ISO/CASCO - Committee on conformity assessment

This document provides guidance to validation/verification programme owners, validation/verification bodies and interested parties on the development, content and operation of validation/verification programmes. When implemented by validation/verification bodies, this document is intended to be used in conjunction with ISO/IEC 17029 and sector-specific applications of ISO/IEC 17029.

This document provides guidance on the use of remote auditing methods in auditing management systems. It is applicable to all organizations that plan and conduct all kinds of internal or external audits (i.e. first-party, second-party and third-party audits) of management systems. This document supports the general principles of auditing given in ISO 19011:2018 and provides further guidance on specific conditions, possibilities and limitations for implementing remote auditing methods. This document is intended to strengthen confidence in the use of remote auditing methods for auditing management systems among customers, regulators, accreditation bodies, certification bodies, scheme owners, industry, employees, consumers, suppliers and other interested parties. The use of remote auditing methods for auditing management systems is not intended to replace on-site audit methods. Instead, remote auditing methods are intended to serve as a tool to effectively and efficiently conduct the audit. NOTE This document can be used for other types of audits and assessments.

This document specifies general requirements for the competence and impartiality of proficiency testing (PT) providers and consistent operation of all proficiency testing schemes. This document can be used as a basis for specific technical requirements for particular fields of application. Users of proficiency testing schemes, regulatory authorities, organizations and schemes using peer-assessment, accreditation bodies and others can use these requirements in confirming or recognizing the competence of proficiency testing providers.

This document recommends good practices for all elements of conformity assessment, including objects of conformity assessment, specified requirements, activities, bodies, systems, schemes and results. It is intended for use by individuals and bodies that wish to provide, promote or use impartial and reliable conformity assessment services. Providers of conformity assessment can include conformity assessment bodies, accreditation bodies, peer-assessment agreement groups, and organizations providing declarations of conformity. Individuals or organizations that promote or use conformity assessment can include, as appropriate, regulators, trade officials, and owners of conformity assessment systems and schemes.

This document specifies the competence requirements for personnel involved in the audit and certification process for management systems for records (MSR). It complements the existing requirements of ISO/IEC 17021-1. NOTE This document is applicable for auditing and certification of MSR based on ISO 30301. It can also be used for other MSR applications.

This document specifies the competence requirements for personnel involved in the audit and certification process for compliance management systems (CMS). It complements the existing requirements of ISO/IEC 17021‑1.

This document provides general requirements for third-party marks of conformity, including their issue and use. This document is applicable to third-party marks of conformity issued and used in different forms and various media, including digital representation employing electronically stored and displayed marks, machine readable code, blockchain (distributed ledger) or other electronic means. NOTE 1 This document can also be used as guidance in using marks of conformity in activities other than third-party conformity assessment. NOTE 2 Third-party marks of conformity in accordance with this document also include symbols of recognition, such as accreditation symbols. For consistency of terminology, they are referred to as accreditation marks. NOTE 3 Third-party marks of conformity in accordance with this document can include logos (e.g. the sign of a conformity assessment body or trademarks), symbols (e.g. the representation of recognition in an accreditation agreement or the depiction of the applicable programme) or a combination thereof. NOTE 4 Third-party marks of conformity as a graphic representation of demonstrated conformity in accordance with this document can be a combination of multiple marks (e.g. indications of compliance with several sets of specifications, codes for individually fulfilled specifications). NOTE 5 This document does not apply to markings that provide indication of a designation, a code, or a classification only. Furthermore, it does not apply to graphic representations (e.g. of conformity assessment systems or schemes/programmes) or logos (e.g. of an association of accreditation bodies or an association of conformity assessment bodies). NOTE 6 Third-party marks of conformity are based on a conformity assessment scheme that includes the function of surveillance.

This document specifies requirements for competence, consistency and impartiality in the auditing and certification of ISO 50001 energy management systems (EnMS) for bodies providing these services. In order to ensure the effectiveness of EnMS auditing, this document addresses the auditing process, the competence requirements for the personnel involved in the certification process for EnMS, the audit time and multi-site sampling.

