240531703-ISo-17021-2011-Checklist

8/10/2019 240531703-ISo-17021-2011-Checklist

1/33

F 155-03

2012-01-19 SANAS Page 1 of 33

Checklist ISO/IEC 17021:2011Conformity assessment Requirements for bodies

providing auditand

certification of management systems

SANAS

Accr.No/s.

Organisation andCity

Date

Area / field ofoperation

QMS EMS HACCP Other?

OrganisationsRepresentative

Assessor

This reportcovers thefollowing:

DocumentReview only

Implementationon Site Visit

only

DocumentReview and

Site Visit

Assessment of

companyfiles

ISO/IEC 17021 Requirement CBsReferences

COMMENT BY ASSESSOR

5 General requirements5.1 Legal and contractual matters

5.1.1 Legal responsibilityLegal entity or a defined part of a legal entity can beheld legally responsible. (Pty) Ltd, CC or other?Verify CIPRO registration.Governmental CB is a legal entity based on itsgovernmental status. Identify department.

5.1.2 Certification agreementLegally enforceable agreement (contract) forprovision of certification activities to customer?Are multiple offices of a CB or multiple sites of acertified customer covered by the agreement?

Are all the sites covered by the scope of thecertification?

5.1.3 Responsibility for certification decisionsDoes CB retain authority and responsibility for itsdecisions relating to certification? E.g. granting,maintaining, renewing, extending, reducing,suspending and withdrawing.

5.2 Management of impartiality

5.2.1 Is CB top management commitment toimpartiality?

Is there a publicly accessible statement?Does it cover:

importance of impartiality

conflict of interest and

objectivity of its management systemcertification activities?

5.2.2 Are conflict of interests identified, analysedand documented and managed through thesystem?Are relationships posing a threat toimpartiality documented?How does the CB demonstrate that it

eliminates or minimizes such threats?Information made available to the ImpartialityCommittee (see 6.2)?

NOTE: A relationship that threatens the impartiality

8/10/2019 240531703-ISo-17021-2011-Checklist

2/33

F 155-03

2012-01-19 SANAS Page 2 of 33


COMMENT BY ASSESSOR

of the certification body can be based onownership, governance, management,personnel, shared resources, finances,contracts, marketing and payment of a salescommission or other inducement for thereferral of new clients, etc.

5.2.3 Not offering certification when relationshipsthat threaten impartiality cannot beeliminated or minimised.

NOTE: See Note to 5.2.2

5.2.4 Does the CB certify another CB for itsmanagement system certification activities?


5.2.5 Does the CB and any part of the same legalentity offer or provide management systemconsultancy?

This applies also to that part of governmentidentified as the CB.


5.2.6 Does the CB provide internal audits to itscertified customers?Does the CB certify a management systemon which it provided internal audits within twoyears following the end of the internal audits?This applies also to that part of governmentidentified as the CB


5.2.7 Does the CB certify a customer when theCBs relationship with a managementsystem consultancy or internal audits, posesan unacceptable threat to the impartiality ofthe CB? See NOTES

5.2.8 Does the CB outsource audits to amanagement system consultancyorganisation? (Unacceptable threat toimpartiality, see 7.5).This clause does not apply to individualscontracted as auditors covered in 7.3

5.2.9 Are the CBs activities marketed or linkedwith management system consultancy?CB takes action to correct inappropriateclaims by any consultancy organisation?Are there any implications by CB thatcertification would be simpler, easier, fasteror less expensive if a specified consultancyorganisation is used?

5.2.10 Does CB ensure no conflict of interest ofpersonnel?2-Years rule applied, how effective is the

process?

5.2.11 Is action taken to respond to any threats toCBs impartiality arising from the actions ofother persons, bodies or organisations?

8/10/2019 240531703-ISo-17021-2011-Checklist

3/33

F 155-03

2012-01-19 SANAS Page 3 of 33


COMMENT BY ASSESSOR

5.2.12 Does all CB personnel, internal, external orcommittees, act impartially and does the CBallow commercial, financial or otherpressures to compromise impartiality?

5.2.13 Does the CB require all personnel to revealany conflict of interest situations?Information used as input to identifyingthreats to impartiality?

5.3 Liability and financing

5.3.1 Is the CB able to demonstrate that it hasevaluated risks arising from its certificationactivities and that it has adequatearrangements (e.g. insurance or reserves) tocover liabilities arising from its operations ineach of its field of activities and the

geographic areas in which it operates?

5.3.2 Does the CB evaluate its finances andsources of income and demonstrate to thecommittee specified in 6.2 that initially andon an on-going basis, commercial, financialor other pressures do not compromise itsimpartiality?

6 Structural requirements6.1 Organisational structure and top

management6.1.1 Organisational structure documented,

including duties, responsibilities andauthorities for personnel and committees;and relationships to other parts within thesame legal entity?

6.1.2 Does the CB identify the top management(board, group of persons, or person) havingoverall authority and responsibility for eachof the following:

a) development of policies relating to theoperation of the body?

b) supervision of the implementation of thepolicies and procedures?

c) Supervision of the finances of the body?d) development of management system

certification services and schemes?e) performance of audits and certification, and

responsiveness to complaints?f) decisions on certification?

g) delegation of authority to committees orindividuals, as required, to undertake definedactivities on its behalf?

h) contractual arrangements?

i) providing adequate resources forcertification activities?

8/10/2019 240531703-ISo-17021-2011-Checklist

4/33

F 155-03

2012-01-19 SANAS Page 4 of 33


COMMENT BY ASSESSOR

6.1.3 Formal rules for the appointment, terms ofreference and operation of any committeesinvolved in the certification activities?

6.2 Committee for safeguardingimpartiality

6.2.1 Does the structure of the CB safeguard theimpartiality of the activities of the CB anddoes it provide for a committee to:

a) assist in developing the policies relating toimpartiality of its certification activities?

b) counteract any tendency on the part of a CBto allow commercial or other considerationsto present the consistent objective provisionof certification activities?

c) advise on matters affecting confidence,including openness and public perception?

d) Conduct an annually review of theimpartiality of the audit, certification anddecision- making processes of the CB?

6.2.2 Is the composition, terms of reference,duties, authorities, competence of membersand responsibilities of this committeeformally documented and authorized by thetop management of the CB to ensure:

a) representation of a balance of interests?b) access to all the information (see also 5.2.2

and 5.3.2)?c) the right to take independent action, where

the top management of the CB does notrespect the advice of this committee (e.g.informing authorities, ABs, stakeholders)? Isconfidentiality maintained when takingindependent actions? See 8.5

6.2.3 Are key interests identified and invited to thiscommittee?

7 Resource requirements7.1 Competence of management and

personnel7.1.1 Does a Certification Body have a process to

ensure that personnel have appropriate

knowledge relevant to the types ofmanagement systems and geographicalareas in which it operates?Is competence required for each technicalarea and for each function in the certificationactivity determined for each technical area?Is the means for the demonstration ofcompetence determined?

