Assurance

ISO/IEC 27001 Certification - Management of Impartiality

ISO Certification procedures shall be undertaken impartially.

AARC-360 is responsible for maintaining its impartiality with respect to its assessment activities and shall not allow commercial, financial or other pressures to compromise impartiality. All members of the assessment team attest to their impartiality.

Top management commitment

Management system consultancy

“participation in establishing, implementing or maintaining a MS”.

Examples: Preparing or producing manuals or procedures; giving specific advice, instructions or solutions towards development/implementation of a MS.

Arranging training and participating as a trainer is not considered consultancy, provided that itis confined to the provision of generic information; i.e., the trainer should not provide client-specific solutions.

The provision of generic information, but not client specific solutions for the improvement of processes or systems, is not considered to be consultancy.

Examples:

Where a client has received management systems consultancy from a body that has a relationship with a certification body, this is a significant threat to impartiality. 

The certification body shall not outsource audits to a management system consultancy organization, as this poses an unacceptable threat to the impartiality of the certification body.