This standard contains the principles and requirements for competence, consistency and impartiality of auditing and certification of all types of management systems (such as quality management systems or environmental management systems), as well as the principles and requirements followed by organizations that provide the above activities. Certification bodies that operate in accordance with this standard do not have to provide all types of management system certification. GB/T 27021-2007 Requirements for audit and certification bodies for conformity assessment management systems GB/T27021-2007 Standard download decompression password: www.bzxz.net
This standard contains the principles and requirements for competence, consistency and impartiality of auditing and certification of all types of management systems (such as quality management systems or environmental management systems), as well as the principles and requirements followed by organizations that provide the above activities. Certification bodies that operate in accordance with this standard do not have to provide all types of management system certification.
This standard is equivalent to ISO/IEC 17021:2006 "Conformity assessment - Requirements for management system audit and certification bodies"
The first edition of ISO/IEC 17021:2006 cancels and replaces ISO/IEC Guide 62:1996 and ISO/IEC Guide 66:1999. The contents of these two guides have been incorporated into ISO/IEC 17021 after technical modifications.
For ease of use, this standard makes the following editorial changes to ISO/IEC 17021:2006:
1) "the organizations whose management systems are certified" in 4.1.2b) is replaced by "the certified client";
2) "organizations whose management systems are certified" in 6.2.3 is replaced by "the certified client";
3) "client whose management systems is certified" in 8.2.3a) is replaced by "the certified client".
Appendices A and B of this standard are informative.
This standard is proposed and managed by the National Technical Committee for Certification and Accreditation of Standardization (SAC/TC 261).
This standard was drafted by: China National Accreditation Service for Conformity Assessment, China Certification and Accreditation Administration, Guangdong CESI Certification Center Services Co., Ltd., Huaxia Certification Center Co., Ltd., Shanghai Quality Certification System Audit Center, Fangyuan Mark Certification Group Co., Ltd., China Quality Certification Center, China Classification Society Quality Certification Company, Huaxin Technical Inspection Co., Ltd.
The main drafters of this standard are: Liu Xiaohong, Wang Xiuci, Fei Yang, Wang Mei, Zhou Lu, Chen Hua, Song Yuewei, Fang Shuhua, Wang Xiaoxia, Yang Ming, Zhang Huicai, Li Guozhen, Lu Ming, Cao Chun, and Mu Jin.
GB/T 19011 Quality and/or Environmental Management System Audit Guide (GB/T 19011-2003, ISO 19011:2002, IDT)
GB/T 27000 Conformity Assessment Vocabulary and General Principles (GB/T 27000-2006, ISO/IEC 17000:2004, IDT)
ISO 9000:2005 Quality Management Systems - Fundamentals and Vocabulary

Conformity assessment
National Standard of the People's Republic of China
GB/T27021-2007/1S0/IEC17021:2006 Requirements for bodies providing audit and certification of management systems
(ISO/IEC17021:2006, IDT）
Issued on August 2, 2007
Implementation on October 1, 2007
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Administration of Standardization of the People's Republic of China
Introduction:
2 Normative references.
3 Terms and definitions
4 Principles
4.1 General.
4.2 Impartiality
4.3 Competence.
4.4 Responsibility.
4.5 Openness,
4.6 Confidentiality
4.7 Response to complaints.
5 General requirements
5.1 Legal and contractual matters.
5.2 Management of impartiality,
5.3 Responsibility and financial resources.
6 Structural requirements
6.1 Organizational structure and top management
6.2 Committee to maintain impartiality.
7 Resources Requirements
7.1 Competence of management and personnel.
7.2 Personnel involved in certification activities
7.3 Use of external auditors and external technical experts.7.4 Personnel records
7.5 Outsourcing
8 Information requirements
8.1 Publicly available information,
8.2 Certification documents
8.3 Directory of certified clients
8.4 References to certification qualifications and logos 8.5 Confidentiality wwW.bzxz.Net
8.6 Information exchange between the certification body and its clients 9 Process requirements
9.1 General requirements
9.2 Initial audit and certification
9.3 Surveillance activities
9.4 Recertification
9.5 Special audits
9.6 Suspension, withdrawal or reduction of the scope of certification
9.7 Appeals
9.8 Complaints
9.9 Application Please record the organization and the customer
10 Management system requirements for certification bodies.
10.1 Optional methods
10.2 Method 1: Management system requirements consistent with GB/T19001
10.3 Method 2: General management system requirements References
This standard is equivalent to IS0/IEC17021:2006 "Conformity assessment - Requirements for management system audit and certification bodies". The first edition of IS0/IEC17021 canceled and replaced IS0/IEC Guide 62:1996 and IS0/IEC Guide 66:1999. The contents of these two guidelines have been incorporated into IS0/IEC17021 after technical modifications. For ease of use, this standard has made the following editorial changes to IS0/TEC17021:2006: 1) Replace "the organizations whose management systems are certified" in 4.1.2b) with "certified clients";
2) Replace "organizations whose management systems are certified" in 6.2.3) with "certified clients";
3) Replace "client whose management system is certified" in 8.2.3a) with "certified clients".
This standard is proposed and managed by the National Technical Committee for Certification and Accreditation of Standardization (SAC/TC261). This standard was drafted by: China National Accreditation Service for Conformity Assessment, China National Certification and Accreditation Administration, Guangdong CESI Certification Center Service Co., Ltd., Huaxia Certification Center Co., Ltd., Shanghai Quality System Audit Center, Fangyuan Mark Certification Group Co., Ltd., China Quality Certification Center, China Classification Society Quality Certification Company, Huaxin Technical Inspection Co., Ltd. The main drafters of this standard are: Liu Xiaohong, Wang Xiuci, Fei Yang, Wang Mei, Zhou Lu, Chen Hua, Song Yuewei, Fang Shuhua, Wang Xiaoxia, Yang Ming, Zhang Huicai, Li Guozhen, Lu Ming, Cao Chun, Mu Jin. Introduction
Management system certification (such as the certification of an organization's quality or environmental management system) is a method of providing assurance that an organization has implemented a system that is consistent with its policies and is used to manage relevant aspects of its activities. This standard specifies requirements for certification bodies. The implementation of these requirements is intended to ensure that certification bodies implement management system certification in a competent, consistent and impartial manner to promote international and domestic recognition of these bodies and acceptance of their certifications. This document provides a basis for promoting the recognition of management system certification, which is conducive to international trade. Management system certification is the independent demonstration that an organization's management system: a) conforms to specified requirements;
b) is capable of consistently achieving its stated policies and objectives; and c) is effectively implemented.
Conformity assessment activities such as management system certification therefore provide value to the organization, its customers and interested parties. Clause 4 of this document sets out the principles upon which credible certification is based. These principles help the reader understand the essential nature of certification and provide an essential foundation for clauses 5 to 10. These principles form the basis for all requirements of this document, but are not requirements to be assessed in themselves. Clause 10 provides two alternative ways for certification bodies to establish management systems to ensure and demonstrate that they continue to meet the requirements of this document.
