F-02/29

Documents Review & Pre-assessment report

Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

Instructions on filling this document

The lab personnel should fill it completely and send it to PNAC while submitting the application form and quality system and give cross
references to its clauses in the quality manual/ procedures/ forms etc. Please note that only giving reference to a particular procedure may
not be sufficient in most of the cases.

PNAC’s Assessors Verification & remarks column will be filled in by the concerned officer in PNAC
Name of the Certification Body (CB): Name of PNAC’s Team Leader/TA/TE

Address

Scope Applied for Accreditation (Schemes and IAF Code)

CLAUSE No. of ISO 17021-1: 2015 CB’s Reference to its QSD PNAC’s Assessor
Requirements verification &
remarks
5 General requirements
5.1 Legal and contractual matters
5.1.1 Legal responsibility
Is the certification body a legal entity, or a defined part of a legal
entity, that can be held legally responsible for all its certification
activities? (A governmental certification body is deemed to be a
legal entity on the basis of its governmental
status)
5.1.2 Certification agreement
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

Does the certification body have a legally enforceable agreement

with each client for the provision of certification activities in
accordance with the relevant requirements of this part of
ISO/IEC 17021-1?
Where there are multiple offices of a certification body or
multiple sites of a client, does the certification body ensure that
there is a legally enforceable agreement between the certification
body granting certification, and the client that covers all the sites
within the scope of the
certification? Does the CB apply IAF MD1:2007 & MD19:2016
requirements appropriately?
5.1.3 Responsibility for certification decisions
Is the certification body responsible for, and does it retain
authority for, its decisions relating to certification, including the
granting, refusing, maintaining of certification, expanding or
reducing the scope of certification, renewing, suspending or
restoring following suspension, or withdrawing of certification?

5.2 Management of impartiality

5.2.1 Is the certification body responsible for the impartiality of
its conformity assessment activities? Does the certification
body allow commercial, financial or other pressures to
compromise impartiality or ensure that conformity
assessment activities are undertaken impartially?
5.2.2 Does the certification body have a policy demonstrating that it
understands the importance of impartiality in carrying out its
management system certification activities and managing conflicts
of interest thus ensuring the objectivity of its management system
certification activities?
5.2.3 Does the certification body have a process to identify, analyse,
evaluate, treat, monitor and document the risks related to conflict
of interests arising from the provision of certification including any
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

conflicts arising from its relationships on an ongoing basis?

5.2.4 Is there any evidence of the certification body certifying
another certification body for its quality management system?
5.2.5 Does the certification body or any part of the same legal
entity and any entity under the organizational control of the
certification body
(9.5.1.2b) offer or provide management system consultancy? This
also applies to that part of government identified as the
certification body?
5.2.6 Does the certification body or any part of the
same legal entity and any entity under the organisational
control of the certification body (9.5.1.2b) offer or provide
internal audits to its certified clients? The carrying out of
internal audits by the certification body and any part of the
same legal entity to its certified clients is a significant threat to
impartially. Does the certification body certify a management
system on which the certification body completed the internal
audits less than two years ago?

5.3 Liability and financing

5.3.1 Can the certification body demonstrate that it has evaluated the
risks arising from its certification activities?
Does the certification body have adequate arrangements (e.g.
insurance or reserves) to cover liabilities arising from its
operations in each of its fields of activities and the geographic
areas in which it operates?
5.3.2 Does the certification body evaluate its finances and sources of
income and demonstrate that initially, and on an ongoing basis,
commercial, financial or other pressures do not compromise its
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

impartiality

6 Structural requirements
6.1 Organisational structure and top management
6.1.1 Has the certification body documented its organizational
structure, duties, responsibilities and authorities of management
and other personnel involved in certification and any
committees?
When the certification body is a defined part of a legal entity, does
the structure include the line of authority and the relationship to
other parts within
the same legal entity?
6.1.2 Are the certification activities structured and managed so as to
safeguard impartiality?
6.1.3 Has the certification body identified the top management (board,
group of persons, or person) having overall authority and
responsibility for each of the main functions
6.1.4 Does the certification body have formal rules for the appointment,
terms of reference and operation of committees involved in the
certification activities?

