The competence of management system auditors and the development of part 2 of ISO/IEC and its relationship with ISO/IEC19011 D Iain Muir ISO/CASCO WG 21 Accreditation Manager, SABS
Topics for Discussion Background – the early days The certification explosion Industry concerns ISO/IEC ISO/IEC – part 2 ISO/IEC – the future
ISO 9000 series of Standards ISO 9001 is Twenty years Old this Year!
The Past The origins of system certification and what we know today as ISO 9000 are intertwined. Generally accepted that ISO 9000 has its roots in military purchasing – the DEF standards in the UK and the MIL standards in the US. NATO developed the AQAPS in the late sixties. The seventies saw the publication of BS 9000 for quality assurance in the electronics industry. In 1974 BSI published BS 5179 – “Operation and evaluation of quality assurance systems” and in 1979 BS 5750 “Quality Systems.” The SABS also published SABS 0157 in 1979.
The Past Third party certification probably owes its existence to a 1982 British Government white paper No 8621 “Standards, Quality and International Competitiveness - using certification as a marketing tool.” In the early days the third party assessors had little training and came largely from military purchasing backgrounds. SABS 0157 and BS 5750 were based on the UK DEF standard and were contractual documents primarily agreeing on a standard of production and quality between the purchaser and supplier of the goods.
The new beginning From the early beginnings of quality in the early eighties, third party management system certification has grown into a multi million industry – whatever currency you wish to use. Quality Management Systems – from 1979 First ISO QMS standard in 1987 First ISO EMS Standard in 1996 Information management Food safety management Occupational health and safety management systems
The New Beginning
Governance Although the first series of ISO 9000 standards were published in 1987 it took a few years to instill governance in third party certification. Accreditation bodies had been largely involved with laboratories and third party management system accreditation was new to them. Accreditation bodies needed some formal process to accredit third party management system certification bodies – hence the introduction of ISO Guide 62. In the mid 90’s an ISO document dealing with auditor competence – at least for QMS auditors – ISO was drafted.
The Certification Explosion From the late nineties to day the management system certification business has grown – QMS certificates around the 1 million! Unfortunately with this massive increase, the certification business began to draw an undesireable element and ISO become very concerned with the abuse of its flagship product.
Industry Concerns Industry began to voice its concern – in particular from the automotive sector who could not understand that parts suppliers – although certificated or registered to ISO 9001 were still delivering non conforming product to the OEMs. Much of the cause for concern was placed on the competency of management system auditors – this was soon expanded to include all of the players in the conformity assessment arena – the auditors, the certification bodies, the accreditation bodies, the IAF and even ISO itself.
What Did ISO Do? ISO through CASCO (The ISO Committee on Conformity Assessment) took industry concerns very seriously. High level talks were held with the major players in the third party management system certification and accreditation business. CASCO began work on a project to replace ISO Guide 62 (QMS) and ISO Guide 66 (EMS).
ISO 17021: To replace Guides 62 and 66 with a requirements standard 2.To be applicable to any management systems 3.To incorporate IAF guidance 4.To incorporate latest technology 5.To be consistent with the common elements (WG23) 6.Principles-based performance requirements (where possible) Intent of WG21 for 17021
ISO/IEC 17021:2006 Conformity assessment—Requirements for bodies providing audit and certification of management systems Published 15 September 2006 SANS Published November 2006
ISO ISO/IEC 17021:2006 Principles Structural requirements Resource requirements – including competence Information requirements Process requirements Management system requirements for certification bodies
ISO/IEC 17021:2006 Principles competence responsibility openness confidentiality responsiveness to complaints impartiality
Competence ISO lays down requirements for personnel involved in the certification activities. “7.2.1 The certification body shall have, as part of its own organisation, personnel having sufficient competence for managing the type and range of audit programmes and other certification work performed.” “7.2.5 The certification body shall have a process to achieve and demonstrate effective auditing, including the use of auditors and audit team leaders possessing generic auditing skills and knowledge, as well as skills and knowledge appropriate for auditing in specific technical areas. This process shall be defined in documented requirements drawn up in accordance with the relevant guidance provided in ISO ”
ISO Was a revision of ISO (QMS Auditing) Joint project of ISO TC 176 and ISO TC 207 Co-convenorship and separate balloting by each TC ISO – a guidleline standard for internal or external auditing of QMS and/or EMS. ISO was published in 2002
Auditing We now have, in ISO/IEC 17021, a requirements standard for management systems certification bodies. We have now started work on a new requirements standard for management system auditing. ISO/IEC Third Party Auditing of Management Systems.
ISO The concept of ISO is to provide generic requirements for all management system auditing based on the guidance in ISO Other ISO Technical Committees also involved in management system auditing (e.g. TC 34, TC 207 etc) would be invited to write the technical requirements for auditing related to their discipline.
ISO
Foreword Introduction Scope Normative references Terms and Definitions Principles General requirements Process Competencies Neither ISO or ISO provided a structure suitable for development as the new part standard. A new document structure is proposed: An exercise to change the “shoulds” in ISO to “shalls” was conducted but was soon found to be unsuitable for our needs.
WG 21 WG 21 met in February of this year and will meet again in June. It is hoped to be in a position to publish a committee draft after the June meeting. A webspace for WG 21 members has been set up by the kind courtesy of SCC (Canada) and the members of the WG are proceeding with the drafting between meetings.
What of ISO At the last meeting of WG 21 Dr Trevor Smith, Chair of TC 176 discussed the systematic review of ISO He recalled that was a guidance document covering 1st, 2nd and 3rd party for QMS and EMS. The standard had dropped the 1, 2, and 3 party auditing concepts and transformed it into internal and external parties instead. According to the agreed scope of the future ISO/IEC , 1st and 2nd party auditing would not be covered thus providing an opportunity for an eventual revision of to focus more on, and maybe only, 1st and 2nd party auditing. Any revision of ISO will need close co-operation with CASCO WG 21 and any other TC that found it necessary to develop sector specific ISO standards on management systems and/or management system auditing.
PROGRESS REPORT by A. Dalrymple / AFNOR, France and R. Dougherty / ANSI, USA Review of ISO : 2002
The competence of management system auditors and the development of part 2 of ISO/IEC and its relationship with ISO/IEC19011 D. Iain Muir Accreditation Manager SABS Commercial (Pty) Ltd South Africa Thank you for your attention.