This document specifies general terms and definitions relating to conformity assessment (including the accreditation of conformity assessment bodies) and to the use of conformity assessment to facilitate trade. The general principles of conformity assessment and a description of the functional approach to conformity assessment are provided in Annex A. Conformity assessment interacts with other fields such as management systems, metrology, standardization and statistics. The boundaries of conformity assessment are not defined in this document.

This document specifies additional competence requirements for personnel involved in the audit and certification process of collaborative business relationship management systems (CBRMS) and complements the existing requirements of ISO/IEC 17021-1.

This document contains general principles and requirements for the competence, consistent operation and impartiality of bodies performing validation/verification as conformity assessment activities. Bodies operating according to this document can provide validation/verification as a first-party, second-party or third-party activity. Bodies can be validation bodies only, verification bodies only, or provide both activities. This document is applicable to validation/verification bodies in any sector, providing confirmation that claims are either plausible with regards to the intended future use (validation) or truthfully stated (verification). However, results of other conformity assessment activities (e.g. testing, inspection and certification) are not considered to be subject to validation/verification according to this document. Neither are situations where validation/verification activities are performed as steps within another conformity assessment process. This document is applicable to any sector, in conjunction with sector specific programmes that contain requirements for validation/verification processes and procedures. This document can be used as a basis for accreditation by accreditation bodies, peer assessment within peer assessment groups, or other forms of recognition of validation/verification bodies by international or regional organizations, governments, regulatory authorities, programme owners, industry bodies, companies, clients or consumers. NOTE This document contains generic requirements and is neutral with regard to the validation/verification programme in operation. Requirements of the applicable programmes are additional to the requirements of this document.

This document provides guidelines, principles and examples of schemes for the certification of processes.

This document contains principles and requirements for developing and declaring ethical claims and for providing supporting information, where specific standards have not been developed, or to supplement existing standards. This document is intended for use by all types of organizations and is applicable to all types of ethical claims relating to a product, process, service or organization. This document can also be used by those seeking a better understanding of ethical claims and their use. This document can support the development of programmes for aspect-specific and sector-specific ethical claims.

This document specifies additional competence requirements for personnel involved in the audit and certification process of a management system for sustainable development in communities and complements the existing requirements of ISO/IEC 17021‑1.

This document specifies additional competence requirements for personnel involved in the audit and certification process of a facility management (FM) management system and complements the existing requirements of ISO/IEC 17021‑1.

ISO/IEC TS 17021-10:2018 specifies additional competence requirements for personnel involved in the audit and certification process for an occupational health and safety (OH&S) management system and complements the existing requirements of ISO/IEC 17021-1. Three types of personnel and certification functions are defined: · auditors; · personnel reviewing audit reports and making certification decisions; · other personnel.

ISO/IEC 17025:2017 specifies the general requirements for the competence, impartiality and consistent operation of laboratories. ISO/IEC 17025:2017 is applicable to all organizations performing laboratory activities, regardless of the number of personnel. Laboratory customers, regulatory authorities, organizations and schemes using peer-assessment, accreditation bodies, and others use ISO/IEC 17025:2017 in confirming or recognizing the competence of laboratories.

ISO/IEC 17011:2017 specifies requirements for the competence, consistent operation and impartiality of accreditation bodies assessing and accrediting conformity assessment bodies.

ISO/IEC TR 17028:2017 provides guidelines and principles of service certification schemes.

ISO/IEC 17021‑3:2017 specifies additional competence requirements for personnel involved in the audit and certification process for quality management systems (QMS) and complements the existing requirements of ISO/IEC 17021‑1.

ISO/IEC 17021‑2:2016 specifies additional competence requirements for personnel involved in the audit and certification process for environmental management systems (EMS) and complements the existing requirements of ISO/IEC 17021‑1.

