IAF Mandatory Document for the use of Computer Assisted Auditing Techniques ( CAAT ) for Accredited Certification of Management Systems



Similar documents
IAF Informative Document. IAF Informative Document for the Transition of Management System Accreditation to ISO/IEC 17021:2011 from ISO/IEC 17021:2006

IAF Mandatory Document

IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems

International Accreditation Forum, Inc.

Application of ISO/IEC for the Accreditation of Food Safety Management Systems (FSMS) Certification Bodies

IAF Mandatory Document

IAF Informative Document for the Transition of Food Safety Management System Accreditation to ISO/TS 22003:201X from ISO/TS 22003:2007

IAF Informative Document for the Transition of Food Safety Management System Accreditation to ISO/TS 22003:2013 from ISO/TS 22003:2007

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

IAF Mandatory Document. Witnessing Activities for the Accreditation of Management Systems Certification Bodies. Issue 1, Version 2 (IAF MD 17:2015)

IAF Mandatory Document for Duration of QMS and EMS Audits

(Draft) Transition Planning Guidance for ISO 9001:2015

An Alternative Method for Maintaining ISO 9001/2/3 Certification / Registration

The IAF Multilateral Recognition Arrangement (MLA) Certified Once Accepted Everywhere

IAF Mandatory Document DETERMINATION OF AUDIT TIME OF QUALITY AND ENVIRONMENTAL MANAGEMENT SYSTEMS (IAF MD 5:2015)

IAF Mandatory Document for the Application of ISO/IEC in Medical Device Quality Management Systems (ISO 13485)

EA-7/01. EA Guidelines. on the application. Of EN Publication Reference PURPOSE

How do I gain confidence in an Inspection Body? Do they need ISO 9001 certification or ISO/IEC accreditation?

Accreditation in Europe

Asset Management Systems Scheme (AMS Scheme)

Rules for the certification of IT (Information Technology) Service Management Systems

FSSC Q. Certification module for food quality in compliance with ISO 9001:2008. Quality module REQUIREMENTS

EA IAF/ILAC Guidance. on the Application of ISO/IEC 17020:1998

Procedure PS-TNI-001 Information Security Management System Certification

Document Reference APMG 15/015

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

ETSI TS V2.1.1 ( )

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

Memorandum of Understanding

National Accreditation Board for Certification Bodies. Accreditation Criteria

ISO Registration Guidance Document

HKCAS Supplementary Criteria No. 8

Translation Service Provider according to ISO 17100

List of EA Publications. And International. Documents

International Laboratory Accreditation Cooperation. Laboratory Accreditation or ISO 9001 Certification? global trust. Testing Calibration Inspection

Info 15:2 TRAINING 2015/2016. Info 13:19

ETSI EN V2.2.2 ( )

FOOD SAFETY SYSTEM CERTIFICATION FSSC 22000

Food Safety. Management Systems. Scope of Accreditation

Aerospace Guidance Document

Accreditation and Competence?

Certification Process Requirements

3. Criteria for Recognition of Certification Bodies

Guidance for accreditation of EN 15224:2012 Health care services Quality management systems Requirements based on EN ISO 9001:2008

General Rules for the certification of Management Systems

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Assessment Strategy for. Audit Practice, Tax Practice, Management Consulting Practice and Business Accounting Practice.

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

DQS UL ASSESSMENT AND CERTIFICATION REGULATIONS

UK Aerospace Industry Controlled Other Party (ICOP) Auditor Authentication Scheme

P-01 Certification Procedure for QMS, EMS, EnMS & OHSAS. Procedure. Application, Audit and Certification

ROLE OF THE APEC SPECIALIST REGIONAL BODIES

The Benefits of Accreditation for Developing Countries

Certification Body Quarterly Data Submission Instructions QFE-016 Version 1.0

MANAGEMENT REVIEW FOR LABORATORIES AND INSPECTION BODIES

GUIDE 62. General requirements for bodies operating assessment and certification/registration of quality systems

IAQG AS 9104 System Process Flowcharts

RECOMMENDATION. on the Evaluation of Quality Management System of National Metrology Institutes

New Zealand Adventure Activities Certification Scheme

VdS Guidelines for the Certification of quality management systems

ISO/IEC Registration Guidance Document

Spillemyndigheden s Certification Programme Change Management Programme

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Enhancing Food Safety Through Third Party Certification

