ISO/IEC DIS 17024:2025(en)

ISO/CASCO/

Secretariat: ISO

Date: 2025-02-05

Conformity assessment — General requirements for bodies operating certification of persons

Évaluation de la conformité — Exigences générales pour les organismes de certification procédant à la certification de personnes

© ISO/IEC 2025

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: +41 22 749 01 11

Email: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents Page

Foreword iv

0 Introduction v

1 Scope 1

2 Normative references 1

3 Terms and definitions 1

4 General requirements 5

4.1 Legal matters 5

4.2 Responsibility for decision on certification 5

4.3 Management of impartiality 5

4.4 Finance and liability 6

5 Structural requirements 6

5.1 Management and organizational structure 6

5.2 Structure of the certification body in relation to education or training 7

6 Resource requirements 7

6.1 General personnel requirements 7

6.2 Personnel involved in assessment activities 8

6.3 Outsourcing 9

6.4 Other resources 9

6.5 Use of Artificial Intelligence (AI) in the certification process 9

7 Records and information requirements 9

7.1 Records of applicants, candidates and certified persons 9

7.2 Public information 10

7.3 Confidentiality 10

7.4 Security 11

8 Certification schemes 12

9 Certification process requirements 13

9.1 Assessment process 13

9.2 Application process 13

9.3 Examination process 14

9.4 Decision on certification 14

9.5 Suspending, withdrawing or reducing the scope of certification 15

9.6 Recertification process 16

9.7 Use of certificates, logos and marks 17

9.8 Appeals against decisions on certification 17

9.9 Complaints 18

10 Management system requirements 19

10.1 General 19

10.2 Policies and responsibilities 19

10.3 Management review 19

10.4 Internal audits 20

10.5 Corrective actions 21

10.6 Actions to address risks and opportunities 21

10.7 Documented information 22

Annex A (informative) Principles for certification of persons 23

Annex B 25

Relationship between activities, process, assessment, application, examination and scheme 25

Annex ZA 26

Relationship between this European Standard and the requirements of Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 aimed to be covered 26

Bibliography 27

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).

ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.

This document was prepared by the ISO Committee on Conformity Assessment (CASCO).

This third edition cancels and replaces the second edition (ISO/IEC 17024:2012), which has been technically revised.

The main changes are as follows:

— Addition requirements for the use of Artificial Intelligence (AI) in clause 6.5;

— Update of the PROC/33 text, that establishes common elements for standards developed by CASCO.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

0.1   This document has been developed with the objective of achieving and promoting a globally accepted benchmark for organizations operating certification of persons. Certification of persons is one means of providing assurance that the certified person meets the requirements identified in the certification scheme. Confidence in the respective schemes for certification of persons is achieved by means of a globally accepted process of assessment and periodic re-assessments (if applicable) of the competence of certified persons.

0.2   However, it is necessary to distinguish between situations where schemes for certification of persons are justified and situations where other forms of qualification are more appropriate. The development of schemes for certification of persons, in response to the ever-increasing velocity of technological innovation and growing specialization of personnel, can compensate for variations in education and training and thus facilitate the global job market. Alternatives to certification can still be necessary for job positions where public services, official or governmental operations are concerned.

0.3   In either case, this document can serve as the basis for the recognition of the bodies operating certification of persons, in order to facilitate their acceptance at the regional, national and international levels. Only the harmonization of the methodologies for developing and maintaining schemes for certification of persons can establish the environment for mutual recognition and the global exchange of personnel.

0.4   This document specifies requirements which ensure that bodies operating certification of persons operate in a consistent, comparable and reliable manner. The requirements in this document are considered to be general requirements for bodies providing certification of persons. Certification of persons can only occur when there is a certification scheme. Schemes for certification of persons are based on market needs or desires or can be required by governments.

0.5   This document can be used as a criteria document for accreditation or peer assessment or designation by governmental authorities, scheme owners and others.

0.6   In this document, the following verbal forms are used:

— “shall” indicates a requirement;

— “should” indicates a recommendation;

— “may” indicates a per mission;

— “can” indicates a possibility or a capability.

Further details can be found in the ISO/IEC Directives, Part 2.

Conformity assessment — General requirements for bodies operating certification of persons

This document contains principles and requirements for a body operating certification of persons and includes the development and maintenance of a scheme for certification of persons.

NOTE For the purposes of this document, the term "certification body" is used in place of the full term " body operating certification of persons", and the term "certification scheme" is used in place of the full term “scheme for certification of persons”.

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 17000, Conformity assessment — Vocabulary and general principles

For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at https://www.electropedia.org/

3.1

certification process

activities by which a certification body (3.6) determines that a person fulfils certification requirements (3.3)

Note 1 to entry: Certification process includes application, assessment, decision on certification, recertification, and issuance of certificates. It can include surveillance.

3.2

certification scheme

scheme for certification of persons

set of rules and procedures that describes the competence criteria and other requirements related to specific categories of skills or occupations of persons and specifies the methodology(ies) for performing certification of persons

3.3

certification requirements

set of specified requirements, including requirements of the certification scheme (3.2) to be fulfilled in order to establish or maintain certification

3.4

scheme owner

organization responsible for developing and maintaining a certification scheme (3.2)

Note 1 to entry: The organization can be the certification body itself, a governmental authority, or other bodies.

3.5

certificate

attestation issued by a certification body (3.6) under the provisions of this document, indicating that the certified person has fulfilled the certification requirements (3.3)

Note 1 to entry: The certificate can take the form of a document, card or other medium.

