What is ISO/IEC 17021?

ISO/IEC 17021 is an international standard that outlines the requirements for organizations that provide audit and certification services for management systems. It sets out the criteria that certification bodies must meet in order to be accredited to carry out certification assessments against ISO management system standards such as ISO 9001, ISO 14001, and ISO 45001.

What is ISO/IEC 17021

ISO/IEC 17021 in detail

This standard plays a crucial role in ensuring that the certification process is reliable, consistent, and of high quality. In this article, we will explore ISO/IEC 17021 in detail, including its purpose, requirements, and benefits.

1. Purpose of ISO/IEC 17021

ISO/IEC 17021 was developed by the International Accreditation Forum (IAF) to ensure that certification bodies operate in a consistent, impartial, and competent manner. The standard provides a framework for the assessment and accreditation of certification bodies, and sets out the criteria that they must meet in order to demonstrate their competence and impartiality in the certification process.

2. Scope of ISO/IEC 17021

ISO/IEC 17021 applies to certification bodies that provide auditing and certification services for management system standards, including quality management (ISO 9001), environmental management (ISO 14001), and occupational health and safety management (ISO 45001). The standard outlines the requirements for the competence, consistency, and impartiality of certification bodies, as well as their management systems and processes.

3. Requirements of ISO/IEC 17021

ISO/IEC 17021 specifies the requirements that certification bodies must meet in order to demonstrate their competence and impartiality in the certification process. These requirements include the following:

3.1 General requirements

Certification bodies must demonstrate that they are competent to perform certification assessments and that they have the necessary resources to carry out their work effectively. They must also be impartial and maintain confidentiality in all aspects of their work.

3.2 Structural requirements

Certification bodies must have a clearly defined organizational structure, with documented procedures and policies for all aspects of their work. They must also have a documented management system that includes quality management, as well as procedures for monitoring and improving the effectiveness of their work.

3.3 Resource requirements

Certification bodies must have appropriately qualified and experienced personnel, as well as adequate resources to carry out their work effectively. They must also have documented procedures for the selection, training, and monitoring of their auditors.

3.4 Process requirements

Certification bodies must have documented procedures for the certification process, including the initial application, the audit process, and the issuing of certificates. They must also have procedures for handling complaints and appeals.

4. Benefits of ISO/IEC 17021

ISO/IEC 17021 accreditation provides a number of benefits for both certification bodies and their clients. Some of the key benefits include:

4.1 Increased credibility

Certification bodies that are accredited to ISO/IEC 17021 have demonstrated their competence and impartiality in the certification process. This provides reassurance to clients that their certification is reliable and credible.

4.2 Improved consistency

ISO/IEC 17021 accreditation ensures that certification bodies operate in a consistent manner, which helps to ensure that the certification process is reliable and consistent across different organizations and industries.

4.3 Access to new markets

ISO/IEC 17021 accreditation is often a requirement for organizations that wish to do business in certain industries or countries. Certification bodies that are accredited to this standard can help their clients to access new markets and opportunities.

4.4 Increased efficiency

ISO/IEC 17021 accreditation requires certification bodies to have documented procedures and processes in place for all aspects of their work. This can help to improve efficiency and reduce the risk of errors and inconsistencies.

History of 17021

ISO/IEC 17021 has a rich history that dates back to the early days of quality management systems (QMS) certification. The standard was first published in 1999 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and it set out the requirements for bodies that audit and certify management systems.

Since its initial release, ISO/IEC 17021 has undergone several revisions to keep pace with changes in the field of management systems certification. These revisions include the 2006 release of ISO/IEC 17021:2006, which brought the standard in line with the ISO 9001:2000 revision and made it applicable to other management system standards.

The next major revision occurred in 2011, with the publication of ISO/IEC 17021:2011. This version of the standard included new requirements for the accreditation of certification bodies and provided a framework for the auditing and certification of all types of management systems.

