Checklist Iso/iec 17021:2011

SADCAS F 40 (a)
SADCAS Ref. No:
CHECKLIST ISO/IEC 17021:2011

Conformity Assessment –Requirements for Bodies Providing Audit
and Certification of Management Systems
Date(s) of Evaluation:
Assessor(s) & Observer(s):
Organization:
Area/Field of Operation:
Organization’s Representative:
The report covers the following:

Document Review only Implementation on Document Review and Assessment of
Site Visit only Site Visit Company Files
ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

REFERENCES
5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility

Legal entity or a defined part of a legal
entity can be held legally responsible. (Pty)
Ltd, CC or other?
Verify registration with Registers of
Companies
Governmental CB is a legal entity based on
its governmental status. Identity
department.
5.1.2 Certification agreement

Legally enforceable agreement (contract)
for provision of certification activities to
customer?
Are multiple offices of a CB or multiple sites
of a certified customer covered by the
agreement?
Are all the sites covered by the scope of the
certification?
5.1.3 Responsibility for certification decisions

Does CB retain authority and responsibility
for its decisions relating to certification?
e.g. granting, maintaining, renewing,
extending, reducing, suspending and
withdrawing.
Issue No: 1 Page 1 of 41 Date: 2013-01-18

SADCAS F 40 (a)

REFERENCES
5.2 Management of impartiality
5.2.1 Is CB top management commitment to
impartiality?
Is there a publicly accessible statement?
Does it cover:
• Importance of impartiality
• Conflict of interest and
• Objectivity of its management system
certification activities?
5.2.2 Are conflict of interests identified, nalyzed
and documented and managed through
the system?
Are relationships posing a threat to
impartiality documented?
How does the CB demonstrate that it
eliminates or minimizes such threats?
Information made available to the
impartiality Committee? (see 6.2)
Note: A relationship that threatens the impartiality
of the CB can be based on ownership, governance,
management, personnel, shared resources, finances,
contracts, marketing and payment of a sales
commission or other inducement for the referral of
new clients, etc.
5.2.3 Not offering certification when
relationships that threaten impartiality
cannot be eliminated or minimized.
See Note 5.2.2
5.2.4 Does the CB certify another CB for its
management system certification
activities?
See Note 5.2.2
5.2.5 Does the CB and any part of the same
legal entity offer or provide management
system consultancy?
This applies also to that part of
government identified as the CB.
See Note 5.2.2
5.2.6 Does the CB provide internal audits to its
certified customers?
Does the CB certify a management system
on which it provided internal audits within
2 years following the end of the internal
audits?
This applies also to that part of
government identified as CB.
See Note 5.2.2
5.2.7 Does the CB certify a customer when the
CB’s relationship with a management
system consultancy or internal audits,
poses an unacceptable threat to the
impartiality of the CB? See Notes.

SADCAS F 40 (a)

REFERENCES
5.2.8 Does the CB outsource audits to a
management system consultancy
organization? (Unacceptable threat to
impartiality. See 7.5).
This clause does not apply to individuals
contracted as auditors covered in 7.3
5.2.9 Are the CB’s activities marketed or linked

with management system consultancy?
CB takes action to correct inappropriate
claims by any consultancy organization?
Are there any implications by CB that
certification would be simpler, easier,
faster or less expensive if a specified
consultancy organization is used?
5.2.10 Does CB ensure no conflict of interest of

personnel?
2 Years rule applied, how effective is the
process?
5.2.11 Is action taken to respond to any threats

to CB’s impartiality arising from the
actions of other persons, bodies or
organizations?
5.2.12 Does all CB personnel, internal, external or

committees act impartially and does the
CB allow commercial, financial or other
pressure to compromise impartiality?
5.2.13 Does the CB require all personnel to reveal

any conflict of interest situations?
Information used as input to identifying
threats to impartiality?
5.3 Liability and Financing

5.3.1 Is the CB able to demonstrate that it has
evaluated risks arising from its certification
activities and that it has adequate
arrangements (e.g. insurance or reserves) to
cover liabilities arising from its operations in
each of its field of activities and the
geographic areas in which it operates?
5.3.2 Does the CB evaluate its finances and sources

of income and demonstrate to the committee
specified in 6.2 that initially and on an on-
going basis, commercial, financial or other
pressures do not compromise its impartiality?

SADCAS F 40 (a)

REFERENCES
6. Structural requirements
6.1 Organizational structure and top
management
6.1.1 Organizational structure documented
including duties, responsibilities and
authorities for personnel and committees;
and relationships to other parts within the
same legal entity?
6.1.2 Does the CB identify the top management

(board, group of persons, or person)
having overall authority and responsibility
for each of the following:
a) development of policies relating to the
operation of the body?
b) supervision of the implementation of
policies and procedures?
c) supervision of the finances of the body?
d) development of management system
certification services and schemes?
e) performance of audits and certification
and responsiveness to complaints?
f) decisions on certification?
g) delegation of authority to committees or
individuals, as required, to undertake
defined activities on its behalf?
h) contractual arrangements?
i) providing adequate resources for
certification activities?
6.1.3 Formal rules for the appointment, terms

of reference and operation of any
committees involved in the certification
activities?
6.2 Committee for safeguarding impartiality

6.2.1 Does the structure of the CB safeguard the
impartiality of the activities of the CB and
does it provide for a committee to:
a) assist in developing the policies relating to
impartiality of its certification activities?
b) counteract any tendency on the part of a
CB to allow commercial or other
considerations to present the consistent
objective provision of certification
activities?
c) advise on matters affecting confidence
including openness and public perception?
d) conduct an annual review of the
impartiality of the audit, certification and
decision- making processes of the CB?

SADCAS F 40 (a)

REFERENCES
6.2.2 Is the composition, terms of reference,
duties, authorities, competence of
members and responsibilities of this
committee formally documented and
authorized by top management of the CB
to ensure:
a) representation of a balance of interests?
b) access to all the information (see also
5.2.2 & 5.3.2)
c) the right to take independent action,
where the top management of the CB
does not respect the advice of the
committee (e.g. informing authorities,
ABs, stakeholders)?
Is confidentiality maintained when taking
independent actions? See 8.5
6.2.3 Are key interests identified and invited to

this committee?
7 Resource requirements
7.1 Competence of management and
personnel
7.1.1 Does a CB have a process to ensure that

personnel have appropriate knowledge
relevant to the types of management
systems and geographical areas in which it
operates?
Is competence required for each technical
area and for each function in the
certification activity determined for each
technical area?
Is the means for the demonstration of
competence determined?
7.1.2 Are competence requirements deter-

mined for all CB personnel and is this as
per documented process? Is the
documented process as per Annexure A or
as per certification scheme?
7.1.3 Evaluation processes

Does the CB have documented processes
for the initial competence evaluation and
on-going monitoring of competence and
performance of all personnel involved in
the management and performance of
audits and certification?
Are these methods effective?