3.6

certification body

body operating certification of persons

conformity assessment body operating certification of persons in accordance with certification schemes (3.2)

3.7

certification mark

certification logo

mark or logo issued by a certification body (3.6), indicating that a person has fulfilled certification requirements (3.3)

[SOURCE: ISO/IEC 17030:2003, 3.1, modified]

3.8

competence

ability to apply knowledge and skills to achieve intended results

3.9

qualification

demonstrated education, training and work experience, if applicable

3.10

assessment

evaluation of a person's fulfilment of the requirements specified in the certification scheme (3.2)

3.11

examination

part of the assessment (3.10) which measures a candidate's (3.17) competence (3.8) by one or more means, such as written, oral, practical and observational, as defined in the certification scheme (3.2)

3.12

examiner

person competent to conduct and score an examination (3.11), where the examination requires judgement on the competence of persons

3.13

invigilator

person authorized by the certification body (3.6) to perform the invigilation (3.14), but does not evaluate the competence (3.8) of the candidate (3.17)

Note 1 to entry: Other terms for invigilator are proctor, test administrator, supervisor.

3.14

invigilation

process of administering or supervising examination candidates to prevent fraudulent examination behaviour, unauthorised disclosure of examination material or other misconduct

Note 1 to entry: Invigilation can include the following: an invigilator physically or remotely present viewing an examination in real time, or by an examiner or invigilator physically or remotely present viewing a practical examination which may be recorded and reviewed later.

Note 2 to entry: Remote invigilation by an autonomous system may also be used provided it meets the requirements of this document.

3.15

personnel

individuals, internal or external, of the certification body (3.6) carrying out activities for the certification body (3.6)

Note 1 to entry: These include committee members, volunteers, contractors, personnel of external bodies or persons acting on the body’s behalf

3.16

applicant

person who has submitted an application for certification

3.17

candidate

person who has fulfilled application requirements

Note 1 to entry: The application requirements can include pre-requisites, if applicable.

3.18

certified person

person who has fulfilled and continues to fulfil the certification requirements (3.3) after the decision to certify has been taken by the certification body (3.6)

3.19

impartiality

objectivity with regard to the activities of the certification body (3.6), its certification process (3.1) and its outcome

Note 1 to entry: Other terms that are useful in conveying the element of impartiality are freedom from undue influence, freedom from conflicts of interest, absence of bias, neutrality and lack of prejudice.

3.20

fairness

equal opportunity for success provided to each applicant (3.16), candidate (3.17) and certified person (3.18) in the certification process (3.1)

Note 1 to entry: Fairness can be described as being free from bias towards any gender, age, race, ethnicity, specific population (including individuals with disabilities) or any other identified characteristic.

3.21

validity

evidence that an assessment (3.10) measures what it is intended to measure, as defined by the certification scheme (3.2)

Note 1 to entry: In this document, validity is also used in its adjective form "valid".

3.22

reliability

extent to which examination (3.11) scores are consistent across different examination times and locations, different examination forms and different examiners (3.12)

3.23

appeal

request by applicant (3.16), candidate (3.17) or certified person (3.18) for reconsideration of any decision made by the certification body (3.6) related to their desired certification status

3.24

complaint

expression of dissatisfaction, other than appeal (3.23), by any individual or organization to a certification body (3.6), relating to the activities of that body or a certified person (3.18), where a response is expected

3.25

interested party

person(s) or organization(s) with a direct or indirect interest in the performance of a certification body (3.6) or a certified person (3.18), or in the certification scheme (3.2)

Note 1 to entry: Interested parties can include the certified persons, conformity assessment bodies, associations and clients, industry and trade associations, scheme owners, employers of the certified persons, regulatory authorities, non-governmental organizations, consumers, or consumer organizations.

3.26

surveillance

periodic monitoring, during the certification validity period, of a certified person's performance to ensure continued compliance with the certification scheme (3.2)

3.27

recertification

process for certification renewal to confirm continued competence (3.8) of a certified person (3.18)

3.28

Artificial Intelligence (AI)

autonomous system that performs functions normally associated with human intelligence, such as reasoning, learning, and self-improvement

[SOURCE: ISO/IEC 2382:2015, modified — The words "date processing” replaced with “autonomous system”; "capability of a functional unit to" have been replaced with “data processing systems that “ and the word “self-improvement” has been added.]

3.29

ability

person’s capacity to perform a task

3.30

bias

presence of any factors that can unfairly influence certification outcomes

3.31

scope of certification

specific function(s) that a certified person is able to perform competently

Note 1 to entry: The scope of certification can be a job title or the role or job function of the certified person.

The certification body shall be a legal entity, or a defined part of a legal entity, such that it can be held legally responsible for its certification activities. A governmental certification body is deemed to be a legal entity on the basis of its governmental status.

The certification body shall be responsible for, shall retain authority for, and shall not delegate, its decisions relating to certification, including the granting, maintaining, recertifying, expanding and reducing the scope of the certification, and suspending, reinstating or withdrawing the certification.

4.3.1 Certification activities shall be undertaken impartially. The certification body shall document its structure, policies and procedures to manage impartiality and to ensure that the certification activities are undertaken impartially.

4.3.2 The certification body shall have top management commitment to impartiality. The certification body shall have a statement publicly accessible without request that it understands the importance of impartiality in carrying out its certification activities, manages conflict of interest and ensures the objectivity of its certification activities.

4.3.3 The certification body shall act impartially in relation to its applicants, candidates and certified persons.

4.3.4 Policies and procedures for certification of persons shall be fair among all applicants, candidates and certified persons.

4.3.5 When a certification body uses Artificial Intelligence (AI) to carry out any certification activity, it shall document and demonstrate how it eliminates, minimizes or manages any risks to impartiality (e.g. bias).

