Presentación para IAAC por Mario Llerenas 14, Junio, 2011 ISO/IEC 17021:2011 Presentación para IAAC por Mario Llerenas 14, Junio, 2011 This is a train-the-trainer program developed by Randy Dougherty, one of the co-conveners of WG 21, which was reviewed and includes input by other members of WG21. This presentation is an overview of the standard and changes, as well as additional information about accreditation . Another presentation addresses the changes related to the audit process, and a third presentation addresses the changes related to competence.

ISO/IEC 17021 Desarrollado por ISO/CASCO Working Group 21 Co-coordinadores Alister Dalrymple, France-AFNOR AFAQ, un organismo de certificación en sistemas de gestión Randy Dougherty, US-ANSI ANAB, un organismo de acreditación para organismos de certificación en sistemas de gestión Nota: CASCO es el “Conformity Assessment Committee” When this project was initiated, the convener of WG21 was Lars Waldner of Swedac, appointed by the then chair of CASCO chair, John McDonald. When Lars was unable to continue as convener, CASCO chair Mario Wittner appointed Dalrymple and Dougherty as co-conveners. This was the first time a CASCO WG had co-conveners. This has been a successful team effort lead by individuals working for CBs and ABs. The standard was completed under the leadership of Mario Wittner as the CASCO chair. Graeme Drake, then Peter Dennehy, served as secretary of CASCO during the period of development of this standard when the Dalrymple and Dougherty were co-conveners. Discussions about part 2 were initiated under Wittner and Drake, but concluded under the leadership of Olivier Peyrat as CASCO Chair and Sean MacCurtain as CASCO Secretary.

ISO/IEC 17021 Intención del WG21 para 17021 Reemplazar las Guías 62 y 66 Ser aplicable a cualquier sistema de gestión Incorporar los lineamientos de IAF Incorporar las últimas tecnologías Ser consistente con los elementos comunes (WG23) Base en los Principios del desempeño de los requerimientos (donde sea posible) The original intent was to simply replace Guides 62 and 66 while also incorporating applicable IAF guidance. This was soon expanded to make it applicable to any MS standard. CB associations influenced the additional intent to incorporate latest technology, and to have principles-based requirements. WG21 developed 17021 during the same period that WG23 was developing the common elements, so work by WG21 influenced the work of WG23, and the work or WG23 influenced the work of WG 21, for the sections dealing with impartiality, complaints and appeals, confidentiality, and management systems.

ISO/IEC 17021:2006 ISO/IEC 17021:2006 Evaluación de la Conformidad – Requisitos para los organismos que realizan la auditoría y la certificación de sistemas de gestión. Publicado 15 Septiembre 2006 The standard was published in September 2006 as ISO/IEC 17021:20XX entitled Conformity assessment—Requirements for bodies providing audit and certification of management systems

ISO/IEC 17021 Parte 2 Reemplazar las referencias a los lineamientos del ISO 19011 con requisitos aplicables a cualquier auditoría de tercera parte de un sistema de gestión. Procesos de Auditoría Gestión de la competencia por el CB, incluyendo la competencia de los equipos de auditoría Formato para requisitos específicos que pueden ser aplicados a otros Comités Técnicos de ISO TC 176 para ISO 9001, TC 207 para ISO 14001, TC 34 para ISO 22000, etc. The primary goal is to replace in 17021 any reference to ISO 19011. The secondary goal is to improve the understanding, and management, of competence.

ISO/IEC 17021 Parte 2 Requisitos Generales para Auditorías de 3a Parte y Gestión de Competencia (basados en 19011) ISO/IEC 17021 Parte 2 Esquema para Desarrollar Requisitos Específicos para Auditorías de 3a Parte y Gestión de Competencia QMS Competent Body, e.g. ISO/TC176 EMS Competent Body, e.g. ISO/TC207 FSMS Competent Body, e.g. ISO/TC34 ISMS Competent Body e.g. ISO/TC178 xMS Competent Body This graphic was include in the NWIP for CASCO, and explains in graphic the scope of the NWIP. WG21 will be developing requirements generic to any management system----and not any requirements specific to specific management systems. In other words, WG21 will not specify QMS o rEMS specific requirements. However, it plans to develop a framework for others to add the specific requirements. The best current example is 22003, which adds specific requirements for food safety management systems under ISO 22000: for scoping, competence, audit duration and multi-site sampling. QMS Requisitos de Competencia Específicos EMS Requisitos de Competencia Específicos FSMS Requisitos de Competencia Específicos ISMS Requisitos de Competencia Específicos xMS Requisitos de Competencia Específicos Desarrollados por un organismos de competencias usando el esquema 17021 Part e2, en consulta con CASCO, y publicados como documentos independientes del sector Incluidos en 17021 Parte 2, desarrollados por WG 21 con información de organismos de competencias

