Conformity assessment bodies

The structure of the above International Standards is similar in that they contain both technical and organisational requirements:

• general requirements – e.g.legal and contractual matters, management of impartiality;
• structural requirements – e.g. specific organisational structures that must be in place;
• resource requirements – competency, equipment and work environment requirements, and subcontracting/outsourcing requirements;
• process requirements – requirements for the specific conformity assessment activity; and
• information requirements – e.g. evidence and records retention, confidentiality and public accessibility;
• management system requirements – requirements for the internal management of the CAB to ensure it is managing its overall fulfilment the relevant International Standard.

The above International Standards contain requirements associated with topics that are common, to a greater or lesser extent, across all conformity assessment activities, such as:

• impartiality
• confidentiality
• complaints and appeals
• public disclosure; and
• use of management systems by CABs

Inspection bodies

Inspection bodies covered by the relevant International Standards for inspection bodies, ISO/IEC 17020, can be owned and operated by government, or industry bodies, or be separate organisations. The standard identifies three types of inspection body:

• Type A Inspection Bodies - these bodies provide third-party services and are expected to be independent of the other parties involved;
• Type B Inspection Bodies - provide first-party services to their parent body only; and
• Type C Inspection Bodies - first-party inspection bodies which may also provide inspection services to other organizations.

The requirements contained in the standard apply to all types of inspection body, except for special requirements in an Annex that related to the specific type of inspection body being referred to. The general requirements include:

• general requirements, including impartiality and independence and confidentiality;
• structural requirements, including administrative requirements and organizational management;
• resource requirements, including personnel, facilities and equipment, subcontracting;
• process requirements, including inspection methods and procedures, handling inspection items and samples, inspection records, inspection reports and inspection certificates, complaints and appeals; and
• management system requirements.

Certification bodies

The relevant International Standards for product, process or service certification bodies, ISO/IEC 17065, sets out the following requirements:

• general requirements, including legal and contractual matters, management of impartiality, liability and financing, non-discriminatory conditions, confidentiality and publicly available information;
• structural requirements, including organizational structure and top management and a mechanism for safeguarding impartiality;
• resource requirements, including certification body personnel, resources for evaluation activities and outsourcing;
• process requirements, including application, application review, evaluation, review, certification decision, certification documentation, directory of certified products, surveillance, changes affecting certification, termination, reduction, suspension or withdrawal of certification, records, and complaints and appeals; and
• management system requirements.

One of the critical things about product, process or service certification is that it must take place in the context of a certification scheme. The certification scheme sets out the following parameters:

• product, process or service to be certified;
• the specified requirements (e.g. standards) that the product, process or service must fulfil;
• sampling criteria for the certification if required;
• types and combinations of conformity assessment techniques (e.g. audit, inspection or test) that will be used to evaluate the product, process or service;
• the process to be followed for the evaluation, review and decision;
• the mark of conformity and its control;
• activities that must be undertaken during surveillance, if any.

The International Standards for management system certification bodies, ISO/IEC 17021-1, sets out the following requirements:

• general requirements, including legal and contractual matters, management of impartiality, and liability and financing;
• structural requirements, including organizational structure and top management, and committee for safeguarding impartiality;
• resource requirements, including competence of management and personnel, personnel involved in the certification activities, use of individual external auditors and external technical experts; personnel records and outsourcing;
• information requirements, including publicly accessible information, certification documents, directory of certified clients, reference to certification and use of marks, confidentiality and information exchange between a certification body and its clients;
• process requirements, including initial audit and certification, surveillance activities, recertification, special audits, suspending, withdrawing or reducing the scope of certification, appeals, complaints and records of applicants and clients; and
• management system requirements.

Specific requirements in ISO/IEC 17021-1 focus on the relationship of providing consultancy services and any subsequent independent certification activities, and also the understanding that competent auditors are needed for specific technical areas.

The relevant International Standards for management system certification bodies is ISO/IEC 17021-1, Conformity assessment - Requirements for bodies providing audit and certification of management systems. There are a series of parts (All Parts) to the main standard that deal with auditor competence for different types of management system, e.g. quality management systems auditors, environmental management system auditors etc.

The relevant International Standards for person certification bodies, ISO/IEC 17024, sets out the following requirements:

• general requirements, including legal matters, responsibility for decision on certification, management of impartiality, and finance and liability;
• structural requirements, including management and organization structure, and structure of the certification body in relation to training;
• resource requirements, including general personnel requirements, personnel involved in the certification activities, outsourcing and other resources;
• records and information requirements, including records of applicants, candidates and certified persons, public information, confidentiality and security;
• certification scheme requirements;
• process requirements, including application process, assessment process, examination process, decision on certification, suspending, withdrawing or reducing the scope of certification, recertification process, use of certificates, logos and marks, appeals against decisions on certification and complaints; and
• management system requirements.

Unlike the other types certification requirements standards, ISO/IEC 17024 sets requirements for the certification scheme. Another critical issue addressed is the relationship between providing training services and any subsequent independent certification of that person.