4.3.6 The certification body shall not unfairly impede or inhibit access by applicants and candidates. Certification shall not be restricted on the grounds of undue financial or other limiting conditions, such as membership of an association or group.

4.3.7 The certification body shall be responsible for the impartiality of its certification activities and shall not allow commercial, financial or other pressures to compromise its impartiality.

4.3.8 The certification body shall monitor its activities and its relationships to identify threats to its impartiality, on an ongoing basis. The monitoring shall include the relationships of its personnel and its related bodies.

NOTE 1 A relationship can be based on ownership, governance, management, personnel, shared resources, finances, contracts or marketing (including branding), and payment of a sales commission or other inducement for the referral of new applicants, etc. Such relationships do not necessarily present a body with a threat to impartiality.

NOTE 2 A related body is one which is linked to the certification body by common ownership, in whole or part, or has common members of the board of directors, contractual arrangements, common names, common staff, informal understanding or other means, such that the related body has a vested interest in any certification decision or has a potential ability to influence the process.

NOTE 3 Threats to impartiality can be either actual or perceived.

4.3.10 If a threat to impartiality is identified, its effect shall be eliminated or minimized so that the impartiality is not compromised.

4.3.11 Certification activities shall be structured and managed so as to safeguard impartiality. This shall include balanced participation of interested parties (see definition 3.25).

4.3.12 The certification body shall identify, analyse, monitor, document and eliminate or minimize potential conflicts of interest arising from its certification activities. The certification body shall document and be able to demonstrate how it eliminates, minimizes or manages such conflicts of interest. All potential sources of conflict of interest that are identified, whether they arise from within the certification body, such as assigning responsibilities to personnel, or from the activities of other persons, bodies or organizations, shall be covered.

The certification body shall have the financial resources necessary for the operation of a certification process and have adequate arrangements (e.g. insurance or reserves) to cover associated liabilities.

5.1.1 The certification body shall be structured and managed so as to safeguard impartiality.

5.1.2 The certification body shall document its organizational structure, describing the duties, responsibilities and authorities of management, certification personnel and any committees. When the certification body is a defined part of a legal entity, documentation of the organizational structure shall include the line of authority and the relationship to other parts within the same legal entity.

The certification body shall identify responsibility for the following:

a) policies and procedures relating to the operation of the certification body;

b) finances of the certification body;

c) resources, used for certification activities;

d) development and maintenance of the certification schemes;

e) assessment activities;

f) decisions on certification, including the granting, maintaining, recertifying, expanding, reducing, suspending, reinstating or withdrawing of the certification;

g) contractual arrangements.

5.2.1 Completion of education or training may be a prerequisite for certification, however a education or training prerequisite shall not compromise impartiality or reduce the certification requirements.

5.2.2 A certification body shall not state or imply that certification would be simpler, easier or less expensive if any specific education or training services are used.

5.2.3 Offering education or training and certification of persons within the same legal entity or a related body constitutes a threat to impartiality. In such a case the certification body shall:

a) identify and document the associated threats to its impartiality on an ongoing basis: the body shall have a documented process to demonstrate how it eliminates or minimizes those threats;

b) demonstrate that all processes performed by the certification body are independent of education or training to ensure that confidentiality, information security and impartiality are not compromised;

c) not give the impression that the use of both services would provide any advantage to the applicant;

d) not require the applicant to complete education or training offered within the same or related legal entity as an exclusive prerequisite when alternative education or training with an equivalent outcome exists;

e) ensure that personnel do not serve as an examiner or invigilator of a specific candidate they have trained unless the certification body can demonstrate how it controls for confidentiality, conflict of interest and impartiality.

6.1.1 The certification body shall manage and be responsible for the performance of all personnel involved in the certification process.

6.1.2 All personnel of the certification body that could influence the certification activities shall act impartially.

6.1.3 The certification body shall have access to a sufficient number of competent persons to perform its certification activities.

6.1.4 The certification body shall have a process for managing competence of its personnel.

6.1.5 The certification body shall define the competence requirements for personnel involved in the certification process and shall have documented information demonstrating competence of its personnel.

6.1.6 The certification body shall provide its personnel with documented instructions describing their duties and responsibilities. These instructions shall be kept up-to-date.

6.1.7 The certification body shall maintain up-to-date personnel records, including relevant information.

NOTE Examples of relevant information can include qualifications, certifications, training, education, skills, professional affiliations, professional status, competence and known conflicts of interest.

6.1.8 Personnel, including any committee members, contractors, personnel of external bodies or personnel acting on the certification body's behalf, shall keep confidential all information obtained or created during the performance of the body's certification activities, except as required by law or where authorized by the applicant, candidate or certified person.

6.1.9 The certification body shall provide evidence of its personnel’s agreement to comply with the policies and procedures defined by the certification body, including those relating to confidentiality, impartiality and conflict of interests.

6.1.10 When a certification body certifies a person it employs or it contracts, the certification body shall adopt procedures to maintain impartiality.

The certification body shall require its personnel to declare any potential conflict of interest with any applicant, candidate or certified person.

6.2.2.1 Examiners shall meet the requirements of the certification body. The selection and approval processes shall ensure that examiners:

a) have competence in the field to be examined;

b) understand the relevant certification scheme;

c) are able to apply the examination procedures and documents;

d) have the skills to conduct the examination;

e) have identified any known conflicts of interest to ensure impartial judgements are made.

6.2.2.2 The certification body shall have procedures to ensure that where interpretation or translation is used by the examiner it does not affect the validity, reliability and fairness of the examination.

