ISO 9001 and ISO 14001 certification are frequently used in both private and public sectors to increase confidence in the products and services provided by organizations, between partners in business-to-business relations, in the selection of suppliers in supply chains and in the right to tender for procurement contracts.
IAF and the International Organization for Standardization (ISO) have jointly produced a concise statement of outcomes that are to be expected as a result of accredited certification to ISO management system standards such as ISO 9001 and ISO 14001. The intent is to promote a common focus throughout the entire conformity assessment chain in order to achieve these expected outcomes and thereby enhance the value and relevance of accredited certification.
The following document can be downloaded from Documents for General Information:
Expected Outcomes for Accredited Certification to ISO Management System Standards such as ISO 9001 and ISO 14001
Certification is a “third-party attestation related to products, processes, systems or persons,” as defined by ISO/IEC 17000 Conformity Assessment—Vocabulary and General Principles.
Certification is most often associated with ISO 9001 and the environmental management systems standard ISO 14001. However, certification programs exist for a range of management systems standards, including the ISO/IEC 27001 program for information security management, the ISO 22000 program for food safety management, the ISO 50001 program for energy management, and the ISO 45001 program for occupational health and safety management.
Organizations may also be certified for private sector schemes, such as FAMI-QS, FSSC 22000, IPC Management System Auditors, ICAO CORSIA or GLOBALG.A.P. IFA.
Product certification is the process of verifying that a product, including services and processes, meet requirements specified in contracts, regulations, or specifications.
Personnel certification is the process of confirming that an individual has the necessary experience, knowledge, skills or other attributes to fulfil requirements.
In most countries, accreditation is voluntary, however, many certification bodies choose to seek accreditation in order to demonstrate third-party confirmation of their competence.
An organisation that provides certification, testing, calibration, inspection and other conformity assessment services can seek accreditation. An accredited body has demonstrated that it fully meets the requirements of relevant national and international standards.
The criteria for determining a certification body’s competence are based on the relevant national or international standard (such as ISO/IEC 17024, ISO/IEC 17065, ISO/IEC 17021) and include: the qualifications required, knowledge and skills, training and experience of staff; appropriate equipment that is properly calibrated and maintained; adequate quality assurance procedures; and appropriate sampling practices.
Accredited bodies can be private or government owned, and can range in size from sole traders to large multi-disciplinary, multi-site organisations.
The IAF operates in the fields of management systems, products, processes, services, personnel, validation and verification and other similar programmes of conformity assessment, while laboratory and inspection accreditation is managed at the global level by the International Laboratory Accreditation Cooperation (ILAC).
An accreditation body is an authoritative body that performs accreditation. In some instances, its authority is derived from government.
Its primary function is to assess, against internationally agreed standards, organisations that provide certification, testing, inspection and calibration services (collectively known as conformity assessment bodies). Accreditation demonstrates the competence, impartiality and performance capability of these organisations.
Accreditation bodies normally operate as non-profit distributing organisations.
The IAF operates in the fields of management systems, products, services, personnel and other similar programmes of conformity assessment, while laboratory and inspection accreditation is managed at the global level by the International Laboratory Accreditation Cooperation (ILAC).
Accreditation is the independent evaluation of conformity assessment bodies against recognised standards to ensure their impartiality and competence to carry out specific activities, such as tests, calibrations, inspections and certifications.
The IAF operates in the fields of management systems, products, processes, services, personnel, validation and verification and other similar programmes of conformity assessment, while laboratory and inspection accreditation is managed at the global level by the International Laboratory Accreditation Cooperation (ILAC).
Through the application of national and international standards, government, procurers and consumers can therefore have confidence in the calibration and test results, inspection reports, certifications and validation and verification statements provided.
Accreditation bodies are established in many countries with the primary purpose of ensuring that conformity assessment bodies are subject to oversight by an authoritative body.
Conformity assessment is the demonstration that what is being supplied actually meets the requirements specified or claimed. Conformity assessment can be applied to a product or a service, a process, a system, an organisation or persons and includes activities such as testing, inspection, and certification.
Demonstrating compliance with standards and other criteria assumes greater importance to consumer confidence as products and services become increasingly technically complex. Conformity assessment is therefore an indispensable part of an economy’s business and standards and conformance infrastructure.
IAF publishes a number of documents to communicate policy decisions and rules, share best practices, and support accreditation body and conformity assessment body operations. These documents, which are under constant review, are core to the effective operation of IAF, and support IAF’s objective of accredited once accepted everywhere.
All IAF documents are clearly categorised depending on the nature or purpose of the document. Some contain mandatory requirements, however others are available for advisory or informative purposes.
The categories are as follows:
Policy Documents (PL Series): Policy documents set out the governance requirements that IAF Members are expected to follow, as well as the IAF position on current issues.
Multilateral Recognition Arrangement (MLA) Documents – (ML Series): In order to ensure that the various accreditation programs in the IAF MLA are operated in an equivalent and harmonized way worldwide, IAF issues documents that need to be followed by IAF Members. Such IAF documents are based on the experience of IAF Members and represent agreement among IAF Members on best practice in the application of requirements.
