ISO IEC TS 17021-6-2014 PDF

Full title and description

ISO/IEC Technical Specification 17021-6:2014 — Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 6: Competence requirements for auditing and certification of business continuity management systems (BCMS). This Technical Specification supplements ISO/IEC 17021 by specifying BCMS-specific competence expectations for auditors, reviewers and certification decision‑makers.

Abstract

This Technical Specification complements the generic requirements in ISO/IEC 17021 by adding competence requirements specific to business continuity management systems (BCMS). It describes the knowledge, skills and experience certification bodies must have available within audit teams and decision processes to ensure credible, consistent BCMS certification.

General information

• Status: Published.
• Publication date: 2014-12-01 (first edition, 2014).
• Publisher: Published as an ISO/IEC Technical Specification under ISO/CASCO (ISO and IEC).
• ICS / categories: 03.120.20; 03.100.01.
• Edition / version: Edition 1 (2014).
• Number of pages: 6 pages.

Scope

ISO/IEC TS 17021-6:2014 extends the general requirements of ISO/IEC 17021 to specify additional competence criteria and guidance for personnel involved in the audit and certification of Business Continuity Management Systems (BCMS). It addresses required knowledge areas, experience and team composition considerations so that certification activities for BCMS are performed by suitably competent auditors, reviewers and decision‑makers.

Key topics and requirements

• BCM terminology and concepts (alignment with ISO 22300/ISO 22301 vocabulary).
• Understanding the context of the organization as it relates to business continuity.
• Identification and evaluation of applicable legal, regulatory and other requirements affecting BCMS.
• Interrelationships between BCMS elements across the lifecycle (planning, operation, response, recovery).
• Business impact analysis (BIA) and risk assessment methodologies, time‑based impacts, dependencies and prioritization.
• Business continuity strategy development, selection and evaluation (including cost/benefit considerations and external dependencies).
• Incident management, response planning, communications and coordination with stakeholders.
• Development, structure and maintenance of business continuity plans and procedures.
• Design, conduct and evaluation of exercises and tests to verify preparedness and recovery objectives.
• BCMS performance evaluation, metrics and review for continual improvement.
• Requirements for application review, audit team composition, demonstration of collective competence and determination of appropriate audit time.

Typical use and users

Primary users are certification bodies and their personnel (lead auditors, auditors, technical experts, reviewers and certification decision‑makers) who conduct BCMS audits and certification. Secondary users include accreditation bodies, organizational BCMS implementers, consultants, trainers and organizations seeking to understand competence expectations for BCMS certification. The TS helps ensure consistent, credible BCMS certification outcomes.

Related standards

Key related documents include ISO/IEC 17021 (the overarching requirements for bodies providing audit and certification of management systems, superseded in part by later 17021 series publications), ISO/IEC 17021‑1:2015 (requirements), ISO 22301 (Business continuity management system — requirements) and ISO 22300 (BCM vocabulary). The 17021 series also contains other TS/parts that specify sector or management‑system specific competence requirements.

Keywords

BCMS, business continuity, audit competence, certification, ISO/IEC 17021, ISO 22301, business impact analysis, incident management, audit team competence.

FAQ

Q: What is this standard?

A: ISO/IEC TS 17021-6:2014 is a Technical Specification that defines competence requirements specific to the audit and certification of Business Continuity Management Systems (BCMS), complementing the general requirements in the ISO/IEC 17021 series.

Q: What does it cover?

A: It covers BCMS‑specific knowledge, skills and experience for auditors, reviewers and certification decision‑makers — topics such as BCM terminology, BIA and risk assessment, continuity strategies, incident response, BC plans, exercises, performance evaluation and requirements for collective audit team competence.

Q: Who typically uses it?

A: Certification bodies and their audit personnel, accreditation bodies, BCMS implementers, consultants and trainers use the Technical Specification to confirm and demonstrate the competence needed for credible BCMS certification.

Q: Is it current or superseded?

A: The document was published in December 2014 (first edition) and is listed as Published in ISO/IEC records. Users should confirm the current status with ISO or the national standards body before relying on it for compliance decisions because standards and TS documents are periodically reviewed.

Q: Is it part of a series?

A: Yes — it is Part 6 of the ISO/IEC 17021 series of documents that address requirements for bodies providing audit and certification of management systems; other parts/TS in the series address competence requirements for other management system types.

Q: What are the key keywords?

A: Business continuity, BCMS, audit competence, certification, business impact analysis, incident management, ISO/IEC 17021, ISO 22301.