6.2.2.3 The certification body shall monitor the performance of the examiners and the reliability and fairness of the examiners' judgements. Where deficiencies are found, corrective actions shall be taken. The results of monitoring and any corrective actions taken shall be supported by evidence.

NOTE Monitoring procedures for examiners can include, for example, on-site observation, review of examiners' reports, feedback from candidates.

6.2.2.4 If an examiner has a potential conflict of interest in the examination of a candidate or certified person, the certification body shall undertake measures to ensure that the confidentiality and impartiality of the examination are not compromised. These measures shall be recorded.

If other personnel involved in the assessment (e.g. invigilators, persons who develop content for examinations) have a potential conflict of interest in the assessment of a candidate or certified person, the certification body shall undertake measures to ensure that confidentiality and impartiality of the assessment are not compromised. These measures shall be recorded.

6.3.1 The certification body shall have a legally enforceable agreement covering the arrangements, and ensuring confidentiality and avoiding conflicts of interest, with each body that provides outsourced services related to the certification process.

NOTE For the purposes of this document , the terms “outsourcing” and “subcontracting” are considered to be synonyms.

6.3.2 When a certification body outsources services related to certification, the certification body shall:

a) take full responsibility for all outsourced services;

b) ensure that the body conducting outsourced services is competent and conforms to the applicable provisions of this document ;

c) assess and monitor the performance of the bodies conducting outsourced services in accordance with its documented procedures;

d) have records to demonstrate that the bodies conducting outsourced services meet all requirements relevant to the outsourced services;

e) maintain a list of the bodies conducting outsourced services.

The certification body shall use adequate premises, including examination sites, equipment and resources for carrying out its certification activities.

If artificial intelligence (AI) is used to perform any part of the certification process, the certification body shall:

a) verify, manage and monitor AI to ensure the intended results;

b) validate outcomes of AI with subject matter experts;

c) ensure personnel have the necessary competence in the oversight and use of AI;

d) provide human oversight of AI;

NOTE ISO/IEC 42001 provides additional information on human oversight.

e) demonstrate the validity, reliability and fairness of the use of AI;

f) disclose its use of AI and obtain acknowledgement by the individual (applicant, candidate or certified person), where communication and interaction with AI is performed.

7.1.1 The certification body shall maintain records of applicants, candidates and certified persons. The records shall include a means to confirm the status of a certified person. The records shall demonstrate that the certification or recertification process has been effectively completed, particularly with respect to application forms, assessment reports (which include examination records) and other documented information relating to granting, maintaining, recertifying, expanding and reducing the scope, and suspending or withdrawing certification.

7.1.2 The records shall be identified, managed, safeguarded from unauthorized access, and disposed of in such a way as to ensure the integrity of the process and the confidentiality of the information. The records shall be kept for an appropriate period of time, for a minimum of one full certification cycle, or as required by recognition arrangements, contractual, legal or other obligations.

7.2.1 The certification body shall provide information, upon request, as to whether an individual holds a current, valid certification and the scope of that certification.

7.2.2 The certification body shall make publicly available without request:

a) scope of the certification scheme;

b) pre-requisites, if applicable;

c) application requirements;

d) surveillance requirements, if applicable;

e) recertification interval and requirements;

f) description of the certification process, including the assessments.

7.2.3 The certification body shall provide information regarding education or training publicly available without request, if they are used as prerequisites for being eligible for certification.

7.2.4 Information provided by the certification body, including marketing or promotional communication shall be accurate and not misleading.

7.2.5 When a certification body uses AI in the certification process, it shall make context and extent publicly available without request.

7.3.1 The certification body shall establish documented policies and procedures for the maintenance and release of information.

7.3.2 The certification body shall be responsible, through legally enforceable agreements, for the management of all information obtained or created during the performance of certification activities. The certification body shall inform the applicant, candidate or certified person, in advance, of the information it intends to place in the public domain. Except for information that the applicant, candidate or certified person makes publicly available, or when agreed between the certification body and applicant, candidate or certified person, all other information is considered proprietary information and shall be regarded as confidential.

7.3.3 When the certification body is required by law or authorized by contractual arrangements to release confidential information, the applicant, candidate or certified person concerned shall be notified of the information released, unless prohibited by law.

7.3.4 The certification body shall ensure that the activities of related bodies do not compromise confidentiality.

7.3.5 The certification body shall have policies and procedures to ensure data privacy and data protection.

7.3.6 The certification body shall identify threats to the confidentiality of the information. If a threat is identified its effect shall be eliminated or minimised so that confidentiality is not compromised.

7.4.1 The certification body shall establish and document policies and procedures necessary to ensure security throughout the entire certification process and shall have measures in place to take corrective actions when security breaches occur.

7.4.2 The certification body shall identify security threats associated with the use of technology in the certification process. If a threat is identified its effect shall be eliminated or minimised so that the security of the certification process is not compromised.

7.4.3 Policies and procedures related to security shall include provisions to ensure the security of examination materials, taking into account the following:

a) the locations of the materials (e.g. transportation, electronic delivery, disposal, storage, examination site);

b) the nature of the materials (e.g. electronic, paper, test equipment);

c) the steps in the examination process (e.g. development, administration, results reporting);

d) the threats arising from repeated use of examination materials.

7.4.4 Certification bodies shall prevent fraudulent examination behaviour, unauthorised disclosure of examination material or other misconduct by:

a) requiring candidates to sign a non-disclosure agreement or other agreement indicating their commitment not to release confidential examination materials or participate in fraudulent practices;

b) requiring invigilation. Invigilation in real time shall be required unless the certification body can demonstrate how the other requirements of this clause are met;

c) confirming the identity of the candidate, as part of the examination;

d) implementing procedures to prevent any unauthorized aids from being brought into the examination;

e) preventing candidates from gaining access to unauthorized aids during the examination;

f) monitoring examination results for indications of cheating.