6.2 Committee for safeguarding impartiality

6.2.1 Does the certification body have a process for effective control
of certification activities delivered by branch offices,
partnerships agents, franchisees, etc., irrespective of their legal
status, relationship or geographical location?
Does the certification body consider the risk that the certification
activities pose to the competence, consistency and impartiality of
the certification body?
6.2.2 Does the certification body consider the appropriate
level and method of control of activities undertaken
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

including its processes, technical areas of certification bodies’

operations, competence of personnel, lines of management
control, reporting and remote access to operations
including records?
7 Resource requirements
7.1 Competence of management and personnel
7.1.1 Does the certification body have processes to ensure that
personnel have appropriate knowledge and skills relevant to the
types of management systems (e.g. environmental
management systems, quality management systems,
information security management systems) and geographic
areas in which it operates?
7.1.2 Does the certification body have a process for determining the
competence criteria for personnel involved in the management and
performance of audits and other certification activities?
Has the certification body determined the competence criteria for
each type of management system standard or specification, for
each technical area, and for each function in the certification
process?
Does the certification body apply the knowledge and skills for
specific functions defined in AnnexA?
Does the certification body apply any additional specific
competence criteria where they have been established for a
specific standard or certification scheme? For example:
- ISO/IEC TS 17021-2 (EMS),
- ISO/IEC TS 17021-3 (QMS),
- ISO/TS 22003 (FSMS)
7.1.3 Evaluation processes
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

Does the certification body have documented processes for the

initial competence evaluation, and on-going monitoring of
competence and performance of all personnel involved in the
management and performance of audits and other certification
activities, applying the determined competence criteria?
7.1.4 Other considerations
Does the certification body have access to the necessary technical
expertise for advice on matters directly relating to
certification for technical areas, types of management system
and geographic areas in which the certification body operates?
7.2 Personnel involved in the certification
Activities
7.2.1 Does the certification body have sufficient, competent personnel
for managing and supporting the type and range of
audit programmes and other certification work
performed?
7.2.8 Does the group or individual that takes the decision on
granting, refusing, maintaining, renewing, suspending, restoring,
or withdrawing certification, or on expanding or reducing the
scope of certification shall understand the applicable standard and
certification requirements, and have demonstrated
competence to evaluate the outcomes of the audit
processes including related recommendations of the audit team?
7.2.9 Does the certification body ensure the satisfactory performance of
all personnel involved in the audit and other certification
activities?
Is there a documented process for monitoring competence and
performance of all persons involved, based on the frequency of
their usage and the level of risk linked to their activities?
7.2.10 Does the certification body monitor each auditor considering each
type of management system to which the auditor is deemed
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

competent?
7.2.11 Does the certification body periodically evaluate the performance
of each auditor on-site?
7.3 Use of individual external auditors and external technical
experts
Does the certification body require external auditors and
external technical experts to have a written agreement by
which they commit themselves to comply with applicable
policies and implement processes as defined by the
certification body?
7.4 Personnel records
Does the certification body maintain up-to-date personnel
records, including relevant qualifications, training, experience,
affiliations, professional status and competence?
7.5 Outsourcing
7.5.1 Does the certification body have a process in which it
describes the conditions under which outsourcing (which is
subcontracting to another organization to provide part of the
certification activities on behalf of the certification body) may
take place?
Does the certification body have a legally enforceable
agreement covering the arrangements, including
confidentiality and conflict of interests, with each body that
provides outsourced services?
7.5.2 How does the certification body ensure that the decisions for
granting, refusing, maintaining of certification, expanding or
reducing the scope of
certification, renewing, suspending or restoring or withdrawing of
certification are not outsourced?
7.5.3 Does the CB:
a) Take responsibility for all activities outsourced to another body?
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

8 Information requirements
8.1 Publicly information
8.1.1 Does the certification body maintain (through
publications, electronic media or other means), and make
public, without request, in all the geographical areas in which it
operates, information about policies, schemes, scope and processes

8.2 Certification documents

8.2.1 How does the certification body provide by any means it
chooses certification documents to the certified client?
8.2.2 Do the certification document(s) identify the requirements?
8.3 Directory of certified customers
8.3.1 Does the certification body have rules governing any
management system certification mark that it authorizes certified
clients to use?
8.4 Confidentiality
8.4.1 Does the certification body be responsible, through legally
enforceable agreements, for the management of all
information obtained or created during the performance of
certification activities at all levels of its structure, including
committees and external bodies or individuals acting on its behalf?