In 2015, the standard underwent further changes to reflect the release of the revised ISO 9001:2015 and ISO 14001:2015 standards. This resulted in the publication of ISO/IEC 17021-1:2015, which established requirements for the audit and certification of management systems in general.

ISO/IEC 17021-2:2016, the standard for environmental management systems (EMS) certification, was also released in 2016 to align with the updated ISO 14001:2015 standard.

Today, ISO/IEC 17021 continues to be an essential standard for certification bodies, providing a framework for the consistent and reliable auditing and certification of management systems across industries and around the world.

Related 17021 Standards

In addition to this standard, numerous different versions of ISO/IEC 17021 have been released to address the requirements of certain management systems. ISO/IEC 17021 was created for all sorts of management systems.

ISO/IEC TS 17021-2:2016 for environmental management systems

ISO/IEC TS 17021-2:2016 (1) is a technical specification that provides guidance for auditors and certification bodies for conducting audits and certification of Environmental Management Systems (EMS) according to ISO 14001:2015. The standard outlines the competence requirements for auditors, and the process for audit planning, conduct, reporting, and follow-up.

This technical specification is designed to ensure that certification bodies are capable of conducting consistent and reliable audits of EMS. The standard provides guidance on the interpretation of ISO 14001:2015, and how to assess an organization’s compliance with the standard. It also outlines the responsibilities of the certification body and the organization being audited.

The purpose of ISO/IEC TS 17021-2:2016 is to:

  1. Establish the competency requirements for auditors and lead auditors conducting EMS audits.
  2. Ensure that the certification body is impartial and independent.
  3. Provide guidance on how to conduct audits, including planning, conducting, reporting, and follow-up.
  4. Define the requirements for the certification body and the organization being audited.

The standard requires that auditors and lead auditors have a deep understanding of the EMS requirements, including the organization’s context, needs and expectations of interested parties, and compliance obligations. The standard also requires that auditors have experience in conducting audits of similar complexity and scale.

The certification body must also have policies and procedures in place to ensure that they are impartial and independent. The certification body must ensure that they do not have any conflicts of interest with the organization being audited. They must also ensure that auditors are not involved in the design, implementation, or maintenance of the EMS being audited.

The standard provides guidance on how to conduct audits, including the planning, conducting, reporting, and follow-up stages. The planning stage includes defining the scope and objectives of the audit, identifying the audit team, and developing an audit plan. The conducting stage includes conducting interviews, reviewing documents, and collecting evidence to assess compliance with the EMS requirements. The reporting stage includes preparing an audit report and sharing it with the organization being audited. The follow-up stage includes verifying that corrective actions have been implemented and monitoring the effectiveness of the EMS.

ISO/IEC TS 17021-2:2016 is an important standard for organizations seeking certification for their EMS. It ensures that certification bodies are competent and capable of conducting reliable and consistent audits. The standard provides guidance for organizations seeking certification and helps them understand the audit process and requirements for compliance. It also helps organizations to identify areas for improvement in their EMS and improve their environmental performance.

ISO/IEC TS 17021-3 for quality management systems

ISO/IEC TS 17021-3 is a technical specification that provides guidance for auditing and certifying management systems related to quality. It is a part of the ISO/IEC 17021 series of standards that specify the requirements for bodies providing audit and certification of management systems. The TS 17021-3 standard is intended to be used by certification bodies, auditors, and organizations seeking certification of their quality management system (QMS).

The ISO/IEC TS 17021-3 standard provides guidance on the requirements for auditing and certifying quality management systems based on the ISO 9001 standard. The standard is divided into three main sections:

