ISO/IEC 17021:2006, Conformity assessment – Requirements for bodies providing audit and certification of management systems, places rigorous requirements for competence and impartiality on the bodies that offer audit and certification to standards like ISO 9001:2000 (quality management) and ISO 14001:2004 (environmental management).

The new standard has a huge potential impact since according to the latest figures, some 888 000 organizations in 161 countries are independently certified to ISO 9001:2000 and/or ISO 14001:2004.

ISO/IEC 17021:2006 is compatible with a further expansion of management system certification. It has been designed as the single source of internationally harmonized requirements for certification bodies and their activities not only in relation to ISO 9001:2000 and ISO 14001:2004, but also to new management standards for food safety (ISO 22000), information security (ISO/IEC 27001:2005) and supply chain security (ISO/PAS 28000:2005), as well as to any others that may be developed.

Alister Dalrymple, co-convenor of the group of experts that developed the standard, commented: “ISO/IEC 17021:2006 will be a common basis for any future work within ISO when a need is perceived to have the effective implementation of a management system standard verified by independent (“third party”) audit and certification. Because this will encourage consistent good practice, the standard provides value for the organizations that implement management systems, for the bodies that provide them with certification services and, ultimately, for customers, consumers and regulators of the products and services covered by the management systems.”

Replacing and improving on two ISO/IEC Guides (62 and 66), ISO/IEC 17021:2006 distills an international consensus on the latest in good practice. In addition, it incorporates guidance developed by the International Accreditation Forum (IAF). This is an international association of the accreditation bodies set up in many countries to approve (“accredit”) certification bodies as competent.

Co-convenor Randy Dougherty explained: “Because ISO/IEC 17021:2006 provides the requirements for performing certification to any management system, it becomes the unique requirements document for accrediting bodies that certify any management system. This will help to ensure consistent good practice both by accreditation and by certification bodies, which is good for confidence in these activities and therefore good for international trade.”

ISO/IEC 17021:2006 represents a new model for the standards that make up ISO’s “tool box” for conformity assessment, which is the evaluation of products, services, systems, processes and materials against standards, regulations or other specifications. It innovates in presenting principles of certification, then the performance-based requirements that flow from them. These principles cover impartiality, competence, responsibility, openness, confidentiality and responsiveness to complaints. The standard underlines the need to ensure the competence of all the personnel of the certification body – not just auditors – in the management system certification process.

Requirements for impartiality include the following: demonstration by the top management of certification bodies of the need to avoid conflicts of interest between certification and consultancy, training and internal auditing services; the marketing of certification services, and the subcontracting of audits.

The certification body is required to set up a committee for safeguarding impartiality. The standard envisages that such a committee could include representatives of clients of the certification body, customers of these clients, trade associations, regulatory bodies, governmental and nongovernmental organizations, and consumer associations.

Additionally, the certification body is required to implement a management system to ensure its conformity to ISO/IEC17021:2006.

ISO/IEC 17021:2006, Conformity assessment – Requirements for bodies providing audit and certification of management systems, costs 108 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and ISO Central Secretariat (see below). It was developed by working group WG 21, Management system certification, of ISO/CASCO, Committee on conformity assessment.

Note to Editors:
Certification of conformity is not a requirement of ISO standards, including ISO 9001:2000 and ISO 14001:2004, which can be implemented without certification for the benefits that they help user organizations to achieve for themselves and for their customers. Nevertheless, many thousands of organizations have chosen certification because of the perception that an independent confirmation of conformity adds value.
ISO itself does not perform certification to its standards, does not issue certificates and does not control certification performed independently of ISO by other organizations.
ISO/CASCO, Committee on conformity assessment, develops voluntary standards and guides to encourage good practice and consistency worldwide in accreditation, certification and related activities.