RSPO Supply Chain Certification Systems

IECEx On-Line Certificate System

TO ALL CHIEF EXECUTIVE OFFICERS OF BANKS, BRANCHES OF FOREIGN BANKS AND MUTUAL BANKS

RSPO Supply Chain Certification Systems. For accreditation and certification bodies

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué Issy-les-Moulineaux

DRAFT GUIDANCE. This guidance document is being distributed for comment purposes only. Document issued on: July 2015

Spillemyndigheden s Certification Programme Change Management Programme

Frequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM a Rev /10/02

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

American Association for Laboratory Accreditation

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987

Copyright, Language, and Version Notice The official language of this [Certification Protocol] is English. The current version of the [Certification

Regulations for certification of quality management systems

National Institute of Justice

Requirements for Certification as an. IRCA Auditor (All Schemes)

QUALITY MANAGEMENT IN VTS

REGULATIONS FOR THE CERTIFICATION OF MANAGEMENT SYSTEMS

Qualified Electronic Signatures Act (SFS 2000:832)

Standards and accreditation. Tools for delivering better regulation

International Accreditation Forum, Inc.

ISO 14001:2015 Client Transition Checklist

Voluntary Certification Scheme for Traditional Health Practitioner

Auditor view about ETSI and WebTrust criteria. Christoph SUTTER

Security Control Standard

BOARD CHARTER. Its objectives are to: provide strategic guidance for the Company and effective oversight of management;

Fire Protection Industry Scheme Reference SP205 Part 1

Foreword Introduction - The Global Food Safety Initiative (GFSI) Scope Section Overview Normative References...

IACS QUALITY MANAGEMENT SYSTEM CERTIFICATION SCHEME (QSCS)

REGIONAL CENTRE EUROPE OF THE INTERNATIONAL FEDERATION OF TRANSLATORS

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

RSPO Supply Chain Certification Systems

ISO 9000 FOR SOFIYifrARE QUALITY SYSTEMS

Transcription:

IAF MD 4:2008 International Accreditation Forum, Inc. IAF Mandatory Document IAF Mandatory Document for the use of Computer Assisted Auditing Techniques ( CAAT ) for Accredited Certification of (IAF MD 4:2008) Issued 15 May 2008 Application Date 15 September 2008 IAF-MD 4-2008 CAAT

IAF MD 4:2008 International Accreditation Forum, Inc. Page 2 of 7 The International Accreditation Forum, Inc. (IAF) operates programs for the accreditation of bodies that provide conformity assessment services. Such accreditation facilitates trade and reduces demand for multiple certifications. Accreditation reduces risk for business and its customers by assuring them that accredited Conformity Assessment Bodies (CABs) are competent to carry out the work they undertake within their scope of accreditation. Accreditation Bodies (ABs) which are members of IAF and their accredited CABs are required to comply with appropriate international standards and IAF mandatory documents for the consistent application of those standards. AB members of the IAF Multilateral Recognition Arrangement (MLA) conduct regular evaluations of each other to assure the equivalence of their accreditation programs. The IAF MLAs operate at two levels: A MLA for the accreditation of CABs to standards including ISO/IEC 17020 for inspection bodies, ISO/IEC 17021 for management systems certification bodies, ISO/IEC 17024 for personnel certification bodies and ISO/IEC Guide 65 for product certification bodies, is considered a framework MLA. A framework MLA provides confidence that accredited CABs are equally reliable in the performance of conformity assessment activities. A MLA for the accreditation of CABs that also includes the specific conformity assessment standard or scheme as a scope of accreditation provides confidence in the equivalence of certification. An IAF MLA delivers the confidence needed for market acceptance of certification. An organization or person with certification to a specific standard or scheme that is accredited by an IAF MLA signatory AB can be recognized worldwide thereby facilitating international trade. Issue No 1 Prepared by: IAF Technical Committee Approved by: IAF Members Date: 21 April 2008 Issue Date: 15 September 2008 Application Date: 15 September 2008 Name for Enquiries: John Owen, IAF Corporate Secretary Contact: Phone: +612 9481 7343; Email: secretary1@iaf.nu

IAF MD 4:2008 International Accreditation Forum, Inc. Page 3 of 7 Introduction to IAF Mandatory Documents The term shall is used throughout this document to indicate those provisions which, reflecting the requirements of the relevant standard, are mandatory. The term should is used to indicate recognised means of meeting the requirements; a certification body can meet these criteria in an equivalent way provided this can be demonstrated to an accreditation body.