7.1.2 Are competence requirements determinedfor all CB personnel and is this as perdocumented process? Is the documentedprocess as per Annexure A or as per

certification scheme?

8/10/2019 240531703-ISo-17021-2011-Checklist

5/33

F 155-03

2012-01-19 SANAS Page 5 of 33


COMMENT BY ASSESSOR

7.1.3 Evaluation processesDoes the CB have documented processes for theinitial competence evaluation, and on-goingmonitoring of competence and performance of allpersonnel involved in the management andperformance of audits and certification?

Are these methods effective?

7.1.4 Other considerations

7.1.4.1 Does the CB address the functionsundertaken by management andadministrative personnel while determiningthe competence requirements?

7.1.4.2 Does the CB have access to the necessarytechnical expertise for technical areas, typesof management system and geographicareas in which it operates?

7.2 Personnel involved in the certificationactivities

7.2.1 Does the CB as part of its own organizationhave personnel with sufficient competencefor managing the type and range of auditprogrammes and other certification workperformed?

7.2.2 Does the CB employ or have access to asufficient number of auditors, including auditteam leaders and technical experts to coverall activities and volume of work?

7.2.3 Does the CB make clear to each personconcerned their duties, responsibilities andauthorities?

7.2.4 Does the CB have defined processes for:

selecting,

training,

formally authorizing auditors and

selecting technical experts?Does the initial competence evaluation of anauditor include the ability to apply required

knowledge and skill during audits, asdetermined by a competent evaluatorobserving (witnessing) the auditor conductingan audit?

7.2.5 Does the CB have a process to achieve anddemonstrate effective auditing, including theuse of auditors and audit team leaderspossessing generic auditing skills andknowledge, as well as skills and knowledgeappropriate for auditing in specific technicalareas?Does the CB define the knowledge and

skills for specific certification functions asper Annexure A of ISO/IEC 17021:2011?

8/10/2019 240531703-ISo-17021-2011-Checklist

6/33

F 155-03

2012-01-19 SANAS Page 6 of 33


COMMENT BY ASSESSOR

7.2.6 Are auditors and technical expertsknowledgeable of the CBs audit processes,certification scheme and its requirementsand other relevant requirements?Does the CB give auditors and technicalexperts access to an up-to-date set of

documented procedures giving auditinstructions and all relevant information onthe certification activities?

7.2.7 Are auditors and technical experts used inthese activities where they havedemonstrated competence? Note see 9.1.3

7.2.8 Are training needs identified for functionsperformed?Where there is need, is training offered orprovided?

7.2.9 Are person(s) taking the certificationdecisions knowledgeable on the:

applicable standard;

certification requirements;

and have demonstrated competence toevaluate the audit processes; and

related recommendations of the auditteam?

7.2.10 Does documented procedures and criteriafor monitoring and measurement of

performance of all personnel exist?Competence reviewed to identify trainingneeds?

7.2.11 Do procedures include a combination of on-site observation, review of audit reports andfeedback from customers or from themarket?

7.2.12 Does the CB periodically observe theperformance of each auditor on-site?Is the frequency of on-site observationsbased on need determined from all

monitoring information available?

7.3 Use of individual external auditorsand external technical experts

Does a CB have a written agreement with externalauditors and external technical experts in place bywhich they commit themselves to comply withapplicable policies and procedures as defined?Does the agreement address all relevant aspects?

8/10/2019 240531703-ISo-17021-2011-Checklist

7/33

F 155-03

2012-01-19 SANAS Page 7 of 33


COMMENT BY ASSESSOR

7.4 Personnel records

Does the CB maintain up-to-date personnel records,including:

relevant qualifications;

training;

experience; affiliations;

professional status;

competence; and

any relevant consultancy services?Does this include management and administrativepersonnel in addition to those performing certificationactivities?

7.5 Outsourcing

7.5.1 Does the CB have a process in which itdescribes the conditions under which

outsourcing may take place?Legally enforceable agreement with eachbody that provides outsourced services?See Notes.

7.5.2 Is the CB outsourcing certification decisions?

7.5.3 Does the CB:a) take responsibility for all activities

outsourced?b) ensure that the body that provides

outsources activities

conforms to the CBs requirements;

conforms to the applicable provisions ofthis International Standard, includingcompetence, impartiality andconfidentiality?

c) ensure that the outsourced services are notinvolved in any way that impartiality could becompromised?

7.5.4 Documented procedures for the qualificationand monitoring of all outsourced servicesused for certification activities?Records of the competence of auditors and

technical experts maintained?

8 Information requirements8.1 Publicly accessible information

8.1.1 Does the CB maintain and make publiclyaccessible, or provide upon request,information describing its audit processes,certification processes and about thecertification activities, types of managementsystems and geographical areas in which itoperates?

8.1.2 Is the Information provided by the CB to anyclient or to the marketplace, includingadvertising, accurate and not misleading?

8/10/2019 240531703-ISo-17021-2011-Checklist

8/33

F 155-03

2012-01-19 SANAS Page 8 of 33


COMMENT BY ASSESSOR

8.1.3 Does the CB make publicly accessibleinformation about certifications granted,suspended or withdrawn?

8.1.4 Does the CB on request from any party,provide means to confirm the validity of a

given certification?See Notes

8.2 Certification documents

8.2.1 Does the CB provide certification documentsto the certified client by any means itchooses?

8.2.2 Is the effective date on a certificationdocument, the date before the certificationdecision?

8.2.3 Does the certification document(s) identifythe following:

a) the name and geographic location of eachclient and any sites within the scope of amulti-site certification?

b) the dates of granting, extending or renewingcertification?

c) the expiry date or re-certification due dateconsistent with the re-certification cycle?

d) a unique identification code?e) the standard and/or other normative

document, including issue number and/or

revision, used for audit of the certifiedcustomer?

f) the scope of certification with respect toproduct (including service), process, etc, asapplicable at each site?

g) the name, address and certification mark ofthe CB; other marks (e.g. accreditationsymbol)?

h) any other information required by thestandard and/or other normative documentused for certification?

i) in the event of issuing any revisedcertification documents, a means todistinguish the revised documents from anyprior obsolete documents.

8.3 Directory of certified customers

Does the CB maintain and make publicly accessibleor provide upon request, by any means it chooses, adirectory of valid certifications? See 8.3 for directorydetail.

