The benefits of accredited certification
Business Resiliency, Governance Risk & Compliance, Security Education
Organisations invest a significant amount of time, effort and money embarking on the road to implementing ISO standards. Those embarking on the journey for the first time can often be overwhelmed with the amount of information available on the internet and from sponsored advertisements guiding you to “ISO in a box” solutions which appear too good to be true. Of course, this is normally the case, the individual tasked with entering into contract with a certification body should always be aware of the potential pitfalls around the certification process.
Terminology around the certification process can also be confusing and the terms “certification” and “accreditation” can often be used and interchanged in conversation, so the following points should help to clarify their meaning:
- Organisations can seek to be CERTIFIED to an ISO standard. This is known as certification and is carried out by a third party certification body.
- Third party Certification bodies providing certification services to organisations should be ACCREDITED by an appropriate government appointed body to undertake certification.
CyberCX only recommend working with accredited certification bodies.
At an international level, the International Accreditation Forum (IAF) maintains a register of accreditation bodies that conduct and administer programmes for the certification of management systems and other programmes of conformity assessment. At the last count there were 99 member bodies in the IAF worldwide.
Most countries have adopted and approved the use of an accreditation body which will undertake assessment and confirm a certification bodies suitability to undertake third party certification activities. The standard that accreditation bodies use to assess certification bodies is ISO17021-1. Like many other ISO standards, ISO17021 is a set of clause based requirements aimed at providing consistency of approach and value for organisations that engage in the services of an accredited certification body.
In the United Kingdom, UKAS is the UK government appointed body that accredits certification bodies. Like the IAF they also hold a register of accredited certification bodies who have been successfully assessed against the ISO17021 standard to conduct certification activities against the various ISO standards.
In the US, ANAB provide a similar service and is the largest accreditation body in North America and provides services in over 75 countries.
Ultimately, if your organisation chooses to pursue certification to an ISO standard such as ISO27001 or ISO22301, you will meet the external assessor who is conducting the certification audit and who will ultimately be making the recommendation for certification. It provides some comfort to know that if the assessor is representing an accredited certification body that they will be suitably competent to conduct the assessment, that there is a process to review and confirm their findings, there is an independent appeals process in place and that the certificate that is ultimately issued is worth the paper it is written on.
Accredited certification provides this assurance.
With a number of unaccredited “certification bodies” offering their services in the marketplace there are a number of warning signs to look out for. You may have already unwittingly entered into contract with an unaccredited certification body:
- Is the certification body trying to tie you down to a long term (e.g. 10 year) contractual commitment..?
- Is the certification body suggesting you can obtain certification in super quick time..?
- Is the expiry date on your certificate in excess of three years from today’s date..?
- Was your management system documentation provided to you by the same organisation that undertakes the external assessments..?
- Does the assessor assess the whole management system over a three year cycle..?
- Does the assessor brush over potential or actual findings during your audit..?
- Does the same assessor keep turning up (e.g. 6 years plus..)
If any of the above is true, then alarm bells may be ringing, however you will not be alone. Over the years many organisations have unintentionally signed into long term contracts with unaccredited certification bodies only to discover at a later date that their certificate is not accepted or is deemed invalid by a prospective client during a tendering activity.
Benefits of accredited certification
- Demonstrate technical competency – Third party certification body auditors have to demonstrate their competency to undertake audits and must hold sufficient knowledge and experience in the relevant sector specialization that they undertake audits in.
- Provides legitimacy: Organisations that hold accredited certification can demonstrate that their system has been assessed by a certification body that has in turn been assessed by a government approved body.
- Proves impartiality of approach – Accreditation body rules ensure that assessors cannot exceed two certification cycles with the same client.
- Delivers confidence to your clients and stakeholders – Accredited certification provides credibility and confidence that the certification is valid and credible.
- Offers commercial advantages – Accredited certification is becoming the minimum requirement for public sector tendering. Procuring organisations are becoming more aware and are now demanding accredited certification in order to gain entry to tenders and commercial opportunities.
- Increases international acceptance – Accredited certification is recognized the world over thanks to the work of the accreditation bodies and the IAF to promote the benefits of accredited certification.
- If you work in the procurement function or are involved in assessing tenders, assurance can be gained from ensuring that you ask prospective suppliers of products and/or services to provide evidence of accredited certification when reviewing ISO certificates provided during tendering and pre contract activities for the reasons stated above.
The benefits and advantages of holding accredited certification are well proven, here at CyberCX we call upon our clients, partners and stakeholders to promote the benefits of accredited certification and educate themselves and others in order to avoid the pitfalls of entering into contract with an unaccredited certification body.
9th June 2022 marks World Accreditation Day (#WAD2022), a global initiative to promote the value of accreditation, so there is no better time to promote this important message.
How can CyberCX help?
Our experienced team would be happy to help if you have any questions about certification and the benefits for your organisation.