ISO/IEC 17011: 2004
© Social Accountability Accreditation Services, June 2010
1
Social Accountability Accreditation Services
Mission: SAAS supports social responsibility by ensuring the implementation of credible social standards designed to protect people and their communities. SAAS evaluates and accredits auditing organizations to assure they are qualified to hold their clients accountable to such social standards.
2
Accreditation � Accreditation is the process by which formal recognition of competence is given to qualified organizations, known as Certification Bodies (CBs). � CBs are then granted the ability to perform certifications. � Certification of compliance to SA8000 and other verification codes within the SAAS scope of accreditation is available only through qualified CBs granted accreditation by SAAS. � Accreditation is necessary to assure stakeholders that the CBs are able to consistently, reliably and effectively perform certification audits and that these audits are carried out in a professional manner. � The accreditation process by SAAS includes documentation review, site audits and observation of auditors in the field. 3
ISO/IEC 17011:2004
Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies.
4
ISO/IEC 17011 A system to accredit CB conformity assessment services should provide confidence in the CBs competency and ability to perform their tasks. Accreditation bodies provide impartial verification of that competence – such verification is done by accreditation bodies that are impartial in relation to both the CBs and their clients.
5
SAAS Normative Requirements • SAAS maintains a set of Procedures and Policies, revised between 2007 and 2008, that it follows in conducting accreditation work: � SAAS Procedure 200 sets out the certification process requirements for Certification Bodies (CBs) undertaking the assessments of organizations against the SA8000 standard. � SAAS Procedure 201 sets out the internal policies SAAS must follow in granting and maintaining accreditation of a CB by SAAS. � SAAS Procedure 203 contains the qualifications and training requirements for accreditation auditors and SAAS staff. � SAAS has also developed a set of Work Instructions that accreditation auditors must follow in undertaking document reviews, on-site office and witness audits, and review of corrective actions. � These policies are all written and maintained within the requirements of ISO 17011:2004. 6
SAAS Normative Requirements • In addition, SAAS requires implementation of several ISO documents: � SAAS maintains procedures and policies in compliance with ISO/IEC 17011:2004, the international standard for accreditation bodies accrediting certification bodies. � SAAS requires implementation of ISO/IEC 17021:2006 by all accredited CBs. 17021 is the international standard setting out requirements for bodies providing audit and certification of management systems.
7
ISO/IEC 17011 ISO 17011 specifies the general requirements for accreditation bodies. Audit and evaluation mechanisms against ISO 17011 provides assurance that accreditation bodies are operating in accordance with the standard. SAAS conducts internal audits and management review sessions, as well as undertaking external verification audits to ensure continued compliance with ISO 17011 requirements. 8
Accreditation and Certification Process
9
What is ISO/IEC? What ISO's name means Because "International Organization for Standardization" would have different abbreviations in different languages ("IOS" in English, "OIN" in French for Organisation internationale de normalisation), it was decided at the outset to use a word derived from the Greek isos, meaning "equal". Therefore, whatever the country, whatever the language, the short form of the organization's name is always ISO.
What is ISO/IEC?
What IEC means IEC = International Electrotechnical Commission The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes international standards for all electrical, electronic and related technologies.
How is an ISO standard developed? ISO Standards are developed by international technical committees. DIS = technical committee meets to discuss, debate and argue until they reach consensus on a draft agreement, it is circulated and ISO Members vote FDIS = If the voting is in favor, the document, with modifications, is circulated to the ISO members vote again Standard = If that vote is positive, the document is then published as an International Standard
Accreditation Hierarchy Requirement Documents
SAAS
ISO/IEC 17011 and SAAS Procedure 201
Certification Body
ISO/IEC 17021 and SAAS Procedure 200
Client
Standard
13
ISO/IEC 17011 Structure
Eight Sections: • 1 Scope • 2 Normative references • 3 Terms and definitions
14
ISO/IEC 17011 Structure
Eight Sections – 5 Normative: •4 Accreditation Body •5 Management •6 Human Resources •7 Accreditation Process •8 Responsibilities of the AB and CB
15
ISO/IEC 17011 Content
Section 1 – Scope: •Specifies general requirements for ABs accrediting CBs. •CBs may be accredited for: • Testing • Inspection services • Management system certification • Personnel certification • Product certification • Calibration.