SADCAS F 40 (a)
CB’S COMMENT BY ASSESSOR

ISO/IEC 17021 REQUIREMENTS REFERENCES
7.1.4 Other considerations

7.1.4.1 Does the CB address the functions
undertaken by management and
administrative personnel while
determining the competence
requirements?
7.1.4.2 Does the CB have access to the necessary

technical expertise for technical areas,
types of management system and
geographic areas in which it operates?
7.2 Personnel involved in the certification

activities
7.2.1 Does the CB as part of its own

organization have personnel with
sufficient competence for managing the
type and range of audit programmes and
other certification work performed?
7.2.2 Does the CB employ or have access to a

sufficient number of auditors including
audit team leaders and technical experts
to cover all activities and volume of work?
7.2.3 Does the CB make clear to each person

concerned duties, responsibilities and
authorities?
7.2.4 Does the CB have defined processes for:

• Selecting
• Training
• Formally authorizing auditors and
• Selecting technical experts?
Does the initial competence evaluation of

an auditor include the ability to apply
required knowledge and skill during
audits, as determined by a competent
evaluator observing (witnessing) the
auditor conducting an audit?
7.2.5 Does the CB have a process to achieve and

demonstrate effective auditing, including
the use of auditors and audit team leaders
possessing generic auditing skills and
knowledge as well as skills and knowledge
appropriate for auditing in specific
technical areas?

SADCAS F 40 (a)

REFERENCES
Does the CB define the knowledge and
skills for specific certification functions as
per Annexure A of ISO/IEC 17021:2011?
7.2.6 Are auditors and technical experts

knowledgeable of the CB’s audit
processes, certification scheme and its
requirements and other relevant
requirements?
Does the CB give auditors and technical
experts access to an up-to-date set of
documented procedures giving audit
instructions and all relevant information
on the certification activities?
7.2.7 Are auditors and technical experts used in

these activities where they have
demonstrated competence?
See Note 9.1.3
7.2.8 Are training needs identified for functions

performed?
Where there is need, is training offered or
provided?
7.2.9 Are person(s) taking the certification

decisions knowledgeable on the :
• applicable standard;
• certification requirements;
• have demonstrated competence to
evaluate the audit processes; and
related recommendations of the
audit team?
7.2.10 Does documented procedures and criteria

for monitoring and measurement of
performance of all personnel exist?
Competence reviewed to identify training
needs?
7.2.11 Do procedures include a combination of

on-site observation, review of audit
reports and feedback from customers or
from the market?
7.2.12 Does the CB periodically observe the

performance of each auditor on-site?
Is the frequency of on-site observations
based on need determined from all
monitoring information available?

SADCAS F 40 (a)

REFERENCES
7.3 Use of individual external auditors and
external technical experts
Does a CB have a written agreement with
external auditors and external technical
experts in place by which they commit
themselves to comply with applicable
policies and procedures as defined?
Does the agreement address all relevant
aspects?
7.4 Personnel records

Does the CB maintain up-to-date
personnel records including:
• Relevant qualifications;
• Training;
• Experience;
• Affiliations;
• Professional status;
• Competence; and
• Any relevant consultancy services?
Does this include management and
administrative personnel in addition to
those performing certification activities?
7.4 Personnel records (cont.)
7.5 Outsourcing
7.5.1 Does the CB have a process in which it
describes the conditions under which
outsourcing may take place?
Legally enforceable agreement with each
body that provides outsourced services?
See Notes
7.5.2 Is the CB outsourcing certification

decisions?
7.5.3 Does the CB:

a) take responsibilities for all activities
outsourced?
b) ensure that the body that provides
outsources activities:
conforms to the CB’s requirements
conforms to the applicable provisions
of this international standard
including competence, impartiality
and confidentiality?
c) ensure that the outsourced services are
not involved in any way that impartiality
could be compromised?

SADCAS F 40 (a)

REFERENCES
7.5.4 Documented procedures for the
qualification and monitoring of all
outsourced services used for certification
activities?
Records of the competence of auditors
and technical experts maintained?
8 Information requirements
8.1 Publicly accessible information
8.1.1 Does the CB maintains and make publicly
accessible or provide upon request
information describing its audit processes,
certification processes and about the
certification activities, types of
management systems and geographical
areas in which it operates?
8.1.2 Is the information provided by the CB to
any client or to the market place including
advertising accurate and not misleading?
8.1.3 Does the CB make publicly accessible

information about certifications granted,
suspended or withdrawn?
8.1.4 Does the CB on request from any party

provide means to confirm the validity of a
given certification:
See Notes
8.2 Certification documents

8.2.1 Does the CB provide certification
documents to the certified client by any
means it chooses?
8.2.2 Is the effective date on a certification

document the date before the
certification decision?
8.2.3 Does the certification document(s)

identify the following:
a) the name and geographic location of each
client and any sites within the scope of a
multi-site certification?
b) the dates of granting, extending or
renewing certification?
c) the expiry date or re-certification due date
consistent with the re-certification cycle?
d) a unique identification code?
e) the standard and/or other normative
document including issue number and/or
revision used for the certified customer?

SADCAS F 40 (a)

REFERENCES
8.2.3 cont.
f) the scope of certification with respect to
product (including service), process, etc,
as applicable at each site?
g) the name, address and certification mark
of the CB; other marks (e.g. accreditation
symbol)?
h) any other information required by the
standard and/or other normative
document used for certification?
i) in the event of issuing any revised
certification documents, a means to
distinguish the revised documents from
any prior obsolete documents?
8.3 Directory of certified customers

Does the CB maintain and make publicly
accessible or provide upon request, by any
means it chooses, a directory of valid
certifications? See 8.3 for directory
detail.
8.4 Reference to certification and use of

marks
8.4.1 Does the CB have a policy governing any
mark that it authorizes certified customers
to use? See 8.4.1 and ISO/IEC 17030 for
detail.
Is the mark used on a product or product
packaging seen by the consumer?
8.4.2 Does the CB permit its mark to be applied

to laboratory test, calibration or
inspection reports?
8.4.3 Does the CB require that the client

organization:
a) conforms to the requirements of the CB
when making reference to its certification
status in communication media?
b) does not make or permit any misleading
statement regarding its certification?
c) does not use or permit the use of a
certification document or any part thereof
in a misleading manner?
d) upon suspension or withdrawal of its
certification discontinues its use of all
advertising matter that contains a
reference to certification, as directed by
the CB? (See 9.6.3 and 9.6.6)
e) amends all advertising matter when the
scope of certification has been reduced?