7.4.5 The certification body shall identify the threats to the security of examination materials. If a threat is identified, its effect shall be eliminated or minimised so that the integrity of the examination materials is not compromised.

8.1 There shall be a certification scheme for each category of certification.

8.2 A certification scheme shall contain the following:

a) scope of certification;

b) job and task description;

c) required competence;

d) required abilities (if applicable);

e) prerequisites (if applicable);

f) code of conduct (if applicable).

NOTE 1 Abilities can include physical capabilities such as vision, hearing and mobility.

NOTE 2 Prerequisites can be specific qualifications and can be met at application or anytime before the certification decision.

NOTE 3 A code of conduct describes the ethical or personal behaviour required by the certification scheme.

8.3 A certification scheme shall include the following certification process requirements:

a) criteria for initial certification and recertification;

b) assessment methods for initial certification and recertification;

c) surveillance methods and criteria (if applicable);

d) criteria for suspending and withdrawing certification;

e) criteria for changing the scope or level of certification (if applicable).

8.4 The certification body shall demonstrate that, in the development and review of the certification scheme, the following are included:

a) the involvement of subject matter experts;

b) the use of a structure that fairly represents the interests of the interested parties significantly concerned, without any interest predominating;

c) the identification and alignment of prerequisites, if applicable, with the competence requirements;

d) the identification and alignment of the assessment mechanisms with the competence requirements;

e) a job or practice analysis that is conducted and updated to:

— identify the tasks for successful performance;

— identify the required competence for each task;

— identify prerequisites (if applicable);

— confirm the assessment mechanisms and examination content;

— identify the recertification requirements and interval.

NOTE 1 Where the certification scheme has been developed by a body other than the certification body, the job or practice analysis might already be available as part of that work. In this case, the certification body can obtain details from the certification scheme documentation for verification.

8.5 The certification body shall ensure that the certification scheme is reviewed and validated on an on-going and systematic basis.

8.6 When the certification body is not the owner of a certification scheme it implements, the certification body shall ensure that the requirements specified in this clause (Clause 8) are met.

9.1.1 The certification body shall implement the specific assessment methods and mechanisms as defined in the certification scheme.

9.1.2 When there is a change in the certification scheme which requires additional assessment, the certification body shall document and make publicly accessible without request the specific methods and mechanisms required to verify that certified persons comply with changed requirements.

NOTE Recertification or surveillance can be used to achieve this verification.

9.1.3 The assessment shall be planned and structured in a manner which ensures that the certification requirements are objectively and systematically verified with documented evidence to confirm the competence of the candidate.

9.1.4 The certification body shall verify the methods for assessing candidates. This verification shall ensure that each assessment is fair, valid and reliable.

9.1.5 The certification body shall verify and accommodate specific needs, within reason and where the validity and fairness of the assessment is not compromised (see 9.2.2 e).

9.1.6 Where the certification body takes into account work performed by another body, it shall have appropriate reports, data and records to demonstrate that the results are equivalent to, and conform with, the requirements established by the certification scheme.

9.1.7 In circumstances where interpretation or translation is used, the certification body shall have procedures in place to ensure that it does not affect the validity, reliability and fairness of the assessment.

9.2.1 As part of the application process, the certification body shall make available an overview of the certification process in accordance with the certification scheme. As a minimum, the overview shall include the requirements for certification and its scope, a description of the assessment process, the applicant's rights, the duties of a certified person and the fees.

9.2.2 The certification body shall require the completion of an application, with the agreement of the applicant, which includes as a minimum the following:

a) information required to identify the applicant, such as name, address and other information required by the certification scheme;

b) the scope of the desired certification;

c) a statement that the applicant agrees to comply with the certification requirements and to provide any information needed for the assessment;

d) any supporting information to objectively demonstrate compliance with the certification scheme prerequisites;

e) notice to the applicant of the opportunity to declare, within reason, a request for accommodation of specific needs (see 9.1.5).

NOTE Accommodation of specific needs can include modification of assessment methods or its administration to account for the effects of a disability without altering the validity of the assessment.

9.2.3 The certification body shall review the application to confirm that the applicant complies with the application requirements of the certification scheme.

9.3.1 Examinations shall be designed to assess competence based on, and consistent with, the certification scheme, by written, oral, practical, observational or other reliable and objective means. The design of the examination shall ensure the comparability of results of each single examination, both in content and difficulty, including the validity of fail/pass decisions. Evidence of the comparability of results shall be available to ensure equity, fairness and consistent results.

9.3.2 The certification body shall have procedures to ensure consistent administration of examinations.

9.3.3 Criteria and conditions for administering examinations shall be established, documented and monitored.

NOTE Conditions can include lighting, temperature, separation of candidates, noise, candidate safety, network characteristics, IT equipment, etc.

9.3.4 When technical equipment is used in the examination process, the equipment shall be fit for purpose, and calibrated where appropriate.

9.3.5 Appropriate methodology and procedures (e.g. collecting and maintaining statistical data) shall be documented and implemented in order to reaffirm, at justified defined intervals, the fairness, validity, reliability and general performance of each examination, and that all identified deficiencies are corrected.

9.4.1 The information gathered during the certification process shall be reviewed and sufficient:

a) for the certification body to make a decision on certification;

b) for traceability in the event, for example, of an appeal or a complaint.

9.4.2 Decisions for granting, maintaining, recertifying, extending, reducing, suspending, reinstating or withdrawing certification shall not be outsourced.