IAF MD 4:2008 International Accreditation Forum, Inc. Page 4 of 7 This mandatory document is to provide for the consistent application of ISO/IEC 17021:2006 when computer assisted auditing techniques are used as part of the audit methodology. The use of CAAT is not mandatory, but if a certification body and its client opt to use CAAT, it is mandatory that they conform to this document and are able to demonstrate conformity to the accreditation body. 0. INTRODUCTION 0.1. As information and communication technologies become ever-more sophisticated, it is important for certification bodies to be able to use Computer Assisted Auditing Techniques to enhance audit effectiveness and efficiency, and to support and maintain the integrity of the audit process. NOTE: Guidance on the use of Computer Assisted Auditing Techniques can be obtained from the website of the ISO/IAF Auditing Practices Group www.iso.org/tc176/iso9001auditingpracticesgroup 0.2. Such Computer Assisted Auditing Techniques ( CAAT ) may include, for example: Teleconferencing, Web meetings, Interactive web-based communications, Remote electronic access to the management system documentation and/or management system processes. 0.3. The objectives for the effective application of CAAT are: a) To provide a methodology that is sufficiently flexible and non-prescriptive in nature to satisfy the needs of industry, by allowing client organizations and their respective certification bodies to use CAAT to enhance the conventional audit process, and b) To ensure that adequate controls are in place with sufficient accreditation body oversight to avoid abuses and to prevent excessive commercial pressures that could compromise the integrity of the certification process.

IAF MD 4:2008 International Accreditation Forum, Inc. Page 5 of 7 1. REQUIREMENTS 1.1 Confidentiality In accordance with ISO/IEC 17021, clause 8.5.1, the security and confidentiality of electronic or electronically-transmitted information is particularly important when a certification body is using CAAT. The certification body should agree on mutually acceptable information security measures with its client before using CAAT. 1.2 Process requirements 1.2.1 In addition to the requirements in ISO/IEC 17021, clause 9.1.2, the audit plan shall identify any computer-assisted auditing techniques that will be utilized. 1.2.2 In addition to the requirements in ISO/IEC 17021, clause 9.1.3, when using CAAT, specific attention shall be given to the auditors ability to understand and utilize the information technologies employed by the client organization to manage its management system processes. 1.2.3 In addition to the requirements in ISO/IEC 17021, clause 9.1.4, if a certification body uses CAAT, it may be considered as partially contributing to the total on-site auditor time. If remote auditing activities represent more than 30% of the planned on-site auditor time, the certification body shall justify the audit plan and obtain specific approval from the accreditation body prior to its implementation. NOTES: 1) It is expected that this "specific approval" will initially be done on a case-by-case basis, but does not preclude a "blanket approval" from the accreditation body for the certification body to go over a 30% reduction once the certification body has demonstrated that its process is robust. 2) On-site auditor time refers to the on-site auditor time allocated for individual sites. Electronic audits of remote sites are considered to be remote audits, even if the electronic audit is physically carried out from another of the client organization s premises. 1.2.4 In addition to the requirements in ISO/IEC 17021, clause 9.1.10, audit reports shall indicate the extent to which CAAT has been used in carrying out the audit, and how it contributes to audit effectiveness and efficiency.

IAF MD 4:2008 International Accreditation Forum, Inc. Page 6 of 7 1.2.5 In addition to the requirements in ISO/IEC 17021, clause 9.2.2.1 (a) when the certification body is proposing to use CAAT for part of the audit, the application review shall include verification that the client organization has the necessary infrastructure to support this approach. 1.2.6 In addition to the requirements in ISO/IEC 17021, clause 9.3.2.2, regardless of the use of CAAT, the organization shall be physically visited at least annually. 1.2.7 In addition to the requirements in ISO/IEC 17021, clause 9.9.2, records shall indicate the extent to which CAAT has been used in carrying out the audit and certification. End of Auditing Techniques for Accredited Certification of

IAF MD 4:2008 International Accreditation Forum, Inc. Page 7 of 7 Further Information For further Information on this document or other IAF documents, contact any member of IAF or the IAF Secretariat. For contact details of members of IAF see - IAF Web Site - <http://www.iaf.nu> Secretariat - John Owen, IAF Corporate Secretary, Telephone +612 9481 7343 email <secretary1@iaf.nu>

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information