ISO/TS �����
with
ISO/IEC �����
Food safety management systems Requirements for bodies providing audit and certification of food safety management systems
����-��-��
Our vision
Our process
To be the world’s leading provider of high quality, globally relevant International Standards through its members and stakeholders.
Our standards are developed by experts all over the world who work on a volunteer or part-time basis. We sell International Standards to recover the costs of organizing this process and making standards widely available.
Our mission
Please respect our licensing terms and copyright to ensure this system remains independent.
ISO develops high quality voluntary International Standards that facilitate international exchange of goods and services, support sustainable and equitable economic growth, promote innovation and protect health, safet y and the environment.
If you would like to contribute to the development of ISO standards, please contact the ISO Member Body in your country:
This document has been prepared by:
Copyright protected document
ISO/TC 34, Food products, SC 17, Management systems for food safety , in collaboration with the ISO Committee on conformity assessment (CASCO).
All rights reserved. Unless otherwise speciied, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopy, or posting on the internet or intranet, wit hout prior permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester:
Committee members: ABNT; AFNOR; ANSI; ASI; BIS; BSI; DIN; DS; DSM; ELOT; GSA; HZN; ICONTEC; INN; IRAM; JISC; KATS; MSB; MSZT; NBN; NEN; NSAI; NSI; PKN; SA; SABS; SAC; SAZ; SCC; SIS; SLSI; SFS; SNV; SON; TISI; UNI; UNIT; UNMZ. Cover photo credit: ISO/CS, 2014
2
www.iso.org/iso/home/about/iso_members. htm
© ISO 2014, Published in Switzerland ISO copyright ofice Case postale 56 • CH-1211 Geneva 20 Tel. +41 22 749 01 11 Fax. +41 22 749 09 47 E-mail
[email protected] Web www.iso.org
© ISO 2014 – All rights reserved
ISO/TS 22003 with ISO/IEC 17021
Executive Summary • ISO/TS 22003:2013 gives the requirements for certiication bodies that certify food safety management systems complying with the requirements given in ISO 22000.
• This document has all the r equirements that a certiication body needs to comply with when carrying out audits or certiication to food safety management system standards.
• ISO/TS 22003 is based on and makes reference to ISO/IEC 17021 (the standard that sets the generic requirements for bodies providing audit and certiication of management systems).
• This combined document is based on ISO/IEC 17021:2011. No editions after 2011 may be synchronized with this edition.
• This combined version of ISO/TS 22003 contains all the clauses of ISO/IEC 17021 (in blue boxes)
© ISO 2014 – All rights reserved
3
ISO/TS 22003 with ISO/IEC 17021
Contents
Page
Foreword ...................................................................................................................................................................................................................................... 7 Introduction. ............................................................................................................................................................................................................................. 8 1
Scope .............................................................................................................................................................................................................................. 9
2
Normative references ................................................................................................................................................................................... 9
3
Terms and deinitions .................................................................................................................................................................................. 9
4
Principles .............................................................................................................................................................................................................. 11
4
Principles (ISO/IEC 17021) ................................................................................................................................................................ 11
5
General requirements .............................................................................................................................................................................. 13 5.1 General .....................................................................................................................................................................................................13
5
General requirements (ISO/IEC 17021) ............................................................................................................................... 13 5.1 Legal and contractual matters ............................................................................................................................................13 5.2 Management of impartiality ..................................................................................................................................................13 5.3 Liability and inancing ................................................................................................................................................................15 5.2 Management of impartiality ..................................................................................................................................................15
6
Structural requirements ....................................................................................................................................................................... 15
6
Structural requirements (ISO/IEC 17021) ......................................................................................................................... 15 6.1 Organizational structure and top management ...................................................................................................15 6.2 Committee for safeguarding impartiality ..................................................................................................................16
7
Resource requirements .......................................................................................................................................................................... 16 7.1 Competence of management and personnel ...........................................................................................................16 7.2 Personnel involved in the certiication activities ................................................................................................18 7.2 Personnel involved in the certiication activities (ISO/IEC 17021) ....................................................18 7.3 Use of individual external auditors and external technical advisors .................................................20 7.3 Use of individual external auditors and external technical experts (ISO/IEC 17021) ........20 7.4 Personnel records...........................................................................................................................................................................20 7.4 Personnel records (ISO/IEC 17021) ..............................................................................................................................20 7.5 Outsourcing..........................................................................................................................................................................................20 7.5 Outsourcing (ISO/IEC 17021) .............................................................................................................................................20
8
Information requirements .................................................................................................................................................................. 21
8
Information requirements (ISO/IEC 17021).................................................................................................................... 21 8.1 Publicly accessible information ..........................................................................................................................................21 8.2 Certiication documents. ...........................................................................................................................................................21 8.3 Directory of certiied clients. .................................................................................................................................................22 8.4 Reference to certiication and use of marks ............................................................................................................22 8.5 Conidentiality ...................................................................................................................................................................................22 8.6 Information exchange between a certiication body and its clients ...................................................23