9.4.3 The certification body shall confine its decision on certification to those matters specifically related to the requirements of the certification scheme.

9.4.4 The decision on certification shall be made solely by the certification body on the basis of the information gathered during the certification process. Personnel who make the decision on certification shall not have participated in the examination or training of the candidate.

9.4.5 The personnel who make certification decisions shall have the required competence to determine if the certification requirements have been met.

9.4.6 Certification shall not be granted until all certification requirements are fulfilled.

9.4.7 The certification body shall provide a certificate to all certified persons. The certification body shall maintain sole ownership of the certificates. The certificate shall take the form of a document, card or other medium, authorized by a responsible member of the personnel of the certification body.

9.4.8 The certificate shall contain, as a minimum, the following information:

a) the name of the certified person;

b) a unique identification;

c) the name and contact information of the certification body;

d) a reference to the certification scheme, standard or other relevant documents. This shall also include the issue date or version, if relevant;

e) the scope of the certification including, if applicable, validity conditions and limitations;

f) the effective date of certification and date of expiry.

NOTE 1 The effective date of initial certification is the date of the certification decision.

NOTE 2 When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. The issue date on a new certificate can be on or after the recertification decision.

9.4.9 The certificate shall be designed to reduce the risk of counterfeiting.

9.5.1 The certification body shall have a policy and documented procedures for suspension or withdrawal of the certification, or reduction of the scope of certification, which shall specify the subsequent actions by the certification body.

9.5.2 Failure to resolve the issues that have resulted in the suspension, in a time established by the certification body, shall result in withdrawal of the certification or reduction of the scope of certification.

9.5.3 The certification body shall have legally enforceable agreements with the certified person to ensure that, in the event of suspension of certification, the certified person refrains from further promotion of the certification while it is suspended.

9.5.4 The certification body shall have legally enforceable agreements with the certified person to ensure that, in the event of withdrawal of certification, the certified person discontinues use of all references to a certified status.

9.6.1 The certification body shall have (a) documented procedure(s) for implementation of the recertification process, in accordance with the certification scheme requirements.

9.6.2 The certification body shall ensure during the recertification process that it confirms continued competence of the certified person and ongoing compliance with current certification scheme requirements by the certified person.

9.6.3 The recertification interval shall be in accordance with the certification scheme requirements. The rationale for the recertification interval shall take into account, where relevant, the following:

a) regulatory requirements;

b) changes to normative documents;

c) changes in the relevant certification scheme requirements;

d) the nature and maturity of the industry or field in which the certified person is working;

e) the risks resulting from an incompetent person;

f) ongoing changes in technology, and requirements for certified persons;

g) requirements of interested parties;

h) the frequency and content of surveillance activities, if required by the certification scheme.

9.6.4 In accordance with the certification scheme, recertification by the certification body shall consider at least the following:

a) on-site assessment;

b) professional development;

NOTE “Professional development” can include activities undertaken by a certified person to maintain, improve or increase knowledge and skills related to professional activities.

c) structured interviews;

d) confirmation of continuing satisfactory work and work experience records;

e) examination;

f) checks on physical capability in relation to the competence concerned.

NOTE “Physical capability” can require an evaluation by a health professional, or by a professional qualified to evaluate physical skills such as dexterity, strength and endurance, as well as the technical performance skills required for the certification.

9.6.5 The recertification activities shall be adequate to ensure that there is impartial assessment to confirm the continuing competence of the certified person.

NOTE Activities supported only by a self-declaration by the certified person does not constitute an impartial assessment.

9.7.1 A certification body that provides a certification mark or logo shall document the conditions for use and shall appropriately manage the rights for usage and representation.

NOTE ISO/IEC 17030 provides requirements for use of third-party marks.

9.7.2 The certification body shall require that a certified person agrees to the following:

a) to comply with the specified requirements of the certification scheme;

b) to make claims regarding certification only with respect to the scope for which certification has been granted;

c) not to use the certification in such a manner as to bring the certification body into disrepute;

d) not to make any statement regarding the certification which the certification body considers misleading or unauthorized;

e) to discontinue the use of all claims to certification that contain any reference to the certification body or certification upon suspension or withdrawal of certification, and to return any certificates issued by the certification body;

f) not to use the certificate in a misleading manner.

g) to inform the certification body, without delay, of matters that can affect the capability of the certified person to continue to fulfil the certification requirements.

9.7.3 A certification body shall address, by means of corrective measures, any misuse of its certification mark or logo.

9.8.1 The certification body shall have a documented procedure for handling appeals that shall include at least the following:

a) a description of the process for receiving and investigating the appeal, and deciding what actions shall be taken in response;

b) tracking and recording the appeal, including the actions undertaken to resolve it;

c) ensuring appropriate action is taken

9.8.2 The policies and procedures shall ensure that all appeals are dealt with in a constructive, impartial and timely manner.

9.8.3 A description of the process for handling appeals shall be publicly available without request.

9.8.4 The certification body receiving the appeal shall be responsible for gathering all necessary information to determine whether the appeal is valid.

9.8.5 The certification body shall be responsible for all decisions during the process for handling appeals.

9.8.6 The decision on the appeal shall be made by, or reviewed and approved by, persons not involved in the decision that is the subject of the appeal in question.

9.8.7 Submission, investigation and decision on appeals shall not result in any discriminatory actions against the appellant.

9.8.8 The certification body shall acknowledge receipt of the appeal, and provide the appellant with the outcome and, if applicable, progress reports.