8/10/2019 240531703-ISo-17021-2011-Checklist

9/33

F 155-03

2012-01-19 SANAS Page 9 of 33


COMMENT BY ASSESSOR

8.4 Reference to certification and use ofmarks

8.4.1 Does the CB have a policy governing anymark that it authorizes certified customers touse? See 8.4.1 and ISO/IEC 17030 fordetail.

Is the mark used on a product or productpackaging seen by the consumer?

8.4.2 Does the CB permit its marks to be appliedto laboratory test, calibration or inspectionreports?

8.4.3 Does the CB require that the clientorganisation:

a) conforms to the requirements of the CBwhen making reference to its certificationstatus in communication media?

b) does not make or permit any misleadingstatement regarding its certification?

c) does not use or permit the use of acertification document or any part thereof ina misleading manner?

d) upon suspension or withdrawal of itscertification, discontinues its use of alladvertising matter that contains a referenceto certification, as directed by the CB (see9.6.3 and 9.6.6)?

e) amends all advertising matter when thescope of certification has been reduced?

f) does not allow reference to its managementsystem certification to be used to imply thatthe CB certifies a product (including service)or process?

g) does not imply that the certification appliesto activities that are outside the scope ofcertification? and

h) does not use its certification in such amanner that would bring the CB and/orcertification system into disrepute and losepublic trust?

8.4.4 Does the CB exercise proper control of

ownership and take action to deal withincorrect references to certification status ormisleading use of certification marks or auditreports? See Note

8.5 Confidentiality

8.5.1/8.5.5 Does the CB through legally enforceableagreements have a policy and

arrangements tosafeguard the confidentiality of the

information atall levels of its structure, including

committees and external bodies or individuals actingon its

behalf?

8/10/2019 240531703-ISo-17021-2011-Checklist

10/33

F 155-03

2012-01-19 SANAS Page 10 of 33


COMMENT BY ASSESSOR

8.5.2 Client informed by the CB of the confidentialinformation it intends to place in the publicdomain?

8.5.3 Except as required in this InternationalStandard, is information about a particular

client or individual disclosed to a third partywithout the written consent of the client orindividual concerned?Where the CB is required by law to releaseconfidential information to a third party, is thecustomer or individual concerned, unlessregulated by law, notified in advance of theinformation provided?

8.5.4 Is information about the client treated asconfidential, consistent with the CBs policy?

8.5.5 Do all personnel acting on the CBs behalf,

keep confidential all information obtained orcreated during the performance of the CBsactivities?

8.5.6 Does the CB have available and useequipment and facilities that ensure thesecure handling of confidential information(e.g. documents, records)?

8.5.7 When confidential information is madeavailable to other bodies (e.g. AB,agreement group of a peer assessmentscheme) does the CB inform its client of thisaction?

8.6 Information exchange between a CBand its customers.

8.6.1 Information on the certification activity andrequirements

Does the CB provide and update clients on thefollowing:

a) a detailed description of the initial andcontinuing certification activity, including theapplication, initial audits, surveillance audits,and the process for granting, maintaining,

reducing, extending, suspending,withdrawing certification and re-certification?b) the normative requirements for certification?c) information about the fees for application,

initial certification and continuingcertification?

d) the CBs requirements for the prospectivecustomer:1) to comply with certification requirements?2) to make all necessary arrangements for

the conduct of the audits, includingprovision for examining documentationand the access to all processes and

areas, records and personnel for thepurposes of initial certification,surveillance, re-certification andresolution of complaints, and?

3) to make provisions, where applicable, to

8/10/2019 240531703-ISo-17021-2011-Checklist

11/33

8/10/2019 240531703-ISo-17021-2011-Checklist

12/33

F 155-03

2012-01-19 SANAS Page 12 of 33


COMMENT BY ASSESSOR

the conduct and scheduling of the auditactivities?Is the audit plan based on documentedrequirements of the certification body?

9.1.2.2 Determining audit objectives, scope andcriteria

9.1.2.2.1 Does the CB determine the auditobjectives?

Is the audit scope and criteria includingchanges established by the CB afterdiscussions with the client?

9.1.2.2.2 Are audit objectives describe what is to beaccomplished by the audit and does itinclude the following?a) determination of the conformity of the

clientsmanagement system, or parts of it, with

theaudit criteria

b) evaluation of the ability of themanagement

system to ensure the client organisationmeets

applicable statutory, regulatory andcontractual

requirements

SEE NOTE

c) evaluation of the effectiveness of themanagement system to ensure the clientorganisation is continually meeting its

specifiedobjectives

d) as applicable, identification of areas forpotential

improvement of the management system9.1.2.2.3Does the audit scope describes the extent

and boundaries of the audit. Where theinitial or re-certification process consists ofmore than one audit, are total auditsconsistent with the scope in the certificationdocument?

9.1.2.2.4 Is the audit criteria used as a referenceagainst which conformity is determined and

does it include the requirements of a defined normative

document on management systems

the defined processes anddocumentation of the managementsystem developed by the client

9.1.2.3 Preparing the audit planIs the audit plan appropriate to the objectivesand the scope of the audit and does it atleast include or refer to the following:(a) the audit objectives(b) the audit criteria(c) the audit scope, including identification

of the organisational and functional unitsor processes to be audited

(d) the dates and sites where the on-site

8/10/2019 240531703-ISo-17021-2011-Checklist

13/33

F 155-03

2012-01-19 SANAS Page 13 of 33


COMMENT BY ASSESSOR

audit activities are to be conducted,including visits to temporary sites, asappropriate

(e) the expected time and duration of on-site audit activities

(f) the roles and responsibilities of the audit

team members and accompanyingpersons

SEE NOTE 1 and 2

9.1.3 Audit team selection and assignments9.1.3.1 Process in place for selecting and appointing

the audit team taking into account thecompetence needed to achieve theobjectives of the audit?Where there is only one auditor, is theauditor competent to perform?

9.1.3.2 In deciding the size and composition of theaudit team, was the following considered:(a) audit objectives, scope, criteria and

estimated time of the audit(b) whether the audit is a combined,

integrated or joint audit(c) the overall competence of the audit team

needed to achieve the objectives of theaudit

(d) certification requirements (including anyapplicable statutory, regulatory orcontractual requirements?

(e) Language and culture

(f) Whether the members of the audit teamhave previously audited the clientsmanagement system

9.1.3.3 Where the necessary knowledge and skill ofthe audit team leader and auditors wassupplemented by technical experts,translators and interpreters, were theyselected such that they do not undulyinfluence the audit?

