NEW WORK ITEM PROPOSAL Date of presentation 2011-02-25 Reference number (to be given by the Secretariat) Proposer ISO/TC 207/SC 2 ISO/TC 207 / SC 2 N 251 Secretariat NEN A proposal for a new work item within the scope of an existing committee shall be submitted to the secretariat of that committee with a copy to the Central Secretariat and, in the case of a subcommittee, a copy to the secretariat of the parent technical committee. Proposals not within the scope of an existing committee shall be submitted to the secretariat of the ISO Technical Management Board. The proposer of a new work item may be a member body of ISO, the secretariat itself, another technical committee or subcommittee, or organization in liaison, the Technical Management Board or one of the advisory groups, or the Secretary-General. The proposal will be circulated to the P-members of the technical committee or subcommittee for voting, and to the O-members for information. See overleaf for guidance on when to use this form. IMPORTANT NOTE: Proposals without adequate justification risk rejection or referral to originator. Guidelines for proposing and justifying a new work item are given overleaf. Proposal (to be completed by the proposer) Title of proposal (in the case of an amendment, revision or a new part of an existing document, show the reference number and current title) English title French title (if available) Scope of proposed project xxxxx Conformity assessment Requirements for third party certification auditing of environmental management systems - competence requirements This publicly available specification (PAS) will complement the existing requirements of the proposed ISO/IEC 17021, especially the proposed Annex A reflecting required knowledge and skills. With respect to third party auditing and the management of competence, the environmental-specific requirements in this PAS will consider the relevant guidance given in ISO 19011 (currently under revision). The scope of this document is not restricted to the competence of the auditors only, but also covers other personnel involved in the certification process: personnel conducting the application review to determine audit team competence required, to select the audit team members, and to determine the audit; Personnel reviewing audit reports and making certification decisions; and audit team leaders, as described in Annex A Required knowledge and skills of ISO/IEC 17021:2011. Concerns known patented items (see ISO/IEC Directives Part 1 for important guidance) Yes No If "Yes", provide full information as annex Envisaged publication type (indicate one of the following, if possible) International Standard Technical Specification Publicly Available Specification Technical Report FORM 4 (ISO) v.2007.1 Page 1 of 6
Purpose and justification (attach a separate page as annex, if necessary) CASCO Working Group 21 has already undertaken the development of a set of requirements for bodies providing audit and certification of management systems, included in ISO/IEC 17021. In addition CASCO Working Group 21 has developed a set of requirements at a generic level for management systems auditing that will enable a reliable determination of conformance to the applicable requirements for certification, conducted by a competent audit team following a consistent process and reported in a consistent manner, included in ISO/IEC 17021:2011 (i.e. the 'consolidated' 2 nd edition of ISO 17021). It has been recognised that the competence and experience of third-party management system auditor teams is a significant element that can affect the quality and reliability of certification processes and decisions and may therefore affect the perceptions and credibility of the value that ISO management system standards provide. More and more emphasis is being placed on the need for international attention to this subject, in order to enhance the consistency of third-party auditing, and subsequently the credibility of third-party certification. Specific market needs have already been identified due to a lack of recognized discipline-specific requirements for third-party auditors of quality management systems, environmental management systems, occupational health and safety management systems or food safety management systems. ISO 19011 is recognized as providing guidance (including a number of annexes on discipline-specific knowledge and skills of auditors) but its largest audience and orientation is first and second party auditing. It does not set out requirements for third party auditor competence, and the qualification of third party certification auditors. These 3 rd party related requirements are currently covered at a generic level in ISO/IEC 17021: 2011, but not at the discipline-specific level. This lack of disciplinespecific requirements has recently been identified as an issue to be resolved by key stakeholders, including industry stakeholder groups. At the present time, other Technical Committees within ISO have already developed specific management system standards and separate discipline specific requirements for third-party auditing. They include ISO TS 23003 Food safety management systems Requirements for bodies providing audit and certification of food safety management systems, ISO IEC 27006 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems and ISO 28003 Security management systems for the supply chain Requirements for bodies providing audit and certification of supply chain security management systems The development of other discipline specific third party auditor requirements that not yet have been covered, has been left to the initiative of the discipline specific TC's. TC207/SC2 has concluded that there is a urgent market need for the development of specific third party competence requirements for Environmental Management System auditing and certification in its meeting in Leon, Mexico and has therefore developed this NWIP. Given the urgency of the need it is proposed to develop a PAS. Target date for availability (date by which publication is considered to be necessary) Proposed development track 1 (24 months) 2 (36 months - default) 3 (48 months) FORM 4 (ISO) v.2007.1 Page 2 of 6
