[This series of articles discusses the ISO 17000 family of standards, which are often obscure and complex. For links to the full series of articles, click here.]

ISO 17024 is entitled “Conformity Assessment — General Requirements for Bodies Operating Certification of Persons“, but I refer to this as “personnel certification bodies” because, unlike ISO, I don’t get paid by the word.

Folks often get a little confused on whether this standard applies to training organizations. The answer is: “maybe”. If a training organization issues an official certificate to trainees upon completion, then ISO 17024 typically applies unless that certificate is just a “certificate of completion”, or “certificate of attendance.”

Here, ISO and accreditation bodies like ANAB get themselves all wrapped around the axle on the terms “certificate” and “certification.” ANAB has a pretty comprehensive article on the subject here (worth a read) which distinguishes between the two. In short, a “certificate” is issued once for simple completion of training, and a “certification” is issued when some further study, or ongoing renewals, are required.

Sounds good, but ISO 17024 then uses the terms largely interchangeably, mucking up this distinction. Per that standard, certification bodies issue “certificates” to everyone, period. Sigh.

Anyway, in the cases where a trainer only issues a certificate of attendance, then ISO 17024 would not apply. That’s not what this standard is about.

But ISO 17024 may not be limited to training providers themselves. In many cases, a personnel certification body may not offer the training itself, but certify personnel who were trained by someone else entirely.

As with many of the ISO 17xxx standards, it might be worth having a consultation when deciding whether ISO 17024 is the right approach for your particular organization.

The ISO 17024 Requirements

ISO 17024 requirements include:

  • Impartiality: the certification body (CB) must have controls (best addressed via procedures) that ensure it can issue personnel certifications fairly and impartially. This then rolls into control of conflicts of interest (COIs), risk management of COIs, and the need to have objective parties make final certification decisions.
  • Confidentiality: CBs have access to confidential information related to their certified clients, and the people it certifies. This includes when a given student may fail a course. (You don’t want to be like the ISO 31000 training body G31000, who once published a student’s failing grade in retaliation for a dispute over fees.)As a result, the CB must have controls in place (again, procedures are likely necessary) to ensure the management of confidentiality.
  • Competence. Compared to other ISO 17xxx standards, the competence requirements for CB staff defined in ISO 17024 are pretty minimal. Nevertheless, the CB must identify its competence requirements, and then work to ensure those requirements are met.
  • Resources. Resource management for CBs is typically easy as it pertains to equipment and facilities, since there’s not much of an infrastructure overhead requirement for such companies. The bigger issue here is ensuring that the CB has “sufficient” staff to perform its work related to personnel certification.
  • Complaints & Appeals. CBs must have a robust method (again, procedures help here) to manage both complaints and appeals. The standard distinguishes between the two as follows: “complaints” are received from any party, and can be related to anything. “Appeals” are specific contests of certification decisions, coming from its clients; for example, a student may appeal when certification is denied.

I find that very simple procedures (using ISO 10002 as guidance on complaints handling) work great, and tying them into the CB’s corrective action system (a requirement we will discuss later) makes it very easy to manage, without needing to create an entirely separate complaints tracking tool.

  • Defining certification schemes. As with the other ISO 17xxx standards, this set of clauses requires the most work. Here the CB must define all the activities it performs for the certification of persons, including applications, assessments, examinations, decision-making, certification, recertification, suspensions, withdrawals, etc. In addition, if a CB offers more than one certified credential, each scheme must be fully defined with appropriate procedures.
  • MS requirements. Unlike others in the ISO 17xxx series of standards, ISO 17024 does not invoke ISO 9001 as a possible management system (MS) approach. This is because the standard is still fairly old and still has not been updated to align this portion of the standard with others in the family. As a result, ISO 17024 calls out specific management system requirements without identifying them as coming from ISO 9001. These include:
    • Policies & objectives
    • Document control
    • Record control
    • Corrective action
    • Preventive action
    • Internal audits
    • Management review
    • Continual improvement

Accreditation to ISO 17024

If you opt to pursue ISO 17024, you would later become accredited by one of the many traditional Accreditation Bodies, such as ANAB, A2LA, UKAS, etc. This typically subjects you not only to eventual witness audits by your selected AB, but also by the various parties within the IAF scheme, such as IAF regional bodies or even the IAF itself.

As a result, there are a number of other documents which you would be expected to comply with (and which may then trigger the creation of additional policies or procedures.) These include the IAF “mandatory documents” (or “MDs”), as well as specific add-on requirements by the Accreditation Body you select.

Oxebridge can help implement ISO 17024; for more information, click here.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


Surviving ISO 9001 Book