IAF Informative Documents (ID Series): Informative Documents reflect the consensus of IAF Members on a given subject and are intended to support the consistent application of requirements. As these documents are for information purposes only, Accreditation Body Members, and the conformity assessment bodies they accredit, are not under any obligation to use or comply with these documents.
IAF Mandatory Documents (MD Series): IAF publishes Mandatory Documents which are required to be used by accreditation bodies when accrediting certification bodies to assure that they operate their programs in a consistent and equivalent manner. Mandatory documents are not intended to establish, interpret, subtract from or add to the requirements of any ISO/IEC standard, but simply to assure consistent application of those standards.
Procedures Documents (PR Series): IAF Procedures documents set out the procedures to be followed in implementing the IAF program, including the procedures and processes which must be followed in order to satisfy the IAF objectives, Certificate of Incorporation and Bylaws.
IAF-ILAC Joint Publications (A Series): This category includes documents that are published jointly with ILAC, and are used in the evaluation of regions and unaffiliated accreditation bodies.
Documents for General Information: IAF publishes a number of documents which are made available to assist businesses, regulators and other parties to gain a better understanding of IAF and its operations.
Promotional Documents: IAF publishes a range of promotional documents for use by IAF Members, their accredited conformity assessment bodies and other stakeholders interested in accreditation.
IAF is an international association of organisations that work together to achieve common trade facilitation objectives. The terms of reference, tasks and duties of the Members, the Board of Directors, and the Secretary are defined by the Bylaws and the Memorandum of Understanding (MoU).
The highest level of authority in IAF is the Members in a General Assembly. General Assemblies make decisions and set policy on behalf of IAF Members. The Board is responsible for legal actions to be carried out on behalf of IAF Members, for developing broad policy directions and for ensuring that the day-to-day work of IAF is carried out in accordance with the approved policies.
The Executive Committee is responsible to the Board of Directors for the day-to-day work of IAF based on decisions made by IAF Members and directions from the Board of Directors.
The relationships between the various parts of IAF can be found in IAF PL 5 which can be downloaded from the Policy Documents section of the site.
There are three different categories of IAF membership:
IAF Members that are not yet signatories
Membership of IAF is open to accreditation bodies that conduct and administer programmes by which they accredit bodies for validation/verification or certification of management systems, products, processes, services, personnel and other programmes of conformity assessment. When an accreditaiton body first joins IAF, it signs a Memorandum of Understanding (MoU) to receive a basic level of membership (MoU membership). This basic membership does not mean that an accreditation body is a signatory to the IAF Multilateral Recognition Agreement (MLA). Upon joining IAF, accreditation bodies must declare their intention to join the IAF MLA recognising the equivalence of other Members’ accreditations to their own.
IAF MLA Signatories
Accreditation Body Members of IAF achieve IAF MLA Signatory status after a full evaluation of their operations by a peer evaluation team, which is tasked to ensure that the applicant complies fully with both international standards and IAF documents. Once an accreditation body is a signatory of the IAF MLA, it is required to recognise and promote certificates and validation and verification statements issued by conformity assessment bodies accredited by all other signatories within the scope of the IAF MLA.
Association Members are organisations or associations that represent a similar group of entities internationally or within an economy or region. These entities are associated with the programmes of IAF Accreditation Body Members and fully support IAF objectives.
Regional Accreditation Group Members consist of associations of accreditation bodies, and possibly other bodies, that cooperate within an identified geographic region to establish and maintain a multilateral recognition agreement based on a peer evaluation system, and represent the interests of accredited entities, industry, users and similar organisations that engage in, are subject to, make use of, accept or rely on conformity assessment results from bodies accredited by Accreditation Body Members of IAF, and which support the purpose of IAF. Regional Accreditation Groups are invited to be represented in committees established to enhance cooperation between IAF and the Regional Accreditation Groups.
Recognized Regional Accreditation Group
A Recognized Regional Accreditation Group is a Regional Accreditation Group that has been peer evaluated to confirm that its membership and MLA peer evaluation criteria and processes meet or exceed IAF requirements.
IAF also has non-Member Observers. In cases where the Board believes it is in the best interests of IAF Members to develop closer relationships with a particular entity, the Board may grant Observer status to such an entity for a period not exceeding three years. Observers may be invited to attend IAF meetings and/or participate in technical work in a manner determined by the Board, but are not be eligible to cast a vote on any matter put to the Members for resolution.
More information can be obtained from Section 3.01 of the IAF Bylaws.
IAF is a global network of accreditation bodies and other organisations involved in conformity assessment activities. Its key roles include:
Yes. IAF has published an initial list of of FAQs relating specifically to the COVID-19 situation and its impact on accreditation and accredited conformity assessment. You can find these here.
This list may be added to as the situation evolves.
IAF is committed to ensuring consistent and appropriate action to ensure the validity of accredited certificates and validation/verification statements is correctly maintained during this challenging period. Supporting IAF Accreditation Body Members, the conformity assessment bodies they accredit and most importantly those who hold accredited certificates or validation/verification statements from conformity assessment bodies accredited by IAF Members is IAF’s priority.
