Suggested steps for using conformity assessment in regulations

When considering the use of conformity assessment in regulations the following suggested steps can be used.

These steps are suggestions only, and the actual process used to consider and use conformity assessment in regulations will depend on the legal system in each country. In many countries a regulatory impact analysis (RIA) may be required to justify the selected option.

Step1: Purpose and scope

The purpose for using conformity assessment to support regulation should be clear and be related to achievement of relevant public policy outcomes and the responsibilities of the regulator. The scope of the use of the conformity assessment serve to:

  • identify the object of conformity (e.g. the type of product, product, process, service, system, data, design, material, claim, person, body or organization) being targeted through the regulation, and in particular what characteristics of that object need to be controlled;
  • identify the specified requirements that the object must fulfil; and
  • identify the stakeholders that have the responsibility for complying with the regulations and demonstrating this compliance through adherence to conformity assessment requirements.

Step 2: Check jurisdiction 

From the outset it is important to identify and ensure the points listed below:

What responsibilities and regulatory powers the regulator has, and confirm that it has a legal ability to develop and mandate conformity assessment requirements as part of fulfilling its responsibilities.

What regulatory controls apply to the object of conformity (e.g. product, process, service, management system, person or organisation), especially if different aspects of the same object are controlled by more than one regulator (e.g. an electrical consumer product that is controlled for electrical safety by one regulator, and energy efficiency by a different regulator).

Any duplication of conformity assessment requirements should be avoided.

It is clear which regulator has control over the object of conformity at different stages of the object’s life cycle (e.g. at the point of raw material creation, processing, manufacture or fabrication, wholesaling, distribution) including both imports and domestic production. It is also important to coordinate across regulators if necessary. This is especially true for products that have complex supply chains, or are perishable, or have specific issues in terms of waste and disposal.

The limits of delegations of any regulatory powers are known and respected to avoid situations where conformity assessment activities take on too much responsibility on behalf of the regulator which is not in accordance with the law.

The international obligations (e.g. WTO agreements) and regional commitments, especially for mandatory conformity assessment schemes that need to support and be integrated with any regional regulatory practice are known. In some regions regional mandatory conformity assessment exists for specific product types, e.g. the Gulf Cooperation Council (GCC) Regulatory System for Control of Products, or the New Legislative Framework with its association regulations and directives of the European Union.

Step 3: Risk assessment

Having confirmed the scope (including the objects of conformity and specified requirements) in Step 1, a risk assessment should be undertaken to understand the nature of the risks that are trying to be manage through regulation and conformity assessment.

Step 4: Conformity Assessment options

The use of conformity assessment represents only a part of the range of options that regulators may choose to facilitate compliance with their regulations. Practical access to the selected conformity assessment activity is critical if the use of conformity assessment is to be successful. For example, it is of no benefit to require testing to be carried out in an accredited laboratory if those laboratories do not actually exist, or access to those laboratories is limited in some way (e.g. government laboratories that are prohibited from undertaking testing for private industry clients that require this testing to comply with regulations). In many countries access to appropriate conformity assessment services is enabled through provision of such activities by both, public and private sectors. Based on the level of risk, the adequate determination methods need to be selected.

Examples are:

  • A requirement for self-declaration of conformity (SDoC) based on a test report from an accredited laboratory.
  • Requirement for product certification based on the testing of an initial product type (type-approval) which is then copied for all subsequent units of production without any further involvement of a third-party certifier.
  • A production certification based on testing plus surveillance where a third party takes samples on an ongoing basis by the certification body from the market and testing or inspection to confirm the ongoing conformity.

Step 5: Confirm Conformity Assessment approach and responsibilities

If a mandatory conformity assessment option is selected an appropriate conformity assessment scheme needs to be developed.

Best practice in development of a scheme includes:

  • engage a multi-party stakeholder’s process;
  • involve the sectors that will be required to comply with the regulations;
  • provide a level of coverage that reflects domestic circumstances and priorities; and
  • manage regulations and associated conformity assessment scheme with transparency and certainty.

Competence can be articulated through carrying out:

  • a competence analysis to define the qualification criteria (the person certification standards of ISO/CASCO toolbox could provide you guidance on expected qualifications, work experience and levels of technical competence);
  • a prescribed training system;
  • qualification process including monitoring the performance; and
  • then select the conformity assessment bodies, accreditation and peer assessment, and persons.

Once competence criteria are established, competent persons and organisations need to be appointed. A selection process will help to be consistent on implementing the defined competence criteria. This should also include considerations of independence, impartially and confidentiality.

Step 6: Communication

A specific communication strategy should be established implemented and maintained, once the conformity assessment scheme is ready for operation. This could include:

  • a high profile launch event;
  • distribution of information through various media channels including social networking;
  • contact and seminars for those organisations and people that need to comply with the regulation or are involved in the associated conformity assessment activities;
  • dedicated website for posting rules and updated scheme details;
  • training courses etc.

Step 7: Surveillance

Irrespective of which form of surveillance (market surveillance or conformity assessment surveillance) it is good practice to take a risk management approach to what is selected for surveillance and the frequency of surveillance. Surveillance provisions should be flexible in order to allow for:

  • periodic concentration on particular aspects on noncompliance that are especially prevalent and that have the highest risk of noncompliance;
  • distinguishing between good and bad performers in terms of compliance, especially in terms of frequency of surveillance; and
  • the ability to switch focus to novel or emerging risks of noncompliance.

Step 8: Review and management of changes 

The regulator in their role as scheme owner should implement a process for reviewing the operation of the conformity assessment scheme on a periodic basis taking into account feedback from stakeholders. The review should:

  • consider whether the conformity assessment scheme is assisting in achieving the relevant public policy and legislative objectives;
  • consider whether activities can be undertaken more costs effectively and efficiently; and
  • identify aspects requiring improvement.

The regulator in their role as scheme owner should monitor and participate in the development of the standards and other normative documents which define the specified requirements used in the scheme. Where changes in these documents occur, the regulator should have a process for making the necessary changes in the scheme, and for managing the implementation of the changes (e.g. transition period) by the conformity assessment bodies, clients and, where necessary, other stakeholders.