What is Conformity Assessment?

This section describes the basic concepts of conformity assessment, conformity assessment techniques and how they can be combined to create a scheme. It outlines possible claims of conformity and explains who can perform conformity assessment activities and what the outcomes are.

Conformity Assessment bodies

There are different types of conformity assessment bodies (CABs) that can undertake conformity assessment techniques and activities. They can come in any organisational form and ownership, and can be commercial in focus or not-for-profit entities.  They can be government agencies, national standards bodies, trade associations, consumer organisations, or private or publically owned companies.

Conformity assessment bodies range from multibillion dollar multinational companies that undertake all types of conformity assessment activity (e.g. testing, inspection and certification), to CABs offering national services within one specific country, or small localised entities that work in a specific sector and region. In most cases CABs can act as first, second or third party that is making the claim of conformity. Where bodies act in a third party capacity, an important feature is that they have to act in an impartial way so that the results of their work can be objective and maintain the highest degree of confidence.

Provision of conformity assessment activities by CABs are generally on the basis of a fee for service which may or may not reflect a return on investment or profit. Many countries have a competitive market amongst CABs for the provision of conformity assessment activities.  However in some countries and markets a monopoly is given to one or more government recognised conformity assessment bodies by statute, regulations or through procurement practices.

 

The structure of the above International Standards is similar in that they contain both technical and organisational requirements:

  • general requirements – e.g. legal and contractual matters;
  • structural requirements – e.g. specific organisational structures that must be in place;
  • resource requirements – competency, equipment and work environment requirements, and subcontracting/outsourcing requirements;
  • records and information requirements – e.g. evidence and records retention, confidentiality and public accessibility;
  • process requirements – requirements for the specific conformity assessment activity; and
  • management system requirements – requirements for the internal management of the CAB to ensure it is managing its overall fulfilment the relevant International Standard.

The above International Standards contain requirements associated with topics that are common, to a greater or lesser extent, across all conformity assessment activities, such as:

  • impartiality
  • confidentiality
  • complaints and appeals
  • public disclosure; and
  • use of management systems by CABs

 

Testing laboratories   

The relevant International Standard for testing laboratories is ISO/IEC 17025:2005, General requirements for the competence of testing and calibration laboratories.
See more: Conformity assessment bodies – Testing and calibration laboratories.

Testing laboratories covered by this standard can be owned and operated by government, or industry bodies, or be separate organisations. This International Standard for laboratory operation and management contains management system and technical requirements. The management system requirements are common to all laboratories.  However there is a need to apply the technical requirements taking into account the specific field of testing being carried out.  An informative Annex in the International Standard provides guidelines for applying ISO/IEC 17025 for specific fields of testing.

Inspection bodies   

Inspection bodies covered by the relevant International Standards for inspection bodies, ISO/IEC 17020, can be owned and operated by government, or industry bodies, or be separate organisations. The standard identifies three types of inspection body:

Type A Inspection Bodies - these bodies provide third-party services and are expected to be independent of the other parties involved;
Type B Inspection Bodies - provide first-party services to their parent body only; and
Type C Inspection Bodies - first-party inspection bodies which may also provide inspection services to other organizations.
The requirements contained in the standard apply to all types of inspection body, except for special requirements in an Annex that related to the specific type of inspection body being referred to. The general requirements include:

  • general requirements, including impartiality and independence and confidentiality;
  • structural requirements, including administrative requirements and organizational management;
  • resource requirements, including personnel, facilities and equipment, subcontracting;
  • process requirements, including inspection methods and procedures, handling inspection items and samples, inspection records, inspection reports and inspection certificates, complaints and appeals; and
  • management system requirements.

 ISO/IEC 17020:2012, Conformity assessment - Requirements for the operation of various types of bodies performing inspection.

Certification bodies   

Certification bodies are always third-party impartial conformity assessment bodies that can certify product, process or services, management systems or persons. They can be owned and operated by government, industry bodies, or be separate organizations and have all a set of relevant international standards in place.

Product, process or service certification bodies

The relevant International Standards for product, process or service certification bodies, ISO/IEC 17065, sets out the following requirements:

  • general requirements, including legal and contractual matters, management of impartiality, liability and financing, non-discriminatory conditions, confidentiality and publicly available information;
  • structural requirements, including organizational structure and top management and a mechanism for safeguarding impartiality;
  • resource requirements, including certification body personnel, resources for evaluation activities and outsourcing;
  • process requirements, including application, application review , evaluation, review, certification decision, certification documentation, directory of certified products, surveillance, changes affecting certification, termination, reduction, suspension or withdrawal of certification, records, and complaints and appeals; and
  • management system requirements.