This document is intended for use by bodies that carry out audits and certification of management systems. It sets out general requirements for bodies engaged in audits and certification of quality, environmental and other management systems. This document refers to such bodies as certification bodies. This terminology does not prevent the use of this standard by bodies that have other names but carry out activities within the scope of this standard. Certification activities include audits of an organization's management system. Certification bodies usually attest to the conformity of an organization's management system with a specific management system standard or other normative requirements in the form of certification documents or certificates. 1 Scope
Conformity assessment
Requirements for management system audit and certification bodies
This standard contains the principles and requirements for competence, consistency and impartiality in the audit and certification of all types of management systems (such as quality management systems or environmental management systems), as well as the principles and requirements followed by bodies that provide the above activities. Certification bodies operating in accordance with this standard do not have to provide all types of management system certification. Management system certification (referred to as "certification" in this standard) is a third-party conformity assessment activity (see 5.5 of GB/T27000-2006). Therefore, the body that implements this activity is a third-party conformity assessment body (referred to as a "certification body" in this document). Note 1: Management system certification is sometimes also called "registration", and certification bodies are sometimes called "registration bodies". Note 2: Certification bodies can be non-governmental or governmental (with or without statutory authority). Note 3: This document can be used as a guideline document for accreditation, peer review or other audit processes. 2 Normative references
The clauses in the following documents become clauses of this standard through reference in this standard. For any dated referenced document, all subsequent amendments (excluding errata) or revisions are not applicable to this standard. However, parties to an agreement based on this standard are encouraged to study whether the latest versions of these documents can be used. For any undated referenced document, the latest version applies to this standard. GB/T19011 Quality and (or) Environmental Management System Audit Guide (GB/T190112003, ISO19011:2002, IDT) 1) GB/T27000 Conformity Assessment Vocabulary and General Principles (GB/T270002006, ISO/IEC17000:2004, IDT) ISO9000:2005 Quality Management System - Fundamentals and Vocabulary 3 Terms and Definitions
The terms and definitions established in GB/T27000 and ISO9000 and the following terms and definitions apply to this standard. 3.1
certifiedclient
organization whose management system has been certified
impartiality
actual and perceived objectivityNote 1: Objectivity means that conflicts of interest do not exist or have been resolved and will not adversely affect the subsequent activities of the certification body;Note 2: Other terms that can be used to express the element of impartiality are: objectivity, independence, no conflict of interest, no prejudice, no bias, neutrality, fairness, open-mindedness, impartiality, not influenced by others, balance. 3.3
management system consultancymanagement system consultancyParticipation in the design, implementation or maintenance of a management systemExample
Planning or preparing manuals or procedures
Providing specific advice, guidance or solutions for the establishment and implementation of a management system. Note: If training courses related to management systems and audits are limited to providing general information that is freely available in public places, then organizing training and participating in training as a trainer are not considered consulting, that is, trainers should not propose solutions for specific companies. 4 Principles
4.1 General
4.1.1 The principles stated in this chapter are the basis for subsequent specific performance requirements and prescriptive requirements in this standard. This standard does not give specific requirements for all possible situations. These principles should be applied as a guide for decision-making when unexpected situations arise. These principles are not requirements.
4.1.2 The overall goal of certification is to provide all interested parties with confidence that the management system meets the specified requirements. The value of certification depends on the degree of credibility established by the third party through impartial and competent assessment. Stakeholders of certification include (but are not limited to): a) Clients of certification bodies;
Customers of certified clients:
Government departments:
d) Non-governmental organizations;
Consumers and other members of the public
4.1.3 Principles for building trust include:
Impartiality;
Competence;
Responsibility;
-Openness:
Confidentiality:
Response to complaints.
4.2 Impartiality
4.2.1 Being impartial, and being perceived as impartial, is a necessary condition for certification bodies to provide certification that builds trust. 4.2.2 It is recognized that the certification fees paid by clients are a source of income for certification bodies and a potential threat to impartiality. 4.2.3 It is essential for certification bodies to make decisions based on objective evidence of conformity (or non-conformity) obtained by them, and not be influenced by other interests or other parties, in order to gain and maintain trust. 4.2.4 Threats to impartiality include
a) Threats of self-interest: These threats arise from individuals or organizations acting in their own self-interest. In certification, financial self-interest is a threat to impartiality.
b) Threats of self-assessment: These threats arise from individuals or organizations assessing their own work. This threat occurs when a certification body conducts management system audits of clients for whom it provides management system consulting. c) Threats of familiarity (or trust): These threats arise from individuals or organizations becoming too familiar with or trusting another person and not seeking audit evidence.
d) Threats of coercion: These threats arise from individuals or organizations perceiving that they are being coerced, either overtly or covertly, such as threats to replace them with someone else or to report to a supervisor.
4.3 Competence
The competence of the personnel supported by the certification body's management system is essential for the certification to provide confidence. Competence is the demonstrated ability to apply knowledge and skills.
