- Who's Accredited
Through participation in the development of ISO/IEC 17065 and through the development and delivery of various workshops on this standard, ANAB has identified certain clauses that will be more easily understood and applied consistently if additional explanation is provided regarding them. The following are explanations of what the words in ISO/IEC 17065 already state - they are not interpretations of the requirements nor do they limit the evidence of fulfillment that certification bodies can offer during assessments performed in accordance with ISO/IEC 17011.
ISO/IEC 17065 4.2.3 "The certification body shall identify risks to its impartiality on an ongoing basis". The term "identify" is used and is distinctly different than "address" or "respond to." The use of "identify" indicates a pro-active effort to find risks to impartiality. The use of "ongoing basis" indicates a continuous activity.
ISO/IEC 17065 4.2.4 ". . . information [regarding elimination or minimization of risks to impartiality] shall be made available to the mechanism specified in 5.2." The participants in the 5.2 mechanism will have access to information about the elimination or minimization of impartiality risks supplied by the certification body.
ISO/IEC 17065 7.4.9 Note 2 "The certification scheme can indicate whether the evaluation is performed . . . prior to the application (see 7.2) for the certification process. In the latter case the requirements of 7.4 are not applicable."
ISO/IEC 17065 7.4.4 "The certification body shall . . . manage outsourced resources (see 6.2.2) in accordance with the evaluation plan."
When the scheme specifies that evaluation happens prior to application to the certification body then the scheme is indicating the evaluation is not part of the certification process completed by the certification body. As a result, such an evaluation is not outsourced by the certification body since the scheme has indicated the certification body is not involved in the evaluation.
When the scheme specifies that evaluation happens prior to application then 7.4 does not apply, which means 7.4.5 does not apply. Clause 7.4.5 only applies when the scheme indicates the evaluation will be performed by the certification body or under its responsibility. When these conditions exist the requirements in 7.4.5 apply when the certification body decides to use the results of evaluation (the entire evaluation or any part thereof) completed before the application. ISO/IEC 17065 is thus stating those evaluation results can be used even when the scheme indicates the evaluation will be performed by the certification body or under its responsibility.
ISO/IEC 17065 7.4.5 "The certification body shall only rely on evaluation results related to certification completed prior to the application for certification where it . . . satisfies itself that the body that performed the evaluation fulfills the requirements contained in 6.2.2. . ." The only requirements in 6.2.2 that the certification body must concern itself with are those that apply to the body that generated the evaluation results being used (results of the entire evaluation or any part thereof), which are the requirements in 188.8.131.52. The other requirements in 6.2.2 that apply directly to the certification body itself can not apply to the body that generated the evaluation results being used - the body that generated the results cannot possibly fulfill the requirements that apply to the certification body. Note as well that 7.4.5 makes no mention of this use of evaluation results as "outsourcing" - however it does "borrow" the 184.108.40.206 requirements for outsourced evaluation and applies them to this situation.
ISO/IEC 6.2.1 "When a certification body performs evaluation activities . . . it shall meet the applicable requirements of the relevant International Standard . . ." The certification body must decide which International Standard is relevant for each of the evaluation activities it performs. In some cases this may be a "best fit" selection, even though the International Standard (ISO/IEC 17020, ISO/IEC 17021 or ISO/IEC 17025) is not specifically written for the specific evaluation activity. In all cases, and especially this "best fit" situation, the certification body must decide what requirements from the chosen International Standard are applicable to the evaluation activity. The same is true for evaluation activities outsourced per the requirements in 220.127.116.11.
ISO/IEC 17065 6.1.2 Management of competence for personnel involved in the certification process
ISO/IEC 6.2.1 "When a certification body performs evaluation activities . . . it shall meet the applicable requirements of the relevant International Standard . . ."
ISO/IEC 6.2.1 Note "Examples of reasons as to why some requirements are not applicable include . . a particular requirement is covered in an equivalent way by this International Standard . . ."
Many requirements in 6.1.2 and 6.1.3 are duplicated in International Standards related to evaluation activities. For internal personnel performing evaluation the certification body can meet either the requirement in ISO/IEC 17065 or the same requirement in the International Standard it chooses as relevant to the evaluation activity.
ISO/IEC 17065 18.104.22.168 "The certification body shall establish, implement and maintain a procedure for the management of competencies of personnel involved in the certification process (see Clause 7).
ISO/IEC 17065 7.4.2 Note "Outsourced tasks are completed by personnel usually assigned by the organization to which the task is outsourced. Such personnel are not normally assigned by the certification body."
The requirements in 6.1.2 and 6.1.3 do not apply to the personnel who are assigned evaluation tasks by organizations to which the evaluation is outsourced. The international standards and other requirements in 6.2 apply to the management of competencies, impartiality and the confidentiality obligations of personnel in organizations to which evaluations have been outsourced.
ISO/IEC 17065 7.5.1 ". . . The review shall be carried out . . ."
