There are different types of conformity assessment bodies (CABs) that can undertake conformity assessment activities.
They can come in any organisational form and ownership, and can be commercial in focus or not-for-profit entities. They can be government agencies, national standards bodies, trade associations, consumer organisations, or private or publically owned companies.
Conformity assessment bodies range from multibillion dollar multinational companies that undertake all types of conformity assessment activity (e.g. testing, inspection and certification), to CABs offering national services within one specific country, or small localised entities that work in a specific sector and region. In most cases CABs can act as first, second or third party that is making the claim of conformity. Where bodies act in a third party capacity, an important feature is that they have to act in an impartial way so that the results of their work can be objective and maintain the highest degree of confidence.
Provision of conformity assessment activities by CABs are generally on the basis of a fee for service which may or may not reflect a return on investment or profit. Many countries have a competitive market amongst CABs for the provision of conformity assessment activities. However in some countries and markets a monopoly is given to one or more government recognised conformity assessment bodies by statute, regulations or through procurement practices.
Conformity assessment bodies
|International Standards||First party||Second party||Third party|
|Testing and calibration laboratories||ISO/IEC 17025||yes||yes||yes|
|Inspection bodies||ISO/IEC 17020||yes||yes||yes|
|Certification bodies for persons||ISO/IEC 17024||yes|
|Certification bodies for products, processes and services||ISO/IEC 17065||yes|
|Certification bodies for management systems||ISO/IEC 17021||yes|
|Validation and verification bodies||ISO/IEC 17029||yes||yes||yes|
The structure of the above International Standards is similar in that they contain both technical and organisational requirements:
- general requirements – e.g.legal and contractual matters, management of impartiality;
- structural requirements – e.g. specific organisational structures that must be in place;
- resource requirements – competency, equipment and work environment requirements, and subcontracting/outsourcing requirements;
- process requirements – requirements for the specific conformity assessment activity; and
- information requirements – e.g. evidence and records retention, confidentiality and public accessibility;
- management system requirements – requirements for the internal management of the CAB to ensure it is managing its overall fulfilment the relevant International Standard.
The above International Standards contain requirements associated with topics that are common, to a greater or lesser extent, across all conformity assessment activities, such as:
- complaints and appeals
- public disclosure; and
- use of management systems by CABs
Testing and calibration laboratories covered by ISO/IEC 17025 can be owned and operated by government, or industry bodies, or be separate organisations. This International Standard for laboratory operation and management contains management system and technical requirements. The management system requirements are common to all laboratories. However there is a need to apply the technical requirements taking into account the specific field of testing being carried out.
Inspection bodies covered by the relevant International Standards for inspection bodies, ISO/IEC 17020, can be owned and operated by government, or industry bodies, or be separate organisations. The standard identifies three types of inspection body:
- Type A Inspection Bodies - these bodies provide third-party services and are expected to be independent of the other parties involved;
- Type B Inspection Bodies - provide first-party services to their parent body only; and
- Type C Inspection Bodies - first-party inspection bodies which may also provide inspection services to other organizations.
The requirements contained in the standard apply to all types of inspection body, except for special requirements in an Annex that related to the specific type of inspection body being referred to. The general requirements include:
- general requirements, including impartiality and independence and confidentiality;
- structural requirements, including administrative requirements and organizational management;
- resource requirements, including personnel, facilities and equipment, subcontracting;
- process requirements, including inspection methods and procedures, handling inspection items and samples, inspection records, inspection reports and inspection certificates, complaints and appeals; and
- management system requirements.
Validation and verification as conformity assessment are understood to be a confirmation of reliability of information declared in claims. Both activities are distinguished according to the timeline of the assessed claim. Validation is applied to claims regarding an intended future use or projected outcome (confirmation of plausibility), while verification is applied to claims regarding events that have already occurred or results that have already been obtained (confirmation of truthfulness).