SADCAS F 40 (a)

REFERENCES
8.4.3 cont..
f) does not allow reference to its

management system certification to be
used to imply that the CB certifies a
product (including service) or process?
g) does not imply that the certification
applies to activities that are outside the
scope of certification ? and
h) does not use its certification in such a
manner that would bring the CB and/or
certification system into disrepute and
lose public trust?
8.4.4 Does the CB exercise proper control of

ownership and take action to deal with
incorrect references to certification status
or misleading use of certification marks or
audit reports?
See Note
8.5 Confidentiality
8.5.1 / 8.5.5
Does the CB through legally enforceable
agreements have a policy and
arrangements to safeguard the
confidentiality of the information at all
levels of its structure, including
committees and external bodies or
individuals acting on its behalf?
8.5.2 Client informed by the CB of the

confidential information it intends to
place in the public domain?
8.5.3 Except as required in this international

standard, is information about a particular
client or individual disclosed to a third
party without the written consent of the
client or individual concerned?
Where the CB is required by law to release

confidential information to a third party, is
the customer or individual concerned,
unless regulated by law, notified in
advance of the information provided?
8.5.4 Is information about the client treated as

confidential, consistent with the CB’s
policy?

SADCAS F 40 (a)

REFERENCES
8.5.5 Do all personnel acting on the CB’s behalf
keep confidential all information obtained
or created during the performance of the
CB’s activities?
8.5.6 Does the CB have available and use

equipment and facilities that ensure the
secure handling of confidential
information (e.g. documents, records)?
8.5.7 When confidential information is made

available to other bodies (e.g. AB,
agreement group of a peer assessment
scheme) does the CB inform its client of
this action?
8.6 Information exchange between a CB and

its customers
8.6.1 Information on the certification activity
and requirements
Does the CB provide and update clients on

the following:
a) a detailed description of the initial and
continuing certification activity including
the application, initial audits, surveillance
audits and the process for granting,
maintaining, reducing, extending,
suspending, withdrawing certification and
re-certification?
b) The normative requirements for
certification?
c) Information about the fees for application,
initial certification and continuing
certification?
d) The CB’s requirements for the prospective
customer:
1- To comply with certification
requirements?
2- To make all necessary arrangements
for the conduct of the audits including
provision for examining
documentation and the access to all
processes and areas, records and
personnel for the purposes of initial
certification, surveillance, re-
certification and resolution of
complaints, and?
3- To make provisions where applicable
to accommodate the presence of
observers (e.g. accreditation auditors
or trainee auditors)?

SADCAS F 40 (a)

REFERENCES
e) Documents describing the rights and
duties of certified clients including
requirements when making reference to
its certification in communication of any
kind in line with the requirements in 8.4?
f) Information on procedures for handling
complaints and appeals?
8.6.2 Notice of changes by a CB
Does the CB give its certified clients due
notice of any changes to its requirements
for certification?
Does the CB verify that each certified
client complies with the new
requirements?
See Note
8.6.3 Notice of changes by a client
Legally enforceable arrangements to
ensure that the certified customer informs
the CB of matters that may affect the
management system’s ability to continue
to fulfill the requirements of the standard
used for certification?
See examples a) to e) in the standard
9 Process requirements
9.1 General requirements
9.1.1 Audit programme
9.1.1.1 Is the audit programme for the full
certification cycle developed and does it
clearly identify the audit activity(ies)
required for certification to the selected
standard(s) or other normative
documents?
9.1.1.2 Does the audit programme include a two-
stage initial audit, surveillance audits in
the 1st and 2nd years and a re-certification
audit in the 3rd year prior to expiration of
certification? (The 3-year certification
cycle begins with the certification or re-
certification decision).
9.1.1.3 Where a CB is taking account of
certification or other audits already
granted to the customer, does it collect
sufficient, verifiable information to justify
and record any adjustments to the audit
programme?
9.1.2 Audit plan
9.1.2.1 General
Is an audit plan established for each audit
to provide the basis for agreement
regarding the conduct and scheduling of
the audit activities?

SADCAS F 40 (a)

REFERENCES
Is the audit plan based on documented
requirements of the certification body?
9.1.2.2 Determining audit objectives, scope and

criteria
9.1.2.2.1 Does the CB determine the audit

objectives?
Is the audit scope and criteria including
changes established by the CB after
discussions with the client?
9.1.2.2.2 Are audit objectives describe what is to be

accomplished by the audit and does it
include the following:
a) determination of the conformity of the

client’s management system, or parts of it,
with the audit criteria
b) evaluation of the ability of the
management system to ensure the client
organization meets applicable statutory,
regulatory and contractual requirements
See Note
c) evaluation of the effectiveness of the
management system to ensure the client
organization is continually meeting its
specified objectives
d) as applicable, identification of areas of
potential improvement of the management
system
9.1.2.2.3 Does the audit scope describe the extent

and boundaries of the audit? Where the
initial or re-certification process consists of
more than one audit, are total audits
consistent with the scope in the
certification?
9.1.2.2.4 Is the audit criteria used as a reference

against which conformity is determined and
does it include:
• The requirements of a defined normative
document on management systems
• The defined processes and documentation
of the management system developed by
the client
9.1.2.3 Preparing the audit plan

Is the audit plan appropriate to the
objectives and the scope of the audit and

SADCAS F 40 (a)

REFERENCES
9.1.2.3 Preparing the audit plan (cont.)
Does it at least include or refer to the

following:
a) The audit objectives
b) The audit criteria
c) The audit scope including identification of
the organizational and functional units or
processes to be audited
d) The dates and sites where the on-site audit
activities are to be conducted including
visits to temporary sites, as appropriate
e) The expected time and duration of on-site
audit activities
f) The roles and responsibilities of the audit
team members and accompanying persons
See Notes 1 and 2
9.1.3 Audit team selection and assignments
9.1.3.1 Process in place for selecting and

appointing the audit team taking into
account the competence needed to achieve
the objectives of the audit?
Where there is only one auditor, is the
auditor competent to perform?
9.1.3.2 In deciding the size and composition of the

audit team was the following considered:
a) audit objectives, scope, criteria and

estimated time of the audit
b) whether the audit is a combined, integrated
or joint audit
c) the overall competence of the audit team
needed to achieve the objectives of the
audit
d) certification requirements (including any
applicable statutory, regulatory or
contractual requirements?
e) Language and culture
f) Whether the members of the audit team
have previously audited the client’s
management system.
9.1.3.3 Where the necessary knowledge and skill of

the audit team leader and auditors was
supplemented by technical experts,
translators and interpreters, were they
selected such that they do not unduly
influence the audit?

