In a world full of certificates – from ISO 9001 to ISO 14001 and ISO/IEC 27001 – one key question often arises for companies: How can I be sure that the body certifying me is truly competent and works independently?
This is precisely where ISO/IEC 17021 comes in.
You can reach us by phone at +41 44 552 66 17 or send an email to Mr. Markus Kukla, Head of the Certification Body. We look forward to your valued inquiry!
What is ISO/IEC 17021?
ISO/IEC 17021 (more precisely: ISO/IEC 17021-1:2015) is an international standard for conformity assessment. It defines the requirements for bodies that carry out audits and certifications of management systems – in other words, certification bodies.
Its aim is to ensure that these bodies:
- are competent,
- act impartially,
- and use consistent, traceable procedures.
The standard is generic in its structure. This means it applies to all types of management systems, such as:
- Quality management (ISO 9001)
- Environmental management (ISO 14001)
- Information security management (ISO/IEC 27001).
With the revision, it was divided into several parts, including:
- ISO/IEC 17021-1:2015 – General requirements
- ISO/IEC 17021-2 / -3 / Technical Specifications 17021-4, -5, -6, -7, -9, -10 – specific competence requirements (e.g. for environmental or quality management systems).
Who is ISO/IEC 17021 relevant for?
Die Norm richtet sich in erster Linie an:
EN: Certification bodies that audit and certify management systems,
Accreditation bodies, that assess and accredit these certification bodies,
Companies, that rely on credible certificates and want to ensure that their certification is internationally recognised.
In short: ISO/IEC 17021 forms the Quality and Trust Foundation behind every credible ISO certificate.
Core Requirements of ISO/IEC 17021
The standard consists of a series of requirements, all aimed at building confidence in the issued certificates.
1. Competence of the auditors
Certification bodies must:
sicherstellen ensure that their auditors and specialist teams have demonstrable qualification, experience and expertise,
English: demonstrate sector-specific competence (e.g. industry, IT, services),
regularly train and assess auditors.
The standard stipulates that only competent auditors can deliver reliable and consistent audit results.
2. Impartiality & Independence
A core principle of ISO/IEC 17021 is impartiality:
The certification body must not offer consultancy for the management system it certifies, in order to avoid conflicts of interest.
Risk analyses must ensure that economic interests do not influence certification decisions.
Es braucht eine dokumentierte Unparteilichkeitspolitik und oft auch ein Komitee, das diese überwacht.
3. Consistency of procedures
To ensure that a certificate in country A is just as "valuable" as in country B, ISO/IEC 17021 requires:
Standardised audit processes (planning, execution, reporting, follow-up),
clear rules for audit duration, sample selection and locations,
defined criteria for when a certificate is granted, maintained, suspended or withdrawn.
4. Management system of the certification body
The certification body itself must operate its own management system (often modelled on ISO 9001):
documentation of processes, responsibilities and interfaces,
internal audits and management reviews,
continuous improvement of own performance.
This ensures that the certification body not only audits others, but also systematically manages itself.
5. Handling of complaints & appeals
Another important building block:
Public procedures must exist for complaints (e.g. from customers or other stakeholders) and appeals against certification decisions.
English: These procedures must be transparent, traceable and fair. Wikipedia
This allows companies to take action against, for example, a suspension of certification that they consider unjustified.
How do certification bodies implement ISO/IEC 17021 in practice?
ISO/IEC 17021 is the central standard that ensures certification bodies for management systems worldwide work according to uniform, transparent and trustworthy criteria.
For companies this means:
A certificate from a certification body working in accordance with and accredited to ISO/IEC 17021 is more than just a logo on the website – it is a strong signal of credibility, compliance and a lived quality awareness.