16
ISO/IEC 17011 Content
Section 2 - Normative references: •ISO 9000:2000, Quality management systems — Fundamentals and vocabulary •ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
17
ISO/IEC 17011 Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply. • 3.1: accreditation – third party attestation related to a CB conveying formal demonstration of competence. •3.2: accreditation body – body that performs accreditation. •3.3: logo – logo used by AB. •3.4: accred certificates – document stating accreditation has been granted, within a scope. •3.5: accred symbol – symbol used to indicate accred status. •3.6: appeal – request for reconsideration of 18 adverse decision.
ISO/IEC 17011 Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply. •3.7: assessment – process undertaken to assess the competence of a CB based on a normative document. •3.8: assessor – person assigned by the AB as part of the assessment team. •3.9: complaint – expression of dissatisfaction, other than an appeal, to an AB relating to the activities of the AB or accredited CB. •3.10: conformity assessment body – body that performs conformity assessment services, can be object of accreditation. 19
ISO/IEC 17011 Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply. •3.11: consultancy – participation in activities of a CB subject to accreditation. •3.12: expert – person assigned by AB to provide specific knowledge. •3.13: extending accreditation – enlarging the scope of accreditation. •3.14: interested parties – parties with direct or indirect interest in accreditation. •3.15: lead assessor – overall responsibility for assessment activities. •3.16: reducing accreditation – cancelling partial 20 scope of accreditation.
ISO/IEC 17011 Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply. •3.17: scope of accreditation – specific conformity assessment services for which accreditation is sought. •3.18: surveillance – set of activities to monitor continued fulfillment of requirements. •3.19: suspending accreditation – temporarily making accreditation invalid. •3.20: withdrawing accreditation – cancelling accreditation in full. •3.21: witnessing – observing CB carrying out assessment services. 21
ISO/IEC 17011 Content
Section 4 – Accreditation Body: Clause 4 describes the principles on which credible accreditation is based. These principles include the structure, legal responsibility, confidentiality and liability for accreditation activity.
22
ISO/IEC 17011 Content
Section 4 – General: Principles for inspiring confidence include 4.1 legal responsibility, 4.2 structure, 4.3 impartiality 4.4 confidentiality, 4.5 liability and financing, and 4.6 accreditation activity.
23
4.1 Legal Responsibility
The accreditation body must be a registered legal entity.
24
4.2 Structure
•The structure of the AB must give confidence in its accreditations. •The AB retains authority and responsibility for accreditation decisions. •The AB has to have a description of its legal status, names of owners, etc. •The AB must have documentation of duties, structure, responsibilities, authorities of personnel and management. •The AB shall have access to technical experts. 25
4.3 Impartiality •The AB shall safeguard objectivity and impartiality of its activities. •AB policies must be non-discriminatory and be administered in a non-discriminatory way. •The AB services shall be accessible to all applicants. •All personnel and committees shall act objectively and free from undue pressures. •Decisions on accreditation shall be taken by competent persons or committees different from the assessment team. •The AB shall not provide consultancy or auditing services that might affect impartiality. 26
4.4 Confidentiality
•The AB must have adequate arrangements to ensure confidentiality of the information obtained through accreditation activities. •This includes committees, external bodies, individuals acting on behalf of the AB, etc. •Confidential information shall not be disclosed without written consent of the CB.
27
4.5 Liability and Financing
•The AB shall have arrangements to cover liabilities arising from its activities. •The AB shall have resources for operation of activities and descriptions of sources of income.
28
4.6 Accreditation activity
•The AB shall describe its activities. •The AB may adopt guidance documents and such documents must be formulated by competent committees/persons. •The AB shall have procedures for extending activities and to meet the demands of interested parties.
29
ISO/IEC 17011 Content
Section 5 – Management: Principles for inspiring confidence include 5.1 General, 5.2 Management System, 5.3 Document Control, 5.4 Records, 5.5 Nonconformities, 5.6 Preventive Actions, 5.7 Internal Audits, 5.8 Management Reviews, and 5.9 Complaints. 30
5.0 Management of the AB The AB shall establish and maintain an effective management system. Such procedures include systems for: •Policies and objectives, including a quality policy. •Document control for approval, review, updating. •Records maintenance including IDing, collecting, storing records. •Identification of nonconformities and corrective actions, including rot cause analysis, action plans and review. •Identification of opportunities for improvement. •Conduct of annual internal audits. •Establishment of management reviews for review of audits, activities, feedback, trends and CAs. •Complaints management and response.