SADCAS F 40 (a)

REFERENCES
9.1.3.4 Where auditors-in-training are included in
the audit team as participants, was an
evaluator appointed?
Was the evaluator competent to take over

the duties and have final responsibility for
the activities and findings of the auditor-in-
training?
9.1.3.5 Does the audit team leader, in consultation

with the audit team assign to each team
member responsibility for specific
processes, functions, sites, areas or
activities and are such assignments taking
into account the need for competence?
Were changes to assignments made to
ensure achievement of the audit
objectives?
9.1.4 Determining audit time

9.1.4.1 Does the CB have documented procedures
for determining audit time need to plan and
accomplish a complete and effective audit?
Does the procedure include or make
reference to the relevant annexes in the IAF
GD2 and GD6 documents?
In determining the audit time, does the CB

consider among other things the following
aspects:
a) The requirements of the management

system standard?
b) Size and complexity?
c) Technological and regulatory context?
d) Any outsourcing?
e) The results of any prior audits?
f) Number of sites and multi-site
considerations?
g) The risks associated with the product,
processes or activities of the organization?
h) When audits are combined, joint or
integrated?
i) Specific criteria for specific certification
scheme where established?
9.1.4.2 Does the CB include time spent by any

team member that is not assigned as an
auditor?

SADCAS F 40 (a)

REFERENCES
9.1.5 Multi-site sampling
Where multi-site sampling is utilized, did
the CB develop an adequate sampling
programme to ensure proper audit of the
management system?
Is the rationale for the sampling plan
documented? (IAF guidance applies)
9.1.6 Communication of audit team tasks

Are the tasks given to the audit team
defined and make known to the client?
Does the audit team:
a) Examine and verify the structure, policies,

processes, procedures, records and related
documents of the customer organization
relevant to the management system?
b) Determine that these meet all the
requirements relevant to the intended
scope of certification?
c) Determine that the processes and
procedures are established, implemented
and maintained effectively, to provide a
basis for confidence in the client
management system? and
d) Communicate to the customer, for its
action, any inconsistencies between the
customer’s policy, objectives and targets
and the results?
9.1.7 Communication concerning audit team

members
Does the CB provide the name and, when
requested, make available background
information of each member of the audit
team with sufficient time for the client
organization to object to the appointment
of any particular auditor or technical expert
and for the CB to reconstitute the team in
response to any valid objection?
9.1.8 Communication of audit plan

Is the audit plan communicated and the
dates of the audit agreed upon, in advance,
with the client organization?
9.1.9 Conducting on-site audits

9.1.9.1 General
Does the CB have a process for conducting

SADCAS F 40 (a)

REFERENCES
9.1.9.1 General (cont.)
On-site audits?
Does the process include opening meeting
at the start of the audit and closing meeting
at the conclusion of the audit?
9.1.9.2 Conducting the opening meeting

Does the audit team have a formal opening
meeting with the client’s management and
those responsible for the functions or
processes to be audited?
Are the opening meeting conducted by the
Lead auditor?
Are audit activities explained including the
following:
a) Introduction of the participants including

an outline of their roles
b) Confirmation of the scope of certification
c) Confirmation of the audit plan (including
type and scope of audit, objectives and
criteria), any changes and other relevant
arrangements with the client such as the
date and time for the closing meeting,
interim meetings between the audit team
and client’s management
d) Confirmation of formal communication
channels between the audit team and the
client
e) Confirmation that the resources and
facilities needed by audit team are available
f) Confirmation of matters relating to
confidentiality
g) Confirmation of relevant work safety,
emergency and security procedures for the
audit team
h) Confirmation of the availability, roles and
identities of any guides and observers
i) The method of reporting including any
grading of audit findings
j) Information about the conditions under
which the audit may be prematurely
terminated
k) Confirmation that the audit team leader
and audit team representing the CB is
responsible for the audit and shall be in
control of executing the audit plan
including audit activities and audit trails

SADCAS F 40 (a)

REFERENCES
9.1.9.2 (cont.)
l) confirmation of the status of findings of the
previous review or audit, if applicable
m) methods and procedures to be used to
conduct the audit based on sampling
n) confirmation of the language to be used
during the audit
o confirmation that during the audit the
client will be kept informed of audit
progress and any concerns
p) opportunity for the client to ask questions
9.1.9.3 Communication during the audit
9.1.9.3.1 During the audit does the audit team

periodically assess audit progress and
exchange information and does the team
leader re-assign work as needed between
the audit team members and periodically
communicate the progress of the audit and
any concerns to the client?
9.1.9.3.2 Does the audit team leader report to the

client and where possible to the CB
presence of an immediate and significant
risk (e.g. safety)?
Is the outcome of the action taken reported
to the CB?
9.1.9.3.3 Does the team leader review with the client

any need for changes to the audit scope
which becomes apparent as on-site
auditing activities progress and report this
to the CB?
9.1.9.4 Observers and Guides

9.1.9.4.1 Observers
Prior to the conduct of the audit does the
client agree to the presence and
justification of observers during an audit
activity?
9.1.9.4.2 Guides
Does each auditor accompanied by a guide,
unless otherwise agreed to by the audit
team leader and the client?
Does the audit team ensure that guides do
not influence or interfere in the audit
process or outcome of the audit?
See Note

SADCAS F 40 (a)

REFERENCES
9.1.9.5 Collecting and verifying information
9.1.9.5.1 Is information relevant to the audit

objective, scope and criteria collected by
appropriate sampling and verified to
become audit evidence?
9.1.9.5.2 Are methods to collect information

included?
a) interviews
b) observation of processes and activities
c) review of documentation and records
9.1.9.6 Identifying and recording audit findings
9.1.9.6.1 Are audit findings summarizing conformity

and detailing non-conformity audits and its
supporting evidence recorded and
reported?
9.1.9.6.2 Where opportunities for improvement are

not prohibited by the requirements of a
management system scheme, are they
identified and recorded?
9.1.9.6.3 Is a finding of non-conformity recorded

against a specific requirement of the audit
criteria and does it contain a clear
statement of the non-conformity and
identify in detail the objective evidence on
which the non-conformity is based?
Are non-conformities discussed with the
client to ensure that the evidence is
accurate and that the non-conformities are
understood?
9.1.9.6.4 Does the audit team leader attempt to

resolve any diverging opinions between the
audit team and the client concerning audit
evidence on findings and are unresolved
points recorded?
9.1.9.7 Preparing audit conclusions

Prior to the closing meeting does the audit
team:
a) review the audit findings and any other

appropriate information collected during
the audit against the audit objectives
b) agree upon the audit conclusions taking
into account the uncertainty inherent in the
audit process

SADCAS F 40 (a)

REFERENCES
9.1.9.7 (cont.)
c) identify any necessary follow-up actions
d) confirm the appropriateness of the audit
programme or identify any modification
required (e.g. scope, audit time or dates,
surveillance frequency, competence)
9.1.9.8 Conduct the closing meeting
9.1.9.8.1 Does the team hold a formal closing

meeting with management and are non-
conformities presented in such a manner
that they are understood, and are
timeframes for responding agreed?
Is attendance recorded?
9.1.9.8.2 Does the closing meeting include the

following:
a) advising the client that the audit evidence
collected was based on sample of the
information; thereby introducing an
element of uncertainty
b) the method and timeframe of reporting
including any grading of audit findings
c) the certification body’s process for handling
nonconformities including any
consequences relating to the status of the
client’s certification
d) the timeframe for the client to present a
plan for correction and corrective action for
any nonconformities identified during the
audit
e) the CB’s post audit activities
f) information about the complaint handling
and appeal processes
9.1.9.8.3 Is the client given opportunity for

questions?
Are diverging opinions regarding the audit
findings or conclusions discussed, resolved
where possible?
Are unresolved diverging opinions recorded
and referred to the CB?
9.1.10 Audit report
9.1.10.1 Does the CB provide a written report for

each audit and is ownership of the report
maintained by the CB?
If the audit team identifies opportunities
for improvement, do they recommend
specific solutions?