ISO/IEC 17021 Parte 2 WG 21 reuniones para la Parte 2: Diciembre 2006, Febrero y Junio 2007: WD1 Octubre 2007: WD2 Enero 2008: DC1 para comentarios de cinco-meses Octubre 2008: CD2 comentarios de votación Abril y Junio 2009: DIS1 votación Junio 2010: FDIS Febrero 2011: Publicación como ISO/IEC 17021:2011 The development of part 2 was approved in September 2006, the same month that ISO/IEC 17021:2006 was published, and the entire process for developing part 2 took about 4.5 years.

ISO/IEC 17021:2011 ISO/IEC 17021:2011 Evaluación de la Conformidad—Requisitos para los organismos que realizan la auditoría y la certificación de sistemas de gestión Publicado 1 Febrero 2011 The standard was published in 1 Febuary 2011 as ISO/IEC 17021:2011 with the same title, Conformity assessment—Requirements for bodies providing audit and certification of management systems

ISO/IEC 17021:2011 Como se decidió por ISO/CASCO antes de la votación, habrá una revisión sistemática del documento completo 12 meses después de su publicación It was decided that all other comments received about other requirements in the 2006 first edition will be held over and considered during the systematic review, which will begin in early 2012. So far Dalrymple and Dougherty have agreed to stay on as co-conveners of WG21 for the systematic review.

ISO/IEC 17021:2011 Contenido 1 Alcance 2 Referencias Normativas 3 Términos y definiciones 4 Principios 5 Requisitos Generales 6 Requisitos relativos a la Estructura 7 Requisitos relativos a los Recursos 8 Requisitos relativos a la Información 9 Requisitos relativos a los Procesos 10 Requisitos relativos al Sistema de Gestión de los Organismos de Certificación There were no changes to the 10 sections of the standard. However, of the 10 sections, 6 sections had changes. Some, such as Sections 2, 4 and 10, simply has some deletions. So the three sections with significant changes were Section 3 in which definitions had to be added, Section 7 of course to address competence requirements, and Section 9 for the audit processes adding detail that in the past was by reference to ISO 19011.

ISO/IEC 17021:2011 Contenido Anexo A (normativo) Conocimientos y Habilidades requeridos Anexo B (informativo) Métodos posibles de evaluación Anexo C (informativo) Ejemplo de un diagrama del proceso para determinar y mantener las competencias Anexo D (informativo) Comportamientos personales deseados Anexo E (informativo) Auditoría de tercera parte y proceso de certificación Anexo F (informativo) Elementos a considerar para el programa, alcance o plan de auditoría Bibliografía The new standard has 6 annexes: one normative and five informative. The one normative annex and 3 of the 5 informative annexes (A, B, C, and D) all relate to the competence and performance of CB personnel. The other 2 informative annexes, E and F) related to the audit and certification processes.

Cambios Se eliminan todas las referencias normativas al ISO 19011 Sección 2 Referencias Normativas Referencia y nota Sección 7 7.2.5, 7.2.11 Sección 9 9.1.2, 9.1.3, 9.1.9, 9.1.10 Sección 10 10.2.5 There is one remaining reference to ISO 19011, in addition to the Bibliography, which is the note to 10.3.6.1, the requirement for the CB to conduct internal audits, but being in a note it is not a normative reference.

Cambios Se reemplazan la mayoría de las referencias normaticas al ISO 19011 con requisitos específicos relacionados con la competencia y auditorías de certificación de tercera parte

Cambios Sección 3 Términos y definiciones Agrega 7 nuevas definiciones 3.4 auditoría de certificación de tercera parte 3.5 cliente 3.6 auditor 3.7 competencia 3.8 guía 3.9 observador 3.10 área técnica Many of the new definitions were necessary because we deleted reference to ISO 19011. However, we also had to define a third party certification audit because some members of ISO/TC176 (which is responsible for revising ISO 19011) feel that there are other kinds of third party audits. We also decided on a different definition of competence, deleting the word ‘demonstrated ‘ from the definition. Competence still has to be demonstrated , but this is state in requirements in section 7. We also defined ‘technical area’ and further elaborated with specific examples as notes in section 7.

