ISO IEC TS 17021-13-2021 PDF

Full title and description

Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 13: Competence requirements for auditing and certification of compliance management systems. This technical specification defines the competence expected of personnel who carry out or support audits and certification activities specifically for compliance management systems (CMS), and is intended to be used alongside the generic requirements of ISO/IEC 17021-1.

Abstract

ISO/IEC TS 17021-13:2021 specifies competence requirements for auditors, audit team leaders and other certification personnel involved in the audit and certification cycle for compliance management systems. It complements ISO/IEC 17021-1 by giving CMS‑specific competence elements such as understanding compliance obligations (laws, regulations, contracts and codes), compliance risk assessment and controls, governance and organisational context for compliance, compliance culture and related assurance activities. The document is concise and intended to support certification bodies, accreditation bodies and organisations seeking CMS certification.

General information

• Status: Published (Technical Specification); edition confirmed in 2025
• Publication date: 16 December 2021
• Publisher: ISO/IEC (ISO on behalf of ISO/IEC CASCO)
• ICS / categories: 03.100.01 — Company organisation and management in general; 03.100.02 — Governance and ethics; 03.120.20 — Product and company certification. Conformity assessment.
• Edition / version: Edition 1 (2021)
• Number of pages: 5

Scope

The specification sets out competence requirements for personnel involved in auditing and certifying compliance management systems (CMS). It applies to auditors, audit team leaders, personnel who select audit teams, reviewers of audit reports, and those who make certification decisions. ISO/IEC TS 17021-13 is intended to be used in conjunction with ISO/IEC 17021-1 (the generic requirements for bodies providing audit and certification of management systems) and to align with the CMS requirements given in ISO 37301.

Key topics and requirements

• Generic competence baseline: adherence to the generic competence elements required by ISO/IEC 17021-1.
• Knowledge of compliance management system concepts and ISO 37301 and how those map to audit criteria.
• Understanding organisational context: business activities, compliance functions, roles and responsibilities relevant to CMS.
• Familiarity with laws, regulations, codes, contractual obligations and differing legal systems applicable to the audit scope.
• Competence in identifying and evaluating applicable legal and other requirements and determining their relevance to the organisation.
• Skills in compliance risk assessment, evaluation of controls, monitoring, measurement and reporting of compliance performance.
• Awareness of compliance culture indicators, whistleblowing and investigation processes, and remediation mechanisms.
• Team competence approach: the audit team collectively must cover required CMS competencies even if individual auditors do not possess every skill.
• Competence requirements for non-auditor certification personnel (application reviewers, decision-makers) to understand CMS context and implications for certification activities.

Typical use and users

Primary users include certification bodies that offer certification of compliance management systems, accreditation bodies assessing such certification bodies, lead auditors and audit teams, organisations preparing for CMS certification, and training/competence assessment providers. Secondary users include regulators, consultants and legal/compliance specialists who support CMS auditing and certification processes.

Related standards

ISO/IEC 17021-1 (requirements for bodies providing audit and certification of management systems); ISO 37301 (Compliance management systems — Requirements with guidance for use); other parts of the ISO/IEC 17021 series and related sector-specific TS documents (e.g., parts addressing specific management system types and sector guidance such as anti-bribery, occupational health and safety, etc.).

Keywords

compliance management system, CMS, competence requirements, ISO/IEC 17021, ISO 37301, certification bodies, auditors, audit team competence, legal and regulatory requirements, conformity assessment

FAQ

Q: What is this standard?

A: ISO/IEC TS 17021-13:2021 is a technical specification that defines competence requirements for personnel involved in auditing and certifying compliance management systems (CMS), intended to be used alongside ISO/IEC 17021-1.

Q: What does it cover?

A: It covers CMS-specific knowledge and skills for auditors and other certification personnel — including understanding compliance obligations (laws, regulations, contracts, codes), compliance risk assessment and controls, organisational context for compliance, compliance culture and related assurance activities.

Q: Who typically uses it?

A: Certification bodies, accreditation bodies, lead auditors and audit teams, organisations seeking CMS certification, competence and training providers, and consultants supporting CMS certification.

Q: Is it current or superseded?

A: It was published in December 2021 (Edition 1) and has been confirmed in a subsequent review cycle; it remains current. Users should check with their national or international standards body for any later revisions or confirmations.

Q: Is it part of a series?

A: Yes — it is Part 13 of the ISO/IEC 17021 series (requirements for bodies providing audit and certification of management systems) and is intended to be used in conjunction with the core ISO/IEC 17021-1 and with ISO 37301 on compliance management systems.

Q: What are the key keywords?

A: Compliance management system, CMS, competence, auditors, certification bodies, conformity assessment, ISO/IEC 17021, ISO 37301, legal requirements, compliance risk.