SADCAS F 40 (a)

REFERENCES
9.1.10.2 Does the team leader ensure that the
report is prepared and takes responsibility
of the content of the report?
Does the report provide accurate, concise
and clear record of the audit and does it
include the following:
a) identification of the certification body

b) name and address of the client’s
management representative
c) type of audit (e.g. initial, surveillance or
recertification)
d) audit criteria
e) audit objectives
f) audit scope, particularly identification of
the organizational of functional units or
processes audited and the time of the audit
g) identification of the audit team leader,
audit team members and any
accompanying persons
h) dates and places where the audit activities
(on-site of offsite) were conducted
i) audit findings, evidence and conclusions,
consistent with the requirements of the
type of audit
j) any unresolved issues, if identified
9.1.11 Cause analysis of nonconformities
Does the CB require the client to analyze

the cause and describe the specific
correction and corrective actions taken or
planned to be taken to eliminate detected
non-conformities within a define timeline?
9.1.12 Effectiveness of corrections and corrective

actions
Does the CB review the corrections,

identified causes and corrective actions
submitted by the customer to determine if
these are acceptable?
Does the CB verify the effectiveness of any
correction and corrective action taken?
Is the evidence obtained to support the
resolution of non-conformities recorded?
Does the client get informed of the result of
the review and verification?
See Note

SADCAS F 40 (a)

REFERENCES
9.1.13 Certification decision
Is the client informed if an additional full
audit, an additional limited audit or
documented evidence (to be confirmed
during future surveillance audits) will be
needed to verify effective correction and
corrective actions?
9.1.14 Does the CB ensure that the persons or

committees that make the certification or
recertification decisions are different from
those who carried out the audits?
9.1.15 Actions prior to making a decision

Does the CB confirm, prior to making a
decision that:
a) The information provided by the audit team
is sufficient?
b) It has reviewed, accepted and verified the
effectiveness of corrections and corrective
actions for all non-conformities that
represent:
1- failure to fulfill one or more requirements
of the management system standard? or
2- a situation that raises significant doubt
about the ability of the customer’s
management system to achieve its
intended outputs
c) It has reviewed and accepted the client’s
planned correction and corrective action
for any other non-conformity?
9.2 Initial audit and certification

9.2.1 Application
Does the CB require an authorized

representative of the applicant organization
to provide the necessary information to
enable it to establish:
a) The desired scope of the certification?
b) The general features of the applicant
organization including its name and the
address(es) of its physical location(s),
significant aspects of its process and
operations and any relevant legal
obligations?
c) General information relevant for the field
of certification applied for, concerning the
applicant organization, such as its activities,
human and technical resources, functions
and relationship in a larger corporation, if
any?

SADCAS F 40 (a)

REFERENCES
9.2.1 (cont.)
d) Information concerning all outsourced

processes used by the organization that will
affect conformity to requirements?
e) The standards or other requirements for
which the applicant organization is seeking
certification?
f) Information concerning the use of
consultancy relating to the management
system?
9.2.2 Application review
9.2.2.1 Before proceeding with the audit does the

CB conduct a review of the application and
supplementary information for certification
to ensure that:
a) The information about the applicant and its

management system is sufficient for the
conduct of the audit?
b) The requirements for certification are
clearly defined and documented and have
been provided to the applicant
organization?
c) Any known difference in understanding
between the CB and the applicant
organization is resolved?
d) The CB has the competence and ability to
perform the certification activity?
e) The scope of certification sought, the
location(s) of the applicants organization’s
operations, time required to complete
audits and any other points influencing the
certification activity are taken into account
(language, safety conditions, threats to
impartiality, etc)?
f) Records of the justification for the decision
to undertake the audit shall be maintained?
9.2.2.2 Following the review of the application

does the CB accept or decline an
application or certification?
When declined, are reasons for declining
documented made clear to the client?
See Note

SADCAS F 40 (a)

REFERENCES
9.2.2.3 Based on this review does the CB
determine the competences it needs to
include in its audit team (see 7.2.7) and for
the certification decision (see 7.2.9)?
9.2.2.4 Is the audit team appointed and do they

have the totality of the competences
identified by the CB as set out in 9.2.2.3 for
the certification of the applicant
organization?
Is selection of the team performed with
reference to the designations of
competence of auditors and technical
experts made under 7.2.5?
9.2.2.5 Is the individual(s) who will be conducting

the certification decision appointed to
ensure appropriate competence is
available? (See 7.2.9 and 9.2.2.3)
9.2.3 Initial certification audit

Is the initial certification audit of a
management system conducted in two
stages – Stage 1 and Stage 2
9.2.3.1 Stage 1 audit
9.2.3.1.1 Is the stage 1 audit performed:
a) to audit the clients management system

documentation;
b) to evaluate the client’s location and site-
specific conditions and to undertake
discussions with the client’s personnel to
determine to the preparedness for the
Stage 2 audit;
c) to review the client’s status and
understanding regarding requirements of
the standard, in particular with respect to
the identification of key performance or
significant aspects, processes, objectives
and operation of the management system?
d) to collect necessary information regarding
the scope of the management, processes
and location(s) of the client, and related
statutory and regulatory aspects and
compliance (e.g. quality, environmental,
legal aspects of the client’s operation,
associated risks, etc.)?

SADCAS F 40 (a)

REFERENCES
9.2.3.1.1 (cont.)
e) to review the allocation of resources for

Stage 2 audit and agree with the client on
the details of the Stage 2 audit?
f) to provide a focus for planning the Stage 2
audit by gaining a sufficient understanding
of the client’s management system and site
operations in the context of possible
significant aspects?
g) to evaluate if the initial audits and
management review are being planned and
performed and that the level of
implementation of the management
system substantiates that the client is ready
for the Stage 2 audit?
For most management systems it is

recommended that at least part of the
Stage 1 audit be carried out at the client’s
premises in order to achieve the objectives
stated above.
9.2.3.1.2 Are Stage 1 audit findings documented and

communicated to the client organization
including identification of any areas of
concern that could be classified as non-
conformity during Stage 2 audit?
9.2.3.1.3 In determining the interval between Stage

1 and Stage 2, is consideration given to the
needs of the client to resolve areas of
concern identified during the Stage 1 audit?
The CB may also need to revise its
arrangement for Stage 2
9.2.3.2 Stage 2 audit
9.2.3.2.1 The purpose of the Stage 2 audit is to

evaluate the implementation including
effectiveness of the customer’s
management system.
Is the Stage 2 audit taking place at the
site(s) of the client?
Does it include at least the following:
a) Information and evidence about conformity

to all requirements of the applicable
management system standard or other
normative document?