Cambios Sección 4 Principios Se editó el 4.3 para eliminar un párrafo que no era consistente con la nueva definición de competencia (3.7)

Cambios Sección 7 Requisitos relativos a los Recursos Se agregan 2 nuevos requisitos 7.1.2 Determinación de los criterios de competencia, con referencia al Anexo A el cual es normativo 7.1.3 Procesos de Evaluación, con referencia al Anexo B el cual es informativo Revisión del 7.2.4 Eliminación de “atributos personales aplicables” Se agrega una nota haciendo referencia al comportamiento deseado del personal en el Anexo D el cual es informativo There are only two new clauses added to Section 7 and a very slight revision to another clause, but the changes are quite significant. It takes our industry a few steps further down the road toward competence and away from qualifications. We are now focused on knowledge and skills, having remove personal attributes from the definition. The new requirements are process focused: determine and document competence criteria then evaluate personnel for conformance to the documented criteria.

Cambios Sección 9 Requisitos relativos a los Procesos 9.1 Requisitos Generales 9.2 Auditoría Inicial y Certificación 9.3 Actividades de Vigilancia 9.4 Renovación de la Certificación 9.5 Auditorías Especiales 9.6 Suspender, Retirar o Reducir el alcance de la Certificación 9.7 Apelaciones 9.8 Quejas 9.9 Registros relativos a solicitantes y clientes Considering that ISO 19011 was focused on QMS and EMS management system audits, it makes sense that most of the changes are in Section 9, the audit and certification process requirements of the standard. And nearly all of the changes are an expansion of the general requirements in 9.1. There is only one slight change to the initial audit and certification process.

Cambios 9.2 initial audit and certification 9.1 Requisitos Generales 9.1.1 Programa de Auditoría 9.1.2 Plan de Auditoría 9.1.3 Selección del equipo auditor y asignación de tareas 9.1.4 Determinación del tiempo de auditoría 9.1.5 Muestreo Multi-sitio 9.1.6 Comunicación de las tareas del equipo auditor 9.1.7 Comunicación relativa a los miembros del equipo auditor 9.1.8 Comunicación del plan de auditoría 9.1.9 Realización de auditorías in-situ 9.1.10 Informe de Auditoría 9.1.11 Análisis de las causas de las no conformidades 9.1.12 Eficacia de las correcciones y acciones correctivas 9.1.13 Auditorías adicionales 9.1.14 Decisión de certificación 9.1.15 Acciones previas a la toma de decisión 9.2 initial audit and certification This is a list of the 15 general requirements of section 9.1 of ISO/IEC 17021:2006 except that each clause now has a title. With the exception of the title, the subject is the same. However, there are significant additions for each of the clauses shown in color to add in additional requirements based on what was in ISO 19011. And of these, 9.1.9 has been expanded the most. The other clauses have no changes or very minor changes. 9.1.1 1 new requirement 9.1.2 6 new requirements 9.1.3 4 new requirements 9.1.4 1 new requirement 9.1.9 16 new requirements 9.1.10 1 new requirement-content of report 9.1.11 1 new requirement-records of verification of effectiveness

Cambios 9.2 Auditoría inicial y certificación Se agrega 1 nuevo requisito 9.2.2.2 documentar las razones para rechazar una solicitud

Transición Un grupo de trabajo del Comité Técnico de IAF recomendó el período de transición de 24 meses después de la publicación, lo cual fué aprobado por el IAF TC, IAF General Assembly, y IAF-ILAC-ISO Joint Working Group Joint IAF-ISO Communiqué Fecha límite para la transición:1 de Febrero del 2013 As most of you may note, the length of the transition period, 24 months, is the same as we had when we first published ISO/IEC 17021:2006. Many CBs are already close to conformance with this revision. But we expect that some CBs (and perhaps some ABs) will struggle to truly understand competence as compared to qualifications. NOTE THAT THE DEADLINE FOR CONFORMANCE IS 24 MONTHS AFTER PUBLICATION.

Transición IAF ID2:2011Information on the Transition of Management System Accreditation to ISO/IEC 17021:2011 from ISO/IEC 17021:2006 Publicado el 1 de Febrero 2011 Roger Bennett who lead the IAF TC TF that developed the IAF guidance on the transition to the 2006 standard also lead the TF that has developed the informative document on the transition to the 2011 standard. The document is informative which means CBs and ABs are not required to follow it.

