ISO/IEC 17011: Social Accountability Accreditation Services, June 2010

Transcription

1 ISO/IEC 17011: 2004 Social Accountability Accreditation Services, June

2 Social Accountability Accreditation Services Mission: SAAS supports social responsibility by ensuring the implementation of credible social standards designed to protect people and their communities. SAAS evaluates and accredits auditing organizations to assure they are qualified to hold their clients accountable to such social standards. 2

3 Accreditation Accreditation is the process by which formal recognition of competence is given to qualified organizations, known as Certification Bodies (CBs). CBs are then granted the ability to perform certifications. Certification of compliance to SA8000 and other verification codes within the SAAS scope of accreditation is available only through qualified CBs granted accreditation by SAAS. Accreditation is necessary to assure stakeholders that the CBs are able to consistently, reliably and effectively perform certification audits and that these audits are carried out in a professional manner. The accreditation process by SAAS includes documentation review, site audits and observation of auditors in the field. 3

4 ISO/IEC 17011:2004 Conformity assessment General requirements for accreditation bodies accrediting conformity assessment bodies. 4

5 ISO/IEC A system to accredit CB conformity assessment services should provide confidence in the CBs competency and ability to perform their tasks. Accreditation bodies provide impartial verification of that competence such verification is done by accreditation bodies that are impartial in relation to both the CBs and their clients. 5

6 SAAS Normative Requirements SAAS maintains a set of Procedures and Policies, revised between 2007 and 2008, that it follows in conducting accreditation work: SAAS Procedure 200 sets out the certification process requirements for Certification Bodies (CBs) undertaking the assessments of organizations against the SA8000 standard. SAAS Procedure 201 sets out the internal policies SAAS must follow in granting and maintaining accreditation of a CB by SAAS. SAAS Procedure 203 contains the qualifications and training requirements for accreditation auditors and SAAS staff. SAAS has also developed a set of Work Instructions that accreditation auditors must follow in undertaking document reviews, on-site office and witness audits, and review of corrective actions. These policies are all written and maintained within the requirements of ISO 17011:

7 SAAS Normative Requirements In addition, SAAS requires implementation of several ISO documents: SAAS maintains procedures and policies in compliance with ISO/IEC 17011:2004, the international standard for accreditation bodies accrediting certification bodies. SAAS requires implementation of ISO/IEC 17021:2006 by all accredited CBs is the international standard setting out requirements for bodies providing audit and certification of management systems. 7

8 ISO/IEC ISO specifies the general requirements for accreditation bodies. Audit and evaluation mechanisms against ISO provides assurance that accreditation bodies are operating in accordance with the standard. SAAS conducts internal audits and management review sessions, as well as undertaking external verification audits to ensure continued compliance with ISO requirements. 8

9 Accreditation and Certification Process 9

10 What is ISO/IEC? What ISO's name means Because "International Organization for Standardization" would have different abbreviations in different languages ("IOS" in English, "OIN" in French for Organisation internationale de normalisation), it was decided at the outset to use a word derived from the Greek isos, meaning "equal". Therefore, whatever the country, whatever the language, the short form of the organization's name is always ISO.

11 What is ISO/IEC? What IEC means IEC = International Electrotechnical Commission The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes international standards for all electrical, electronic and related technologies.

12 How is an ISO standard developed? ISO Standards are developed by international technical committees. DIS = technical committee meets to discuss, debate and argue until they reach consensus on a draft agreement, it is circulated and ISO Members vote FDIS = If the voting is in favor, the document, with modifications, is circulated to the ISO members vote again Standard = If that vote is positive, the document is then published as an International Standard

13 Accreditation Hierarchy Requirement Documents SAAS ISO/IEC and SAAS Procedure 201 Certification Body ISO/IEC and SAAS Procedure 200 Client Standard 13

14 ISO/IEC Structure Eight Sections: 1 Scope 2 Normative references 3 Terms and definitions 14

15 ISO/IEC Structure Eight Sections 5 Normative: 4 Accreditation Body 5 Management 6 Human Resources 7 Accreditation Process 8 Responsibilities of the AB and CB 15

16 ISO/IEC Content Section 1 Scope: Specifies general requirements for ABs accrediting CBs. CBs may be accredited for: Testing Inspection services Management system certification Personnel certification Product certification Calibration. 16

