ISO IEC 19770-11 pdf – Information technology — IT asset management — Part 11: Requirements for bodies providing audit and certification of IT asset management systems
1Scope
This document specifies requirements and provides guidance for certification bodies providing auditand certification of an ITAMS in accordance with lSO/IEC 19770-1.Ilt does not change the requirementsspecified in ISO/IEC 19770-1.
This document can also be used by accreditation bodies for the accreditation of certification bodies.However,this document does not specify requirements or provides guidance for accreditation bodies toaudit certification bodies.
A certification body providing ITAMS certification is expected to be able to demonstrate fulfilment ofthe requirements specified in this document, in addition to the requirements in ISO/IEC 17021-1.
2Normative references
The following documents are referred to in the text in such a way that some or all of their contentconstitutes requirements of this document. For dated references,only the edition cited applies. Forundated references, the latest edition of the referenced document(including any amendments) applies.ISO/IEC 17021-1:2015,Conformity assessment—Requirements for bodies providing audit and certificationof management systems —Part 1: Requirements
ISO/IEC 19770-1,Information technology — T asset management — Part 1: IT asset managementsystems— Requirements
ISO/IEC 19770-5, Information technology —IT asset management —Part 5:Overview and vocabularyISO/IEC 20000-1, Information technology —Service management —Part 1: Service management systemrequirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17021-1 andISO/IEC 19770-5 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:-ISo online browsing platform: available at https://www.iso .org/obp
一IEC Electropedia: available at http://www.electropedia .org/
4Principles
The principles in ISO/IEC 17021-1:2015,Clause 4 apply.
5 General requirements
5.1 Legal and contractual matters
The requirements in ISO/IEC 17021-1:2015,5.1 apply.5.2 Management of impartiality
5.2.1General
The requirements in ISO/IEC 17021-1:2015,5.2 apply. In addition, the following requirements andguidance apply.
5.2.2SM5.2.2 Conflicts of interest
Certification bodies may carry out the following duties without them being considered as consultancyor having a potential conflict of interest:
a) arranging and participating as a lecturer in training courses; where these courses relate to ITAM,
related management systems or auditing, certification bodies shall confine themselves to theprovision of generic information and advice which is publicly available, i.e. they shall not providecompany-specific advice;
b) making available or publishing on request information describing the certification body’s
interpretation of the requirements of the certification audit standards;
c)
activities prior to audit,solely aimed at determining readiness for certification audit; theseactivities shall not result in the provision of recommendations or advice that would contravene thissubclause; certification bodies shall be able to confirm that such activities do not contravene theserequirements and that they are not used to justify a reduction in the eventual certification auditduration;
d) performing second and third-party audits according to other standards or regulations not directly
related to the ITAMS;
e) adding value during certification audits,e.g.by identifying opportunities for improvement, as they
become evident during the audit, without recommending specific solutions.
Certification bodies shall not provide internal ITAM reviews of the client’s ITAMS subject tocertification.Certification bodies shall be independent of the body or bodies (including any individuals)which provide the internal ITAMS audit.
5.3 Liability and financing
The requirements in ISO/IEC 17021-1:2015,5.3 apply.
6Structural requirements
The requirements in ISO/IEC 17021-1:2015,Clause 6 apply.