  1. Normative References This section lists the normative references, including the ISO 9001 standard and the ISO/IEC 17021-1 standard.
  2. Terms and Definitions This section provides a list of terms and definitions related to the certification of QMS based on the ISO 9001 standard. It includes terms such as audit, certification body, conformity assessment, nonconformity, and surveillance audit, among others.
  3. Requirements for Auditing and Certification This section provides the requirements for auditing and certifying QMS based on the ISO 9001 standard. It includes the following:
  • Planning and conducting the audit: This includes determining the scope, objectives, and criteria for the audit, as well as preparing the audit plan and conducting the audit.
  • Audit findings: This includes the requirements for documenting audit findings, including nonconformities, opportunities for improvement, and areas of good practice.
  • Certification decision: This includes the requirements for making a certification decision based on the audit findings, as well as the requirements for maintaining certification.
  • Surveillance audits: This includes the requirements for conducting surveillance audits to ensure that the QMS continues to meet the ISO 9001 standard requirements.
  • Complaints and appeals: This includes the requirements for handling complaints and appeals related to the certification process.
  • Competence of personnel: This includes the requirements for ensuring that personnel involved in the certification process are competent.
  • Confidentiality: This includes the requirements for maintaining confidentiality in the certification process.

The ISO/IEC TS 17021-3 standard is designed to provide guidance to certification bodies, auditors, and organizations seeking certification of their QMS based on the ISO 9001 standard. The standard is intended to ensure that the certification process is conducted in a consistent, transparent, and impartial manner, and that the certification is based on objective evidence that the QMS meets the requirements of the ISO 9001 standard.

In summary, ISO/IEC TS 17021-3 provides guidance for auditing and certifying QMS based on the ISO 9001 standard. It ensures that the certification process is conducted in a consistent, transparent, and impartial manner, and that the certification is based on objective evidence that the QMS meets the requirements of the ISO 9001 standard.

ISO/IEC TS 17021-4 for event sustainability management systems

ISO/IEC TS 17021-4 is a technical specification published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provides guidance for the certification of event sustainability management systems. This standard is part of the ISO/IEC 17021 series, which provides requirements for the competence and consistency of certification bodies that certify management systems.

The ISO/IEC TS 17021-4 standard was developed in response to the growing need for organizations to demonstrate their commitment to sustainability and social responsibility during events. Event sustainability management systems are designed to help organizations reduce the environmental and social impact of their events while also maximizing economic benefits.

The standard provides guidance for certification bodies that wish to certify event sustainability management systems in accordance with ISO 20121, which is the international standard for event sustainability management. It covers the following aspects of certification:

  1. Scope of certification: The standard provides guidance on the scope of certification for event sustainability management systems, including the types of events that can be certified and the boundaries of the management system.
  2. Certification process: The standard outlines the certification process for event sustainability management systems, including the initial certification audit, surveillance audits, and recertification audits.
  3. Competence of personnel: The standard provides guidance on the competence of personnel involved in the certification process, including auditors and technical experts.
  4. Confidentiality and impartiality: The standard requires certification bodies to maintain confidentiality and impartiality throughout the certification process.
  5. Complaints and appeals: The standard provides guidance on the handling of complaints and appeals related to the certification process.
  6. Use of marks and logos: The standard provides guidance on the use of certification marks and logos by certified organizations.

Certification to ISO/IEC TS 17021-4 can provide several benefits for organizations that implement event sustainability management systems. It can demonstrate their commitment to sustainability and social responsibility, enhance their reputation, and provide a competitive advantage. Additionally, certification can help organizations identify areas for improvement in their event sustainability management systems and improve their overall performance.

In summary, ISO/IEC TS 17021-4 provides guidance for certification bodies that wish to certify event sustainability management systems in accordance with ISO 20121. It covers various aspects of the certification process, including the scope of certification, certification process, competence of personnel, confidentiality and impartiality, complaints and appeals, and use of marks and logos. Certification to this standard can provide several benefits for organizations that implement event sustainability management systems, including demonstrating their commitment to sustainability and social responsibility and providing a competitive advantage.

ISO/IEC TS 17021-5 for asset management systems

ISO/IEC TS 17021-5 is a technical specification developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to provide guidelines for auditing and certifying asset management systems. The standard was published in 2014 and serves as a supplement to ISO/IEC 17021, which outlines general requirements for certification bodies performing audits and certifications of management systems.

