The certification body shall require external auditors and external technical experts to have a written agreement by which they commit themselves to comply with applicable policies and implement processes as defined by the certification body. The agreement shall address aspects relating to confidentiality and impartiality and shall require the external auditors and external technical experts to notify the certification body of any existing or prior relationship with any organization they may be assigned to audit.
NOTE Use of an individual or employee of another organization individually contracted to serve as an external auditor or technical expert does not constitute outsourcing.
Question:
A: Does it mean that an external auditor or technical expert has to disclose all mandates he/she actually has or had in the past e.g. as a consultant or product specialist, even not knowing whether he/she will be appointed in the audit team in the future?
In many cases, companies that look for external support do not want that the consultant or product specialist make such a relationship public to third parties. To be discreet is one of the main assets in the medical device and pharmaceutical business. Not respecting this, will put the person out of business forever in this specialized field and depending on the contract cost him/her a lot of compensation.
B: Would it be enough as soon as the certification body will ask him/her to become a part of an audit team to tell simply that it is not possible to work for this particular certification task. Is it acceptable to reject the task without further detailed explanation?
In any case, the certification body can think about it, and make its own risk analysis and consequently mandate somebody else as external auditor for the particular task.
September 2018
Both option A and option B satisfy the requirements of clause 7.3 of ISO/IEC 17021-1.
It is acceptable to reject a task without giving a reason. however, it is the CB in control of the relationships and so it would be best practice for the CB to have the relevant information to demonstrate assessment of the risk of a conflict of interest.