In a presentation to the Independent Association of Accredited Registrars (IAAR), the VP of ANAB and President of the International Accreditation Forum (IAF) Randy Dougherty revealed a telling look at some critical details of the new ISO 17021-1 standard, as well as the sources of those proposed changes. The accreditation rules governing certification bodies (CBs) are undergoing significant revision by ISO/CASCO, and will replace the current rules under ISO 17021:2011.

The IAAR presentation was a closed-door event, given only to member CBs, and not open to the public.

Oxebridge has obtained Mr.Dougherty’s notes, which reveal that the changes were driven entirely from those inside the CB community itself, for whom the rules apply. According to the notes, inputs for the revision included:

  • CASCO interpretation requests
  • IAF application documents
  • APG and AAPG papers
  • Outcome of WG33—ISO/IEC TS 17022
  • Outcome of WG37—ISO/IEC TS 17023
  • CASCO PAS documents 17001-17005
  • Other CASCO documents—17020, 17024, 17065

What is evident is that the development process for the ISO 17021-1 standard did not take into consideration any input from actual ISO certification end users or the public. The ISO Code of Ethics, the Fundamental Principles of the ISO System and internal ISO rules require that such standards not be developed subject to the influence of any one stakeholder group, and it appears these conditions were ignored.

The Dougherty notes included a list of key changes to the rules. Mr. Dougherty first noted the three most significant changes, in his opinion:

  • Improving effectiveness of operational and organizational control by CBs of remote offices regardless of their organizational structure
  • Allowing a statement, but no mark, on product packaging (not on product) and accompanying literature that a company has a certified management system
  • Defining audit time and audit duration, and then focusing requirements for justification on audit duration, which is the time from the opening to the closing meeting.

He then presented a further list of additional changes, including:

  • Not require, but still allow, a committee for safeguarding impartiality
  • Adopt the approach in ISO/IEC 17024 regarding public information with, or without, request
  • Defining/classifying nonconformities as major and minor
  • No longer requiring a public directory of certifications
  • Allowing a CB to certify another CB to a management system standard, except for a QMS

Overall, and as expected due to a lack of stakeholder involvement, the rule changes overwhelmingly benefit the CBs by streamlining their operations, reducing costs, increasing revenue opportunities, and diluting rules for management of impartiality.

The two changes most likely to have the hardest impact on standards users and the public will be the removal of the requirement for CBs to maintain an independent Impartiality Committee, and the eradication of registries with which the public can verify ISO 9001 certificates.

A new rule that would potentially enhance CB revenue is particularly troublesome. It requires CBs to conduct an entire second Stage 2 audit if the CB cannot confirm the closure of a nonconformity within six months:

If a CB is unable to verify effective correction and corrective action 6 months after an initial audit, another Stage 2 shall be conducted.

This rule is likely to face significant opposition from users, since the “six month” period is entirely arbitrary, and gives no allowance for issues which may require long-term action. By inserting this requirement, CASCO places an arbitrary deadline for all audit findings, no matter the nature or severity, thereby violating their own “risk-based” philosophy. The result will be CB clients rushing to close audit findings just to maintain certification, without doing proper root cause analysis and taking effective action.

The benefit for CBs, however, is that by forcing a full Stage 2 re-audit of the entire QMS, a CB can effectively double or triple it’s annual revenue from that client just by claiming it was unable to “verify effective correction and corrective action.”  With the Impartiality Committee gutted, clients will not have an advocate within the CB to defend them when such decisions are made entirely for the purposes of generating revenue.

Nothing good will come from that, but no one at CASCO ever polled the people effected by the rule, so they never thought out the scenario.

Oddly enough, the new rules maintain the current standard’s prohibition against consulting, but given that it’s been entirely ignored by ABs for enforcement, perhaps removing them was deemed a bridge too far.

Despite the glaring problems the rule changes will cause for end users, Mr. Dougherty nevertheless summed up on a positive note for his CB-only audience:

In my opinion it will be easy for any current CB to conform to the changes.  Very few CBs will need to make any significant changes to their processes.  But I also think nearly all of the changes are improvements and will add to the credibility and integrity of certification.

Or, more likely, the exact opposite of that.

We’ll have an in-depth look at the changes of ISO 17021-1 shortly.





ISO 45001 Implementation