Asset management is a critical function in many organizations, as it involves the systematic and coordinated activities and practices through which an organization optimally manages its assets and their associated performance, risks, and costs throughout their lifecycle. Asset management systems provide a framework for managing assets effectively, efficiently, and sustainably, thereby contributing to the organization’s overall performance and objectives.

ISO/IEC TS 17021-5 provides guidelines for certification bodies conducting audits and certifications of asset management systems based on ISO 55001, which is the international standard for asset management. The standard outlines the competence requirements for auditors, including their knowledge and skills in asset management principles, practices, and techniques. It also specifies the requirements for audit planning and reporting, including the documentation and reporting of non-conformities and opportunities for improvement.

The standard also provides guidance on the interpretation of ISO 55001 requirements and the application of audit criteria. It includes specific guidance on the evaluation of asset management processes, such as asset identification, risk assessment, asset valuation, and asset performance management. Additionally, the standard includes guidance on auditing asset management information systems, such as computerized maintenance management systems (CMMS) and enterprise asset management (EAM) systems.

ISO/IEC TS 17021-5 is intended for use by certification bodies, auditors, and organizations seeking certification of their asset management systems. The standard provides a framework for ensuring the competence, impartiality, and consistency of certification bodies conducting audits and certifications of asset management systems. It also provides organizations with guidelines for selecting a certification body and preparing for a certification audit.

In conclusion, ISO/IEC TS 17021-5 provides guidelines for certification bodies conducting audits and certifications of asset management systems based on ISO 55001. The standard outlines the competence requirements for auditors, provides guidance on the interpretation of ISO 55001 requirements, and specifies the requirements for audit planning and reporting. It is an essential tool for organizations seeking to manage their assets effectively and achieve certification of their asset management systems.

ISO/IEC TS 17021-6 for business continuity management systems

ISO/IEC TS 17021-6 is a technical specification that provides guidelines for the audit and certification of business continuity management systems (BCMS) based on the ISO 22301 standard. This standard was published in 2014 and provides a framework for organizations to manage and prepare for disruptive incidents such as natural disasters, IT failures, and other unexpected events that could impact business operations.

ISO/IEC TS 17021-6 outlines the requirements for certification bodies (CBs) conducting audits and issuing certifications for BCMS. The document provides guidance on how to plan and conduct audits, as well as how to evaluate an organization’s compliance with the requirements of ISO 22301.

The technical specification is divided into several sections, each outlining specific requirements for certification bodies:

  1. General requirements: This section provides an overview of the technical specification and outlines the scope, definitions, and references used in the document.
  2. Normative references: This section lists all the normative references used in the technical specification.
  3. Terms and definitions: This section provides definitions of key terms used in the technical specification.
  4. Certification body competence requirements: This section outlines the requirements for the competence of certification bodies, including the knowledge, skills, and experience needed to conduct audits and issue certifications.
  5. Certification body audit requirements: This section provides guidance on how to plan and conduct audits, including the scope of the audit, the audit team, audit methods, and audit reports.
  6. Certification body certification requirements: This section outlines the requirements for certification bodies to issue and maintain certifications, including the certification process, certification documents, and surveillance and recertification requirements.

ISO/IEC TS 17021-6 also provides guidance on how to evaluate an organization’s compliance with the requirements of ISO 22301, including how to assess the organization’s business continuity policy, risk management processes, business impact analysis, and incident response procedures.

In conclusion, ISO/IEC TS 17021-6 provides a comprehensive framework for certification bodies to audit and certify organizations’ compliance with the ISO 22301 standard for business continuity management systems. This technical specification helps ensure that organizations have effective plans and procedures in place to respond to disruptive incidents, thereby minimizing the impact on business operations and maintaining the confidence of stakeholders.

ISO/IEC TS 17021-7 for road traffic safety management systems

ISO/IEC TS 17021-7 is a technical specification published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provides guidelines for auditing and certifying road traffic safety management systems.

