemover
theperiodofcertification?and
IssueNo:1
Page30of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
Specialaudits
9.5
9.5.1 Extensionstoscope
CBS
REFERENCES
COMMENTBYASSESSOR
DoestheCBhaveapolicyanddocumented
procedure(s)forsuspension,withdrawalor
reduction of the scope of certification and
does it specify the subsequent actions by
theCB?
9.5.2 Shortnoticeaudits
a)
DoestheCBexerciseadditionalcareinthe
assignment of the audit team because of
the lack of opportunity for the client to
auditteammembers?
b)
c)
9.6
9.6.1
IssueNo:1
Page31of41
Date:20130118
SADCASF40(a)
9.6.3
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Under suspension the customers
management system certification is
temporarilyinvalid.
DoestheCBmakethesuspendedstatusof
the certification publicly available (see
8.1.3) and take any other measures it
deemsappropriate?
9.6.4
Doesfailuretoresolvetheissuesthathave
resulted in the suspension in a time
established by CB result in withdrawal or
reductionofthescopeofcertification?
9.7
9.7.1
9.7.2
SeeNote
9.6.5
Does the CB reduce the customers scope
of certification to exclude the parts not
meeting the requirements when the client
has persistently or seriously failed to meet
the certification requirements for those
partsofthescopeofcertification?
9.6.6
COMMENTBYASSESSOR
Appeals
DoestheCBhaveadocumentedprocessto
receive, evaluate and make decisions on
appeals?
IssueNo:1
Page32of41
Date:20130118
SADCASF40(a)
9.7.3
9.7.4
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
IstheCBresponsibleforalldecisionsatall
levelsoftheappealshandlingprocess?
COMMENTBYASSESSOR
Doestheappealhandlingprocessincludeat
leastthefollowingelementsandmethods:
9.7.5
9.8Complaints
9.8.1
9.8.2
Ifthecomplaintrelatestoacertifiedclient
does the examination of the complaint
consider the effectiveness of the certified
managementsystem?
IssueNo:1
Page33of41
Date:20130118
SADCASF40(a)
9.8.3
9.8.4
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Is a complaint about a certified client also
referredbytheCBtothecertifiedclientin
questionatanappropriatetime?
DoestheCBhaveadocumentedprocessto
receive, evaluate and make decisions on
complaints?
COMMENTBYASSESSOR
b) trackingandrecordingcomplaintsincluding
actionsundertakentoresolvethem?
c)ensuringthatanappropriatecorrectionand
correctiveactionsaretaken?
SeeNote
9.8.9 WheneverpossibledoestheCBgiveformal
noticeoftheendofthecomplainthandling
processtothecomplainant?
IssueNo:1
Page34of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.8.10 Does the CB determine together with the
clientand thecomplainantwhetherand,if
so to what extent, the subject of the
complaint and its resolution shall be made
public?
9.9
Recordsofapplicantsandclients
COMMENTBYASSESSOR
SeeNote
9.9.3
DoestheCBkeeptherecordsonapplicants
and customers, secure to ensure that the
informationiskeptconfidential?
IssueNo:1
Page35of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
9.9.4 DoestheCBhaveadocumentedpolicyand
documented procedures on retention of
records?
Arerecordsretainedforthedurationofthe
current cycle plus one (1) full certification
cycle?
COMMENTBYASSESSOR
SeeNote
10
Management system requirements for
CBs
10.1 Options
Inadditiontomeetingtherequirementsof
Clauses 5 to 9 did the CB implement a
management system in accordance with
either:
a)
b)
10.2
Option1:Managementsystem
requirementsinaccordancewithISO9001
10.2.2Scope
Doesthescopeofthemanagementsystem
include the design and development
requirementsforitscertificationservices?
10.2.3 CustomerFocus
10.2.1 General
10.2.4Managementreview
IssueNo:1
Page36of41
Date:20130118
SADCASF40(a)
10.3
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Option 2: General management system
requirements
COMMENTBYASSESSOR
10.3.1General
a)
b)
10.3.2 Managementsystemmanual
10.3.3 Controlofdocuments
IssueNo:1
Page37of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
Does the procedures define the control
needed:
COMMENTBYASSESSOR
a)
b)
c)
d)
e)
f)
g)
SeeNote
10.3.4Controlofrecords
DoestheCBestablishprocedurestodefine
the controls needed for the identification,
storage, protection, retrieval, retention
time and disposition of its records related
to the fulfillment of this international
standard?
Does the CB establish procedures for
retaining records for a period consistent
withitscontractualandlegalobligations?
Is access to these records consistent with
theconfidentialityarrangements?
SeeNote
10.3.5 Managementreview
10.3.5.1General
Did the CBs top management establish
procedures to review its management
system at planned intervals to ensure its
continuing suitability, adequacy and
effectiveness including the stated policies
and objectives related to the fulfillment of
thisinternationalstandard?
Arethesereviewsconductedatleastoncea
year?
IssueNo:1
Page38of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
10.3.5.2Reviewinputs
a)
b)
Resultsofinternalandexternalaudits?
Feedback from clients and interested
parties related to the fulfillment of this
internationalstandard?
Feedback from the committee for
safeguardingimpartiality?
Statusofpreventiveandcorrectiveactions?
Followup
actions
from
previous
managementreviews?
Fulfillmentofobjectives?
Changes that could affect the
management?and
Appealsandcomplaints?
CBS
REFERENCES
COMMENTBYASSESSOR
c)
d)
e)
f)
g)
h)
10.3.5.3 Reviewoutputs
a)
b)
c)
10.3.6 Internalaudits
10.3.6.3 Areinternalauditsperformedatleastonce
every12months?
10.3.6.4 DoestheCBensurethat:
IssueNo:1
Page39of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
10.3.6.4(cont.)
CBS
REFERENCES
COMMENTBYASSESSOR
10.3.7 Correctiveactions
Dotheproceduresdefinerequirementsfor:
a)
b)
c)
d)
e)
f)
g)
10.3.8Preventiveactions
DoestheCBestablishproceduresfortaking
preventive actions to eliminate the causes
ofpotentialnonconformities?
Arepreventiveactionstakenappropriateto
the probable impact of the potential
problems?
a)
b)
IssueNo:1
Page40of41
Date:20130118
SADCASF40(a)
ISO/IEC17021REQUIREMENTS
CBS
REFERENCES
10.3.8(cont.)
c) Recordingtheresultsofactionstaken?and
d) Reviewing the effectiveness of the
preventiveactions?
SeeNote
COMMENTBYASSESSOR
Additional/GeneralComments(Thisspacemaybeusedtoexpandoncommentsinspecificsections)
Signed
Lead/TechnicalAssessor:
Date:
IssueNo:1
Page41of41
Date:20130118