SADCAS F 40 (a)

REFERENCES
9.2.3.2.1 (cont.)
b) performance monitoring, measuring,

reporting and reviewing against key
performance objectives and targets?
c) the client’s management system and
performance as regards legal compliance?
d) operational control of the client’s
processes?
e) internal auditing and management review?
f) management responsibility for the client
organization’s policies?
g) links between the normative requirements,
policy, performance objectives and targets,
any applicable legal requirements,
responsibilities, competence of personnel,
operations, procedures, performance data
and internal audit findings and conclusions?
9.2.4 Initial certification audit conclusions
Does the audit team analyze all information

and audit evidence gathered during the
Stage 1 and Stage 2 audits to review the
audit findings and agree on the audit
conclusions?
9.2.5 Information for granting initial

certification
9.2.5.1 Does the information provided by the audit

team to the CB for the certification decision
include as a minimum:
a) the audit reports?

b) comments on the nonconformities and,
where applicable, the correction and
corrective actions taken by the client?
c) confirmation on the information provided to
the certification body used in the
application review? (See 9.2.2) and
d) a recommendation whether or not to grant
certification together with any conditions
or observations?
9.2.5.2 Does the CB make the certification decision

on the basis of an evaluation of the audit
findings and conclusions and any other
relevant information (e.g. public
information, comments on the audit report
from the customer)?

SADCAS F 40 (a)

REFERENCES
9.3 Surveillance activities
9.3.1 General
9.3.1.1 Did the CB develop its surveillance activities

so that representative areas and functions
covered by the scope of the management
system are monitored on a regular basis
and take into account changes to its
certified client and its management
system?
9.3.1.2 Do surveillance activities include on-site

audits assessing the certified client’s
management system fulfillment of specified
requirements with respect to the standard
to which the certification is granted?
Other surveillance activities may include:
a) Enquiries from the CB to the certified on

aspects of certification;
b) Reviewing any client’s statements with
respect to its operations (e.g. promotional
material, website);
c) Requests to the client to provide
documents and records (on paper or
electronic media); and
d) Other means of monitoring the certified
client’s performance.
9.3.2 Surveillance audit
9.3.2.1 Are on-site audits planned with other

surveillance activities, so that the CB can
maintain confidence that the certified
management continues to fulfill
requirements in between re-certification
audits?
Does the surveillance audit programme
include at least:
a) Internal audits and management review?

b) Review of action taken on non-conformities
identified during the previous audits?
c) Treatment of complaints?
d) Effectiveness of the management system
with regard to achieving the certified
client’s objectives?
e) Progress of planned activities aimed at
continual improvement?

SADCAS F 40 (a)

REFERENCES
9.3.2.1 (cont.)
f) continuing operational cost?
g) review of any changes? and
h) use of marks and/or any other reference to
certification?
9.3.2.2 Are surveillance audits conducted at least

once a year?
Is the date of the 1st surveillance audit
following initial certification not more than
12 months from the last day of the Stage 2
audit?
9.3.3 Maintaining certification
Does the CB maintain certification based on

demonstration that the client continues to
satisfy the requirements of the
management system standard?
Does the CB maintain an organization’s

certification based on a positive
recommendation by the audit team leader
without further independent review
provided that:
a) For any nonconformity or other situation

that may lead to suspension or withdrawal
of certification, the CB needs to initiate a
review by appropriately competent
personnel different from those who carried
out the audit to determine whether
certification can be maintained? (See 7.2.9)
and
b) Competent personnel of the CB monitor its
surveillance activities, including monitoring
the reporting by its auditors, to confirm
that the certification activity is operating
effectively?
9.4 Re-certification
9.4.1 Re-certification cycle
9.4.1.1 Is a re-certification audit planned and
conducted to evaluate the continued
fulfillment of all the requirements of the
relevant management system standard or
other normative document?
9.4.1.2 Does the re-certification audit consider the

performance of the management system
over the period of certification and include
the review of previous surveillance audit
reports?

SADCAS F 40 (a)

REFERENCES
99.4.1.3 In situations where they have been
significant changes (e.g. changes to
legislation, management, processes, etc.)
do the re-certification audit activities
include a Stage 1 audit?
9.4.1.4 In the case of multiple sites or certification

multiple management system standards
being provided by the CB, does the
planning for the audit ensure adequate on-
site audit coverage to provide confidence in
the certification?
9.4.2 Re-certification audit
9.4.2.1 Does the re-certification audit include an

on-site audit that addresses the following:
a) the effectiveness of the management

system?
b) demonstrated commitment to maintain the
effectiveness and improvement?
c) whether the operation of the certified
management system contributes to the
achievement of the organization’s policy
and objectives?
9.4.2.2 When during a re-certification audit

instances of nonconformity or lack of
evidence of conformity are identified, does
the CB define time limits for correction and
corrective actions to be implemented prior
the expiry of certification?
9.4.3 Information for granting re-certification
Does the CB make decisions on renewing

certification based on:
• The results of re-certification audit?

• The results of the review of the system over
the period of certification? and
• The complaints received from users of
certification?

SADCAS F 40 (a)

REFERENCES
9.5 Special audits
9.5.1 Extensions to scope

Does the CB in response to an application
for extension to the scope of a certification
already granted, undertake a review of the
application and determine any audit
activities necessary to decide whether or
not the extension may be granted? (This
may be conducted in conjunction with a
surveillance audit)
9.5.2 Short-notice audits

If it is necessary for the CB to conduct
audits of certified clients at short notice to
investigate complaints (see 9.8) or in
response to changes (see 8.6.3) or as follow
up on suspended customers (see 9.6):
a) Does the CB describe and make known in

advance to the certified clients (e.g. in
documents as described in 8.6 1) the
conditions under which these short notice
visits are to be conducted? And
b)
c) Does the CB exercise additional care in the
assignment of the audit team because of
the lack of opportunity for the client to
audit team members?
9.6 Suspending, withdrawing or reducing

scope of certification
9.6.1 Does the CB have a policy and documented
procedure(s) for suspension, withdrawal or
reduction of the scope of certification and
does it specify the subsequent actions by
the CB?
9.6.2 Does the CB suspend certification in cases

when for example:
• The customer’s certified management

system has persistently or seriously failed
to meet certification requirements
including requirements for the
effectiveness of the management system?
• The certified client does not allow
surveillance or re-certification audits to be
conducted at the required frequencies? or
• The certified client has voluntarily
requested a suspension?