9
Process requirements .............................................................................................................................................................................. 24 9.1 General requirements .................................................................................................................................................................24 9.2 Initial audit and certiication ................................................................................................................................................33 9.3 Surveillance activities .................................................................................................................................................................38 9.3 Surveillance activities (ISO/IEC 17021) .....................................................................................................................38 9.4 Recertiication ...................................................................................................................................................................................39 9.4 Recertiication (ISO/IEC 17021) .......................................................................................................................................39 9.5 Special audits. .....................................................................................................................................................................................39 9.5 Special audits (ISO/IEC 17021)..........................................................................................................................................39
4
© ISO 2014 – All rights reserved
ISO/TS 22003 with ISO/IEC 17021
9.6 9.6 9.7 9.7 9.8 9.8 9.9 9.9
Suspending, withdrawing or reducing the scope of certiication .........................................................40 Suspending, withdrawing or reducing the scope of certiication (ISO/IEC 17021) .............40 Appeals ....................................................................................................................................................................................................40 Appeals (ISO/IEC 17021) ........................................................................................................................................................41 Complaints. ...........................................................................................................................................................................................41 Complaints (ISO/IEC 17021) ................................................................................................................................................41 Records of applicants and clients .....................................................................................................................................42 Records of applicants and clients (ISO/IEC 17021) .........................................................................................42
10
Management system requirements for certiication bodies ........................................................................... 43
10
Management system requirements for certiication bodies (ISO/IEC 17021) ............................. 43 10.1 Options. ....................................................................................................................................................................................................43 10.2 Option 1: Management system requirements in accordance with ISO 9001 ..............................43 10.3 Option 2: General management system requirements ...................................................................................43
Annex A (normative) Classiication of food chain categories .............................................................................................. 46 Annex B (normative) Minimum audit time. ............................................................................................................................................ 49 Annex C (normative) Required food safety management system (FSMS) competence ............................ 52 Annex D (informative) Guidance on generic certiication functions............................................................................ 56 Annex E (informative) Food safety management systems and product certiication ................................. 60 Annex A (normative) Required knowledge and skills (Annex A of ISO/IEC 17021) .................................... 65 Annex B (informative) Possible evaluation methods (Annex B of ISO/IEC 17021) ...................................... 66 Annex C (informative) Example of a process low for determining and maintaining competence (Annex C of ISO/IEC 17021) .............................................................................................................................................................. 68 Annex D (informative) Desired personal behaviours (Annex D of ISO/IEC 17021) ..................................... 70 Annex E (informative) Third-party audit and certiication process (Annex E of ISO/IEC 17021). 71 Annex F (informative) Considerations for the audit programme, scope or plan (Annex F of ISO3IEC 17021) ............................................................................................................................................................................................... 73 Bibliography ......................................................................................................................................................................................................................... 75
© ISO 2014 – All rights reserved
5
ISO/TS 22003 with ISO/IEC 17021
Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO speciic terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword Supplementary information The committee responsible for this document is Technical Committee ISO/TC 34, Food products, Subcommittee SC 17, Management systems for food safety , in collaboration with the ISO Committee on conformity assessment (CASCO). This version of ISO/TS 22003:2013 is combined with ISO/IEC 17021:2011.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identify ing any or all such patent rights. Details of any patent rights identiied during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
© ISO 2014 – All rights reserved
7
ISO/TS 22003 with ISO/IEC 17021
Introduction In addition to the clauses of ISO/TS 22003, this document contains all the clauses of ISO/IEC 17021:2011. Therefore, the intent is to have in one document all the requirements that a certiication body needs to comply with when carrying out audits or certiication to food safety management system standards. ISO/IEC 17021 text is represented in a blue box such as this. Certiication of the food safety management system (FSMS) of an organization is one means of providing assurance that the organization has implemented a system for the management of food safety in line with its policy. Requirements for an FSMS can originate from a number of sources. This Technical Speciication has been developed to assist in the certiication of FSMS that ful il the requirements of ISO 22000. The contents of this Technical Speciication can al so be used to support certiication of FSMS that are based on other sets of speciied FSMS requirements.
FSMS standard (e.g. ISO 22000) or other speciied requirements is normally a certiication document or a certiicate. It is for the organization being certiied to develop its own management systems (e.g. FSMS in accordance with ISO 22000, other sets of speciied FSMS requirements, quality management systems, environmental management systems or occupational health and safety management systems) and, other than where relevant legislative requirements specify to t he contrary, it is for the organization to decide how the various components of these will be arranged. The degree of integration between the various management system components will vary from organization to organization. It is, therefore, appropriate for certiication bodies that operate in accordance with this Technical Speciication to take into account the culture and practices of their clients with respect to t he integration of their FSMS within the wider organization.
This Technical Speciication is intended for use by bodies that carr y out audit and certiication of FSMS by providing generic requirements for such bodies. Such bodies are referred to as certiication bodies. This wording is not intended to be an obstacle to the use of this Technical Speciication by bodies with other designations, which undertake activities covered by the scope of this Technical Speciication. This Technical Speciicat ion is intended to be used by anybody involved in the assessment of FSMS. It can also be used to support other types of food safety certiications based on a combination of ISO/IEC 17021 and ISO/IEC 17065.