These FAQs build on IAF’s previous information including the IAF statement issued 04 March 2020.
IAF CertSearch is an online database containing the largest and most up-to-date collection of accredited certificates in the world. It allows users to validate any individual accredited Management System certification from any economy in any language in real time. The technology employed ensures data security and protection, safeguarding information.
IAF CertSearch is a tool that a user can use to validate the legitimacy of an accredited certification. The user will type in either the company name or certificate identification into the search bar. If the user knows the company name, they will be directed to the company page where they can see all certifications that company holds. If they wish to validate an individual certificate they can click on the certificate where they can see the certificate details including Standard, Scope, Status (no dates are shown), Certification Body and Accreditation Body. In cases where they type in the certificate identification number into the search bar they will be taken directly to that certification page.
The Certified Entity will have a profile page, as will the Accreditation Body and Certification Body. It is only possible to validate a certification if the user knows either the Certified Entity name or certificate identification number. No user is able to download or view a list of certifications issued by a Certification Body. A user will be able to search and validate up to 5 certifications per day and 20 per day if they have created an account and identified themselves. The database is solely designed to validate individual certifications. It is also not possible to search for products or services of certified entities via IAF CertSearch as it does include this data.
In order for the IAF CertSearch database to operate it needs to receive data from all stakeholders.
Businesses and Governments are demanding greater transparency across organizations and supply chains. Accredited certifications make it possible for businesses and governments to develop compliant supply chains, however their ability to validate certifications and to find and trade with certified entities has been restricted. Due to the lack of a global technology solution for validation of accreditation, this led to misuse of accredited certification, undermining its value.
For the first time IAF CertSearch has made it possible to have representation of the entire accredited network including Accreditation Bodies, Accredited Certification Bodies coupled with the ability to validate individual certifications held by organizations certified by a certification body who is accredited by an IAF Accreditation Body member.
The platform has been designed to be compliant with all international privacy and data regulations and structured to ensure that uploaded data remains secure and will not be sold at any time.
Presently, those seeking to validate an accredited certification are limited with validation solutions. There is no central location where all accredited certifications can be validated. This allows for misuse where organizations claim they have an accredited certification when in fact they don’t. Whilst some industry groups are fully supportive of accredited certification and mandate accredited certification they find it extremely difficult to implement this stance as it is very difficult to validate accredited certifications across the globe.
Whilst industry and government are aware of standards and, in general, certification, a significant proportion are not aware of accredited certification and its benefits, nor are they aware of the difference between accredited certification and non-accredited certification. If organization trade with companies who have fraudulently claimed accredited certification or trades with companies who have a non-accredited certification who don’t meet the standard, this indirectly damages the reputation of accredited certification particularly if the industry users are not fully aware of the difference between
accredited and non-accredited certification.
These validation and awareness challenges enables organizations to misuse the brand of accredited certification, for example:
As a result of these challenges, all levels of the accredited network are impacted, affecting the intended value of accredited certifications. Creating a clear digital distinction on what is accredited certification and how it can be validated will go a long way to motivating companies to obtain a legitimate accredited certification.
There is support from many levels of the accredited certification network, industry, government and regulators. Below is list of some organizations who have expressed support for the principle of a central database of accredited certification:
IATF – International Automotive Task Force
DOE – Department of Energy in the USA
UNIDO – The United Nations Industrial Development Organization
IEA – International Energy Agency
Natural Resources Canada
IAQG International Aerospace Quality Group
TIA – Telecommunications Industry Association
DTA – Dental Trade Alliance;
AHWP – Global Harmonization Working Party
CONSIP – Italian Ministry of Economy and Finance organisation.
Clean Energy Ministerial
IAF CertSearch has the potential to contain information on all MLA signatory Accreditation Bodies, and approximately 2,500 Certification Bodies who have issued over 1,650,000 accredited certifications to well over 1 million organizations.
The database only covers accredited management systems certification. There is no intent or plan to cover other areas of certification such as product certification or certification of persons.
No. This has been confirmed by the IAF Board and IAF Executive Committee. There is no intent or plan to extend the database.
IAF CertSearch is owned by IAF Database LLC, which is a wholly owned subsidiary of IAF. The IAF Database LLC is managed by the Database Management Committee (DMC), membership of which is drawn from ABs, CBs and end users.
IAF CertSearch was originally structured to be funded through a cross-sales arrangement with a supply-chain promotion database called MarketPlace. However, due to concerns raised by stakeholders about the cross-selling of services to Certified Entities the connection with MarketPlace was discontinued. This means that QualityTrade is currently maintaining IAF CertSearch free of charge. This is not a viable or sustainable option for either party and so the IAF Database Management Committee has investigated several options with stakeholders and QualityTrade and has put forward a recommended option for IAF Members to consider and give feedback on, before a final vote on proposed changes in 2022.
A key principle for IAF CertSearch is that it is self-financing and not-for-profit. As there is no requirement on IAF, ABs or CBs to fund IAF CertSearch; the most viable mechanism available is through voluntary user-pays services.
