Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles
4.1 General
4.2 Impartiality
4.3 Competence
4.4 Responsibility
4.5 Openness
4.6 Confidentiality
4.7 Responsiveness to complaints
5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility
5.1.2 Certification agreement
5.1.3 Responsibility for certification decisions
5.2 Management of impartiality
5.3 Liability and financing
6 Structural requirements
6.1 Organizational structure and top management
6.2 Committee for safeguarding impartiality
7 Resource requirements
7.1 Competence of management and personnel
7.1.1 General considerations
7.1.2 Determination of competence criteria
7.1.3 Evaluation processes
7.1.4 Other considerations
7.2 Personnel involved in the certification activities
7.3 Use of individual external auditors and external
technical experts
7.4 Personnel records
7.5 Outsourcing
8 Information requirements
8.1 Publicly accessible information
8.2 Certification documents
8.3 Directory of certified clients
8.4 Reference to certification and use of marks
8.5 Confidentiality
8.6 Information exchange between a certification
body and its clients
8.6.1 Information on the certification activity and
requirements
8.6.2 Notice of changes by a certification body
8.6.3 Notice of changes by a client
9 Process requirements
9.1 General requirements
9.1.1 Audit programme
9.1.2 Audit plan
9.1.3 Audit team selection and assignments
9.1.4 Determining audit time
9.1.5 Multi-site sampling
9.1.6 Communication of audit team tasks
9.1.7 Communication concerning audit team members
9.1.8 Communication of audit plan
9.1.9 Conducting on-site audits
9.1.10 Audit report
9.1.11 Cause analysis of nonconformities
9.1.12 Effectiveness of corrections and corrective
actions
9.1.13 Additional audits
9.1.14 Certification decision
9.1.15 Actions prior to making a decision
9.2 Initial audit and certification
9.2.1 Application
9.2.2 Application review
9.2.3 Initial certification audit
9.2.4 Initial certification audit conclusions
9.2.5 Information for granting initial certification
9.3 Surveillance activities
9.3.1 General
9.3.2 Surveillance audit
9.3.3 Maintaining certification
9.4 Recertification
9.4.1 Recertification audit planning
9.4.2 Recertification audit
9.4.3 Information for granting recertification
9.5 Special audits
9.5.1 Extensions to scope
9.5.2 Short-notice audits
9.6 Suspending, withdrawing or reducing the scope
of certification
9.7 Appeals
9.8 Complaints
9.9 Records of applicants and clients
10 Management system requirements for certification bodies
10.1 Options
10.2 Option 1: Management system requirements in
accordance with ISO 9001
10.2.1 General
10.2.2 Scope
10.2.3 Customer focus
10.2.4 Management review
10.2.5 Design and development
10.3 Option 2: General management system requirements
10.3.1 General
10.3.2 Management system manual
10.3.3 Control of documents
10.3.4 Control of records
10.3.5 Management review
10.3.6 Internal audits
10.3.7 Corrective actions
10.3.8 Preventive actions
Annex A (normative) - Table of minimum body of knowledge
and skills
Annex B (informative) - One example of determining competence
criteria for a management systems certification body
B.1 Competence criteria determination process
B.2 Proficiency levels of knowledge
B.3 Competence requirements for specific functions
Annex C (informative) - Possible evaluation methods
C.1 General
C.2 Review of records
C.3 Feedback
C.4 Interviews
C.5 Observations
C.6 Examinations
Annex D (informative) - Examples of evaluating competence
of certification personnel
D.1 General
D.2 Competence evaluation process
Annex E (informative) - Desired personal behaviours
Annex F (informative) - Third-party audit and certification
process
Annex G (informative) - Additional items for consideration:
audit programme, scope or plan
G.1 General
G.2 List of items for consideration
Bibliography