Accreditation Bodies – which are signatory members of the IAF MLA (International Accreditation Forum Multilateral Agreement) – must have their accredited Product Certification Bodies according to the current ISO/IEC 17065 (transitioned over from the old ISO/IEC Guide 65).
Certification Schemes are the driving documents for all certifications. Without it, there is no information about the criteria with which the certified product, process, or service complies. Certification Schemes typically include additional requirements above and beyond those outlined in ISO/IEC 17065 that could include:
- requiring management system registration/certification at the manufacturer level
- periodic audits of the factory line
- accreditation or other recognition of the testing/inspecting/auditing body
- specifications on how to demonstrate that a product, process, or service is certified by a legitimate body.
Let’s see in details the contents of the ISO/IEC 17065 standard.
The first three sections of ISO/IEC 17065 are informative in nature and include references to other international standards.
This chapter has been implemented with respect to EN 45011 for alignment with the ISO/IEC 17000 family and it is necessary to read it carefully, together with the Principles contained in Appendix A, to understand the meaning and spirit of the standard, starting from expectations that the various interested parties (the customers of the Certification Body; the customers of the organizations whose products, processes, services have been certified; the Authorities; the non-governmental organizations; the consumers) associate with the product certification.
It is specified that “.. the value of the certification is the degree of trust and credit that is established through an impartial and competent demonstration, carried out by a third party, of the fulfillment of the specified requirements ..” and that “.. the certification of products, processes or services is a means of ensuring that they meet the requirements specified in standards and other regulatory documents. “
The standard “… specifies the requirements whose observance is aimed at ensuring that the certification bodies implement certification schemes in a competent, consistent and impartial manner” and clarifies that this standard does not set requirements for product certification schemes, nor how these should be developed.
Section Four of ISO/IEC 17065 deals with the activities and setup of the Certification Body on a general level. This section includes requirements for:
- legal stature
- presence of a “Certification Agreement” with the clients of the Certification Body
- minimum contents of the agreement
- use of certification marks and licenses
- financial support and liability coverage
- non-discrimination practices.
A paragraph is dedicated to the management of impartiality (4.2). In addition to requiring that all activities are handled impartially, a risk analysis document must be drawn up where the Certification Body must analyze in detail all the possible threats to its impartiality, both internal and external, and define the measures adopted to counteract it. any situation adverse to impartiality.
In any case, the activities that cannot be carried out by the Certification Body are defined (eg design, manufacturing, maintenance, consulting, etc. of the same types of products that are certified).
Safeguarding mechanism of impartiality that must consider:
– the definition of a policy and principles for safeguarding impartiality;
– any commercial or other aspect that could threaten the impartiality of the Certification Body;
– the possibility of adopting a committee (in analogy to what is required by ISO/IEC 17021).
Section Six of the Standard begins accounting for the human resources involved in the certification process. Requirements are set in place for personnel competencies, training and monitoring, and compliance with the Certification Body’s rules and procedures. In addition, the standard discusses the requirements that must be met for the Certification Body’s internal resources to ensure compliance with all rules and procedures the Certification Body has in place, as well as external resources (as subcontractors) that provide evaluation services to the certifier.
Section Seven of the Standard covers the requirements the Certification Body must follow while performing the various steps in the certification process. This includes receiving and reviewing the client’s application for certification, ensuring the product, process, or service is appropriately evaluated. This section also includes the required information on documents given to the client to signify that their product, process, or service has been certified.
This section discusses also the situations when surveillance activities are necessary and the inclusion of the Certification Body’s responsibilities when it comes to ensuring that certified products, processes, or services continue to meet scheme requirements. If the scheme is changed, the Certification Body must take an adverse decision (suspending or withdrawing certification).
Section Eight of ISO/IEC 17065 covers the requirements for a management system that must be in place within the Certification Body. Many of the requirements are similar to those found in ISO 9001. The Certification Body must have a collection of management system documents, controlled documents, records, and must perform management reviews and internal audits in accordance with defined procedures and schedules. Also, the Certification Body is required to address corrective and preventive actions.