The proposed user pays model is funded through two voluntary paid-for-services– Analytical Services (for CBs and ABs and institutional users) and Verification Services (for supply chain verifiers).
Analytical Services (CBs/ABs) – through a digital dashboard CBs and ABs can choose to access anonymized and aggregated data analysis on the management systems certification by market, standard, accreditation, industry sector and other key variables.
Analytical Services (Institutional Users) – Using the certification data and accreditation data, anonymized and aggregated analysis reports will be offered to pre-approved Professional Bodies/Research Bodies/Standards Development Bodies.
Verification Services – Through an account portal, users of accredited certification could verify information relating to their supply chains as well as adding suppliers onto a certification watch list. Small and medium sized enterprises will be able to validate up to 100 certificates per annum free of charge.
Eighty percent of the revenue IAF Database LLC will receive for these services will be paid to QualityTrade compensating them for the hosting, security, maintenance, and future development of IAF CertSearch. At year end, any surplus (net of the costs for hosting, security, maintenance, and development) will be split with QualityTrade 50/50 so that IAF Database LLC receives the greater amount of either the twenty percent revenue or fifty percent of the net surplus. It is important to highlight that QualityTrade remains a financially viable partner for IAF Database LLC. As part of the new agreement, QualityTrade will financially underwrite the full costs for the development and maintenance of the system for the term of the contract and for a minimum of five years.
IAF CertSearch needs to change because the current funding model has not worked and the database contains only 35% of accredited management systems certificates. This poses a reputation risk to IAF, ABs and CBs. Users of accredited certification have voiced concern that IAF members have not yet addressed this urgent issue.
The DMC has set forward an urgent proposal for amendment of the IAF Database Principles, to create a sustainable financial structure and realise the significant benefits of a global digital database.
After investigating a range of options the DMC has put forward the most viable option to communicate and consult with IAF members. This option is based on a mandatory database, with a new voluntary “user pays” model and a contractual link between CB’s and IAF, as well as an updated contract between QualityTrade and IAF Database LLC. This creates a sustainable financial model, tackles the concerns of CBs (regarding data ownership and security), and addresses the issue of an under populated database. The DMC and IAF Executive Committee considered this the most viable and desirable option for all stakeholders.
Other options were considered by the IAF Board and IAF Executive Committee; including, disbanding IAF CertSearch, which could result in loss of reputation, pose a financial risk and cause strategic damage and/or changing IAF’s IT partner, which would create a financial risk for IAF and result in breaking a positive relationship with QualityTrade. Moreover, IAF does not have funds to develop a database with another provider. These options were not considered viable.
The proposed model would be made mandatory through Accreditation Bodies (ABs) and will have back-to-back contractual arrangements with QualityTrade and a clearly defined data sharing and management agreement between CBs and IAF Database LLC.
The current voluntary model has not worked and so a mandatory approach is the best option to ensure that CBs contribute to this vital global initiative.
There are many examples of successful and reliable mandatory digital databases including: IAQG (Aerospace), IATF (Automotive), Quest TIA (Telecoms), and many Scheme Databases (e.g BRC, IFS, SQF, FSSC etc). ABs such as JAS-ANZ, UKAS, Accredia and CNAS have mandatory databases.
The DMC is undertaking a market research study to understand the demand and potential price points for the two user-pays services (analytical service and verification service). This data will be used to adjust the financial business case and will be presented as part of the final proposal to IAF members for review in 2022.
This is the initial market research summary. Research is continuing throughout the first half of 2022:
If this user-pays financial option fails QualityTrade (the IT Service Provider) has confirmed they will underpin the cost of delivering the database for a minimum of five years, from when the database is made mandatory. This will allow sufficient time for the new financial model to become established and any adjustments in the pricing and service to be made, to ensure it is financially sustainable.
Several other options were considered by the IAF Board and IAF Executive Committee; including, disbanding IAF CertSearch, which could result in loss of reputation, pose a financial risk and cause strategic damage and/or changing IAF’s IT partner, which would create a financial risk for IAF and result in breaking a positive relationship with QualityTrade. Moreover, IAF does not have funds to develop a database with another provider. These options were not considered viable.
The IAF CertSearch Principles are the primary rules describing how the IAFCertSearch database will operate and its relationship to IAF members. These principles are described within a document which is approved by IAF members: Structure for the Management and Operation of IAF Database LLC. Any additions of changes to these principles must be approved by IAF members.
The DMC reports directly to the IAF Board of Directors and it is the key oversight and management body for IAF CertSearch and monitoring the contractual arrangements with QualityTrade. It maintains a project plan for the development of the new business model. The DMC is representative of IAF Membership, but it intends to increase the number of AB representatives to ensure there is one representative from each Regional Accreditation Group. The DMC meets bi-weekly to review progress against the project plan. The IAF Chair and Vice chair meet regularly with QualityTrade to monitor progress.