One of the critical things about product, process or service certification is that it must take place in the context of a certification scheme.  The certification scheme sets out the following parameters:

  • product, process or service to be certified;
  • the specified requirements (e.g. standards) that the product, process or service must fulfil;
  • sampling criteria for the certification if required;
  • types and combinations of conformity assessment techniques (e.g. audit, inspection or test) that will be used to evaluate the product, process or service;
  • the process to be followed for the evaluation, review and decision;
  • the mark of conformity and its control;
  • activities that must be undertaken during surveillance, if any.

 

The relevant International Standards for product, process or service certification bodies is ISO/IEC 17065:2012, Conformity assessment - Requirements for bodies certifying products, processes and services

The following standards contain guidance on how to establish and manage certification schemes for products, processes and services:
ISO/IEC 17067:2013, Conformity assessment - Fundamentals of product certification and guidelines for product certification schemes
ISO/IEC 17026, Conformity assessment — Example of a product certification scheme, contain guidance on how to establish and manage certification schemes for products, processes and services.

Management Systems certification bodies

The International Standards for management system certification bodies, ISO/IEC 17021, sets out the following requirements:

  • general requirements, including legal and contractual matters, management of impartiality, and liability and financing;
  • structural requirements, including organizational structure and top management, and committee for safeguarding impartiality;
  • resource requirements, including competence of management and personnel, personnel involved in the certification activities, use of individual external auditors and external technical experts; personnel records and outsourcing;
  • information requirements, including publicly accessible information, certification documents, directory of certified clients, reference to certification and use of marks, confidentiality and information exchange between a certification body and its clients;
  • process requirements, including initial audit and certification, surveillance activities, recertification, special audits, suspending, withdrawing or reducing the scope of certification, appeals, complaints and records of applicants and clients; and
  • management system requirements.

Specific requirements in ISO/IEC 17021 focus on the relationship of providing consultancy services and any subsequent independent certification activities, and also the understanding that competent auditors are needed for specific technical areas. 

The relevant International Standards for management system certification bodies is ISO/IEC 17021:2011, Conformity assessment - Requirements for bodies providing audit and certification of management systems. There are a series of parts to the main ISO/IEC 17021 standard that deal with auditor competence for different types of management system, e.g. quality management systems auditors, environmental management system auditors etc.

  • Part 2: Competence requirements for auditing and certification of environmental management systems
  • Part 3: Competence requirements for auditing and certification of quality management systems
  • Part 4: Competence requirements for auditing and certification of event sustainability management systems
  • Part 5: Competence requirements for auditing and certification of asset management systems
  • Part 6: Competence requirements for auditing and certification of business continuity management systems
  • Part 7: Competence requirements for auditing and certification of road traffic safety management systems

Person certification bodies

The relevant International Standards for person certification bodies, ISO/IEC 17024, sets out the following requirements:

  • general requirements, including legal matters, responsibility for decision on certification, management of impartiality, and finance and liability;
  • structural requirements, including management and organization structure, and structure of the certification body in relation to training;
  • resource requirements, including general personnel requirements, personnel involved in the certification activities, outsourcing and other resources;
  • records and information requirements, including records of applicants, candidates and certified persons, public information, confidentiality and security;
  • certification scheme requirements;
  • process requirements, including application process, assessment process, examination process, decision on certification, suspending, withdrawing or reducing the scope of certification, recertification process, use of certificates, logos and marks, appeals against decisions on certification and complaints; and
  • management system requirements.

Unlike the other types certification requirements standards, ISO/IEC 17024 sets requirements for the certification scheme.  Another critical issue addressed is the relationship between providing training services and any subsequent independent certification of that person.
The relevant International Standards for person certification bodies is ISO/IEC 17024:2012, Conformity assessment - General requirements for bodies operating certification of persons

 

Some important standards for certification bodies

  •  ISO/IEC 17065:2012, Conformity assessment - Requirements for bodies certifying products, processes and services
  •  ISO/IEC 17067:2013, Conformity assessment - Fundamentals of product certification and guidelines for product certification schemes
  •   ISO/IEC 17021:2011, Conformity assessment - Requirements for bodies providing audit and certification of management systems
  •   ISO/IEC 17024:2012, Conformity assessment - General requirements for bodies operating certification of persons.
  •   ISO/IEC 17026, Conformity assessment - Example of a product certification scheme