INTERNATIONAL ISO/IEC STANDARD 20000-6 First edition 2017-06 Information technology Service management - Part 6: Requirements for bodies providing audit and certification of service management systems Technologies de I'information Gestion des services- Partie 6: Exigences pour les organismes procédant a I'audit et a la certification des systemes de management de la gestion des services Reference number IEC IS0/IEC 20000-6:2017(E) tso International Organization for Standardization STANDARDIZATION C15956617 @IS0/IEC2017 ed without license from IHS IS0/IEC 20000-6:2017(E) COPYRIGHT PROTECTED DOCUMENT IS0/IEC 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form written permission. Permission can be requested from either Iso at the address below or Iso's member body in the country of the requester. ISOcopyrightoffice Ch. de Blandonnet 8 · CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +4122 749 09 47 copyright@iso.org www.iso.org ,... Internationai ibr DrganizationforStandardization icensee-ZHEJIANG INSTOF STANDRJSA/IEC07 -All rights reserved networking permited withoutlicense from IHS IS0/IEC 20000-6:2017(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. 2 Normative references 3 Terms and definitions 4 Principles ..1 5 General requirements 5.1 Legal and contractual matters. ..1 5.2 Management of impartiality. ..2 5.3 Liability and financing ..2 6 Structural requirements .2 7 Resource requirements. .2 7.1 Competence of personnel. .2 7.1.1 General considerations. 2 7.1.2 Determination of competence criteria .2 7.1.3 Evaluation processes. 3 Other considerations. .3 7.1.4 7.2 Personnel involved in certification activities 3 7.3 Use of individual external auditors and external technical experts .3 7.4 Personnel records. ..3 7.5 Outsourcing. .3 8 Information requirements ..4 8.1 Public information.. .4 8.2 Certification documents. ..4 8.3 Referencetocertificationanduseofmarks 8.4 Confidentiality .4 8.5 Information exchange between a certification body and its clients ..4 9 Process requirements ..4 9.1 Pre-certification activities .4 9.1.1 Application. ..4 9.1.2 Application review. .4 9.1.3 Audit programme 9.1.4 Determining audit time 5 9.1.5 Multi-site sampling. .8 9.1.6 Multiple management systems standards ..8 9.2 Planning audits .9 9.2.1 Determining audit objectives, scope and criteria .9 9.2.2 Audit team selection and assignments .9 9.2.3 Audit plan.... ..9 9.3 Initial certification .10 9.4 Conducting audits. ..10 9.4.1 General. .10 9.4.2 Conducting the opening meeting .10 9.4.3 Communication during the audit ..10 9.4.4 Obtaining and verifying information ..10 9.4.5 Identifying and recording audit findings. ..11 9.4.6 Preparing audit conclusions ..11 9.4.7 Conducting the closing meeting ..11 9.4.8 Audit report .11 9.4.9 Cause analysis of nonconformities. ..11 9.4.10 Effectiveness of corrections and corrective actions .11 ntemaional oganzation @sS&AEG 2017-All rights reserved iii Licensee-ZHEJIANG INST OF STANDARDIZATION C1 5956617 No reproduction or networking permitted without license from IHS