ANSI logo accreditaion  
 

ANSI Accreditation Committee on Product/Process/Services certification Bodies

Matters Related to ISO/IEC 17065

Through participation in the development of ISO/IEC 17065 and through the development and delivery of various workshops on this standard, ANSI has identified certain clauses that will be more easily understood and applied consistently if additional explanation is provided regarding them. The following are explanations of what the words in ISO/IEC 17065 already state – they are NOT interpretations of the requirements nor do they limit the evidence of fulfillment that certification bodies can offer during assessments performed in accordance with ISO/IEC 17011.


ISO/IEC 17065 4.2.3 "The certification body shall identify risks to its impartiality on an ongoing basis". The term "identify" is used and is distinctly different than "address" or "respond to". The use of "identify" indicates a pro-active effort to find risks to impartiality. The use of "ongoing basis" indicates a continuous activity.


ISO/IEC 17065 4.2.4 ". . . information [regarding elimination or minimization of risks to impartiality] shall be made available to the mechanism specified in 5.2." The participants in the 5.2 mechanism will have access to information about the elimination or minimization of impartiality risks supplied by the certification body.


ISO/IEC 17065 7.4.9 Note 2 "The certification scheme can indicate whether the evaluation is performed . . . prior to the application (see 7.2) for the certification process. In the latter case the requirements of 7.4 are not applicable."

ISO/IEC 17065 7.4.4 "The certification body shall . . . manage outsourced resources (see 6.2.2) in accordance with the evaluation plan."

When the scheme specifies that evaluation happens prior to application to the certification body then the scheme is indicating the evaluation is not part of the certification process completed by the certification body. As a result, such an evaluation is NOT outsourced by the certification body since the scheme has indicated the certification body is not involved in the evaluation.

When the scheme specifies that evaluation happens prior to application then 7.4 does not apply, which means 7.4.5 does not apply. Clause 7.4.5 only applies when the scheme indicates the evaluation will be performed by the certification body or under its responsibility. When these conditions exist the requirements in 7.4.5 apply when the certification body decides to use the results of evaluation (the entire evaluation or any part thereof) completed before the application. ISO/IEC 17065 is thus stating those evaluation results CAN be used even when the scheme indicates the evaluation will be performed by the certification body or under its responsibility.


ISO/IEC 17065 7.4.5 "The certification body shall only rely on evaluation results related to certification completed prior to the application for certification where it . . . satisfies itself that the body that performed the evaluation fulfills the requirements contained in 6.2.2. . ." The only requirements in 6.2.2 that the certification body must concern itself with are those that apply to the body that generated the evaluation results being used (results of the entire evaluation or any part thereof), which are the requirements in 6.2.2.1. The other requirements in 6.2.2 that apply directly to the certification body itself can not apply to the body that generated the evaluation results being used – the body that generated the results cannot possibly fulfill the requirements that apply to the certification body. Note as well that 7.4.5 makes no mention of this use of evaluation results as "outsourcing" – however it does "borrow" the 6.2.2.1 requirements for outsourced evaluation and applies them to this situation.


ISO/IEC 6.2.1 "When a certification body performs evaluation activities . . . it shall meet the applicable requirements of the relevant International Standard . . ." The certification body must decide which International Standard is relevant for each of the evaluation activities it performs. In some cases this may be a "best fit" selection, even though the International Standard (ISO/IEC 17020, ISO/IEC 17021 or ISO/IEC 17025 is not specifically written for the specific evaluation activity. In all cases, and especially this "best fit" situation, the certification body must decide what requirements from the chosen International Standard are applicable to the evaluation activity. The same is true for evaluation activities outsourced per the requirements in 6.2.2.1.


ISO/IEC 17065 6.1.2 Management of competence for personnel involved in the certification process

ISO/IEC 6.2.1 "When a certification body performs evaluation activities . . . it shall meet the applicable requirements of the relevant International Standard . . ."

ISO/IEC 6.2.1 Note "Examples of reasons as to why some requirements are not applicable include . . a particular requirement is covered in an equivalent way by this International Standard . . ."

Many requirements in 6.1.2 and 6.1.3 are duplicated in International Standards related to evaluation activities. For internal personnel performing evaluation the certification body can meet either the requirement in ISO/IEC 17065 OR the same requirement in the International Standard it chooses as relevant to the evaluation activity.


ISO/IEC 17065 6.1.2.1 "The certification body shall establish, implement and maintain a procedure for the management of competencies of personnel involved in the certification process (see Clause 7).

ISO/IEC 17056 7.4.2 Note "Outsourced tasks are completed by personnel usually assigned by the organization to which the task is outsourced. Such personnel are not normally assigned by the certification body."

The requirements in 6.1.2 and 6.1.3 do not apply to the personnel who are assigned evaluation tasks by organizations to which the evaluation is outsourced. The international standards and other requirements in 6.2 apply to the management of competencies, impartiality and the confidentiality obligations of personnel in organizations to which evaluations have been outsourced.


ISO/IEC 17065 7.5.1 ". . . The review shall be carried out . . ."

ISO/IEC 17065 3 "For the purposes of this document, the terms and definitions given in ISO/IEC 17000 . . . apply"

ISO/IEC 17000 5.1 "review – verification of the suitability, adequacy and effectiveness of [evaluation] activities, and the results of these activities . . ."

A review is required in the certification process without exception and must be verification of the suitability, adequacy and effectiveness of [evaluation] activities, and the results of evaluation. Full information regarding the evaluation and the results must be available to the individual(s) performing review. Without full information (e.g., relying solely on an existing certification without complete evaluation information) a review, by definition, is not possible.


ISO/IEC 17065 7.5.1 "The certification body shall assign at least one person to review . . ." Only the certification body can assign the person(s) performing the review. Because there are no requirements for outsourcing review certification body shall meet all requirements in 6.1.2 and 6.1.3 for the person(s) it assigns to perform the review. However, once all these requirements are fulfilled there are no restrictions on whether the person(s) assigned to review are employed or contracted by other organizations.


ISO/IEC 17065 7.5.1 "The review shall be carried out by a person(s) who have not been involved in the evaluation process." The details of the certification process are set by the certification scheme. ISO/IEC 17065 section 7 is requirements for the certification body as it executes the certification scheme for the products within the scope of certification covered by the application. As a result the person(s) involved in the evaluation process are those persons involved in any evaluation activity for products covered by the process starting with the application. A person can be involved in evaluation activities covered by one application and be involved in review for products covered by a different application. However, the same person cannot be involved in the evaluation activities and the review for products covered by the same application. The same logic applies to person(s) assigned to make a certification decision.


Recognitions