Certiication activities involve the audit of an organization’s FSMS. The form of attestation of conformity of an organization’s FSMS to a speciic
8
© ISO 2014 – All rights reserved
ISO/TS 22003 with ISO/IEC 17021
1 Scope
2 Normative references
This Technical Speciication deines the rules applicable for the audit and certiication of a food safety management system (FSMS) complying with the requirements given in ISO 22000 (or other sets of speciied FSMS requirements). It also provides the necessary information and conidence to c ustomers about the way certiication of their suppliers has been granted.
The following referenced documents, in whole or in part, are normatively referenced in this document and are indispensable for it s application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
Certiication of FSMS is a third-party con formity assessment activity (as described in ISO/IEC 17000:2004, 5.5), and bodies performing this activity are third-party conformity assessment bodies. NOTE 1 In thi s Technica l Speci ication, the terms “product” and “service” are used separately (in contrast with the deinit ion of “product” given in ISO/IEC 17000).
NOTE 2 This Technical Speci ication can be used as a criteria document for the accreditation or peer assessment of certiication bodies which seek to be recognized as being competent to certify that an FSMS complies with ISO 22000. It is also intended to be used as a criteria document by regulatory authorities and industry consortia which engage in direct recogn ition of certiication bodies to certif y that an FSMS complies with ISO 22000. Some of its requirements could also be useful to other parties involved in the conformity assessment of such certi ication bodies, and in the conformity assessment of bodies that undertake to certif y the compliance of FSMS with criteria additional to, or other than, those in ISO 22000.
FSMS certiication does not attest to the safety or itness of the products of an organization within the food chain. However, ISO 22000 requires an organization to meet all applicable food-safetyrelated statutory and regulatory requirements through its management system. NOTE 3 Cert iic ation of an FSMS accordi ng to ISO 22000 is a management system certiication, not a product certiication.
Other FSMS users can use the concepts and requirements of this Technical Speciication provided that the requirements are adapted as necessary.
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles ISO/IEC 17021:2011, Conformity assessment — Requirements for bodies providing audit and certiication of management systems
3 Terms and defnitions For the purposes of this document, the terms and deinitions given in ISO/IEC 17000, ISO/IEC 17021, ISO 22000 and the following apply. 3.1 hazard analysis and critical control point HACCP system which identiies, evaluates and controls hazards which are signiicant for food safety [SOURCE: Codex Alimentarius Food Hygiene Basic Texts,[12] modiied] 3.2 food safety management system FSMS set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives, used to direct and control an organization with regard to food safety Note 1 to entry: See ISO 9000:2005, 3.2.1, 3.2.2 and 3.2 .3. Note 2 to entry: In this Technical Speciication, “food safety management system” replaces the term “management system” used in ISO/IEC 17021.
3.3 competence ability to apply knowledge and skills to achieve intended results
© ISO 2014 – All rights reserved
9
Bestelformulier Stuur naar:
NEN Uitgeverij t.a.v. afdeling Marketing Antwoordnummer 10214 2600 WB Delft
NEN Uitgeverij
Postbus 5059 2600 GB Delft Vlinderweg 6 2623 AX Delft T (015) 2 690 390 F (015) 2 690 271
Ja, ik bestel
www.nen.nl/normshop
Wilt u deze norm in PDF-formaat? Deze bestelt u eenvoudig via Stel uw vraag aan
www.nen.nl/normshop
Klantenservice via: @NEN_webcare
Gratis e-mailnieuwsbrieven
Wilt u op de hoogte blijven van de laatste ontwikkelingen op het gebied van normen,
Retourneren
normalisatie en regelgeving? Neem dan een gratis abonnement op een van onze
Fax: (015) 2 690 271
e-mailnieuwsbrieven. www.nen.nl/nieuwsbrieven
Post: NEN Uitgeverij,
E-mail:
[email protected] t.a.v. afdeling Marketing Antwoordnummer 10214,
Gegevens
2600 WB Delft (geen postzegel nodig).
Bedrijf / Instelling
Voorwaarden T.a.v.
O M
O V
• De prijzen zijn geldig tot 31 december 2014,
E-mail
tenzij anders aangegeven.
Klantnummer NEN Uw ordernummer
• Alle prijzen zijn excl. btw,
BTW nummer
verzend- en handelingskosten en onder voorbehoud bij o.m. ISO- en IEC-normen.
Postbus / Adres
• Bestelt u via de normshop een
Postcode
Plaats
Telefoon
Fax
pdf, dan betaalt u geen handeling en verzendkosten. • Meer informatie: telefoon (015) 2 690 391, dagelijks
Factuuradres (indien dit afwijkt van bovenstaand adres)
van 8.30 tot 17.00 uur.
Postbus / Adres Postcode
• Wijzigingen en typefouten
Plaats
in teksten en prijsinformatie voorbehouden. • U kunt onze algemene voorwaarden terugvinden op:
Datum
Normalisatie:
Handtekening
de wereld op één lijn.
www.nen.nl/leveringsvoorwaarden.
preview - 2014