ISO/IEC 17065 3 "For the purposes of this document, the terms and definitions given in ISO/IEC 17000 . . . apply"
ISO/IEC 17000 5.1 "review - verification of the suitability, adequacy and effectiveness of [evaluation] activities, and the results of these activities . . ."
A review is required in the certification process without exception and must be verification of the suitability, adequacy and effectiveness of [evaluation] activities, and the results of evaluation. Full information regarding the evaluation and the results must be available to the individual(s) performing review. Without full information (for example, relying solely on an existing certification without complete evaluation information) a review, by definition, is not possible.
ISO/IEC 17065 7.5.1 "The certification body shall assign at least one person to review . . ." Only the certification body can assign the person(s) performing the review. Because there are no requirements for outsourcing review certification body shall meet all requirements in 6.1.2 and 6.1.3 for the person(s) it assigns to perform the review. However, once all these requirements are fulfilled there are no restrictions on whether the person(s) assigned to review are employed or contracted by other organizations.
ISO/IEC 17065 7.5.1 "The review shall be carried out by a person(s) who have not been involved in the evaluation process." The details of the certification process are set by the certification scheme. ISO/IEC 17065 section 7 is requirements for the certification body as it executes the certification scheme for the products within the scope of certification covered by the application. As a result the person(s) involved in the evaluation process are those persons involved in any evaluation activity for products covered by the process starting with the application. A person can be involved in evaluation activities covered by one application and be involved in review for products covered by a different application. However, the same person cannot be involved in the evaluation activities and the review for products covered by the same application. The same logic applies to person(s) assigned to make a certification decision.
Standard A is used as the specified requirements for certification. Standard A normatively references requirements in Standard B. Clause 7.5.1 requires the certification body to review all information and results related to evaluation. What evaluation "information and results" are needed in the review to demonstrate conformance with Standard B?
Schemes can indicate what "information and results" of evaluation are needed for Standard B.
The certification body (a legal entity of defined part of a legal entity per 4.1.1) carries out activities. A certification body can not offer or provide consultancy to its clients as defined in 3.2 (per 4.2.6 d) - consultancy can not be one of the activities of the certification body. However, there are likely many organizations (legal entities other than the certification body) that do offer or provide consultancy as defined in 3.2 to the certification body's clients. These other organizations (other legal entities) may be in the same family of companies as the certification body or may have no legal relationship to the certification body. (Note: Additional ISO/IEC 17065 requirements apply if the consultancy organization is in the same family of companies as the certification body.)
Was the intent of 4.2.9 meant to require that the certification body activities shall not be marketed/offered with an organization that provides consultant activities? (More simply: Can an accredited certification body have in its website a hyperlink to another website that offers consulting services?).
Per 4.2.9, no activities of the certification body (legal entity or defined part of a legal entity) can be marketed with any linkage to the activities of another organization offering consultancy as defined in 3.2. Per 4.2.9, no activities of the certification body (legal entity or defined part of a legal entity) can be offered with any linkage to the activities of another organization offering consultancy as defined in 3.2. A certification body website with a hyperlink to another website that offers consultancy as defined in 3.2 is a clear case of marketing a certification body's activities with a linkage to the activities of another organization that offers consultancy. This is disallowed by ISO/IEC 17065 4.2.9. In the course of marketing and offering its activities, the certification body shall not make any references or linkages to the activities of any organization offering consultancy defined in 3.2. A client with an interest in consultancy will need to find a provider through some other path - not through the marketing or offers of the certification body.
Here is an example of obvious noncompliant webpage content:
"Click here for information from XYZ Consultancy Inc. for their services related to the design, manufacture, installation, and distribution of products we certify."
Here is an example of compliant web page content:
"As a certification body meeting ISO/IEC 17065 requirements, we cannot participate in the design, manufacture, installation, or distribution of the products we certify. Nor can we link our activities to the activities of organizations that provide those services. To find such service providers, use an internet search engine and appropriate key words related to design, manufacture, installation, or distribution of your product."
A request from an ANAB-accredited certification body was made for clarifications of clauses 7.7.lb and 22.214.171.124.
Action Item 8: ANAB staff will develop a draft clarification on ISO/IEC 17065, clauses 7. 7 .1 b and 4.1.3 .2, and will invite the ACC task force on implementation of ISO/IEC 17065 to discuss such clarification.
A company has a product(s) certified in accordance with a scheme and to a specific Standard A. The company applies for a scope extension for the same product to now be certified under the same Scheme but to a different Standard B. For example, Standard A applies to energy efficiency and Standard B applies to interoperability.
Are the products previously produced and certified for fulfillment of Standard A considered certified for fulfillment of Standard B under the scope extension?
Generally no. The only exception would be products not yet released to the market and still under the company's control (for example, in a warehouse or storage facility). If the certification scheme provides a process for certification to Standard B to include such products then those processes can be followed and certification to Standard B can apply to those products (for example, the products can be released to the market with a certificate or certification mark conveying certification to Standard A and B). If the scheme is silent on coverage of such products, then in general (the common perception is that) certification to Standard B would only be considered to cover products produced on or after the date certification is granted (see ISO/IEC 17065 7.7.lb).