Quality Trade Pty Ltd is a leading technology company specialising in developing software based technology solely for the Accredited Network. QualityTrade was founded in 2013 and is based in Sydney, Australia. Prior to developing IAF CertSearch, QualityTrade has been working with JAS-ANZ and is the IT Provider for the UKAS certification database. QualityTrade has a legally binding agreement to develop and maintain the IAF CertSearch database. The DMC proposes to replace this agreement with an updated contract for the Operation and Maintenance of IAF Certsearch which can implement a new funding model and new requirements for liability for data security.
As highlighted above the new business model has back-to-back contractual arrangements between CBs, ABs, IAF Database LLC and QualityTrade. These agreements are summarised in as follows:
|Operation and Maintenance of the IAF Global Database of Accredited Certifications||IAF Database LLC and QualityTrade
|Key agreement for development and maintenance of IAF Certsearch including QualityTrade obligations, IAF Database LLC obligations, restriction over data use, data privacy, security and management, financial arrangements, Intellectual Property Rights termination, liability, indemnity, and insurance
|Data Management Agreement||IAF Database LLC and CBs or ABs||Obligations and liabilities for data uploading, security, management and liability, and ownership
|User Agreement Statement||IAF Database LLC and users of IAF Certsearch website||Standard terms and conditions for appropriate use of IAF Certsearch website
Standard privacy controls for users of IAF Certsearch website
Financial Terms and terms of usage of the paid-for Analytical Services and Verification Services
The key features of these back-to-back agreements include:
The Operation and Maintenance agreement describes the new User Pays Funding Model: based on analytic and verification services. Revenue from these services will be shared with QualityTrade to fund hosting and maintenance of IAF Certsearch but the IAF Database LLC will remain a not-for-profit enterprise focused on the promotion of accredited certification.
Future development of IAF CertSearch will be directed by the DMC and will be funded in accordance with the IAF Database LLC and QualityTrade contract (Operation and Maintenance agreement).
The contract can only be terminated by QualityTrade if IAF Database LLC is in material breach of the contract. QualityTrade agrees to underwrite the cost of developing and maintaining IAF CertSearch for a period of five years. This will be vital during the first twelve months as the costs of hosting and maintenance exceed revenue. If IAF Database LLC terminates the agreement with due cause, QualityTrade would grant IAF Database LLC a licence in perpetuity to use the coding in IAF CertSearch and transfer it to another IT Service Provider.
Oversight of the agreements will be maintained by the DMC on behalf of the IAF Board. The DMC is representative of ABs, CBs and Users.
In its contracts with CBs and other users of the database, IAF Database LLC will include language limiting its liability. These limitations include a general exclusion of consequential and other speculative damages and an annual cap on liability. The proposed version of the data management agreement contemplates an annual cap equal to available insurance proceeds. IAF-DB will receive a contractual indemnity from QualityTrade which covers, among other things, failure to maintain information security standards. This indemnity will be backed up by minimum insurance requirements contractually imposed on the database developer/operator.
The DMC is organising a comprehensive engagement program including the following elements.
Options Survey: This survey is a vital part of the process and includes 14 key questions on properties of IAF CertSearch, including funding, participation approach and user-pays services. It concludes with an options assessment which will guide the DMC’s final recommendations to the IAF Board.
Consultation on IAF Database Principles: From the 14th of February, a 60-day consultation exercise will start to gather feedback on the proposed changes to the IAF CertSearch Principles (IAF DB PL1). These principles provide the governing framework on how the IAF Database is managed, including funding and participation requirements.
Feedback will be collated by the IAF Secretariat and will be considered by the DMC in the preparation of the final draft of the IAF CertSearch Principles, which shall be presented to IAF members for a 30-day ballot starting the week commencing the 16th May.
Supporting Documents: As we described at the November General Assembly the new proposed model for IAF CertSearch includes three new agreements and a supporting financial budget. All IAF members can give their feedback on these supporting documents for 30 days from the 14th of February within the IAF online Forum.
Basis for Participation: The basis for participation within IAF CertSearch and technical requirements on ABs and CBs, including guidance on exemptions and sanctions, must be developed by the MLA Committee after the final ballot on the principles. Nevertheless, the DMC appreciates that IAF members will want to understand what the main proposals are prior to the final ballot. To support this, the MLA Chair will be working with the DMC to draft proposals for IAF members to view and give feedback on, within the IAF online Forum.
In May 2022, virtual meetings will be delivered to all IAF members after which IAF Members will be given the opportunity to vote in a 30-day postal ballot to approve amendments to principles within Structure for the Management and Operation of IAF Database LLC which will enable the new model to be implemented.
CBs owns the data on Certified Entities. Data on Certified Entities will never be sold or transferred to any third parties. IAF will own the data analysis derived from the aggregation and anonymization of data from Certified Entities. IAF Database LLC will utilize this aggregated and anonymized data to provide paid-for analytical services to CBs and ABs. These services will be strictly governed by the DMC. Confidential aggregation information on CB market share will not be sold to other CBs.
The data is held on an Amazon Web Services Server in Frankfurt, Germany.