9.1.3.4 Where auditors-in-training are included inthe audit team as participants, was an

evaluator appointed?Was the evaluator competent to take overthe duties and have final responsibility forthe activities and findings of the auditor-in-training?

9.1.3.5 Does the audit team leader, in consultationwith the audit team assign to each teammember responsibility for specific processes,functions, sites, areas or activities and aresuch assignments taking into account theneed for competence?Were changes to assignments made toensure achievement of the audit objectives?

8/10/2019 240531703-ISo-17021-2011-Checklist

14/33

F 155-03

2012-01-19 SANAS Page 14 of 33


COMMENT BY ASSESSOR

9.1.4 Determining audit time

9.1.4.1 Does the CB have documented proceduresfor determining audit time needed to planand accomplish a complete and effectiveaudit.Does the procedure include or make

reference to the relevant Annexes in the IAFGD2 and GD6 documents?Is the audit time determined by the CB, andthe justification for the determination,recorded?In determining the audit time, does the CBconsider, among other things, the followingaspects:

a) the requirements of the management systemstandard?

b) size and complexity?c) technological and regulatory context?d) any outsourcing?

e) the results of any prior audits?f) number of sites and multi-site

considerations?g) the risks associated with the product,

processes or activities of the organisation?h) when audits are combined, joint or

integrated?i) specific criteria for specific certification

scheme, where established

9.1.4.2 Does the CB include time spent by any teammember that is not assigned as an auditor?

.

9.1.5 Multi-site samplingWhere multi-site sampling is utilized, did theCB develop an adequate samplingprogramme to ensure proper audit of themanagement system?Is the rationale for the sampling plandocumented? (IAF guidance applies)

9.1.6 Communication of audit team tasksAre the tasks given to the audit team definedand made known to the client? Does theaudit team:

a) examine and verify the structure, policies,processes, procedures, records and relateddocuments of the customer organisationrelevant to the management system?

b) determine that these meet all therequirements relevant to the intended scopeof certification?

c) determine that the processes andprocedures are established, implementedand maintained effectively, to provide abasis for confidence in the clientmanagement system, and?

d) communicate to the customer, for its action,any inconsistencies between the customerspolicy, objectives and targets and theresults?

8/10/2019 240531703-ISo-17021-2011-Checklist

15/33

F 155-03

2012-01-19 SANAS Page 15 of 33


COMMENT BY ASSESSOR

9.1.7 Communication concerning audit teammembersDoes the CB provide the name and, whenrequested, make available backgroundinformation of each member of the auditteam, with sufficient time for the client

organisation to object to the appointment ofany particular auditor or technical expert andfor the CB to reconstitute the team inresponse to any valid objection?

9.1.8 Communication of audit planIs the audit plan communicated and thedates of the audit agreed upon, in advance,with the client organisation?

9.1.9 Conducting on-site audits9.1.9.1 General

Does the CB have a process for conducting

on-site audits?Does the process include opening meetingat the start of the audit and closing meetingat the conclusion of the audit?

9.1.9.2 Conducting the opening meetingDoes the audit team have a formal openingmeeting with the clients management andthose responsible for the functions orprocesses to be audited?Are the opening meeting conducted by thelead auditor?Are audit activities explained including thefollowing:

a) introduction of the participants, includingan outline of their roles

b) confirmation of the scope of certificationc) confirmation of the audit plan (including

type and scope of audit, objectives andcriteria), any changes, and otherrelevant arrangements with the client,such as the date and time for the closingmeeting, interim meetings between theaudit team and clients management

d) confirmation of formal communicationchannels between the audit team andthe client

e) confirmation that the resources andfacilities needed by audit team areavailable

f) confirmation of matters relating toconfidentiality

g) confirmation of relevant work safety,emergency and security procedures forthe audit team

h) confirmation of the availability, roles andidentities of any guides and observers

i) the method of reporting, including anygrading of audit findings

j) information about the conditions underwhich the audit may be prematurelyterminated

k) confirmation that the audit team leaderand audit team representing the CB is

8/10/2019 240531703-ISo-17021-2011-Checklist

16/33

F 155-03

2012-01-19 SANAS Page 16 of 33


COMMENT BY ASSESSOR

responsible for the audit and shall be incontrol of executing the audit planincluding audit activities and audit trails

l) confirmation of the status of findings ofthe previous review or audit, if applicable

m) methods and procedures to be used to

conduct the audit based on samplingn) confirmation of the language to be used

during the audito) confirmation that, during the audit, the

client will be kept informed of auditprogress and any concerns

p) opportunity for the client to askquestions

9.1.9.3 Communication during the audit9.1.9.3.1 During the audit, does the audit team

periodically assess audit progress andexchange information and does the team

leader re-assign work as needed betweenthe audit team members and periodicallycommunicate the progress of the audit andany concerns to the client?

9.1.9.3.2 Does the audit team leader report to theclient and where possible to the CBpresence of an immediate and significantrisk (e.g. safety) see 9.1.9.3.2?Is the outcome of the action taken reportedto the CB?

9.1.9.3.3 Does the team leader review with the clientany need for changes to the audit scopewhich becomes apparent as on-site

auditing activities progress and report thisto the CB?

9.1.9.4 Observers and guides

9.1.9.4.1 ObserversPrior to the conduct of the audit, does theclient agree to the presence andjustification of observers during an auditactivity?Does the team leader ensure thatobservers do not influence or interfere inthe audit process or outcome of the audit?

9.1.9.4.2 GuidesDoes each auditor accompanied by aguide, unless otherwise agreed to by theaudit team leader and the client?Does the audit team ensure that guides donot influence or interfere in the auditprocess or outcome of the audit? SEENOTE

9.1.9.5 Collecting and verifying information9.1.9.5.1 Is information relevant to the audit

objective, scope and criteria collected byappropriate sampling and verified tobecome audit evidence?

9.1.9.5.2 Are methods to collect informationincluded?a) Interviews

8/10/2019 240531703-ISo-17021-2011-Checklist

17/33

F 155-03

2012-01-19 SANAS Page 17 of 33


COMMENT BY ASSESSOR

b) Observation of processes and activitiesc) Review of documentation and records

9.1.9.6 Identifying and recording audit findings9.1.9.6.1 Are audit findings summarising conformity

and detailing non-conformity audits and its

supporting evidence recorded andreported?

9.1.9.6.2 Where opportunities for improvement arenot prohibited by the requirements of amanagement system scheme, are theyidentified and recorded?

9.1.9.6.3 Is a finding of non-conformity recordedagainst a specific requirement of the auditcriteria and does itcontain a clear statement of the non-conformity and identify in detail theobjective evidence on which the non-conformity is based?

Are non-conformities discussed with theclient to ensure that the evidence isaccurate and that the non-conformities areunderstood?

