SFS-ISO 28003:en

Soveltamisala

Suomenkielistä soveltamisalaa ei ole saatavissa.

This International Standard contains principles and requirements for bodies providing the audit and certification of supply chain security management systems according to management system specifications and standards such as ISO 28000. It defines the minimum requirements of a certification body and its associated auditors, recognizing the unique need for confidentiality when auditing and certifying/registering a client organization. Requirements for supply chain security management systems can originate from a number of sources, and this International Standard has been developed to assist in the certification of supply chain security management systems that fulfil the requirements of ISO 28000, Specification for security management systems for the supply chain, and other supply chain security management system International Standards. The contents of this International Standard may also be used to support certification of supply chain security management systems that are based on other specified supply chain security management system requirements. This International Standard

Tämän julkaisun valmistelusta Suomessa vastaa SFS Suomen Standardit, puh. 09 149 9331.

Sisällysluettelo

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles for certification bodies

4.1 General
4.2 Impartiality
4.3 Competence
4.4 Responsibility
4.5 Openness
4.6 Confidentiality
4.7 Resolution of complaints

5 General requirements

5.1 Legal and contractual matters
5.2 Management of impartiality
5.3 Liability and financing

6 Structural requirements

6.1 Organizational structure and top management
6.2 Committee for safeguarding impartiality

7 Resource requirements

7.1 Competence of management and personnel
7.2 Personnel involved in the certification activities
7.3 Use of external auditors and external technical experts
7.4 Personnel records
7.5 Outsourcing

8 Information requirements

8.1 Publicly accessible information
8.2 Certification documents
8.3 Directory of certified clients
8.4 Reference to certification and use of marks
8.5 Confidentiality
8.6 Information exchange between a certification body and its clients

9 Process requirements

9.1 General requirements applicable to any audit
9.2 Initial audit and certification
9.3 Surveillance activities
9.4 Recertification
9.5 Special audits
9.6 Suspending, withdrawing or reducing scope of certification
9.7 Appeals
9.8 Complaints
9.9 Records on applicants and clients

10 Management system requirements for certification bodies

10.1 Option 1 — Management system requirements in accordance with ISO 9001
10.2 Option 2 — General management system requirements

Annex A Guide for process to determine auditor time (informative)
Annex B Criteria for auditing organizations with multiple sites (normative)
Annex C Auditor education, work and audit experience and training durations (normative)
Annex D Auditor competence requirements (normative)

Bibliography

Näytä kaikki

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles for certification bodies

4.1 General
4.2 Impartiality
4.3 Competence
4.4 Responsibility
4.5 Openness
4.6 Confidentiality
4.7 Resolution of complaints

5 General requirements

5.1 Legal and contractual matters
5.2 Management of impartiality
5.3 Liability and financing

6 Structural requirements

6.1 Organizational structure and top management
6.2 Committee for safeguarding impartiality

7 Resource requirements

7.1 Competence of management and personnel
7.2 Personnel involved in the certification activities
7.3 Use of external auditors and external technical experts
7.4 Personnel records
7.5 Outsourcing

8 Information requirements

8.1 Publicly accessible information
8.2 Certification documents
8.3 Directory of certified clients
8.4 Reference to certification and use of marks
8.5 Confidentiality
8.6 Information exchange between a certification body and its clients

9 Process requirements

9.1 General requirements applicable to any audit
9.2 Initial audit and certification
9.3 Surveillance activities
9.4 Recertification
9.5 Special audits
9.6 Suspending, withdrawing or reducing scope of certification
9.7 Appeals
9.8 Complaints
9.9 Records on applicants and clients

10 Management system requirements for certification bodies

10.1 Option 1 — Management system requirements in accordance with ISO 9001
10.2 Option 2 — General management system requirements

Annex A Guide for process to determine auditor time (informative)
Annex B Criteria for auditing organizations with multiple sites (normative)
Annex C Auditor education, work and audit experience and training durations (normative)
Annex D Auditor competence requirements (normative)

Bibliography

Tuoteryhmä(t)

03.120.20 Tuotteiden ja yritysten sertifiointi. Vaatimustenmukaisuuden arviointi »
47.020.99 Muut laivanrakennukseen ja meriteknisiin rakenteisiin liittyvät standardit »
03.100.70 Hallintajärjestelmät »
03.100.01 Yrityksen organisaatio ja johtaminen, yleistä »

Sidokset

Velvoittavat viittaukset

ISO/IEC 17000:2004 Conformity assessment — Vocabulary and general principles
ISO 19011:2002 Guidelines for quality and/or environmental management systems auditing
ISO 28000:— Specification for security management systems for the supply chain

Tekninen komitea

ISO/TC 292 (SFS-julkaisut) Security and resilience »

Vahvistuspäivä

05.03.2012

Julkaisupäivä

23.03.2012

Painos

1

Sivumäärä

44

Julkaisun kieli

englanti