One of the most pressing issues that has thwarted the upload of certification data by CBs has been concerns over data ownership, privacy, data management, and liability. The DMC has already implemented several changes to address these including precluding the upload of personal data (i.e., IAF CertSearch does not include personal contact details of any certified entities). IAF CertSearch also has continuous user monitoring to regulate certification verifications and to block any attempted data mining activities.
All data uploaded by CBs into IAF CertSearch including details of certified entities data shall remain the property of CBs. Therefore, IAF Database LLC has stipulated the highest level of data security that is commercially viable, and QualityTrade is required to secure cyber security insurance with primacy to IAF Database LLC in the event of any claims.
Yes, UKAS commissioned a data security review, by an Independent Cyber Security Assessment from GridCert. The conclusion of this review was: “Existing security measures are appropriate to provide a high level of assurance that Quality Trade, in the operation of the IAF CertSearch database, are using reasonable and proportionate measures to ensure that users’ data is secure, as evidenced through the security review.”
CBs will not be able to see the data of other CBs or see the market share of other CBs. In addition, ABs will not be able to access the data related to their accredited CBs, unless they have uploaded the data themselves.
Certification Bodies can tag individual certificates or organisations as confidential within the IAF Certsearch dashboard or within a special field in the data upload. When an external user searches for these organisations the certification details will not be shown. Users seeking to verify these certificates will be directed to make direct contact with the certification body for further information via a form.
No – this will be managed by IAF Database LLC and is a direct agreement between IAF Database LLC and the CBs for the sole purpose of data management.
This will depend on the current contractual arrangements of each AB. It is not expected that ABs will need to change their contractual agreement with CBs.
No IAF Database LLC will arrange for these agreements to be signed. IAF Database LLC will also keep a record of all of these agreements.
To mandate the upload of certification data to IAF CertSearch there needs to be a mechanism and obligation for AB members to achieve this goal. After discussions with IAF Executive Committee members, it was determined that the following steps would be the most appropriate way forward:
Amend the IAF CertSearch Principles to be approved by IAF Members after consultation exercise. Afterwards, the MLA Committee will create an obligation on the MLA signatories through the amendment of IAF ML4. Clause 4.3 of this document requires each participating body to abide by the terms and conditions of the MLA, with Clauses 4.3.1, 4.4 and 4.5 going further to document the obligations of the AB signatories. It is recommended that these obligations be extended to include the obligation of the AB signatories to mandate the upload of all accredited certification data, by CBs into the IAF CertSearch. This will require a transition period for contractual arrangements to be put in place.
If, for any valid reason (e.g. national regulatory or governmental requirements) an AB or CB is prohibited from meeting these requirements, the AB or CB will need to provide an appropriate justification to either IAF (ABs) or their AB(s) (CBs). These provisions will be included in the amended IAF CertSearch Principles.
Appropriate sanctions on CBs for non-compliance will be defined by each AB. To enable consistency of application by ABs, further guidance will be created by the MLA Committee and DMC on the transition period for implementation and sanctions for CBs.
The minimum data requirements for the CertSearch database include:
Important Note: Personal information is not required for IAF CertSearch and is restricted from being uploaded into IAF CertSearch, i.e., there are no contact names, email addresses or telephone details requested. The only overlap of personal information is where a sole proprietor shares their name with the certified entity.
It is possible to see the level of information which is made displayed on IAF CertSearch by search for a business on www.iafcertsearch.org
There are several mandatory digital databases in existence (e.g. IAQG, FSSC, IATF) which are in many cases operated by Scheme Owners. This reflects the growing need for digital information on certification in key industrial sectors. However, there is a major gap in the marketplace for verification of generic management systems certification, for example in quality, environment, health and safety and cyber-security.
The DMC appreciates that CBs are required to upload into multiple databases. Therefore, it will strive to work with Scheme Owners and other digital database providers so that appropriate certification information can be cross-validated, reducing the need for duplicate uploading. The DMC will ensure that appropriate governance and data protection measures are implemented for such interfaces.
There are four uploading options, two manual and two automated processes.
A video on the upload options can be accessed here:
The upload process includes a data management protocol, where CBs can use either Field Mapping or Data Mapping, in cases where their fields or data is different to what is included in the database, so the CB system does not need to be adjusted.
There is also a dynamic error handling process for CBs which identifies and provides solutions for any issues. This is supported by a competent technical service provider who provides support to any CB in need of technical assistance.
There are currently hundreds of CBs uploading data all with different systems. There are currently 1176 CBs participating, which use the upload processes described above. This process works effectively for CBs who have varying operating systems whether small, medium or large CBs.
The following diagram shows the upload options:
CBs bear their own cost for any internal programming required to their own database to establish any direct interface. IAF will provide free technical support to assist any CB participating in IAF CertSearch
The minimum upload frequency is once a month.
CBs should obtain such permissions and approvals from its Certified Entities as may be necessary to allow the CB to submit Certified Entity Data to the IAF Database. However, most CBs will already have clauses in their customer contracts allowing them to share data to their AB or other third parties for the purpose of certificate verification. The only data that is uploaded is the certification data that is owned by the CB. No personal data is requested for upload into the database, only information relating to which organisations the CB has certified.