9.1.9.6.4 Does the audit team leader attempt toresolve any diverging opinions between theaudit team and the client concerning auditevidence on findings, and are unresolvedpoints recorded?

9.1.9.7 Preparing audit conclusionsPrior to the closing meeting, does the audit

teama) review the audit findings, and any other

appropriate information collectedduring the audit, against the auditobjectives

b) agree upon the audit conclusions,taking into account the uncertaintyinherent in the audit process

c) identify any necessary follow-upactionsd) confirm the appropriateness of theaudit

programme or identify any modification

required (e.g. scope, audit time ordates,

surveillance frequency, competence)

9.1.9.8 Conduct the closing meeting

9.1.9.8.1 Does the team hold a formal closingmeeting with management and are non-conformances presented in such amanner that they are understood, andare timeframes for responding agreed?Is attendance recorded?

9.1.9.8.2 Does the closing meeting include thefollowing:a) advising the client that the audit

evidence collected was based on

8/10/2019 240531703-ISo-17021-2011-Checklist

18/33

F 155-03

2012-01-19 SANAS Page 18 of 33


COMMENT BY ASSESSOR

sample of the information; therebyintroducing an element of uncertainty

b) the method and timeframe of reporting,including any grading of audit findings

c) the certification bodys process forhandling nonconformities including any

consequences relating to the status ofthe clients certification

d) the timeframe for the client to present aplan for correction and correctiveaction for any nonconformitiesidentified during the audit

e) the CBs post audit activitiesf) information about the complaint

handling and appeal processes

9.1.9.8.3 Is the client given opportunity forquestions?Are diverging opinions regarding the audit

findings or conclusions discussed, resolvedwhere possible?Are unresolved diverging opinionsrecorded and referred to the CB?

9.1.10 Audit report9.1.10.1 Does the CB provide a written report

foreach audit and is ownership of the

reportmaintained by the CB?If the audit team identifies

opportunities for

improvement , do they recommendspecific

solutions?

9.1.10.2 Does the team leader ensure thatthe report

is prepared and takes responsibilityof the

contents of the report?Does the report provide accurate,

conciseand clear record of the audit and

does it

include the following:(a) identification of the certification body(b) the name and address of the clients

management representative(c) the type of audit (e.g. initial, surveillance

or recertification)(d) the audit criteria(e) the audit objectives(f) the audit scope, particularly identification

of the organisational or functional unitsor processes audited and the time of theaudit

(g) identification of the audit team leader,audit team members and anyaccompanying persons

(h) the dates and places where the auditactivities (on site or offsite) were

8/10/2019 240531703-ISo-17021-2011-Checklist

19/33

F 155-03

2012-01-19 SANAS Page 19 of 33


COMMENT BY ASSESSOR

conducted(i) audit findings, evidence and

conclusions, consistent with therequirements of the type of audit

(j) any unresolved issues, if identified

9.1.11 Cause analysis of nonconformitiesDoes the CB require the client to analyse thecause and describe the specific correctionand corrective actions taken, or planned tobe taken, to eliminate detected non-conformities, within a defined time?

9.1.12 Effectiveness of corrections andcorrective actionsDoes the CB review the corrections,identified causes and corrective actionssubmitted by the customer to determine if

these are acceptable?Does the CB verify the effectiveness of anycorrection and corrective actions taken?Is the evidence obtained to support theresolution of nonconformities recorded?Does the client gets informed of the result ofthe review and verification?SEE NOTE

9.1.13 Certification decisionIs the client informed if an additional fullaudit, an additional limited audit, ordocumented evidence (to be confirmed

during future surveillance audits) will beneeded to verify effective correction andcorrective actions

9.1.14 Does the CB ensure that the persons orcommittees that make the certification or re-certification decisions are different fromthose who carried out the audits?

9.1.15 Actions prior to making a decisionDoes the CB confirm, prior to making adecision, that:

a) the information provided by the audit team issufficient?

b) it has reviewed, accepted and verified theeffectiveness of correction and correctiveactions, for all nonconformities thatrepresent:1) failure to fulfil one or more requirements

of the management system standard? or2) a situation that raises significant doubt

about the ability of the customersmanagement system to achieve itsintended outputs?

c) it has reviewed and accepted the clientsplanned correction and corrective action forany other non-conformities?

8/10/2019 240531703-ISo-17021-2011-Checklist

20/33

F 155-03

2012-01-19 SANAS Page 20 of 33


COMMENT BY ASSESSOR

9.2 Initial audit and certification.9.2.1 Application

Does the CB require an authorized representative ofthe applicant organization to provide the necessaryinformation to enable it to establish:

a) the desired scope of the certification?b) the general features of the applicant

organization, including its name and theaddress(es) of its physical location(s),significant aspects of its process andoperations, and any relevant legalobligations?

c) general information, relevant for the field ofcertification applied for, concerning theapplicant organization, such as its activities,human and technical resources, functionsand relationship in a larger corporation, ifany?

d) information concerning all outsourcedprocesses used by the organization that willaffect conformity to requirements?

e) the standards or other requirements forwhich the applicant organization is seekingcertification?

f) information concerning the use ofconsultancy relating to the managementsystem?

9.2.2 Application review.

9.2.2.1 Before proceeding with the audit, does the

CB conduct a review of the application andsupplementary information for certification toensure that:

a) the information about the applicant and itsmanagement system is sufficient for theconduct of the audit?

b) the requirements for certification are clearlydefined and documented, and have beenprovided to the applicant organization?

c) any known difference in understandingbetween the CB and the applicantorganization is resolved?

d) the CB has the competence and ability toperform the certification activity?

e) the scope of certification sought, thelocation(s) of the applicants organisationsoperations, time required to complete auditsand any other points influencing thecertification activity are taken into account(language, safety conditions, threats toimpartiality, etc.)?

f) records of the justification for the decision toundertake the audit shall be maintained?

9.2.2.2 Following the review of the application, doesthe CB accept or decline an application orcertification?When declined, are reasons for decliningdocumented and made clear to the client?

8/10/2019 240531703-ISo-17021-2011-Checklist

21/33

F 155-03

2012-01-19 SANAS Page 21 of 33


COMMENT BY ASSESSOR

SEE NOTE

9.2.2.3 Based on this review, does the CBdetermine the competences it needs toinclude in its audit team (see 7.2 7) and forthe certification decision (see 7.2.9)?

9.2.2.4 Is the audit team appointed and do theyhave the totality of the competencesidentified by the CB as set out in 9.2.2.3 forthe certification of the applicantorganization?Is selection of the team performed withreference to the designations of competenceof auditors and technical experts madeunder 7.2.5?