4.4 Responsibility
4.4.1 The responsibility for compliance with certification requirements rests with the client organization, not the certification body. 4.4.2 The certification body has the responsibility to evaluate the sufficient objective evidence and make a certification decision based on this. Based on the audit conclusions, if the evidence of conformity is sufficient, the certification body makes a decision to grant certification; if the evidence of conformity is insufficient, the certification is not granted. Note: Any audit is based on sampling of the organization's management system, so it does not guarantee that the management system conforms to the requirements 100%. 4.5 Openness
4.5.1 In order to gain trust in the integrity and credibility of certification, the certification body needs to provide public channels for obtaining appropriate and timely information about the audit process, the certification process and the certification status of all organizations (i.e., the grant, maintenance, renewal, expansion, reduction, suspension or withdrawal of certification), or publish such information. Openness is a principle of obtaining or publishing appropriate information. 4.5.2 In order to gain or maintain trust in certification, the certification body should provide appropriate channels for obtaining non-confidential information about the conclusions of specific audits (such as audits conducted in response to complaints) to specific stakeholders, or publish such information. 4.6 Confidentiality
It is necessary for the certification body to maintain the confidentiality of any proprietary information about its clients in order to have the privilege of accessing the information necessary to adequately evaluate conformity of the management system.
4.7 Response to complaints
Parties relying on certification expect that complaints will be investigated. The certification body should provide confidence to those relying on certification that complaints will be dealt with appropriately and that reasonable efforts will be made to resolve them when they are found to be valid. Effective responses to complaints are an important means of protecting the certification body and its clients and other users of certification when they indicate error, negligence or unreasonable conduct. Proper handling of complaints will maintain confidence in the certification activity. NOTE: In order to demonstrate the integrity and credibility of certification to all users of certification, an appropriate balance needs to be struck between the principles of openness and confidentiality, including responses to complaints.
5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility
The certification body shall be a legal entity or a clearly defined part of a legal entity so that the certification body can assume legal responsibility for all its certification activities. Government certification bodies are considered legal entities due to their governmental status. 5.1.2 Certification agreement
The certification body shall have a legally enforceable agreement with the client for the provision of certification services. In addition, if the certification body has multiple locations or the client has multiple locations, it shall ensure that the certification body granting the certification and issuing the certificate has a legally enforceable agreement with all locations covered by the scope of certification. 5.1.3 Responsibility for certification decisions
The certification body shall be responsible for decisions related to certification (including granting, maintaining, renewing, extending, reducing, suspending and withdrawing certification) and shall maintain the authority to make such decisions. 5.2 Management of impartiality
5.2.1 The top management of the certification body shall be committed to the impartiality of management system certification activities. The certification body shall have a publicly available statement that it understands the importance of impartiality in the performance of its management system certification activities, manages conflicts of interest and ensures the objectivity of its management system certification activities.
5.2.2 The certification body shall identify, analyse and document the potential for conflicts of interest arising from its certification activities, including the potential for conflicts arising from the certification body's various relationships. Not all relationships may give rise to conflicts of interest. However, if any relationship poses a threat to impartiality, the certification body shall document and be able to verify how such threats are eliminated or minimized. The committee referred to in 6.2 shall have access to this information. The verification shall include all identified sources of potential conflicts of interest, whether they arise within the certification body or from the activities of other individuals, institutions or organizations. NOTE: Relationships that threaten the impartiality of the certification body may arise from its ownership, corporate governance structure, management, personnel, shared resources, finances, contracts, marketing, and sales commissions or other benefits to those who refer new clients.
5.2.3 A certification body shall not provide certification when a relationship poses an unacceptable threat to the impartiality of the certification body (e.g., a wholly owned subsidiary of the certification body seeks certification from it). NOTE: See NOTE to 5.2.2
5.2.4 A certification body shall not certify the management system certification activities of another certification body. NOTE: See NOTE to 5.2.2.
5.2.5 A certification body and any other part of the same legal entity shall not provide or recommend management system consulting, nor shall it quote for management system consulting. This clause also applies to that part of the government identified as a certification body. 5.2.6 A certification body and any other part of its legal entity shall not provide internal audits to certified clients. If a certification body provides an internal audit of a management system, it shall not certify that management system within two years of the completion of the internal audit. This clause also applies to that part of the government identified as a certification body. Note: See note 5.2.2.