Relevant documents to be considered ISO/IEC 17000, Conformity assessment -- Vocabulary and general principles ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing ISO/DIS 19011 (2 nd edition), Guidelines for management systems auditing ISO IEC 17021:2011, Conformity assessment -- Requirements for bodies providing audit and certification of management systems ISO/IEC 17024:2003, Conformity assessment -- General requirements for bodies operating certification of persons Relevant IAF Guidance ISO TS 23003 Food safety management systems Requirements for bodies providing audit and certification of food safety management systems ISO IEC 27006 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems ISO 28003 Security management systems for the supply chain Requirements for bodies providing audit and certification of supply chain security management systems (prepared jointly by the ISO Committee on conformity assessment (ISO/CASCO) and ISO/TC 8, Ships and marine technology) Relationship of project to activities of other international bodies Liaison organizations ISO/TC 176 / SC3 IAF CASCO IQNet EFAEP Need for coordination with: IEC CEN Other (please specify) Preparatory work (at a minimum an outline should be included with the proposal) A draft is attached An outline is attached. It is possible to supply a draft by The proposer or the proposer's organization is prepared to undertake the preparatory work required Yes No Proposed Project Leader (name and address) Name and signature of the Proposer (include contact information) FORM 4 (ISO) v.2007.1 Page 3 of 6
Comments of the TC or SC Secretariat Supplementary information relating to the proposal Other: This proposal relates to a new ISO document; This proposal relates to the amendment/revision of an existing ISO document; This proposal relates to the adoption as an active project of an item currently registered as a Preliminary Work Item; This proposal relates to the re-establishment of a cancelled project as an active project. Voting information The ballot associated with this proposal comprises a vote on: Other: Adoption of the proposal as a new project Adoption of the associated draft as a committee draft (CD) Adoption of the associated draft for submission for the enquiry vote (DIS or equivalent) Annex(es) are included with this proposal (give details) Annex A Outline document Date of circulation Closing date for voting Signature of the TC or SC Secretary Use this form to propose: a) a new ISO document (including a new part to an existing document), or the amendment/revision of an existing ISO document; b) the establishment as an active project of a preliminary work item, or the re-establishment of a cancelled project; c) the change in the type of an existing document, e.g. conversion of a Technical Specification into an International Standard. This form is not intended for use to propose an action following a systematic review - use ISO Form 21 for that purpose. Proposals for correction (i.e. proposals for a Technical Corrigendum) should be submitted in writing directly to the secretariat concerned. Guidelines on the completion of a proposal for a new work item (see also the ISO/IEC Directives Part 1) a) Title: Indicate the subject of the proposed new work item. b) Scope: Give a clear indication of the coverage of the proposed new work item. Indicate, for example, if this is a proposal for a new document, or a proposed change (amendment/revision). It is often helpful to indicate what is not covered (exclusions). c) Envisaged publication type: Details of the types of ISO deliverable available are given in the ISO/IEC Directives, Part 1 and/or the associated ISO Supplement. d) Purpose and justification: Give details based on a critical study of the following elements wherever practicable. Wherever possible reference should be made to information contained in the related TC Business Plan. 1) The specific aims and reason for the standardization activity, with particular emphasis on the aspects of standardization to be covered, the problems it is expected to solve or the difficulties it is intended to overcome. 2) The main interests that might benefit from or be affected by the activity, such as industry, consumers, trade, governments, distributors. 3) Feasibility of the activity: Are there factors that could hinder the successful establishment or global application of the standard? 4) Timeliness of the standard to be produced: Is the technology reasonably stabilized? If not, how much time is likely to be available before advances in technology may render the proposed standard outdated? Is the proposed standard required as a basis for the future development of the technology in question? 5) Urgency of the activity, considering the needs of other fields or organizations. Indicate target date and, when a series of standards is proposed, suggest priorities. 6) The benefits to be gained by the implementation of the proposed standard; alternatively, the loss or disadvantage(s) if no standard is established within a reasonable time. Data such as product volume or value of trade should be included and quantified. 7) If the standardization activity is, or is likely to be, the subject of regulations or to require the harmonization of existing regulations, this should be indicated. If a series of new work items is proposed having a common purpose and justification, a common proposal may be drafted including all elements to be clarified and enumerating the titles and scopes of each individual item. e) Relevant documents and their effects on global relevancy: List any known relevant documents (such as standards and regulations), regardless of their source. When the proposer considers that an existing well-established document may be acceptable as a standard (with or without amendment), indicate this with appropriate justification and attach a copy to the proposal. f) Cooperation and liaison: List relevant organizations or bodies with which cooperation and liaison should exist. FORM 4 (ISO) v.2007.1 Page 4 of 6