IAF Database LLC is the owner of the database and the controller of the information and is contractually obliged to ensure that the data is held and managed securely. A draft copy of this agreement has been circulated for comment through CABAC.
IAF Database LLC will maintain Cyber Liability Insurance Errors and Omissions/Professional Liability Insurance. QT will also cover the same insurance cover.
If, for any valid reason (e.g. national regulatory or governmental requirements) an AB or CB is prohibited from meeting these requirements, the AB or CB will need to provide an appropriate justification to either IAF (ABs) or their AB(s) (CBS). These provisions will be included in the amended IAF CertSearch Principles.
All certified entity data is the property of the CB. ABs and CBs can only access the information they have uploaded. Personnel in IAF will not have access to the data, but the DMC and QT may produce anonymised analytical reports in order to understand the overall utilization and functioning of the database for example to identify data entry errors or to determine the number of participating CBs. No CB can access the data of another CB. An AB cannot access the data of a CB unless it has been responsible for uploading the data. IAF representatives and Regional ABs will not have access to the data.
An AB can’t access the certification entity data of a CB unless it has been responsible for uploading the data. ABs that have uploaded the data to the IAF database should put in place confidentiality requirements to ensure that inappropriate personnel cannot access the database.
A CB can upload certificate information in any language. However to verify the certificate the public user will need to search for the company name in the language that was uploaded by the CB or the certificate number. The CB can also upload an “English Name” and a “Trading Name” and the users can type these names to find and verify the company’s certificate information also.
IAF CertSearch uses translation technology where the user can select their language of choice. The translation tool will translate all text across the site including certification information to the nominated language. This greatly helps the CBs and ABs navigate the site and upload the information and also helps the verifiers use the site in their required language to verify certifications. However as above the Company Name is not translated and the user will need to locate the certificate by searching for the exact company name or certificate number that the CB has uploaded or the English or Trading Name if the CB has uploaded these fields.
CBs can access Analytics services. This is voluntary. The aggregated and anonymised analysis will be presented through a digital continuously updated portal showing infographics on metrics, such as, but not limited to:
Analysis will span across all standards, all accreditation, location, sector and between two dates. CBs will be able view trend analysis for all of their certification, certified entities and certified sites to market trends. CBs will be able to adjust the dates of their analysis as historical data is obtained and see trends over the designated period based on weeks, months and years. CBs will also be able to filter data according to standard, accreditation, location (Global, Region, Country, State (where applicable).
This video demonstrates the analytic features CBs will receive in IAF CertSearch https://youtu.be/2LCGkkIgpwE
The new proposal is that CBs will be offered the opportunity to access an analytic dashboard which will present to them information on their market share and relative growth compared to the market. CBs will be able analyse this data by industry sector, standard, state, country and chart the information over time.
This video demonstrates the analytic features CBs will receive in IAF CertSearch https://youtu.be/2LCGkkIgpwE
The new proposal is that ABs will be offered the opportunity to access an analytic dashboard which will present to them information on the certification trends of their accredited CBs. ABs will be able analyse this data by industry sector, standard, state, country and chart the information over time. This will be helpful to support risk-based assessments and surveillance scheduling.
This video demonstrates the analytic features ABs will receive in IAF CertSearch https://youtu.be/g2hCCPKYXDg
Accreditation Bodies – All participant ABs will receive a free analytical dashboard for their home country (with add-on annual fees for extra territories. Add-on fees approx. $10k USD per AB region (RAG) per annum, $25k USD for a global dashboard). The analytical dashboard will contain analytical certification trends for the CBs accredited by the AB.
Certification Bodies – All participant CBs will receive a free analytical dashboard for their home country (with add-on fees for extra nations. Add-on fees approx. $1k USD per nation per annum or $25k USD for global dashboard). The analytical dashboard will contain analytical trends on relative market share for each standard and industry sector that the CB is accredited for.
Less than 100 verifications per annum will be free of charge (Estimated to be 75% of organisations that will verify). Over 100 verifications per annum will pay for this service based on a sliding scale (approx. average $400 USD to $4k USD per annum).
Supporting Governments, Regulators, and trusted Scheme Owners will receive free verification links and a free analytical dashboard.
The system will support users with certificate verification on a request basis. The services will support organisations to verify certificates across their entire global supply chain, network and borders.
IAFCertSearch will include the following verification services and technical features :
IAF Membership offers several advantages for your organisation and your economy:
Accreditation Body Membership of IAF is open to bodies that conduct and administer programmes by which they accredit bodies for validation/verification and/or certification of management systems, products, processes, services, personnel and other programmes of conformity assessment, providing those bodies are willing to allow their accreditation systems to be used by other IAF Members.
Association Membership is open to organisations or associations representing the interests within an economy, region or internationally, of a like group of entities that engage in, are subject to, make use of, accept or rely on, conformity assessment results from bodies accredited by Accreditation Body Members of IAF, and which support the purpose of IAF.