5.2.7 A certification body shall not certify a client's management system for which management system consulting or internal audits are conducted by a consulting body if the relationship between the consulting body and the certification body presents an unacceptable threat to the certification body's impartiality. NOTE 1 A period of at least two years after the completion of management system consulting is one way to reduce the threat to impartiality to an acceptable level. NOTE 2 See note 5.2.2
5.2.8 A certification body shall not outsource audits to management system consulting bodies where this would present an unacceptable threat to the certification body's impartiality (see 7.5). This clause does not apply to individuals who are contracted auditors as described in 7.3. 5.2.9 The marketing or quoting of a certification body's activities shall not be linked to the activities of management system consulting bodies. If any consulting body claims or implies that the selection of a certification body will make certification simpler, easier, faster or cheaper, the certification body shall take steps to correct such misrepresentation. A certification body shall not claim or imply that the selection of a consulting body will make certification simpler, easier, faster or cheaper. 5.2.10 To ensure that there is no conflict of interest, persons (including management) who have been involved in consulting on a client's management system should not be used by the certification body for audits or other certification activities for that client for two years after the consultation. 5.2.11 The certification body should take measures to address threats to its impartiality arising from the actions of other persons, bodies or organizations. 5.2.12 All persons (internal or external) or committees of the certification body who can influence the certification activities should act impartially and should not allow commercial, financial or other pressures to undermine impartiality. 5.2.13 The certification body should require internal and external persons to disclose any circumstances of which they are aware that may place them or the certification body in a conflict of interest. The certification body should use this information to identify threats to impartiality arising from their or their units' activities and should not use such internal or external persons until they can demonstrate that there is no conflict of interest. 5.3 Liability and financial resources
5.3.1 The certification body should be able to demonstrate that it has assessed the risks arising from its certification activities and has made adequate arrangements (such as insurance or reserves) for liabilities arising from its operations in various areas of activity and geographical areas of operation. 5.3.2 The certification body shall assess its financial situation and sources of income and demonstrate to the committee referred to in 6.2 that its impartiality has not been compromised by commercial, financial or other pressures. 6 Structural requirements
6.1 Organizational structure and top management
6.1.1 The certification body shall document its organizational structure and clearly define the roles, responsibilities and authorities of management and other certification personnel and committees. When the certification body is a clearly defined part of a legal entity, the document shall describe the authority relationship between the certification body and the legal entity and its relationship with other parts of the same legal entity. 6.1.2 The certification body shall identify the top management (committee, group or individual) with overall authority and responsibility for: a) formulation of policies related to the operation of the certification body; b) monitoring the implementation of policies and procedures; monitoring the finances of the certification body; development of management system certification services and certification schemes; e) conducting audits and certifications and responding to complaints; f) making certification decisions; authorizing committees or individuals to carry out specified activities on behalf of top management, when required; h) contractual arrangements; 1) providing adequate resources for certification activities. 6.1.3 The certification body shall have formal rules regarding the appointment, authority and operation of any committee involved in certification activities. 6.2 Committee to Maintain Impartiality
6.2.1 The structure of the certification body shall maintain the impartiality of the certification body's activities and shall have a committee to perform the following activities:a)
Assist in the formulation of policies related to the impartiality of certification activities;b)
Prevent the certification body from any tendency to allow commercial or other factors to interfere with its consistent and objective provision of certification activities; make recommendations on matters affecting the credibility of certification (including publicity and public perception);c)
d) Review the impartiality of the certification body's audit, certification and decision-making processes at least once a year. The committee may also be entrusted with other tasks or responsibilities, but these additional tasks or responsibilities shall not diminish its basic role of ensuring impartiality.
6.2.2 The composition, authority, tasks, powers, competences and responsibilities of the committee shall be formally documented and approved by the top management of the certification body to ensure that:
a) the interests of all parties are balanced so that no single interested party is dominant (internal or external personnel of the certification body are considered as one interested party: and should not be dominant);
b) all necessary information is obtained to enable it to perform its functions (see 5.2.2 and 5.3.2);) the committee shall have the authority to take independent action (such as reporting to the competent authority accreditation body or interested parties) if the top management of the certification body does not respect the committee's recommendations. In taking independent action, the committee shall respect the confidentiality requirements in 8.5 related to clients and certification bodies.