31
ISO/IEC 17011 Content
Section 6 – Human Resources: 6.1 6.2 6.3 6.4
Personnel Associated with AB, Personnel involved in accreditation, Monitoring, Personnel Records
32
6.0 Human Resources •The AB shall have a sufficient number of competent personnel to perform necessary work. •These personnel must have appropriate education, training, technical knowledge, skills and experience. •The AB must have access to sufficient assessors to cover activities. •Personnel shall commit themselves by signature to comply with the rules defined by AB. •The AB shall set out required qualifications, experience, and training required.
33
6.0 Human Resources •The AB shall ensure that assessors and experts: • Are familiar with procedures, criteria and other requirements. • Have undergone training. • Have knowledge of assessment methods. • Are able to communicate effectively.
•The AB shall ensure satisfactory performance of the accreditation process through procedures and monitoring of personnel performance. •The AB shall maintain records of qualifications, training and experience of personnel. 34
ISO/IEC 17011 Content
Section 7 – Accreditation Process: This section provides general information on the process of accreditation including the application, audit, findings, and decision making.
35
7.0 Accreditation Process
•The AB shall use normative documents and references throughout it process. •The AB will make information publicly available describing its accreditation process, fees, complaints process, rights and obligations of CBs, rights and duties and information about its financial support.
36
7.2 Application Process •The CB must submit a formal application to the AB. •The application must include: • General features of the CB. • General information about the CB. • Requested scope of accreditation. • Agreement to fulfill the requirements. • Description of services the CB undertakes. • A copy of the CB quality manual.
37
7.0 Resources and Subcontracting •The AB shall review its ability to carry out the assessment of the applicant re: competence and availability of assessors. •The AB may subcontract assessment activities but must take full responsibility for all assessment and decision-making.
38
7.5 Preparation •The AB shall formally appoint the assessment team. •The team shall have appropriate knowledge to conduct the audit. •The AB shall ensure the team is impartial. •The AB will notify the CB of the audit team and provide sufficient time in case there is an objection. •The initial assessment will include a visit to the CB head office and others where key activities are performed. •The audit team will have access to the appropriate criteria and documents. 39
7.0 Document and On-Site Assessment •The assessment team shall review all relevant documents and records. •The AB may decide not to proceed with the on-site assessment if NCs are identified. •The on-site assessment will have an opening meeting where criteria are clearly defined. •The assessment will be conducted at the premises of the CB where key activities are performed, to gather objective evidence that the CB is competent. •The assessment team will witness the performance of CB staff to provide assurance of the competence of the CB. 40
7.8 Analysis and Report •The assessment team shall analyze all relevant information and evidence from the document and record review and on-site assessment. •The reporting procedures shall ensure that: • A closing meeting occurs. • A written report is promptly given to the CB. • The CB be invited to respond to the report. •The AB shall remain responsible for the report and content. •The AB shall ensure the CB’s NC responses are sufficient and effective. 41
7.8 Analysis and Report •Information provided to the decision makers shall include: • ID of the CB • Dates of the assessment • Names of the assessors • Proposed scope • Assessment report • Statement on the adequacy of the organization • Information on resolution of NCs
42
7.9 Decision Making •The AB shall, without undue delay, make the decision on accreditation on the basis of the evaluation information. •The accreditation certificate to the CB shall identify: • The ID and logo of the AB • Unique ID of the CB • Location of the key activities of the CB • Effective and expiration date of the accreditation • Scope of accreditation • Reference to normative document. 43
7.0 Appeals, Reassessment and Surveillance •The AB shall have procedures to address appeals. •The AB shall have procedures for carrying out surveillances and reassessments. •Between surveillances and reassessments shall include representative samples of the scope of accreditation. •The AB shall have strict time limits for NCs identified during surveillances or reassessments. •The AB shall develop procedures for suspension, withdrawal and reduction of scope •The AB shall maintain records on CBs and ensure their confidentiality. 44
ISO/IEC 17011 Content
Section 8 – Responsibilities and Obligations of the AB and CB
45
8.0 Responsibilities and Obligations •The CB shall commit to fulfill the requirements set out. •The CB shall afford accommodation and cooperation to enable fulfillment and monitoring by the AB. •The CB shall notify the AB of significant changes within its organization. •The AB shall make information publicly available about the status of its accreditations. •The AB shall have a policy governing the use of its accreditation symbol and monitor its use.
46