9.8.9 The certification body shall give formal notice to the appellant of the end of the appeals-handling process.

9.9.1 The certification body shall have a documented procedure for handling complaints that shall include at least the following:

a) a description of the process for receiving, substantiating and investigating the complaint, and deciding what actions shall be taken in response;

b) tracking and recording the complaint, including the actions undertaken to resolve it;

c) ensuring appropriate action is taken.

The procedures shall treat all parties fairly and equitably.

9.9.2 The policies and procedures shall ensure that all complaints are handled and processed in a constructive, impartial and timely manner.

9.9.3 A description of the process for handling complaints shall be publicly available without request.

9.9.4 The certification body receiving the complaint shall be responsible for gathering all necessary information to determine whether the complaint is substantiated.

9.9.5 Upon receipt of a complaint, the certification body shall confirm whether the complaint relates to its certification activities and, if so, shall resolve the complaint.

9.9.6 The certification body shall inform the certified person of any substantiated complaint at an appropriate time.

9.9.7 The complaints-handling process shall be subject to requirements for confidentiality, as it relates to the complainant and to the subject of the complaint.

9.9.8 The resolution of complaints shall be made by, or reviewed and approved by, persons not involved in the subject of the complaint in question. Where resources do not permit this, any alternative approach shall not compromise impartiality.

9.9.9 Investigation and resolution of complaints shall not result in any discriminatory actions.

9.9.10 Whenever possible, the certification body shall acknowledge receipt of the complaint, and provide the complainant with the outcome and, if applicable, progress reports.

9.9.11 The certification body shall give formal notice of the end of the complaints-handling process to the complainant.

10.1.1 The certification body shall establish, document, implement and maintain a management system to support and demonstrate the consistent fulfilment of the requirements of this document.

10.1.2 The management system of the certification body shall include at least the following:

— policies and responsibilities (10.2);

— management review(10.3);

— internal audits(10.4);

— corrective actions(10.5);

— actions to address risks and opportunities (10.6);

— documented information (10.7).

10.1.3 Certification body may meet 10.1 by establishing, implementing and maintaining a quality management system (e.g. in accordance with the requirements of ISO 9001). This quality management system shall support and demonstrate the consistent fulfilment of the requirements of this document.

10.2.1 The certification body's top management shall establish and document policies and objectives for its activities.

10.2.2 The top management shall provide evidence of its commitment to the development and implementation of the management system in accordance with the requirements of this document. The top management shall ensure that the policies and objectives are understood, implemented and maintained at all levels of the certification body's organization.

10.2.3 The certification body's top management shall appoint a member of management who, irrespective of other responsibilities, shall have responsibility and authority that include:

a) ensuring that processes and procedures needed for the management system are established, implemented and maintained;

b) reporting to top management on the performance of the management system and any need for improvement.

The certification body's top management shall review its management system at planned intervals, in order to ensure its continuing suitability, adequacy and effectiveness, including the stated policies and objectives related to the fulfilment of the requirements of this document. These reviews shall be conducted at least annually and shall be documented.

The input to the management review shall include information related to the following:

a) results of internal and external audits (e.g. accreditation body assessment);

b) feedback from applicants, candidates, certified persons and interested parties related to the fulfilment of the requirements of this document;

c) safeguarding impartiality;

d) the status of actions to address risks and opportunities;

e) follow-up actions from previous management reviews;

f) the fulfilment of objectives;

g) changes that could affect the management system;

h) appeals and complaints;

i) use of AI in the certification process, if applicable.

The output from the management review shall include as a minimum decisions and actions related to the following:

a) improvement of the effectiveness of the management system and its processes;

b) improvement of the certification services related to the fulfilment of the requirements of this document;

c) resource needs.

10.4.1 The certification body shall conduct internal audits to determine that it fulfils the requirements of this document and to verify that the management system is effectively implemented and maintained.

NOTE ISO 19011 provides guidelines for auditing of management systems.

10.4.2 An audit programme shall be planned, taking into consideration the importance of the processes and areas to be audited, as well as the results of previous audits.

10.4.3 Internal audits shall be performed at least once every 12 months. The frequency of internal audits may be reduced if the certification body demonstrates that its management system continues to be effectively implemented in accordance with this document and has proven stability.

10.4.4 The certification body shall ensure that:

a) internal audits are conducted by competent personnel, knowledgeable in the certification process, auditing and the requirements of this document;

b) auditors do not audit their own work;

c) personnel responsible for the area audited are informed of the outcome of the audit;

d) any actions resulting from internal audits are taken in a timely and appropriate manner;

e) any opportunities for improvement are identified.

The certification body shall establish (a) procedure(s) for identification and management of nonconformities in its operations. The certification body shall also, where necessary, take actions to eliminate the causes of nonconformities in order to prevent recurrence. Corrective actions shall be appropriate to the impact of the problems encountered. The procedures shall define requirements for the following:

a) identifying nonconformities;

b) determining the causes of nonconformity;

c) correcting nonconformities;

d) evaluating the need for actions to ensure that nonconformities do not recur or occur elsewhere;

e) determining and implementing the actions needed in a timely manner;

f) recording the results of actions taken;

g) reviewing the effectiveness of corrective actions.

10.6.1 The certification body shall consider the risks and opportunities associated with the certification body activities in order to:

a) give assurance that the management system achieves its intended results;

b) enhance opportunities to achieve the purpose and objectives of the certification body;

c) prevent or reduce undesired impacts and potential failures in the certification body activities;

d) identify potential nonconformities and their causes;

e) achieve improvement.

10.6.2 The certification body shall ensure that actions:

a) are planned and taken to address risks and opportunities;

b) are integrated into its management system;

c) are evaluated for effectiveness.

NOTE Although this document specifies that the certification body plans actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Certification bodies can decide whether or not to develop a more extensive risk management methodology than is required by this document (e.g. through the application of other guidance documents or standards).