The road traffic safety management system (RTSMS) is a systematic approach to managing safety risks associated with road traffic, including design and maintenance of infrastructure, vehicle safety, and human factors such as driver behavior and safety culture. The purpose of a RTSMS is to reduce the incidence and severity of traffic accidents and improve overall safety for road users.

ISO/IEC TS 17021-7 provides guidance to certification bodies on the requirements for auditing and certifying RTSMS based on ISO 39001:2012, which is the international standard for road traffic safety management systems. The standard covers the entire certification process, from initial application to surveillance audits and re-certification.

One of the key requirements of ISO/IEC TS 17021-7 is that certification bodies must have auditors with the necessary technical expertise in road traffic safety management systems to conduct audits effectively. The standard also requires certification bodies to establish and maintain documented procedures for conducting audits and managing the certification process.

ISO/IEC TS 17021-7 also provides guidance on the format and content of audit reports, as well as requirements for maintaining confidentiality and impartiality throughout the certification process. It emphasizes the importance of identifying and managing conflicts of interest to ensure that certification decisions are made objectively and impartially.

In summary, ISO/IEC TS 17021-7 provides a framework for certification bodies to audit and certify road traffic safety management systems, ensuring that they meet the requirements of the international standard ISO 39001:2012. By following the guidelines set out in this technical specification, certification bodies can help organizations to improve road safety and reduce the risk of accidents.

ISO/IEC TS 17021-8 (under construction) for sustainable development in communities management systems

ISO/IEC TS 17021-8 is currently under development and will provide guidance for auditors on the application of ISO 26000:2010, Guidance on Social Responsibility, to audit sustainable development in communities management systems. The standard will aim to enhance the consistency and reliability of audits in this field, and ensure that they are conducted in a manner that aligns with ISO 26000.

The focus of this standard will be on assessing an organization’s social responsibility practices and how they contribute to sustainable development in communities. This includes taking into account the impact of the organization’s activities on the environment, social issues such as human rights and labor practices, and economic factors such as responsible business practices.

ISO/IEC TS 17021-8 will also provide guidance on the certification process for sustainable development in communities management systems, including the requirements for competence and independence of auditors, as well as the rules for conducting the audit and issuing the certification.

The development of this standard is in response to the increasing importance of sustainability in today’s business landscape. Organizations are recognizing the need to not only focus on their own profitability but also to consider the impact of their actions on society and the environment.

Certification to ISO/IEC TS 17021-8 will enable organizations to demonstrate their commitment to social responsibility and sustainable development in communities, and provide assurance to stakeholders that their practices are aligned with international best practices.

As with all ISO/IEC 17021 standards, the implementation of ISO/IEC TS 17021-8 will be voluntary, and organizations can choose to be certified against the standard if they wish to demonstrate their commitment to social responsibility and sustainable development in communities.

In summary, ISO/IEC TS 17021-8 is an upcoming standard that will provide guidance for auditors on the application of ISO 26000:2010 to audit sustainable development in communities management systems. It will aim to enhance the consistency and reliability of audits in this field and provide assurance to stakeholders that an organization’s practices are aligned with international best practices for social responsibility and sustainable development in communities.

ISO/IEC TS 17021-9 for anti-bribery management systems

ISO/IEC TS 17021-9 is a technical specification that provides requirements for the certification of anti-bribery management systems (ABMS) based on ISO 37001:2016. This standard is designed to provide guidance to certification bodies that perform audits and issue certificates for ABMS. It also helps organizations that want to implement an ABMS by providing guidance on the certification process and what they can expect from certification.

ISO 37001 is an internationally recognized standard that sets out the requirements for an ABMS. This standard was developed by ISO and is intended to help organizations prevent, detect, and respond to bribery. The standard covers a range of topics, including the development of an anti-bribery policy, the establishment of anti-bribery controls, and the implementation of anti-bribery training and communication programs.