8.5 Information exchange between a CB and its client

8.5.1 Information on the certification activity and Requirements
Does the certification body provide information
and update clients on the following:
a) a detailed description of the initial and continuing certification
activity, including the application, initial audits, surveillance
audits, and the process for granting, refusing, maintaining of
certification, expanding, or reducing the scope of
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

certification, renewing, suspending or restoring, or withdrawing

of certification and recertification;
f) information on procedures for handling complaints and
appeals.
8.5.2 Notice of changes by a certification body?
Does the certification body give its certified clients due notice of
any changes to its requirements for certification?
8.5.3 Notice of changes by a certified client
Does the certification body have legally enforceable arrangements
to ensure that the certified client informs the certification body,
without delay, of matters that may affect the capability of the
management system to continue to fulfil the requirements of the
standard used for certification?
9 Process requirements
9.1 Pre-certification activities
9.1.1 Application
Does the certification body require an authorized representative of
the applicant organization to provide the necessary information to
enable it to establish the following:
a) the desired scope of the certification;
b) relevant details of the applicant organization as required by the
specific certification scheme, including its name and the
address(es) of its site(s), its processes and operations, human and
technical resources, functions, relationships and any relevant legal
obligations;
c) identification of outsourced processes used by the organization
that will affect conformity to requirements;
d) the standards or other requirements for which the applicant
organization is seeking certification;
e) whether consultancy relating to the management system to be
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

certified has been provided and, if so, by whom.

9.1.2 Application review
9.1.2.1
Does the certification body conduct a review of the application and
supplementary information for certification to ensure that:
a) the information about the applicant organization and its
management system is sufficient to develop an audit programme
(see 9.1.3);
b) any known difference in understanding between the
certification body and the applicant organization is resolved;
c) the certification body has the competence and ability to perform
the certification activity;
d) the scope of certification sought, the site(s) of the applicant
organization’s operations, time required to complete audits and
any other points inf luencing the certification activity are taken
into account (language, safety conditions, threats to impartiality,
etc.).
9.1.3 Audit programme
9.1.3.1
Does an audit programme for the full certification cycle is
developed to clearly identify the audit activity/activities required
to demonstrate that the client’s management system fulfils the
requirements for certification to the selected standard(s) or other
normative document(s). The audit programme for the certification
cycle shall cover the complete management system requirements.
9.1.3.3
Are surveillance audits being conducted at least once a calendar
year, except in recertification years. The date of the first
surveillance audit following initial certification shall not be more
than 12 months from the certification decision date.
9.1.4 Determining audit time
9.1.4.1
Does the certification body has documented procedures for
determining audit time. For each client the certification body shall
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

determine the time needed to plan and accomplish a complete and

effective audit of the client’s management system.
9.1.5 Multi-site sampling
Where multi-site sampling is used for the audit of a client’s
management system covering the same activity in various
geographical locations, the certification body shall develop a
sampling programme to ensure proper audit of the management
system. The rationale for the sampling plan shall be documented
for each client. Sampling is not allowed for some specific
certification schemes, and where specific criteria have been
established for a specific certification scheme, e.g. ISO/TS 22003,
these shall be applied.

9.2 Planning audits

9.2.1 Determining audit objectives, scope and criteria
9.2.1.1
Have the audit objectives been determined by the certification
body. The audit scope and criteria, including any changes, shall be
established by the certification body after discussion with the
client.
9.2.2 Audit team selection and assignments
9.2.2.1 General
9.2.2.1.1
Has the certification body have a process for selecting and
appointing the audit team, including the audit team leader and
technical experts as necessary, taking into account the competence
needed to achieve the objectives of the audit and requirements for
impartiality. If there is only one auditor, the auditor shall have the
competence to perform the duties of an audit team leader
applicable for that audit. The audit team shall have the totality of
the competences identified by the certification body as set out in
9.1.2.3 for the audit.
9.2.2.2 Observers, technical experts and guides
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

9.2.2.2.1 Observers
Is the presence and justification of observers during an audit
activity being agreed by the certification body and client prior to
the conduct of the audit. The audit team shall ensure that observers
do not unduly influence or interfere in the audit process or
outcome of the audit.