SADCAS F 40 (a)

REFERENCES
9.6.3 Under suspension the customer’s
management system certification is
temporarily invalid.
Does the CB have enforceable

arrangements with its clients to ensure that
in case of suspension the client refrains
from further promotion of its certification?
Does the CB make the suspended status of

the certification publicly available (see
8.1.3) and take any other measures it
deems appropriate?
9.6.4 Does failure to resolve the issues that have

resulted in the suspension in a time
established by CB result in withdrawal or
reduction of the scope of certification?
See Note
9.6.5 Does the CB reduce the customer’s scope

of certification to exclude the parts not
meeting the requirements when the client
has persistently or seriously failed to meet
the certification requirements for those
parts of the scope of certification?
9.6.6 Does the CB have enforceable

arrangements with the certified customer
concerning conditions of withdrawal (see
8.4.3 d) ensuring upon notice of withdrawal
of certification that the customer
discontinues its use of all advertising matter
that contains any reference to a certified
status?
9.7 Appeals
9.7.1 Does the CB have a documented process to

receive, evaluate and make decisions on
appeals?
9.7.2 Is a description of the appeals handling

process publicly available?

SADCAS F 40 (a)

REFERENCES
9.7.3 Is the CB responsible for all decisions at all
levels of the appeals handling process?
Does the CB ensure that the persons

engaged in appeals handling process are
different from those who carried out the
audits and made the certification decisions?
9.7.4 Do submission, investigation and decision

on appeals result in any discriminatory
actions against the appellant?
9.7.5 Does the appeal handling process include at

least the following elements and methods:
a) an outline of the process for receiving,

validating, investigating the appeal and for
deciding what actions are to be taken in
response to it, taking into account the
results of previous similar appeals;
b) tracking and recording appeals including
actions undertaken to resolve them;
c) ensuring that any appropriate correction
and corrective action is taken.
9.7.6 Does the CB acknowledge receipt of the

appeal and provide the appellant with
progress reports and the outcome?
9.7.7 Are the decision to be communicated to

the appellant made by, or reviewed and
approved by, individual(s) not previously
involved in the subject of the appeal?
9.7.8 Does the CB give formal notice of the end

of the appeal handling process to the
appellant?
9.8 Complaints
9.8.1 Is a description of the complaints handling
process publicly accessible?
9.8.2 Upon receipt of a complaint does the CB

confirm whether the complaint relates to
certification activities that is responsible for
and, if so, deals with?
If the complaint relates to a certified client

does the examination of the complaint
consider the effectiveness of the certified
management system?

SADCAS F 40 (a)

REFERENCES
9.8.3 Is a complaint about a certified client also
referred by the CB to the certified client in
question at an appropriate time?
9.8.4 Does the CB have a documented process to

receive, evaluate and make decisions on
complaints?
Is this process subject to requirements for

confidentiality as it relates to the
complainant and to the subject of the
complaint?
9.8.5 Does the complaints handling process

include at least the following elements and
methods:
a) an outline of the process for receiving,

validating, investigating the complaint and
for deciding what actions are to be taken
in response to it?
b) tracking and recording complaints including

actions undertaken to resolve them?
c) ensuring that an appropriate correction and

corrective actions are taken?
See Note
9.8.6 Is the CB receiving the complaint

responsible for gathering and verifying all
necessary information to validate the
complaint?
9.8.7 Whenever possible does the CB

acknowledge receipt of the complaint and
provide the complainant with progress
reports and the outcome?
9.8.8 Is the decision to be communicated to the

complainant made by, or reviewed and
approved by, individual(s) not previously
involved in the subject of the complaint?
9.8.9 Whenever possible does the CB give formal

notice of the end of the complaint handling
process to the complainant?

SADCAS F 40 (a)

REFERENCES
9.8.10 Does the CB determine together with the
client and the complainant whether and, if
so to what extent, the subject of the
complaint and its resolution shall be made
public?
9.9 Records of applicants and clients

9.9.1 Does the CB maintain records on the audit
and other certification activity for all clients
including all organizations that submitted
applications and all organizations audited,
certified or with certification withdrawn?
9.9.2 Do the records on certified clients include

the following:
a) application information and initial,

surveillance and re-certification audit
reports?
b) certification agreement?
c) justification of the methodology used for
sampling?
d) justification for auditor time
determination? (See 9.1.4)
e) verification of correction and corrective
actions?
f) records of complaints and appeals and any
subsequent correction and corrective
actions?
g) committee deliberations and decisions, if
applicable?
h) documentation of the certification
decisions?
i) certification documents including the scope
of certification with respect to product,
process or services as applicable?
j) related records necessary to establish the
credibility of the certification such as
evidence of the competence of auditor and
technical expert?
See Note
9.9.3 Does the CB keep the records on applicants

and customers, secure to ensure that the
information is kept confidential?
Are records transported, transmitted or

transferred in a way that ensures that
confidentiality is maintained?

SADCAS F 40 (a)

REFERENCES
9.9.4 Does the CB have a documented policy and
documented procedures on retention of
records?
Are records retained for the duration of the

current cycle plus one (1) full certification
cycle?
See Note
10 Management system requirements for

CBs
10.1 Options
In addition to meeting the requirements of
Clauses 5 to 9 did the CB implement a
management system in accordance with
either:
a) Management system requirements in

accordance with ISO 9001 (Option 1)? or
b) General management system requirements
(Option 2)?
10.2 Option 1: Management system

requirements in accordance with ISO 9001
10.2.1 General
Is the ISO 9001 system capable of
supporting and demonstrating the
consistent achievement of the
requirements of this international standard,
amplified by 10.2.2 to 10.2.4?
10.2.2 Scope
Does the scope of the management system

include the design and development
requirements for its certification services?
10.2.3 Customer Focus

Does the CB consider the credibility of
certification and address the needs of all
parties (as set out in 4.1.2) that rely upon
its audit and certification services, not just
its clients?
10.2.4 Management review
Does the CB include as input for
management review information on
relevant appeals and complaints from users
of certification activities?

SADCAS F 40 (a)

REFERENCES
10.3 Option 2: General management system
requirements
10.3.1 General
Does the CB establish, document,
implement and maintain a management
system that is capable of supporting and
demonstrating the consistent achievement
of the requirements of this international
standard?
Does the CB’s top management establish
and document policies and objectives for its
activities?
Does top management provide evidence of
its commitment to the development and
implementation of the management
system in accordance with the
requirements of this international
standard?
Does top management ensure that the
policies are understood, implemented and
maintained at all levels of the certification
body’s organization?
Did the CB’s top management appoint a
member of management who, irrespective
of other responsibilities, shall have
responsibility and authority that includes:
a) Ensuring that processes and procedures

needed for the management system are
established, implemented and maintained?
and
b) Reporting to top management on the
performance of the management system
and any need for improvement?
10.3.2 Management system manual

Are all applicable requirements of this
international standard addressed either in a
manual or in associated documents?
Does the CB ensure that the manual and
relevant associated documents are
accessible to its personnel?
10.3.3 Control of documents
Did the CB establish procedures to control

the documents (internal and external) that
relate to the fulfillment of this international
standard?