9.2.2.5 Is the individual(s) who will be conductingthe certification decision appointed to ensure

appropriate competence is available (see7.2.9 and 9.2.2.3)?

9.2.3 Initial certification audit

Is the initial certification audit of a managementsystem conducted in two stages - Stage 1 and Stage2?

9.2.3.1 Stage 1 audits

9.2.3.1.1 Is the Stage 1 audit performed:a) to audit the clients management system

documentation;

b) to evaluate the clients location and site-specific conditions and to undertakediscussions with the clients personnel todetermine the preparedness for theStage 2 audit;

c) to review the clients status andunderstanding regarding requirements ofthe standard, in particular with respect tothe identification of key performance orsignificant aspects, processes, objectivesand operation of the managementsystem?

d) to collect necessary informationregarding the scope of the managementsystem, processes and location(s) of theclient, and related statutory andregulatory aspects and compliance (e.g.quality, environmental, legal aspects ofthe clients operation, associated risks,etc.)?

e) to review the allocation of resources forStage 2 audit and agree with the clienton the details of the Stage 2 audit?

f) to provide a focus for planning the Stage2 audit by gaining a sufficientunderstanding of the clientsmanagement system and site operationsin the context of possible significant

8/10/2019 240531703-ISo-17021-2011-Checklist

22/33

8/10/2019 240531703-ISo-17021-2011-Checklist

23/33

F 155-03

2012-01-19 SANAS Page 23 of 33


COMMENT BY ASSESSOR

9.2.4 Initial certification audit conclusions

Does the audit team analyse all information andaudit evidence gathered during the Stage 1 andStage 2 audits to review the audit findings and agreeon the audit conclusions?

9.2.5 Information for granting initialcertification9.2.5.1 Does the information provided by the audit

team to the CB for the certification decisioninclude, as a minimum:

a) the audit reports?b) comments on the non-conformities and,

where applicable, the correction andcorrective actions taken by the client?

c) confirmation of the information provided tothe certification body used in theapplication review (see 9 2.2)? and

d) a recommendation whether or not to grantcertification, together with any conditions orobservations

9.2.5.2 Does the CB make the certification decisionon the basis of an evaluation of the auditfindings and conclusions and any otherrelevant information (e.g. public information,comments on the audit report from thecustomer)?

9.3 Surveillance activities

9.3.1 General9.3.1.1 Did the CB developed its surveillance

activities so that representative areas andfunctions covered by the scope of themanagement system are monitored on aregular basis, and take into accountchanges to its certified client and itsmanagement system?

9.3.1.2 Do surveillance activities include on-siteaudits assessing the certified clientsmanagement systems fulfilment ofspecified requirements with respect to thestandard to which the certification isgranted? Other surveillance activities mayinclude:

a) enquiries from the CB to the certified clienton aspects of certification;

b) reviewing any clients statements withrespect to its operations (e.g. promotionalmaterial, website);

c) requests to the client to provide documentsand records (on paper or electronic media);and

d) other means of monitoring the certifiedclients performance?

8/10/2019 240531703-ISo-17021-2011-Checklist

24/33

F 155-03

2012-01-19 SANAS Page 24 of 33


COMMENT BY ASSESSOR

9.3.2 Surveillance audit

9.3.2.1 Are on-site audits planned together with theother surveillance activities, so that the CBcan maintain confidence that the certifiedmanagement system continues to fulfil

requirements in between re-certificationaudits?Does the surveillance audit programmeinclude, at least:

a) internal audits and management review?b) a review of action taken on non-conformities

identified during the previous audit?c) treatment of complaints?d) effectiveness of the management system

with regard to achieving the certified clientsobjectives?

e) progress of planned activities aimed atcontinual improvement?

f) continuing operational control?g) review of any changes? andh) use of marks and/or any other reference to

certification?

9.3.2.2 Are surveillance audits conducted at leastonce a year?Is the date of the 1st surveillance auditfollowing initial certification not more than12 months from the last day of the Stage 2audit?

9.3.3 Maintaining certification

Does the CB maintain certification based ondemonstration that the client continues to satisfy therequirements of the management system standard?Does the CB maintain an organizations certificationbased on a positive recommendation by the auditteam leader without further independent review,provided that:

a) for any non-conformity or other situation thatmay lead to suspension or withdrawal ofcertification, the CB needs to initiate a reviewby appropriately competent personneldifferent from those who carried out the

audit, to determine whether certification canbe maintained (see 7.2.9), and

b) competent personnel of the CB monitor itssurveillance activities, including monitoringthe reporting by its auditors, to confirm thatthe certification activity is operatingeffectively?

9.4 Re-certification9.4.1 Re-certification cycle

9.4.1.1 Is a re-certification audit planned andconducted to evaluate the continued

fulfilment of all of the requirements of therelevant management system standard orother normative document?

8/10/2019 240531703-ISo-17021-2011-Checklist

25/33

F 155-03

2012-01-19 SANAS Page 25 of 33


COMMENT BY ASSESSOR

9.4.1.2 Does the re-certification audit consider theperformance of the management systemover the period of certification, and includethe review of previous surveillance auditreports?

9.4.1.3 In situations where there have beensignificant changes (e.g. changes tolegislation, management, processes etc.)do the re-certification audit activitiesinclude a Stage 1 audit?

9.4.1.4 In the case of multiple sites or certificationmultiple management system standardsbeing provided by the CB, does theplanning for the audit ensure adequate on-site audit coverage to provide confidence inthe certification?

9.4.2 Re-certification audit

9.4.2.1 Does the re-certification audit include anon-site audit that addresses the following:

a) the effectiveness of the managementsystem?

b) demonstrated commitment to maintain theeffectiveness and improvement?

c) whether the operation of the certifiedmanagement system contributes to theachievement of the organizations policyand objectives?

9.4.2.2 When, during a re-certification audit,instances of non-conformity or lack ofevidence of conformity are identified, doesthe CB define time limits for correction andcorrective actions to be implemented prior tothe expiry of certification?

9.4.3 Information for granting re-certificationDoes the CB make decisions on renewingcertification based on:

the results of re-certification audit?

the results of the review of the system over the

period of certification? and

the complaints received from users ofcertification?