ISO/IEC 17029 contains general principles and requirements for the competence, consistent operation and impartiality of bodies performing validation/verification as conformity assessment activities. Bodies operating according to this document can provide validation/verification as a first-party, second-party or third-party activity. Bodies can be validation bodies only, verification bodies only, or provide both activities. This document is applicable to any sector, in conjunction with sector specific programmes that contain requirements for validation/verification processes and procedures.
The relevant International Standards for product, process or service certification bodies, ISO/IEC 17065, sets out the following requirements:
- general requirements, including legal and contractual matters, management of impartiality, liability and financing, non-discriminatory conditions, confidentiality and publicly available information;
- structural requirements, including organizational structure and top management and a mechanism for safeguarding impartiality;
- resource requirements, including certification body personnel, resources for evaluation activities and outsourcing;
- process requirements, including application, application review, evaluation, review, certification decision, certification documentation, directory of certified products, surveillance, changes affecting certification, termination, reduction, suspension or withdrawal of certification, records, and complaints and appeals; and
- management system requirements.
One of the critical things about product, process or service certification is that it must take place in the context of a certification scheme. The certification scheme sets out the following parameters:
- product, process or service to be certified;
- the specified requirements (e.g. standards) that the product, process or service must fulfil;
- sampling criteria for the certification if required;
- types and combinations of conformity assessment techniques (e.g. audit, inspection or test) that will be used to evaluate the product, process or service;
- the process to be followed for the evaluation, review and decision;
- the mark of conformity and its control;
- activities that must be undertaken during surveillance, if any.
- Conformity assessmentRequirements for bodies certifying products, processes and services
- Conformity assessmentFundamentals of product certification and guidelines for product certification schemes
- Conformity assessmentExample of a certification scheme for tangible products
The International Standards for management system certification bodies, ISO/IEC 17021-1, sets out the following requirements:
- general requirements, including legal and contractual matters, management of impartiality, and liability and financing;
- structural requirements, including organizational structure and top management, and committee for safeguarding impartiality;
- resource requirements, including competence of management and personnel, personnel involved in the certification activities, use of individual external auditors and external technical experts; personnel records and outsourcing;
- information requirements, including publicly accessible information, certification documents, directory of certified clients, reference to certification and use of marks, confidentiality and information exchange between a certification body and its clients;
- process requirements, including initial audit and certification, surveillance activities, recertification, special audits, suspending, withdrawing or reducing the scope of certification, appeals, complaints and records of applicants and clients; and
- management system requirements.
Specific requirements in ISO/IEC 17021-1 focus on the relationship of providing consultancy services and any subsequent independent certification activities, and also the understanding that competent auditors are needed for specific technical areas.
The relevant International Standards for management system certification bodies is ISO/IEC 17021-1, Conformity assessment - Requirements for bodies providing audit and certification of management systems. There are a series of parts (All Parts) to the main standard that deal with auditor competence for different types of management system, e.g. quality management systems auditors, environmental management system auditors etc.
Requirements for bodies providing audit and certification of management systems.
The relevant International Standards for person certification bodies, ISO/IEC 17024, sets out the following requirements:
- general requirements, including legal matters, responsibility for decision on certification, management of impartiality, and finance and liability;
- structural requirements, including management and organization structure, and structure of the certification body in relation to training;
- resource requirements, including general personnel requirements, personnel involved in the certification activities, outsourcing and other resources;
- records and information requirements, including records of applicants, candidates and certified persons, public information, confidentiality and security;
- certification scheme requirements;
- process requirements, including application process, assessment process, examination process, decision on certification, suspending, withdrawing or reducing the scope of certification, recertification process, use of certificates, logos and marks, appeals against decisions on certification and complaints; and
- management system requirements.
Unlike the other types certification requirements standards, ISO/IEC 17024 sets requirements for the certification scheme. Another critical issue addressed is the relationship between providing training services and any subsequent independent certification of that person.
topics on conformity assessment