10.6.3 Actions taken to address risks and opportunities shall be proportional to the potential impact on the certification body’s activities.

NOTE Options to address risks can include identifying and avoiding threats, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.

10.7.1 The certification body shall ensure that the management system documentation is provided to all relevant personnel.

10.7.2 The certification body shall control the documents (internal and external) that relate to the fulfilment of this document. The certification body shall ensure that:

a) documents are approved for adequacy prior to issue by authorized personnel;

b) documents are periodically reviewed, and updated as necessary;

c) changes and the current revision status of documents are identified;

d) relevant versions of applicable documents are available at points of use and, where necessary, their distribution is controlled;

e) documents are uniquely identified;

f) the unintended use of obsolete documents is prevented, and suitable identification is applied to them if they are retained for any purpose.

NOTE Documented information can be documents or records in any form or type of medium.

10.7.3 The certification body shall establish a procedure(s) to control the identification, storage, protection, retrieval, retention time and disposition of its records related to the fulfilment of the requirements of this document.

10.7.4 The certification body shall retain records for a period consistent with its contractual and legal obligations. Access to these records shall be consistent with the confidentiality arrangements.

NOTE For requirements for records on applicants, candidates and certified persons, see also 7.1.

1. 
   (informative)
   
   Principles for certification of persons
   1. General

A.1.1 This document does not give specific requirements for all situations that can occur. These principles should be applied as guidance for the decisions that may need to be taken for unanticipated situations. Principles are not requirements.

A.1.2 The overall purpose of certification of persons is to recognize an individual's competence to perform a task or job.

A.1.3 The certification body has a responsibility to ensure that only those persons who demonstrate competence are awarded certification.

A.1.4 Certification of persons provides value through public confidence and trust. Public confidence relies on a fair, valid and reliable assessment of competence, by a third party, reconfirmed at defined intervals.

A.1.5 The certification body should act in a responsible manner so as to provide confidence to interested parties in its competence, impartiality and integrity.

• 1. Impartiality

A.2.1 Certification of a person should be based on objective evidence obtained by the certification body through a fair, valid and reliable assessment, and not influenced by other interests or by other parties.

A.2.2 It is necessary for certification bodies and their personnel to be and to be perceived as being impartial in order to give confidence in their activities and their outcomes.

A.2.3 Threats to impartiality include, but are not limited to, the following:

a) self-interest threats: threats that arise from a person or body acting in its own interest to benefit itself;

b) subjectivity threats: threats that arise when personal bias overrules objective evidence;

c) familiarity threats: threats that arise from a person being familiar with or trusting of another person, e.g. an examiner or certification body personnel developing a relationship with a candidate that affects the ability to reach an objective judgement;

d) intimidation threats: threats that prevent a certification body or its personnel from acting objectively due to fear of a candidate or other interested party;

e) financial threats: the source of revenue for a certification body can be a threat to impartiality.

• 1. Competence

Competence of the personnel of the certification body is necessary to operate certification of persons that provides confidence.

• 1. Confidentiality and openness

Managing the balance between confidentiality and openness affects interested parties' trust and their perception of value in the certification activities.

• 1. Responsiveness to complaints and appeals

The effective resolution of complaints and appeals is an important means of protection for the certification body and interested parties against errors, omissions or unreasonable behaviour.

• 1. Responsibility

The certification body has the responsibility to obtain sufficient objective evidence upon which to base a certification decision.

1. 
   (informative)
   
   Relationship between activities, process, assessment, application, examination and scheme

B.1.1 The graphic above illustrates the relationship between several of the terms in this document. The assessment as defined in this document includes the application and the examination.

B.1.2 The certification process includes the assessment, application, examination and the other items in the bulleted list under certification process.

B.1.3 The certification activities include all of the items in the certification process as well as other activities undertaken by the certification body related to the delivery of certification of persons including collecting fees, managing personnel and the other items in the bulleted list.

B.1.4 Finally, the certification scheme informs all of the activities and serves as the basis for the methodology (ies) for the certification body activities.

Annex ZA
(informative)

Relationship between this European Standard and the requirements of Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 aimed to be covered

This European Standard has been prepared under Commission Implementing Decision C(2021)9277 of 17.12.2021 on a standardisation request to the European Committee for Standardisation and the European Committee for Electrotechnical Standardisation as regards accreditation and conformity assessment in support of Regulation (EC) No 765/2008 of the European Parliament and of the Council (M/580), to provide one voluntary means of conforming to Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 [OJ L 218].

Once this standard is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of this standard given in Table Z confers, within the limits of the scope of this standard, a presumption of conformity with the corresponding requirements of that Regulation, and associated EFTA regulations.

Table ZA.1— Correspondence between this European Standard and Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 [OJ L 218].

WARNING 1 — Presumption of conformity stays valid only as long as a reference to this European Standard is maintained in the list published in the Official Journal of the European Union. Users of this standard should consult frequently the latest list published in the Official Journal of the European Union.

WARNING 2 — Other Union legislation may be applicable to the product(s) falling within the scope of this standard.

Bibliography

[1] ISO 9001, Quality management systems — Requirements

[2] ISO 19011, Guidelines for auditing management systems

[3] ISO/IEC 17030, Conformity assessment — General requirements for third-party marks of conformity

[4] ISO/IEC 42001, Information technology — Artificial intelligence — Management system

[5] ISO/IEC 17030, Conformity assessment — General requirements for third-party marks of conformity

[6] ISO 19011, Guidelines for auditing management systems

[7] ISO/IEC 2382:2015, Information technology — Vocabulary