9.5 Special audits9.5.1 Extensions to scope

Does the CB, in response to an application forextension to the scope of a certification alreadygranted, undertake a review of the application anddetermine any audit activities necessary to decidewhether or not the extension may be granted? (This

may be conducted in conjunction with a surveillanceaudit)

8/10/2019 240531703-ISo-17021-2011-Checklist

26/33

F 155-03

2012-01-19 SANAS Page 26 of 33


COMMENT BY ASSESSOR

9.5.2 Short-notice audits

If it is necessary for the CB to conduct audits ofcertified clients at short notice to investigatecomplaints (see 9.8), or in response to changes (see8.6.3), or as follow up on suspended customers (see

9.6): a) does the CB describe and make known inadvance to the certified clients (e.g. indocuments as described in 8.6 1) theconditions under which these short noticevisits are to be conducted? and

b) does the CB exercise additional care in theassignment of the audit team because ofthe lack of opportunity for the client toobject to audit team members?

9.6 Suspending, withdrawing or reducingscope of certification

9.6.1 Does the CB have a policy and documentedprocedure(s) for suspension, withdrawal orreduction of the scope of certification, anddoes it specify the subsequent actions by theCB?

9.6.2 Does the CB suspend certification in caseswhen, for example:

the customers certified management systemhas persistently or seriously failed to meetcertification requirements, includingrequirements for the effectiveness of themanagement system?

the certified client does not allowsurveillance or re-certification audits to beconducted at the required frequencies? or

the certified client has voluntarily requesteda suspension

9.6.3 Under suspension the customersmanagement system certification istemporarily invalid.

Does the CB have enforceablearrangements with its clients to ensurethat in case of suspension the client

refrains from further promotion of itscertification?

Does the CB make the suspended statusof the certification publicly available (see8.1.3) and take any other measures itdeems appropriate?

9.6.4 Does failure to resolve the issues that haveresulted in the suspension in a timeestablished by CB result in withdrawal orreduction of the scope of certification? SeeNote

9.6.5 Does the CB reduce the customers scope ofcertification to exclude the parts not meetingthe requirements, when the client haspersistently or seriously failed to meet thecertification requirements for those parts of

8/10/2019 240531703-ISo-17021-2011-Checklist

27/33

F 155-03

2012-01-19 SANAS Page 27 of 33


COMMENT BY ASSESSOR

the scope of certification?Are such reductions in line with therequirements of the standard used forcertification?

9.6.6 Does the CB have enforceable

arrangements with the certified customerconcerning conditions of withdrawal (see8.4.3 d) ensuring upon notice of withdrawalof certification that the customerdiscontinues its use of all advertising matterthat contains any reference to a certifiedstatus?

9.6.7 Upon request by any party, does the CBcorrectly state the status of certification of aclients management system as beingsuspended, withdrawn or reduced?

9.7 Appeals9.7.1 Does the CB have a documented process to

receive, evaluate and make decisions onappeals?

9.7.2 Is a description of the appeals handlingprocess publicly available?

9.7.3 Is the CB responsible for all decisions at alllevels of the appeals handling process?Does the CB ensure that the personsengaged in appeals handling process aredifferent from those who carried out theaudits and made the certification decisions?

9.7.4 Do submission, investigation and decisionon appeals result in any discriminatoryactions against the appellant?

9.7.5 Does the appeal handling process include atleast the following elements and methods:

a) an outline of the process for receiving,validating, investigating the appeal, and fordeciding what actions are to be taken inresponse to it, taking into account the results

of previous similar appeals;b) tracking and recording appeals, includingactions undertaken to resolve them;

c) ensuring that any appropriate correction andcorrective action is taken

9.7.6 Does the CB acknowledge receipt of theappeal and provide the appellant withprogress reports and the outcome?

9.7.7 Are the decision to be communicated to theappellant made by, or reviewed andapproved by, individual(s) not previously

involved in the subject of the appeal?

9.7.8 Does the CB give formal notice of the end ofthe appeal handling process to theappellant?

8/10/2019 240531703-ISo-17021-2011-Checklist

28/33

F 155-03

2012-01-19 SANAS Page 28 of 33


COMMENT BY ASSESSOR

9.5 Complaints

9.8.1 Is a description of the complaints handlingprocess publicly accessible?

9.8.2 Upon receipt of a complaint, does the CB

confirm whether the complaint relates tocertification activities that it is responsible forand, if so, deals with it?If the complaint relates to a certified clientdoes the examination of the complaintconsider the effectiveness of the certifiedmanagement system?

9.8.3 Is a complaint about a certified client alsoreferred by the CB to the certified client inquestion at an appropriate time?

9.8.4 Does the CB have a documented process to

receive, evaluate and make decisions oncomplaints?Is this process subject to requirements forconfidentiality, as it relates to thecomplainant and to the subject of thecomplaint?

9.8.5 Does the complaints handling processinclude at least the following elements andmethods:

a) an outline of the process for receiving,validating, investigating the complaint, andfor deciding what actions are to be taken in

response to it?b) tracking and recording complaints, including

actions undertaken to resolve them;?c) ensuring that any appropriate correction and

corrective actions are taken?See Note9.8.6 Is the CB receiving the complaint

responsible for gathering and verifying allnecessary information to validate thecomplaint?

9.8.7 Whenever possible, does the CBacknowledge receipt of the complaint, andprovide the complainant with progressreports and the outcome?

9.8.8 Is the decision to be communicated to thecomplainant made by, or reviewed andapproved by, individual(s) not previouslyinvolved in the subject of the complaint?

9.8.9 Whenever possible, does the CB give formalnotice of the end of the complaint handlingprocess to the complainant?

9.8.10 Does the CB determine together with theclient and the complainant, whether and, ifso to what extent, the subject of thecomplaint and its resolution shall be madepublic?

8/10/2019 240531703-ISo-17021-2011-Checklist

29/33

F 155-03

2012-01-19 SANAS Page 29 of 33


COMMENT BY ASSESSOR

9.9 Records of applicants and clients

9.9.1 Does the CB maintain records on the auditand other certification activity for all clients,including all organizations that submittedapplications, and all organizations audited,

certified, or with certification withdrawn?

9.9.2 Do the records on certified clients includethe following:

a) application information and initial,surveillance and re-certification auditreports?

b) certification agreement?c) justification of the methodology used for

sampling?d) justification for auditor time determination

(see 9.1.4)?e) verification of correction and corrective

actions?f) records of complaints and appeals, and any

subsequent correction or corrective actions?g) committee deliberations and decisions, if

applicable?h) documentation of the certification decisions?i) certification documents including the scope

of certification with respect to product,process or services as applicable? and

j) related records necessary to establish thecredibility of the certification, such asevidence of the competence of auditor andtechnical expert?

See Note.9.9.3 Does the CB keep the records on applicants

and customers secure to ensure that theinformation is kept confidential?Are records transported, transmitted ortransferred, in a way that ensures thatconfidentiality is maintained?

