IT Forensic ISO IEC 17021

Certification of a management system, such as a quality or environmental management system of an organization, is one means of providing assurance that the organization has implemented a system for the management of the relevant aspects of its activities, in line with its policy.

This International Standard specifies requirements for certification bodies. Observance of these requirements is intended to ensure that certification bodies operate management system certification in a competent, consistent and impartial manner, thereby facilitating the recognition of such bodies and the acceptance of their certifications on a national and international basis. This International Standard serves as a foundation for facilitating the recognition of management system certification in the interests of international trade.

Certification of a management system provides independent demonstration that the management system of the organization

  1. conforms to specified requirements,
  2. is capable of consistently achieving its stated policy and objectives, and
  3. is effectively implemented.

Conformity assessment such as certification of a management system thereby provides value to the organization, its customers and interested parties.

In this International Standard, Clause 4 describes the principles on which credible certification is based. These principles help the reader to understand the essential nature of certification and they are a necessary prelude to Clauses 5 to 10. These principles underpin all the requirements in this International Standard, but such principles are not auditable requirements in their own right. Clause 10 describes two alternative ways of supporting and demonstrating the consistent achievement of the requirements in this International Standard through the establishment of a management system by the certification body.

This International Standard is intended for use by bodies that carry out audit and certification of management systems. It gives generic requirements for such certification bodies performing audit and certification in the field of quality, environmental and other forms of management systems. Such bodies are referred to as certification bodies. This wording should not be an obstacle to the use of this International Standard by bodies with other designations that undertake activities covered by the scope of this document.

Certification activities involve the audit of an organization’s management system. The form of attestation of conformity of an organization’s management system to a specific management system standard or other normative requirements is normally a certification document or a certificate.

The publication of this International Standard includes the text of ISO/IEC 17021:2006, including amendments to delete relevant references to ISO 19011, with new text adding specific requirements for third-party certification auditing and the management of competence of personnel involved in certification.

Specific market needs have already been identified, resulting from a lack of specific and recognized requirements for third-party auditors of management systems, such as quality management systems, environmental management systems or food safety management systems. The lack of requirements for auditor competence and the way in which these auditors are managed and deployed has been identified by key interested parties, including industry interested parties, as being a drawback.

This International Standard provides a set of requirements for management systems auditing at a generic level, aimed at providing a reliable determination of conformity to the applicable requirements for certification, conducted by a competent audit team, with adequate resources and following a consistent process, with the results reported in a consistent manner.

This International Standard is applicable to the auditing and certification of any type of management system. It is recognized that some of the requirements, and in particular those related to auditor competence, can be supplemented with additional criteria in order to achieve the expectations of the interested parties.

In this International Standard, the word “shall” indicates a requirement and the word “should” a recommendation.

Download IT Forensic ISO IEC 17021 ebook by clicking download button below



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s