6.2.3 Although the committee cannot represent all interested parties, the certification body should identify and invite key interested parties. These interested parties may include: clients of the certification body, customers of certified clients, representatives of industry associations, representatives of government regulators or other government departments, or representatives of non-governmental organizations (including consumer organizations). 7 Resource requirements
7.1 Competence of management and personnel
7.1.1 The certification body shall have processes to ensure that its personnel have appropriate knowledge of the types of management systems and regions in which it operates. The certification body shall determine the competence required for each technical area related to a specific certification scheme and the competence required for each function of the certification activity.
The certification body shall determine the methods to demonstrate competence before performing specific functions. 7.1.2 When determining the competence requirements for personnel implementing certification, the certification body shall consider the functions performed by management and administrative staff in addition to those who directly perform audit and certification activities. 7.1.3 The certification body shall have access to the necessary professional knowledge and skills to obtain advice directly related to certification in the technical areas, types of management systems and regions in which it operates. This advice may be provided by external personnel or certification body personnel. 7.2 Personnel involved in certification activities
7.2.1 The certification body shall have personnel with sufficient competence to manage its various types and scopes of audit schemes and other certification work.
7.2.2 The certification body shall employ or have access to a sufficient number of auditors (including audit team leaders) and technical experts to cover all its activities and meet the audit workload. 7.2.3 The certification body shall make its tasks, responsibilities and authority clear to all relevant personnel. 7.2.4 The certification body shall have a clear process for selecting, training, formally appointing auditors and selecting technical experts for certification activities. The initial competence evaluation of auditors shall include confirmation of applicable personal qualities and the ability to apply the required knowledge and skills in the audit. Appropriate personal qualities and the ability to apply the required knowledge and skills in the audit shall be determined by a competent evaluator in the witnessing of the auditor's audit.
7.2.5 The certification body shall have a process for achieving and confirming effective audits. This process shall ensure that the auditors and audit team leaders used have general audit knowledge and skills as well as the knowledge and skills required for audits in specific technical fields. The certification body shall specify this process in the document requirements developed in accordance with the relevant guidelines of GB/T19011. 7.2.6 The certification body shall ensure that auditors (including technical experts, as required) are fully aware of its audit process, the certification requirements and other relevant requirements. The certification body shall provide auditors and technical experts with access to current and effective documented procedures for conducting audits and providing all relevant information for certification activities.
7.2.7 The certification body shall only use auditors and technical experts for those certification activities for which they have demonstrated competence. NOTE The requirements for assigning auditors and technical experts to specific audit teams are given in 9.1.3. 7.2.8 The certification body shall identify training needs and provide or make available specific training to auditors, technical experts and other personnel involved in certification activities to ensure that they are competent for the work they perform. 7.2.9 The group or individual making the decision to grant, maintain, renew, extend, reduce, suspend or withdraw certification shall understand the applicable standards and certification requirements and have demonstrated competence in evaluating the audit process and the recommendations of the audit team. 7.2.10 The certification body shall ensure that all personnel involved in audit and certification activities perform satisfactorily. The certification body shall have documented procedures and criteria to monitor and measure the performance of these personnel based on the frequency of use and the risk level of their activities. In particular, the certification body shall review the competence of personnel based on their performance to identify training needs. 7.2.11 The documented auditor monitoring procedure shall combine on-site witnessing, audit report review and customer or market feedback. The certification body shall specify the procedure in the documented requirements developed in accordance with the relevant guidelines of GB/T 19011. The monitoring method should be designed to minimize the interference with the normal certification process (especially from the customer's perspective). 7.2.12 The certification body shall conduct on-site witnessing of each auditor's performance on a regular basis. The frequency of on-site witnessing shall depend on the need for on-site witnessing determined based on all available monitoring information. 7.3 Use of external auditors and external technical experts The certification body shall require external auditors and external technical experts to commit themselves to comply with the applicable policies and procedures of the certification body through a written agreement. The agreement shall contain clauses on confidentiality and independence from commercial and other interests, and require external auditors and external technical experts to inform the certification body of their current or previous relationship with the organization that they may be assigned to audit. Note: The use of individual auditors and technical experts based on the above agreement does not constitute outsourcing as described in 7.5.
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.