9.9.4 Does the CB have a documented policy anddocumented procedures on retention ofrecords?Are records retained for the duration of thecurrent cycle plus one (1) full certification

cycle?See Note

10 Management system requirements forCBs

10.1 OptionsIn addition to meeting the requirements of Clauses 5to 9, did the CB implement a management system inaccordance with either

a) management system requirements inaccordance with ISO 9001 (Option 1)? or

b) general management system requirements(Option 2)?

8/10/2019 240531703-ISo-17021-2011-Checklist

30/33

F 155-03

2012-01-19 SANAS Page 30 of 33


COMMENT BY ASSESSOR

10.2 Option 1: Management systemrequirements in accordance with ISO9001

10.2.1 GeneralIs the ISO 9001 system capable of supporting anddemonstrating the consistent achievement of therequirements of this International Standard, amplifiedby 10.2.2 to 10.2 4?

10.2.2 Scope

Does the scope of the management system includethe design and development requirements for itscertification services?

10.2.3 Customer focus

Does the CB consider the credibility of certificationand address the needs of all parties (as set out in

4.1.2) that rely upon its audit and certificationservices, not just its clients?

10.2.4 Management review

Does the CB include as input for managementreview, information on relevant appeals andcomplaints from users of certification activities?

10.3 Option 2: General managementsystem requirements

10.3.1 General

Does the CB establish, document, implement andmaintain a management system that is capable ofsupporting and demonstrating the consistentachievement of the requirements of this InternationalStandard?Does the CBs top management establish anddocument policies and objectives for its activities?Does top management provide evidence of itscommitment to the development and implementationof the management system in accordance with therequirements of this International Standard?Does top management ensure that the policies areunderstood, implemented and maintained at all

levels of the certification bodys organisation?Did the CBs top management appoint a member ofmanagement who, irrespective of otherresponsibilities, shall have responsibility andauthority that includes:

a) ensuring that processes and proceduresneeded for the management system areestablished, implemented and maintained?and

b) reporting to top management on theperformance of the management system andany need for improvement?

8/10/2019 240531703-ISo-17021-2011-Checklist

31/33

F 155-03

2012-01-19 SANAS Page 31 of 33


COMMENT BY ASSESSOR

10.3.2 Management system manual

Are all applicable requirements of this InternationalStandard addressed either in a manual or inassociated documents?Does the CB ensure that the manual and relevantassociated documents are accessible to itspersonnel?

10.3.3 Control of documents

Did the CB establish procedures to control thedocuments (internal and external) that relate to thefulfilment of this International Standard?Does the procedures define the controls needed:

a) to approve documents for adequacy prior toissue?

b) to review and update as necessary and re-approve documents?

c) to ensure that changes and the current

revision status of documents are identified?d) to ensure that relevant versions of applicable

documents are available at points of use?e) to ensure that documents remain legible and

readily identifiable?f) to ensure that documents of external origin

are identified and their distributioncontrolled? and

g) to prevent the unintended use of obsoletedocuments, and to apply suitableidentification to them if they are retained forany purpose?

See Note.

10.3.4 Control of Records

Does the CB establish procedures to define thecontrols needed for the identification, storage,protection, retrieval, retention time and disposition ofits records related to the fulfilment of thisInternational Standard?Does the CB establish procedures for retainingrecords for a period consistent with its contractualand legal obligations?Is access to these records consistent with theconfidentiality arrangements?See Note

10.3.5 Management review10.3.5.1 GeneralDid the CBs top management establish proceduresto review its management system at plannedintervals to ensure its continuing suitability,adequacy and effectiveness including the statedpolicies and objectives related to the fulfilment of thisInternational Standard?

Are these reviews conducted at least once a year?

8/10/2019 240531703-ISo-17021-2011-Checklist

32/33

F 155-03

2012-01-19 SANAS Page 32 of 33


COMMENT BY ASSESSOR

10.3.5.2 Review inputsDoes the input to management review includeinformation related to:

a) results of internal and external audits?b) feedback from clients and interested parties

related to the fulfilment of this International

Standard?c) feedback from the committee for

safeguarding impartiality?d) status of preventive and corrective actions?e) follow-up actions from previous management

reviews?f) fulfilment of objectives?g) changes that could affect the management

system? andh) appeals and complaints?

10.3.5.3 Review outputsDo the outputs from the management review includedecisions and actions related to:

a) improvement of the effectiveness of themanagement system and its processes?

b) improvement of the certification servicesrelated to the fulfilment of this InternationalStandard? and

c) resource needs?

10.3.6 Internal Audits

10.3.6.1 Does the CB establish procedures forinternal audits to verify that it fulfils therequirements of this International

Standard and that the managementsystem is effectively implemented andmaintained? See Note

10.3.6.2 Is an audit programme planned, takinginto consideration the importance of theprocesses and areas to be audited aswell as the results of previous audits?

10.3.6.3 Are internal audits performed at leastonce every 12 months?

10.3.6.4 Does the CB ensure that:

a) internal audits are conducted by qualifiedpersonnel knowledgeable in certification,auditing and the requirements of thisInternational Standard?

b) auditors shall not audit their own work?c) personnel responsible for the area

audited are informed of the outcome ofthe audit?

d) any actions resulting from internal auditsare taken in a timely and appropriatemanner? and

e) any opportunities for improvement areidentified?

8/10/2019 240531703-ISo-17021-2011-Checklist

33/33

F 155-03


COMMENT BY ASSESSOR

10.3.7 Corrective Actions

Does the CB establish procedures for identificationand management of non-conformities in itsoperations?Does the CB also, where necessary, take actions toeliminate the causes of non-conformities in order toprevent recurrence?Are corrective actions appropriate to the impact ofthe problems encountered?Do the procedures define requirements for:

a) identifying non-conformities (e g. fromcomplaints and internal audits)?

b) determining the causes of non-conformity?

c) correcting non-conformities?d) evaluating the need for actions to ensure

that non-conformities do not recur?e) determining and implementing in a timely

manner, the actions needed?f) recording the results of actions taken?

andg) reviewing the effectiveness of corrective

actions?

10.3.8 Preventive Actions

Does the CB establish procedures for takingpreventive actions to eliminate the causes ofpotential non-conformities?Are preventive actions taken appropriate to theprobable impact of the potential problems?Do the procedures for preventive actions define

requirements for:a) identifying potential non-conformities and

their causes?b) evaluating the need for action to prevent

the occurrence of non-conformities?c) determining and implementing the action

needed?d) recording the results of actions taken?

ande) reviewing the effectiveness of the

preventive actions taken.?See Note.

Signed :Lead

Assessor/

A

Date

240531703-ISo-17021-2011-Checklist

Documents

Transcript of 240531703-ISo-17021-2011-Checklist