SADCAS F 40 (a)

REFERENCES
Does the procedures define the control
needed:
a) To approve documents for adequacy prior
to issue?
b) To review and update as necessary and
approve documents?
c) To ensure that changes and the current
revision status of documents are identified?
d) To ensure that relevant versions of
applicable documents are available at
points of use?
e) To ensure that documents remain legible
and readily identifiable?
f) To ensure that documents of external origin
are identified and their distribution
controlled? and
g) To prevent the unintended use of obsolete
documents and to apply suitable
identification to them if they are retained
for any purpose?
See Note
10.3.4 Control of records
Does the CB establish procedures to define
the controls needed for the identification,
storage, protection, retrieval, retention
time and disposition of its records related
to the fulfillment of this international
standard?
Does the CB establish procedures for
retaining records for a period consistent
with its contractual and legal obligations?
Is access to these records consistent with
the confidentiality arrangements?
See Note
10.3.5 Management review

10.3.5.1 General
Did the CB’s top management establish
procedures to review its management
system at planned intervals to ensure its
continuing suitability, adequacy and
effectiveness including the stated policies
and objectives related to the fulfillment of
this international standard?
Are these reviews conducted at least once a
year?

SADCAS F 40 (a)

REFERENCES
10.3.5.2 Review inputs
Does the input to management review
include information related to:
a) Results of internal and external audits?
b) Feedback from clients and interested
parties related to the fulfillment of this
international standard?
c) Feedback from the committee for
safeguarding impartiality?
d) Status of preventive and corrective actions?
e) Follow-up actions from previous
management reviews?
f) Fulfillment of objectives?
g) Changes that could affect the
management? and
h) Appeals and complaints?
10.3.5.3 Review outputs
Do the outputs from the management

review include decisions and actions
related to:
a) Improvement of the effectiveness of the
management system and its processes?
b) Improvement of the certification services
related to the fulfillment of this
international standard? and
c) Resource needs?
10.3.6 Internal audits

10.3.6.1 Does the CB establish procedures for
internal audits to verify that it fulfills the
requirements of this international standard
and that the management system is
effectively implemented and maintained?
See Note
10.3.6.2 Is an audit programme planned taking into
consideration the importance of the
processes and areas to be audited as well
as the results of previous audits?
10.3.6.3 Are internal audits performed at least once

every 12 months?
10.3.6.4 Does the CB ensure that :
a) Internal audits are conducted by qualified

personnel knowledgeable in certification,
auditing and the requirements of this
international standard?
b) Auditors shall not audit their own work?

SADCAS F 40 (a)

REFERENCES
10.3.6.4 (cont.)
c) Personnel responsible for the area audited
are informed of the outcome of the audit?
c) Any actions resulting from internal audits
are taken in a timely and appropriate
manner? and
d) Any opportunities for improvement are
identified?
10.3.7 Corrective actions

Does the CB establish procedures for
identification and management of non-
conformities in its operations?
Does the CB also, where necessary, take
actions to eliminate the causes of non-
conformities in order to prevent
recurrence?
Are corrective actions appropriate to the
impact of the problem encountered?
Do the procedures define requirements for:
a) Identifying non-conformities (e.g. from

complaints and internal audits)?
b) Determining the causes of non-conformity?
c) Correcting non-conformities?
d) Evaluating the need for actions to ensure
that non-conformities do not recur?
e) Determining and implementing in a timely
manner the actions needed?
f) Recording the results of actions taken? and
g) Reviewing the effectiveness of corrective
actions?
10.3.8 Preventive actions

Does the CB establish procedures for taking
preventive actions to eliminate the causes
of potential non-conformities?
Are preventive actions taken appropriate to
the probable impact of the potential
problems?
Do the procedures for preventive actions

define requirements for:
a) Identifying potential non-conformities and

their causes?
b) Evaluating the need for action to prevent
NN the occurrence of non-conformities?
Determining and implementing the action
needed?

SADCAS F 40 (a)

REFERENCES
10.3.8 (cont.)
c) Recording the results of actions taken? and

d) Reviewing the effectiveness of the
preventive actions?
See Note
Additional /General Comments (This space may be used to expand on comments in specific sections)
Signed Date:
Lead /Technical Assessor:

Checklist Iso/iec 17021:2011

Uploaded by

Copyright:

Available Formats

Checklist Iso/iec 17021:2011

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Checklist Iso/iec 17021:2011

Uploaded by

Copyright:

Available Formats

SADCAS F 40 (a)

SADCAS Ref. No:

CHECKLIST ISO/IEC 17021:2011

The report covers the following:

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

5.1.1 Legal responsibility

5.1.2 Certification agreement

5.1.3 Responsibility for certification decisions

Issue No: 1 Page 1 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

Issue No: 1 Page 2 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

5.2.9 Are the CB’s activities marketed or linked

5.2.10 Does CB ensure no conflict of interest of

5.2.11 Is action taken to respond to any threats

5.2.12 Does all CB personnel, internal, external or

5.2.13 Does the CB require all personnel to reveal

5.3 Liability and Financing

5.3.2 Does the CB evaluate its finances and sources

Issue No: 1 Page 3 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

6.1.2 Does the CB identify the top management

6.1.3 Formal rules for the appointment, terms

6.2 Committee for safeguarding impartiality

Issue No: 1 Page 4 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

6.2.3 Are key interests identified and invited to

7.1.1 Does a CB have a process to ensure that

7.1.2 Are competence requirements deter-

7.1.3 Evaluation processes

Issue No: 1 Page 5 of 41 Date: 2013-01-18

CB’S COMMENT BY ASSESSOR

7.1.4 Other considerations

7.1.4.2 Does the CB have access to the necessary

7.2 Personnel involved in the certification

7.2.1 Does the CB as part of its own

7.2.2 Does the CB employ or have access to a

7.2.3 Does the CB make clear to each person

7.2.4 Does the CB have defined processes for:

Does the initial competence evaluation of

7.2.5 Does the CB have a process to achieve and

Issue No: 1 Page 6 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

7.2.6 Are auditors and technical experts

7.2.7 Are auditors and technical experts used in

7.2.8 Are training needs identified for functions

7.2.9 Are person(s) taking the certification

7.2.10 Does documented procedures and criteria

7.2.11 Do procedures include a combination of

7.2.12 Does the CB periodically observe the

Issue No: 1 Page 7 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

7.4 Personnel records

7.4 Personnel records (cont.)

7.5.2 Is the CB outsourcing certification

7.5.3 Does the CB:

Issue No: 1 Page 8 of 41 Date: 2013-01-18

ISO/IEC 17021 REQUIREMENTS CB’S COMMENT BY ASSESSOR

8.1.3 Does the CB make publicly accessible