9.2.2.2.2 Technical experts

Is the role of technical experts during an audit activity being
agreed to by the certification body and client prior to the conduct
of the audit. A technical expert shall not act as an auditor in the
audit team. The technical experts shall be accompanied by an
auditor.

9.2.2.2.3 Guides
Each auditor shall be accompanied by a guide, unless otherwise
agreed to by the audit team leader and the client. Guide(s) are
assigned to the audit team to facilitate the audit. The audit team
shall ensure that guides do not influence or interfere in the audit
process or outcome of the audit.
9.2.3 Audit Plan
9.2.3.1 General
The certification body shall ensure that an audit plan is established
prior to each audit identified in the audit programme to provide the
basis for agreement regarding the conduct and scheduling of the
audit activities.

NOTE It is not expected that a certification body will develop an

audit plan for each audit at the time that the audit programme is
developed.
9.3 Initial certification
9.3.1 Initial certification audit
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

9.3.1.1 General
The initial certification audit of a management system shall be
conducted in two stages: stage 1 and stage 2.
9.3.1.2 Stage 1
9.3.1.2.1
Planning shall ensure that the objectives of stage 1 can be met and
the client shall be informed
of any “on site” activities during stage 1.

NOTE Stage 1 does not require a formal audit plan (see 9. 2.3).
9.3.1.3 Stage 2
The purpose of stage 2 is to evaluate the implementation, including
effectiveness, of the client’s management system. The stage 2 shall
take place at the site(s) of the client. It shall include the auditing of
at least the following:
a) information and evidence about conformity to all requirements
of the applicable management system standard or other normative
documents;
b) performance monitoring, measuring, reporting and reviewing
against key performance objectives and targets (consistent with the
expectations in the applicable management system standard or
other normative document);
c) the client’s management system ability and its performance
regarding meeting of applicable statutory, regulatory and
contractual requirements;
d) operational control of the client’s processes;
e) internal auditing and management review;
f) management responsibility for the client’s policies.
9.4 Conducting audits
9.4.1 General
The certification body shall have a process for conducting on-site
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

audits. This process shall include an opening meeting at the start of

the audit and a closing meeting at the conclusion of the audit.

Where any part of the audit is made by electronic means or where

the site to be audited is virtual, the certification body shall ensure
that such activities are conducted by personnel with appropriate
competence. The evidence obtained during such an audit shall be
sufficient to enable the auditor to take an informed decision on the
conformity of the requirement in question.

NOTE “On-site” audits can include remote access to electronic

site(s) that contain(s) information that is relevant to the audit of the
management system. Consideration can also be given to the use of
electronic means for conducting audits.
9.5 Certification decision
9.5.1 General
9.5.1.1
The certification body shall ensure that the persons or committees
that make the decisions for granting or refusing certification,
expanding or reducing the scope of certification, suspending or
restoring certification, withdrawing certification or renewing
certification are different from those who carried out the audits.
The individual(s) appointed to conduct the certification decision
shall have appropriate competence.
9.6 Maintaining certification
9.6.1 General
The certification body shall maintain certification based on
demonstration that the client continues to satisfy the requirements
of the management system standard. It may maintain a client’s
certification based on a positive conclusion by the audit team
leader without further independent review and decision, provided
that:
a) for any major nonconformity or other situation that may lead to
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

suspension or withdrawal of certification, the certification body

has a system that requires the audit team leader to report to the
certification body the need to initiate a review by competent
personnel (see 7.2.8), different from those who carried out the
audit, to determine whether certification can be maintained;
b) competent personnel of the certification body monitor its
surveillance activities, including monitoring the reporting by its
auditors, to confirm that the certification activity is operating
effectively.
9.6.5 Suspending, withdrawing or reducing scope
of certification
9.6.5.1 Does the certification body have a policy and documented
procedure(s) for suspension, withdrawal or reduction of the
scope of certification?
9.6.5.2 Does the certification body suspend certification in cases when, for
example:
- the client's certified management system has persistently or
seriously failed to meet certification requirements, including
requirements for the effectiveness of the management system,
- the certified client does not allow surveillance or recertification
audits to be conducted at
the required frequencies, or
- the certified client has voluntarily requested a suspension.
9.7 Appeals
9.7.1
The certification body shall have a documented process to receive,
evaluate and make decisions on appeals.
9.8 Complaints
9.8.1
The certification body shall be responsible for all decisions at all
levels of the complaints-handling process.
9.9 Client records
9.9.1
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

