Verweis auf die übergeordnete Normsammlung ISO/IEC 19770

Contents

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles
5 General requirements
5.1 Legal and contractual matters
5.2 Management of impartiality
5.2.1 General
5.2.2 SM 5.2.2 Conflicts of interest
5.3 Liability and financing
6 Structural requirements
7 Resource requirements
7.1 Competence of personnel
7.1.1 General considerations
7.1.1.1 General
7.1.1.2 SM7.1.1.2 Generic competence requirements
7.1.2 Determination of competence criteria
7.1.2.1 General
7.1.2.2 SM7.1.2.2 Competence requirements for ITAMS auditing
7.1.2.2.1 The term “technical area”
7.1.2.2.2 General requirements
7.1.2.2.3 ITAMS standards and normative documents
7.1.2.2.4 ITAM principles, practices and techniques
7.1.2.2.5 Business management practices
7.1.2.2.6 Client business sector
7.1.2.2.7 Client products, processes and organization
7.1.2.3 SM7.1.2.3 Competence requirements for leading the ITAMS audit team
7.1.2.4 SM7.1.2.4 Competence requirements for reviewing audit reports and making certification decisions
7.1.2.4.1 General requirements
7.1.2.4.2 ITAMS standards and normative documents
7.1.2.4.3 ITAM principles, practices and techniques
7.1.2.4.4 Client business sector
7.1.3 Evaluation processes
7.1.3.1 General
7.1.3.2 SM7.1.3.2 Demonstration of knowledge and experience
7.1.3.3 SM7.1.3.3 Evaluation of audit team members
7.1.4 Other considerations
7.2 Personnel involved in certification activities
7.3 Use of individual external auditors and external technical experts
7.4 Personnel records
7.5 Outsourcing
8 Information requirements
8.1 Public information
8.2 Certification documents
8.2.1 General
8.2.2 SM8.2.2 Scope definition
8.3 Reference to certification and use of marks
8.4 Confidentiality
8.4.1 General
8.4.2 SM8.4.2 Access to the client’s documents, including records
8.5 Information exchange between a certification body and its clients
9 Process requirements
9.1 Pre-certification activities
9.1.1 Application
9.1.2 Application review
9.1.2.1 General
9.1.2.2 SM9.1.2.2 Application review
9.1.3 Audit programme
9.1.4 Determining audit time
9.1.4.1 General
9.1.4.2 SM9.1.4.2 Determining audit time for initial audit
9.1.4.3 SM9.1.4.3 Adjustments to audit time
9.1.4.4 SM9.1.4.4 Adjustments for other management system standard certifications
9.1.4.5 SM9.1.4.5 Determining audit time for surveillance and recertification audits
9.1.4.6 SM9.1.4.6 Remote audit activities
9.1.5 Multi-site sampling
9.1.5.1 General
9.1.5.2 SM9.1.5.2 Criteria for multi-site sampling
9.1.6 Multiple management systems standards
9.1.6.1 General
9.1.6.2 SM9.1.6.2 Combining management system audits
9.1.6.3 SM9.1.6.3 Combining management system audits for ISO/IEC 19770-1 and ISO/IEC 20000-1 or DIN EN ISO/IEC 27001
9.2 Planning audits
9.2.1 Determining audit objectives, scope and criteria
9.2.1.1 General
9.2.1.2 SM9.2.1.2 Determining audit objectives
9.2.2 Audit team selection and assignments
9.2.3 Audit plan
9.2.3.1 General
9.2.3.2 SM9.2.3.2 Sampling accuracy
9.3 Initial certification
9.3.1 General
9.3.2 SM9.3.2 Identification of other parties
9.3.3 SM9.3.3 Integration of ITAMS documentation with that for other management systems
9.4 Conducting audits
9.4.1 General
9.4.2 Conducting the opening meeting
9.4.3 Communication during the audit
9.4.4 Obtaining and verifying information
9.4.5 Identifying and recording audit findings
9.4.6 Preparing audit conclusions
9.4.7 Conducting the closing meeting
9.4.8 Audit report
9.4.8.1 General
9.4.8.2 SM9.4.8.2 Audit report
9.4.9 Cause analysis of nonconformities
9.4.10 Effectiveness of corrections and corrective actions
9.5 Certification decision
9.6 Maintaining certification
9.7 Appeals
9.8 Complaints
9.9 Client records
10 Management system requirements for certification bodies

Annex A Knowledge and skills for ITAMS auditing and certification
A.1 Overview