ISO/IEC TS 17021-9 sets out the requirements for the certification of ABMS based on ISO 37001. It provides guidance on the audit process, including the selection of auditors, the conduct of audits, and the reporting of audit results. The standard also sets out the requirements for the issuance of certificates, including the format and content of the certificate.

To obtain certification for an ABMS, organizations must undergo an audit by a certification body that has been accredited to perform ABMS audits. The audit will typically involve a review of the organization’s policies, procedures, and controls related to bribery prevention, as well as an evaluation of the effectiveness of these controls.

ISO/IEC TS 17021-9 provides guidance on the requirements for certification bodies that perform ABMS audits. This includes requirements for the competence of auditors, the management of the audit process, and the management of conflicts of interest.

One of the benefits of certification to ISO 37001 and ISO/IEC TS 17021-9 is that it can help organizations demonstrate their commitment to preventing bribery and corruption. Certification can also help organizations identify areas where they can improve their anti-bribery controls and processes.

In addition to ISO 37001 and ISO/IEC TS 17021-9, there are other standards and guidelines that organizations can use to support their anti-bribery efforts. These include the OECD Guidelines for Multinational Enterprises, the United Nations Convention against Corruption, and the ISO 19600 standard for compliance management systems.

Overall, ISO/IEC TS 17021-9 provides guidance for certification bodies and organizations that want to implement and certify an ABMS based on ISO 37001. By following these guidelines, organizations can demonstrate their commitment to preventing bribery and corruption, and improve their anti-bribery controls and processes.

ISO/IEC TS 17021-10 for occupational health and safety management systems

ISO/IEC TS 17021-10 is a technical specification that provides requirements for the competence and consistent application of certification bodies that certify Occupational Health and Safety Management Systems (OHSMS) against the ISO 45001 standard.

ISO 45001 is an international standard that specifies the requirements for an OHSMS, providing a framework for managing occupational health and safety risks and opportunities. It is designed to help organizations of all sizes and industries to create a safer working environment by preventing work-related injuries, illnesses, and fatalities.

The ISO/IEC TS 17021-10 technical specification defines the principles and requirements for the competence, consistency, and impartiality of certification bodies performing OHSMS certification. It includes requirements for the certification process, including initial certification, surveillance, and recertification audits.

The technical specification also specifies requirements for the certification body’s management system, including management responsibility, contract review, confidentiality, and impartiality. Additionally, it outlines the responsibilities of auditors, including their competence, training, and performance evaluation.

ISO/IEC TS 17021-10 is intended to be used by certification bodies that provide certification services for OHSMS, as well as their clients and accreditation bodies. It helps ensure that OHSMS certification is performed consistently, competently, and impartially across different certification bodies.

Benefits of ISO/IEC TS 17021-10

ISO/IEC TS 17021-10 provides several benefits for certification bodies, their clients, and accreditation bodies. These benefits include:

  1. Consistency and comparability: The technical specification helps ensure that OHSMS certification is performed consistently across different certification bodies, which allows for comparability of certification results.
  2. Impartiality: The technical specification ensures that certification bodies are independent and impartial when performing certification activities, which enhances the credibility of the certification process.
  3. Competence: The technical specification ensures that certification bodies have the necessary competence to perform OHSMS certification, which enhances the quality and reliability of certification results.
  4. Transparency: The technical specification requires certification bodies to be transparent in their certification processes and to provide clear and concise information to their clients and accreditation bodies.
  5. Confidence: ISO/IEC TS 17021-10 helps increase confidence in the certification process and the reliability of certification results, which can lead to increased acceptance and recognition of certified OHSMS.

Conclusion

ISO/IEC TS 17021-10 is a technical specification that provides requirements for the competence and consistent application of certification bodies that certify OHSMS against the ISO 45001 standard. It helps ensure that OHSMS certification is performed consistently, competently, and impartially across different certification bodies, enhancing the credibility and reliability of certification results. By complying with ISO/IEC TS 17021-10, certification bodies can demonstrate their competence and commitment to providing quality certification services, while their clients can have confidence in the certification process and the reliability of certification results.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top