The certification body shall maintain records on the audit and other
certification activities for all clients, including all organizations that
submitted applications, and all organizations audited, certified, or
with certification suspended or withdrawn.
10 Management system requirements for
certification bodies

10.1 Options
Does the certification body establish, document, implement and
maintain a management system that is capable of supporting and
demonstrating the consistent achievement of the requirements of
this part of ISO/IEC 17021?
In addition to meeting the requirements of Clause 5 to 9, does the
certification body implement a management system in accordance
with either:
a) general management system requirements
(10.2) or
b) Management system requirements in accordance with
ISO 9001 (see 10.3)?

10.2 Option A: Management system requirements

10.2.1 General
Has the certification body's top management established and
documented policies and objectives for its activities?
Does the top management provide evidence of its commitment
to the development and implementation of the
management system in accordance with the requirements
of this
International Standard?
10.2.2 Management system manual
Have all applicable requirements of this International
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

Standard been addressed either in a manual or in associated

documents?
Does the certification body ensure that the manual and relevant
associated documents are accessible to all relevant personnel?

10.2.3 Control of documents

Has the certification body established procedures to control the
documents (internal and external)
that relate to the fulfilment of this International
Standard?
10.2.4 Control of records
Has the certification body established procedures to define the
controls needed for the identification, storage, protection,
retrieval, retention time and disposition of its records related to
the fulfilment of this part of ISO/IEC 17021?

10.2.5 Management review

10.2.5.1 General
Has the certification body's top management established
procedures to review its management system at planned
intervals to ensure its continuing suitability,
adequacy and effectiveness, including the stated policies
and objectives related to the fulfilment of this
International Standard?
Are these reviews conducted at least once a year?
10.2.6 Internal Audits
10.2.6.1 Has the certification body established procedures for internal
audits to verify that it fulfils the requirements of this
International Standard and that the management system is
effectively implemented and maintained?
10.2.6.2 Is the audit programme planned, taking into consideration the
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

importance of the processes and areas to be audited, as well as

the results of previous audits?
10.2.6.3 Are internal audits performed at least once every
12 months?
10.2.7 Corrective action
Has the certification body established procedures for identification
and management of nonconformities in its operations?
Does the certification body also, where necessary, take
actions to eliminate the causes of
nonconformities in order to prevent recurrence?
Are corrective actions appropriate to the impact of the problems
encountered?
10.3 Option B: General management
system requirements
10.3.1 General
Has the certification body established and maintained a
management system, in accordance with the requirements of ISO
9001 that is capable of supporting and demonstrating the
consistent achievement of the requirements of this International
Standard, amplified by 10.3.2 to 10.3.4?

10.3.2 Scope
Does the scope of the management system include the design
and development requirements for its certification services?

10.3.3 Customer focus

When developing its management system, has the certification
body considered the credibility of certification?
Has the certification body addressed the needs of all parties (as set
out in 4.1.2) that rely upon its audit and certification services, not
just its clients?
 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

10.3.4 Management review

Does the certification body include as input for management
review, information on relevant appeals and complaints from users
of certification activities and a review of impartiality for
application of the requirements of ISO 9001?

To be filled in during pre-assessment (onsite visit) by PNAC Assessor

Brief history of the CB and its legal status

Status of implementation of the standard w.r.t records

 F-02/29
Documents Review & Pre-assessment report
Issue Date:21/12/2020
for Certification Bodies
(ISO/IEC 17021)
Rev No: 01

Is the CB having sufficient and trained human resources to carry out its activities?

Recommendation on its preparation for full assessment?

Are there any major gaps that need to be addressed before initial assessment?

Suggestion on no of man days/ type of team and scope to be assessed

PNAC’s Assessor name & signature CB’s representative

Date Date