Accredited Certification
Accredited certification bodies have been assessed to demonstrate competence, impartiality and performance capability. They provide independent auditing and certification for organisations seeking recognition of compliance to national and international Standards.
In the UK, HM Government's Department for Business, Innovation and Skills (BIS) has stated that:
-
Government advice is to use an accredited certification body, and
-
Organisations that claim to be accredited by anyone other than UKAS are likely to be committing a crime.
Why use an accredited certification body?
It is important to make sure that the certification body you are use is accredited and has obtained their accreditation from a recognised national accreditation body that is a member of the IAF, such as UKAS (United Kingdom Accreditation Service).
The IAF website carries a full list, by country, of recognised national accreditation bodies and it is easy to identify, from this list, whether or not any particlarly organisation has been formally and officially accredited.
“Any organisation therefore that is suggesting it is accredited in the sense of the Regulation when they are not is likely to be guilty of an offence under the Business Protection from Misleading Marketing Regulations 2008 (Statutory Instrument 2008/1276).” Source: BIS
Consequently, those that profess to be accredited when not should be referred to trading standards or the Office of Fair Trading immediately.
View more information on non-accredited certification on the BIS website.
If you cannot find a accreditation organisation on this list, you are safe to assume that it is not an official, recognised accreditation body and that any 'certificates' issued under its aegis will have no official standing in any country in the world. To find out more on exactly which standards Certification Bodies are accredited by UKAS to deliver certification services, visit the UKAS website.
Why you should avoid non-accredited certification bodies:
-
Non-accredited certification bodies (and those that claim to accredited by an unrecognised accreditation service) typically offer a service that includes both consultancy and certification; no formally accredited certification body will do this as the international framework recognises the obvious conflict of interest when a single organisation certifies its own work. The whole point about and value of independent certification is that it is independent of those who did the work. Certification is designed to provide assurance to others that a management system is working in line with a specific management system standard and such assurance simply cannot be provided by any body that is not independent.
-
Non-accredited certification bodies (and those that claim to accredited by an unrecognised accreditation service) are not subject to regular performance, quality and competence monitoring by a national accreditation body that is formally charged with ensuring that certification bodies continue operating in line with their mandates.
-
Non-accredited certification bodies (and those that claim to accredited by an unrecognised accreditation service) usually do not operate in line with the international standards for certification bodies (eg ISO/IEC 17021), nor in line with those for conducting audits of specific management systems. ISO/IEC 27006, for instance, is the standard for certification bodies that provide audit and certification services for ISO27001 management systems.
Any organisation that claims to be an accredited certification body should be able to show you a current copy of its certificate of conformity with ISO/IEC 17021:2011.
This is the international standard that sets out the requirements for bodies providing audit and certification of management systems. As the International Standards Organisation says: "Certification of management systems is a third-party conformity assessment activity. Bodies performing this activity are therefore third-party conformity assessment bodies." In other words, they can never provide a certification service in respect of their own consultancy work.
It is important to crack down on non-accredited certification bodies, as they damage good certification schemes and waste organisation’s money. At IT Governance, we only work with accredited certification bodies and urge you to do the same.
IT Governance Ltd is recognised by Third Party Accredited Certification Bodies as being competent to advise on certification and management system implementation. We are independent of vendors and Certification Bodies, and we encourage our clients to select the best-fit supplier of independent certification services for their needs and objectives, IT Governance is widely recognised amongst UKAS accredited Certification Bodies as a leading (ISO27001) consultancy and is listed on the following:
-
BSI Management Systems UK Associate Consultant Programme;
-
Bureau Veritas Certification approved list for the implementation and management of ISO27001 and ISO20000 (IT Service Management standard);
-
ISOQAR consultant database;
-
Lloyds Register Quality Assurance(LRQA) Consultant Network; and
-
NQA consultant database.
Clients of IT Governance have used the following UKAS (or equivalent) accredited certification bodies: AJA Registrars, BSI, Bureau Veritas, Certification Europe, Certification International, Det Norske Veritas, ISOQAR, LRQA, NQA, SGS.
Why choose IT Governance?
-
We have over 10 years worth of experience
-
Our directors were the first to achieve successful certification to BS7799, the forerunner to ISO27001, in the world and have since aided other organizations to implement effective information security management systems
-
We write and publish extensively on IT governance subjects
-
We provide a comprehensive range of corporate and IT governance information, advice, guidance, books, tools, training and consultancy
-
We have the most comprehensive range of accredited ISO27001 training courses available
-
We only recommend accredited certification bodies