ISO 17034:2016 specifies general requirements for the competence and consistent operation of reference material producers. ISO 17034:2016 sets out the requirements in accordance with which reference materials are produced. It is intended to be used as part of the general quality assurance procedures of the reference material producer. ISO 17034:2016 covers the production of all reference materials, including certified reference materials.

ISO/IEC TS 17021-9:2016 complements the existing requirements of ISO/IEC 17021‑1. It includes specific competence requirements for personnel involved in the certification process for anti-bribery management systems (ABMS).

ISO/IEC 17021-1:2015 contains principles and requirements for the competence, consistency and impartiality of bodies providing audit and certification of all types of management systems. Certification bodies operating to ISO/IEC 17021-1:2015 do not need to offer all types of management system certification. Certification of management systems is a third-party conformity assessment activity and bodies performing this activity are therefore third-party conformity assessment bodies.

ISO/IEC TR 17026:2015 provides an example of a type 5 product certification scheme for tangible products as described in ISO/IEC 17067.

ISO/IEC TS 17021-6:2014 complements the existing requirements of ISO/IEC 17021:2011. It includes specific competence requirements for personnel involved in the certification process for business continuity management systems (BCMS).

ISO/IEC TS 17021-7:2014 complements the existing requirements of ISO/IEC 17021:2011. It includes specific competence requirements for personnel involved in the certification process for road traffic safety (RTS) management systems.

ISO/IEC TS 17021-5:2014 complements the existing requirements of ISO/IEC 17021:2011. It specifies additional competence requirements for personnel involved in the certification process for asset management systems.

ISO/IEC TS 17027:2014 specifies terms and definitions related to the competence of persons used in the field of certification of persons, in order to establish a common vocabulary. These terms and definitions can also be used as applicable in other documents specifying competence of persons, such as regulations, standards, certification schemes, research, training, licensing and registration.

ISO/IEC TS 17021-4:2013 complements the existing requirements of ISO/IEC 17021:2011. It specifies additional competence requirements for personnel involved in the audit and certification process for event sustainability management systems (ESMS).

ISO/IEC 17067:2013 describes the fundamentals of product certification and provides guidelines for understanding, developing, operating or maintaining certification schemes for products, processes and services. ISO/IEC 17067:2013 is intended for use by all with an interest in product certification, and especially by certification scheme owners.

ISO/IEC 17023:2013 provides guidelines for determining the duration of management system certification audits, to the bodies providing audit and certification of management systems and to those that develop and maintain certification schemes.

ISO/IEC 17024:2012 contains principles and requirements for a body certifying persons against specific requirements, and includes the development and maintenance of a certification scheme for persons.

ISO/IEC 17020:2012 specifies requirements for the competence of bodies performing inspection and for the impartiality and consistency of their inspection activities. It applies to inspection bodies of type A, B or C, as defined in ISO/IEC 17020:2012, and it applies to any stage of inspection.

ISO/IEC 17007:2009 provides principles and guidance for developing normative documents that contain: specified requirements for objects of conformity assessment to fulfil; specified requirements for conformity assessment systems that can be employed when demonstrating whether an object of conformity assessment fulfils specified requirements. ISO/IEC 17007:2009 is intended for use by standards developers not applying the ISO/IEC Directives, industry associations and consortia, purchasers, regulators, consumers and non-government groups, accreditation bodies, conformity assessment bodies, conformity assessment scheme owners, and other interested parties, such as insurance organizations.

ISO/IEC 17040:2005 specifies the general requirements for the peer assessment process to be carried out by agreement groups of accreditation bodies or conformity assessment bodies. It addresses the structure and operation of the agreement group only insofar as they relate to the peer assessment process. ISO/IEC 17040:2005 is not concerned with the wider issues of the arrangements for the formation, organization and management of the agreement group, and does not cover how the group will use peer assessment in deciding membership of the group. Such matters, which could for example include a procedure for applicants to appeal against decisions of the agreement group, are outside the scope of ISO/IEC 17040:2005. ISO/IEC 17040:2005 is applicable to peer assessment of conformity assessment bodies performing activities such as testing, product certification, inspection, management system certification (sometimes also called registration), and personnel certification. More than one type of activity can be included in a peer assessment process. This can be considered particularly appropriate when the body under assessment conducts combined assessments of multiple conformity assessment activities. ISO/IEC 17040:2005 is also applicable to peer assessment amongst accreditation bodies, which is also known as peer evaluation.