Regional Accreditation Group Membership is open to associations of accreditation bodies, and possibly other bodies, that cooperate within an identified geographic region to establish and maintain a multilateral recognition agreement based on a peer evaluation system, and represent the interests of accredited entities, industry, users and similar organisations that engage in, are subject to, make use of, accept or rely on conformity assessment results from bodies accredited by Accreditation Body Members of IAF, and which support the purpose of IAF.
Application forms can be obtained by contacting IAF via the Contact Us page.
IAF treats any complaints with the utmost concern and will deal with them expeditiously and in confidence.
In the first instance, complaints against a conformity assessment body should be lodged with that particular organisation. If the matter cannot be resolved within a satisfactory timeframe, the complainant has the right to refer the matter to the local accreditation body. If the complaint still cannot be resolved, then the complaint should be referred to the regional cooperation (if applicable), and then to IAF.
Anyone wishing to submit a complaint should do so by emailing the relevant details to the IAF Corporate Secretary together with any necessary documentation required to substantiate the complaint.
A copy of the IAF mechanism for dealing with complaints is available for information from IAF PR1:2004 Procedure for the Investigation and Resolution of complaints which can be downloaded from Procedure Documents.
Purchasers wishing to confirm the validity of an accredited certification should refer in the first instance to the Certification Body shown on the certificate. The IAF website does not list accredited Certification Bodies. If the address or website of the Certification Body is unknown, this can be found from an internet search or from the Accreditation Body whose Mark should also be found on the certificate.
The address or website of the relevant Accreditation Body can be found in Recognized ABs. Clicking on the Accreditation Body’s name on their entry page will link directly to the website where information on the Certification Bodies accredited by that Accreditation Body should be available.
Selecting the right organisation to carry out your certification can be fraught with unknowns. A certification body that has been accredited by an accreditation body that is a signatory to the IAF Multilateral Recognition Arrangement (MLA) has proven that it complies with best practice. It is competent to deliver a consistently reliable, and impartial and accurate service which meets the appropriate, internationally-recognised standard.
The IAF MLA provides governments and regulatory agencies with a credible and robust framework on which to further develop and enhance government-to-government bilateral and multilateral international trade agreements.
It represents an internationally recognised ‘stamp of approval’ to demonstrate compliance against agreed standards and requirements. Consequently, risk is minimised, as decisions will be based on reliable conformity assessment results.
Many specifiers, such as government agencies, have recognised the importance of credible accreditation programs that are developed against internationally recognised standards. Accreditation and the IAF MLA help regulators meet their own legislated responsibilities by providing a globally recognised system to accept accredited certification, validation and verification.
The longer-term aim is the fully accepted use and recognition, by both public and private industries, of accredited certification and validation/verification, including certificates and validation/verification statements from other economies. In this way, the free-trade goal of “accredited once, accepted everywhere” will be realised.
Accreditation bodies in many economies publish hardcopy or online lists or directories of the certification bodies that they have accredited, together with certification body contact details and information on their scope. Visit the accreditation body website to find out further information, by clicking on your economy under the list of Accreditation Bodies.
Contact individuals for each IAF member organization may be found in the IAF website.
This website contains comprehensive information on the IAF MLA structure, process and a full list of Signatories. Further information is available under the IAF MLA and IAF MLA Signatories sections (Recognised ABs and Recognised Regions)
IAF publishes an annual report which can be downloaded from the Promotional Documents section that details ongoing activities to maintain the integrity and consistency of the IAF MLA.
The scope of the IAF MLA includes two components, main scope and sub-scope.
Currently there are five main scopes for the IAF MLA: Management Systems Certification, Product Certification, Certification of Persons, Greenhouse Gas Validation and Verification, and Validation and Verification.
Sub-scopes are divided into two categories (Level 4 and Level 5), as described in section 4 of IAF PR4: Structure of the IAF MLA and List of IAF Endorsed Normative Documents.
IAF has endorsed the following sub-scopes:
Under Management Systems Certification:
Under Product Certification:
Under Certification of Persons:
Under GHG Validation and Verification:
A main scope means certificates are ‘equally reliable’ because the conformity assessment bodies conform to the same standard.
A sub-scope means the certificates are ‘equivalent’ because the management systems, products, services or persons conform to the same standard.
Accreditation bodies, which have been evaluated by peers as competent, have signed an arrangement, the IAF Multilateral Recognition Arrangement (MLA), that enhances the acceptance of goods and services across national borders.
The purpose of the MLA is to ensure mutual recognition of accredited certification and validation/verification between signatories to the MLA, and subsequently acceptance of accredited certification, validation and verification in many markets based on one accreditation.
Signatories must recognise and support acceptance of certificates and validation/verification statements issued by organisations accredited by all other signatories of the MLA, provided the certificates or statements are issued within the scope of the IAF MLA signatory.
This recognition and acceptance removes technical barriers to trade (TBT) by reducing redundant conformity assessment.
Accreditations granted by IAF MLA signatories should be recognised worldwide based on their equivalent accreditation programs, reducing costs and adding value to business and consumers.