ISO/IEC 17021:2006 Transición Suspensiones y Retiros Globales 19 de 52 Organismos de Acreditación miembros de IAF suspendieron o retiraron la acreditación de 68 Certificadores UKAS (12) RENAR (8) CAI (7) EMA (6) ENAC (5) ANAB, SINCERT, SAS (4 c/u) NAT, RVA (3 c/u) OAA, COFRAC, IPAC (2 c/u) CGRE/INMETRO, JAS-ANZ, BAS ESYD, INAB, LA (1 c/u) Many have asked if ISO/IEC 17021:2006 made any difference. These were results of the transition to the 2006 standard, as reported to IAF in October 2008. You can see that not all CBs made the transition. What about the transition from ISO/IEC 17021:2006 to ISO/IEC 17021:2011? Will it make a difference? Many certification bodies will need to re-visit their report formats and include more free text areas where the auditor indicates how audit objectives were evaluated and confirmed. Auditors will require further training in  the process approach to auditing (even after all this time), but better audit plans should help. Auditors will be expected to understand the client processes better in order to effectively audit the system to ensure it meets/delivers against customer/contractual requirements, regulatory and statutory requirements. Audit reports should indicate/justify why the audit team are confident to recommend certification, Accreditation bodies will need to review and challenge audit reports more critically to ascertain if the  information confirms all the audit objectives were met and sufficient information is available an informed decision. Accreditation bodies will need to witness more critically to confirm the audit evaluates effectiveness.   This said, we do not anticipate similar drop out due to the 2011 standard.

Competencia de auditores de OCs IAAR-ANAB planean identificar y aprobar “áreas técnicas” y cómo aplicarlas a QMS, EMS y OHSMS para cumplir con los nuevos requisitos de competencia del ISO/IEC 17021 parte 2 www.anab.org Recognizing that identification of ‘technical areas’ will be one of the more significant challenges, ANAB is working with the IAAR to document key processes related to the products or services identified for the NACE 2 revision of codes, then to document the significant environmental aspects and impacts associated with those processes, and the worker health and safety risks. Our plan it is to make this compendium of information publicly available.

Evaluación de la competencia de un OC El grupo de trabajo del Comité Técnico de IAF harmonizará las evaluaciones de los Acreditadores en la competencia de los Ocs, de acuerdo al ISO/IEC 17021:2011 Trevor Nash is leading an IAF TC TF to develop an IAF document on how ABs assess CBs to the competence requirements of the 2011 standard. The goal is to have consistent application by all ABs.

Competencia del auditor Program conjunto por RABQSA / IRCA con base en ISO/IEC 17021:2011 Plan para ofrecer certificación de auditores con base en la competencia para áreas técnicas específicas. Las herramientas estarán disponibles para los Organismos de Acreditación y de Certificación RABQSA and IRCA are working together to try to develop processes and services related to auditor competence. Their plans included evaluating competence for specific technical areas. Their processes and services will lead to a competence based auditor certification program, but they are planning to make some of the processes available to CBs (and ABs) that may help the CBs and ABs manage competence without necessarily having their auditor s and assessors certified.

Como resolver dudas CASCO para hacer preguntas CASCO para una interpretación Sean MacCurtain (maccurtain@iso.org) IAF referente a la aplicación Norbert Borzek (norbert.borzek@dakks.de) Questions will arise about a requirement in the standard. Even though the standard was written to be unambiguous, on occasion two individuals will have a different understanding of what is stated, or sometimes upon translation into other languages the requirement may not be as clear. So how do you obtain clarification? The first step would be to contact the CASCO Secretary, probably by email. If Sean cannot answer the question directly, he will send it to the co-conveners, Alister and Randy. Although the response to a question will not be ‘official’, it will come from knowledgeable sources. If there is a question about what the words actually mean, there may be a need for an interpretation. CASCO has a documented process for making interpretations. This process takes about 3 months. Note, however, that the interpretations have no legal status in that no party is obliged to accept or use an interpretation until a standard is revised to take on such wording. If the question is about how the requirement is to be applied by a CB, the question can be put to the IAF Technical Committee for its decision. This is be means of a discussion paper to the IAF TC. This can be initiated by contacting the IAF TC Chair, Norbert Borzek of Dakks, who will send a form to be completed to initiate a discussion paper. Discussion papers are considered twice a year.