ISO/IEC 17050-1:2004 specifies general requirements for a supplier's declaration of conformity in cases where it is desirable, or necessary, that conformity of an object to the specified requirements be attested, irrespective of the sector involved. For the purposes of ISO/IEC 17050-1:2004, the object of a declaration of conformity can be a product, process, management system, person or body.

ISO/IEC 17050-2:2004 specifies general requirements for supporting documentation to substantiate a supplier's declaration of conformity, as described in ISO/IEC 17050-1. For the purposes of ISO/IEC 17050-2:2004, the object of a declaration of conformity can be a product, process, management system, person or body.

ISO/IEC Guide 68:2002 provides an introduction to the development, issuance and operation of arrangements for the recognition and acceptance of results produced by bodies undertaking similar conformity assessment and related activities. The activities to which this guidance is intended to apply are those related to the conduct of unregulated marketplace transactions extending across borders from one country to another. While agreements among governments pertaining to transactions of regulated goods and services can take into account the agreements addressed by this Guide, the guidance provided here is introductory and general in nature and does not specifically address any special requirements that governmental agreements might generate. Some countries may be concerned about having the necessary human and institutional resources with respect to conformity assessment infrastructures which would permit them to participate in such arrangements. Guidance on the acquisition and development of the resources required is beyond the scope of this Guide.

ISO/IEC 17024:2012 contains principles and requirements for a body certifying persons against specific requirements, and includes the development and maintenance of a certification scheme for persons.

This document provides principles and guidance for developing normative documents that contain: specified requirements for objects of conformity assessment to fulfil; specified requirements for conformity assessment systems that can be employed when demonstrating whether an object of conformity assessment fulfils specified requirements. This document is intended for use by standards developers not applying the ISO/IEC Directives, industry associations and consortia, purchasers, regulators, consumers and non-government groups, accreditation bodies, conformity assessment bodies, conformity assessment scheme owners, and other interested parties, such as insurance organizations.

ISO/IEC 17020:2012 specifies requirements for the competence of bodies performing inspection and for the impartiality and consistency of their inspection activities. It applies to inspection bodies of type A, B or C, as defined in ISO/IEC 17020:2012, and it applies to any stage of inspection.

ISO/IEC 17021-3:2013 complements the existing requirements of ISO/IEC 17021. It includes specific competence requirements for personnel involved in the certification process for quality management systems (QMS).

ISO/TS 17021-2:2012 specifies additional competence requirements for personnel involved in the audit and certification process for Environmental Management Systems (EMS) and complements the existing requirements of ISO/IEC 17021.

ISO/IEC TS 17022:2012 contains requirements and recommendations to be addressed in a third-party management system certification audit report based on the relevant requirements in ISO/IEC 17021.

ISO/IEC 17021:2011 contains principles and requirements for the competence, consistency and impartiality of the audit and certification of management systems of all types (e.g. quality management systems or environmental management systems) and for bodies providing these activities. Certification bodies operating to ISO/IEC 17021:2011 need not offer all types of management system certification. Certification of management systems is a third-party conformity assessment activity. Bodies performing this activity are therefore third-party conformity assessment bodies.

ISO/IEC 17043:2010 specifies general requirements for the competence of providers of proficiency testing schemes and for the development and operation of proficiency testing schemes. These requirements are intended to be general for all types of proficiency testing schemes, and they can be used as a basis for specific technical requirements for particular fields of application.

ISO/PAS 17005:2008 specifies principles and requirements for the element of management systems as it relates to standards for conformity assessment. It is an internal tool for use in the ISO standards development process by ISO/CASCO working groups when considering the element of management systems in preparation of their documents. ISO/PAS 17005:2008 is not intended to be used directly in conformity assessment activities.