Annex A Outline of required types of generic en specific knowledge and skills This table has been drawn from the ISO FDIS 17021-2. The revisions shown are the changes that occurred since we had the discussions in Leon, Mexico. This table can be used as the starting point for the inclusion of the discipline specific competence requirements. Additions have been included already, indicated by DS (Discipline specific). These additions are a first draft, open for discussion in the task force. The following table specifies the types of knowledge and skills that a certification body shall define for specific functions. Table 1 Table of knowledge and skills Personnel conducting Certification functions the application review to determine audit team Personnel competence required, to select the audit team members, and to reviewing audit reports and making knowledge determine the audit certification Audit team and skills time decisions Auditors leaders Knowledge of business management practices X X X Knowledge of audit principles, practices and techniques Knowledge of specific management system standards/normative documents DS: Environmental Management Systems X X+ X+ X X X X Knowledge of certification body s processes X X X X Knowledge of client business sector X X X+ X+ Knowledge of client products, processes and X X X organization Language skills appropriate to all levels within the X X client organization Note-taking and report writing skills X X Presentation skills X X+ Interviewing skills X X Audit management skills X X+ DS: Appreciation of legal and other x x xxx xxx requirements relevant to environment sufficient to enable the auditor to evaluate the environmental management system DS: Understanding of environmental xx xx xxx xxx techniques sufficient to enable the auditor to examine the management system and generate appropriate audit findings and conclusions DS: Understanding of information (e.g. body of knowledge) that is fundamental to the processes, science and technology underlying environment sufficient to enable the auditor to evaluate management system elements associated with the discipline: xxx xxx xxx xxx Note 1: For knowledge of client products, processes and organization, where a team is performing the task, the expertise needs to exist within that team or could be provided by a technical expert. Where any audit is conducted by a team the level of skills required is to be held within the team as a whole and not by every individual member of the team. Note 2: Risk and complexity are other considerations when deciding the level of expertise needed for any of these functions. Note 3: The team leader of a combined or integrated audit should have an in depth knowledge of at least one of the standards and is required to have awareness of the other standards used for that particular audit. FORM 4 (ISO) v.2007.1 Page 5 of 6
ISO/TC 207 on Environmental Management Chair s Advisory Group Portfolio Task New Work Item Proposal Assessment New Work Item Proposal Title Proposer Proposed Project Leader Conformity assessment Requirements for third party certification auditing of environmental management systems - competence requirements TC207/SC2 N.N. ISO/TC 207 CAG Portfolio Task - Background ISO/TC 207 member bodies approved a revised Chairs Advisory Group (CAG) Terms of Reference in mid-2010 (ISO/TC 207 N967) that included establishment of three CAG Task Forces. The purpose of the Portfolio Task Force is to develop objective criteria to assess the alignment of new work items against the ISO/TC 207 vision of being strategic, relevant and responsive to market needs. Assessments and recommendations produced by the Portfolio Task Force accompany new work item proposals and systematic review ballots as information for member bodies to consider during voting. The Portfolio Task Force does not have the power to reject new work item proposals. ISO/TC 207 CAG Portfolio Task Force - Assessment Criteria The above referenced new work item proposal was assessed by the ISO/TC 207 CAG Task Force against the following critiera: a) Completeness of NWIP-Form b) Completeness of ISO Guide 72-Form (if applicable) c) Alignment with ISO/TC 207 sector, aspect and element policy d) Alignment with market needs e) Alignment with stakeholder needs f) Relevance for TC207 scope, vision and strategy g) Added value for TC207 portfolio h) Resource availability ISO/TC 207 CAG Portfolio Task Force - Recommendations to Proposer Based on an assessment against the criteria listed above, the ISO/TC 207 CAG Portfolio Task Force recommends that the proposer: to nominate a project leader ISO/TC 207 CAG Portfolio Task Force - Recommentation to Member Bodies Based on an assessment against the criteria listed above, the ISO/TC 207 CAG Portfolio Task Force recommends that the above referenced proposal be considered for Approval by member bodies. ISO/TC 207 CAG Portfolio Task Force - Recommentation to ISO/TC 207 If approved, the ISO/TC 207 CAG Portfolio Task Force recommends that work item be assigned to the following group: SC1 SC2 SC3 SC4 SC5 SC7 New WG X FORM 4 (ISO) v.2007.1 Page 6 of 6