17 ISO/IEC Content Section 2 - Normative references: ISO 9000:2000, Quality management systems Fundamentals and vocabulary ISO/IEC 17000:2004, Conformity assessment Vocabulary and general principles 17

18 ISO/IEC Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC and the following apply. 3.1: accreditation third party attestation related to a CB conveying formal demonstration of competence. 3.2: accreditation body body that performs accreditation. 3.3: logo logo used by AB. 3.4: accred certificates document stating accreditation has been granted, within a scope. 3.5: accred symbol symbol used to indicate accred status. 3.6: appeal request for reconsideration of adverse decision. 18

19 ISO/IEC Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC and the following apply. 3.7: assessment process undertaken to assess the competence of a CB based on a normative document. 3.8: assessor person assigned by the AB as part of the assessment team. 3.9: complaint expression of dissatisfaction, other than an appeal, to an AB relating to the activities of the AB or accredited CB. 3.10: conformity assessment body body that performs conformity assessment services, can be object of accreditation. 19

20 ISO/IEC Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC and the following apply. 3.11: consultancy participation in activities of a CB subject to accreditation. 3.12: expert person assigned by AB to provide specific knowledge. 3.13: extending accreditation enlarging the scope of accreditation. 3.14: interested parties parties with direct or indirect interest in accreditation. 3.15: lead assessor overall responsibility for assessment activities. 3.16: reducing accreditation cancelling partial scope of accreditation. 20

21 ISO/IEC Content Section 3 - Terms and definitions : For the purposes of this document, the terms and definitions given in ISO/IEC and the following apply. 3.17: scope of accreditation specific conformity assessment services for which accreditation is sought. 3.18: surveillance set of activities to monitor continued fulfillment of requirements. 3.19: suspending accreditation temporarily making accreditation invalid. 3.20: withdrawing accreditation cancelling accreditation in full. 3.21: witnessing observing CB carrying out assessment services. 21

22 ISO/IEC Content Section 4 Accreditation Body: Clause 4 describes the principles on which credible accreditation is based. These principles include the structure, legal responsibility, confidentiality and liability for accreditation activity. 22

23 ISO/IEC Content Section 4 General: Principles for inspiring confidence include 4.1 legal responsibility, 4.2 structure, 4.3 impartiality 4.4 confidentiality, 4.5 liability and financing, and 4.6 accreditation activity. 23

24 4.1 Legal Responsibility The accreditation body must be a registered legal entity. 24

25 4.2 Structure The structure of the AB must give confidence in its accreditations. The AB retains authority and responsibility for accreditation decisions. The AB has to have a description of its legal status, names of owners, etc. The AB must have documentation of duties, structure, responsibilities, authorities of personnel and management. The AB shall have access to technical experts. 25

26 4.3 Impartiality The AB shall safeguard objectivity and impartiality of its activities. AB policies must be non-discriminatory and be administered in a non-discriminatory way. The AB services shall be accessible to all applicants. All personnel and committees shall act objectively and free from undue pressures. Decisions on accreditation shall be taken by competent persons or committees different from the assessment team. The AB shall not provide consultancy or auditing services that might affect impartiality. 26

27 4.4 Confidentiality The AB must have adequate arrangements to ensure confidentiality of the information obtained through accreditation activities. This includes committees, external bodies, individuals acting on behalf of the AB, etc. Confidential information shall not be disclosed without written consent of the CB. 27

28 4.5 Liability and Financing The AB shall have arrangements to cover liabilities arising from its activities. The AB shall have resources for operation of activities and descriptions of sources of income. 28

29 4.6 Accreditation activity The AB shall describe its activities. The AB may adopt guidance documents and such documents must be formulated by competent committees/persons. The AB shall have procedures for extending activities and to meet the demands of interested parties. 29

30 ISO/IEC Content Section 5 Management: Principles for inspiring confidence include 5.1 General, 5.2 Management System, 5.3 Document Control, 5.4 Records, 5.5 Nonconformities, 5.6 Preventive Actions, 5.7 Internal Audits, 5.8 Management Reviews, and 5.9 Complaints. 30

31 5.0 Management of the AB The AB shall establish and maintain an effective management system. Such procedures include systems for: Policies and objectives, including a quality policy. Document control for approval, review, updating. Records maintenance including IDing, collecting, storing records. Identification of nonconformities and corrective actions, including rot cause analysis, action plans and review. Identification of opportunities for improvement. Conduct of annual internal audits. Establishment of management reviews for review of audits, activities, feedback, trends and CAs. Complaints management and response. 31

