ISO IEC 19770-11-2021 pdf Information technology — IT asset management — Part 11: Requirements for bodies providing audit and certification of IT asset management systems

5 General requirements 5.1 Legal and contractual matters The requirements in ISO/IEC 17021-1:2015, 5.1 apply. 5.2 Management of impartiality 5.2.1 General The requirements in ISO/IEC 17021-1:2015, 5.2 apply. In addition, the following requirements and guidance apply. 5.2.2 SM5.2.2 Conflicts of interest Certification bodies may carry out the following duties without them being considered as consultancy or having a potential conflict of interest: a) arranging and participating as a lecturer in training courses; where these courses relate to ITAM, related management systems or auditing, certification bodies shall confine themselves to the provision of generic information and advice which is publicly available, i.e. they shall not provide company-specific advice; b) making available or publishing on request information describing the certification body ’s interpretation of the requirements of the certification audit standards; c) activities prior to audit, solely aimed at determining readiness for certification audit; these activities shall not result in the provision of recommendations or advice that would contravene this subclause; certification bodies shall be able to confirm that such activities do not contravene these requirements and that they are not used to justify a reduction in the eventual certification audit duration; d) performing second and third-party audits according to other standards or regulations not directly related to the ITAMS; e) adding value during certification audits, e.g. by identifying opportunities for improvement, as they become evident during the audit, without recommending specific solutions. Certification bodies shall not provide internal ITAM reviews of the client ’s ITAMS subject to certification. Certification bodies shall be independent of the body or bodies (including any individuals) which provide the internal ITAMS audit.
7.1.1.1 General The requirements in ISO/IEC 17021-1:2015, 7.1.1 apply. In addition, the following requirements and guidance apply. 7.1.1.2 SM7.1.1.2 Generic competence requirements The certification body shall ensure that it has knowledge of the technological, legal and regulatory developments relevant to the ITAMS of the client which it assesses. The certification body shall define the competence requirements for each certification function as referenced in ISO/IEC 17021-1:2015, Table A.1. The certification body shall take into account all the requirements specified in ISO/IEC 17021-1, 7.1.2 and 7.2.2 that are relevant for the ITAMS technical areas as determined by the certification body. NOTE Annex A provides a summary of the competence requirements for personnel involved in specific certification functions.