32 ISO/IEC Content Section 6 Human Resources: 6.1 Personnel Associated with AB, 6.2 Personnel involved in accreditation, 6.3 Monitoring, 6.4 Personnel Records 32

33 6.0 Human Resources The AB shall have a sufficient number of competent personnel to perform necessary work. These personnel must have appropriate education, training, technical knowledge, skills and experience. The AB must have access to sufficient assessors to cover activities. Personnel shall commit themselves by signature to comply with the rules defined by AB. The AB shall set out required qualifications, experience, and training required. 33

34 6.0 Human Resources The AB shall ensure that assessors and experts: Are familiar with procedures, criteria and other requirements. Have undergone training. Have knowledge of assessment methods. Are able to communicate effectively. The AB shall ensure satisfactory performance of the accreditation process through procedures and monitoring of personnel performance. The AB shall maintain records of qualifications, training and experience of personnel. 34

35 ISO/IEC Content Section 7 Accreditation Process: This section provides general information on the process of accreditation including the application, audit, findings, and decision making. 35

36 7.0 Accreditation Process The AB shall use normative documents and references throughout it process. The AB will make information publicly available describing its accreditation process, fees, complaints process, rights and obligations of CBs, rights and duties and information about its financial support. 36

37 7.2 Application Process The CB must submit a formal application to the AB. The application must include: General features of the CB. General information about the CB. Requested scope of accreditation. Agreement to fulfill the requirements. Description of services the CB undertakes. A copy of the CB quality manual. 37

38 7.0 Resources and Subcontracting The AB shall review its ability to carry out the assessment of the applicant re: competence and availability of assessors. The AB may subcontract assessment activities but must take full responsibility for all assessment and decision-making. 38

39 7.5 Preparation The AB shall formally appoint the assessment team. The team shall have appropriate knowledge to conduct the audit. The AB shall ensure the team is impartial. The AB will notify the CB of the audit team and provide sufficient time in case there is an objection. The initial assessment will include a visit to the CB head office and others where key activities are performed. The audit team will have access to the appropriate criteria and documents. 39

40 7.0 Document and On-Site Assessment The assessment team shall review all relevant documents and records. The AB may decide not to proceed with the on-site assessment if NCs are identified. The on-site assessment will have an opening meeting where criteria are clearly defined. The assessment will be conducted at the premises of the CB where key activities are performed, to gather objective evidence that the CB is competent. The assessment team will witness the performance of CB staff to provide assurance of the competence of the CB. 40

41 7.8 Analysis and Report The assessment team shall analyze all relevant information and evidence from the document and record review and on-site assessment. The reporting procedures shall ensure that: A closing meeting occurs. A written report is promptly given to the CB. The CB be invited to respond to the report. The AB shall remain responsible for the report and content. The AB shall ensure the CB s NC responses are sufficient and effective. 41

42 7.8 Analysis and Report Information provided to the decision makers shall include: ID of the CB Dates of the assessment Names of the assessors Proposed scope Assessment report Statement on the adequacy of the organization Information on resolution of NCs 42

43 7.9 Decision Making The AB shall, without undue delay, make the decision on accreditation on the basis of the evaluation information. The accreditation certificate to the CB shall identify: The ID and logo of the AB Unique ID of the CB Location of the key activities of the CB Effective and expiration date of the accreditation Scope of accreditation Reference to normative document. 43

44 7.0 Appeals, Reassessment and Surveillance The AB shall have procedures to address appeals. The AB shall have procedures for carrying out surveillances and reassessments. Between surveillances and reassessments shall include representative samples of the scope of accreditation. The AB shall have strict time limits for NCs identified during surveillances or reassessments. The AB shall develop procedures for suspension, withdrawal and reduction of scope The AB shall maintain records on CBs and ensure their confidentiality. 44

45 ISO/IEC Content Section 8 Responsibilities and Obligations of the AB and CB 45

46 8.0 Responsibilities and Obligations The CB shall commit to fulfill the requirements set out. The CB shall afford accommodation and cooperation to enable fulfillment and monitoring by the AB. The CB shall notify the AB of significant changes within its organization. The AB shall make information publicly available about the status of its accreditations. The AB shall have a policy governing the use of its accreditation symbol and monitor its use. 46