ISO/IEC 17024

Last updated

ISO/IEC 17024: Conformity assessment - General requirements for bodies operating certification of persons is an ISO/IEC standard which specifies criteria for the operation of a certification body for persons. The standard includes requirements for the development and maintenance of the certification scheme for persons upon which the certification is based.

Contents

ISO/IEC 17024:2012

ISO/IEC 17024:2012 was released in July 2012 [1] and was last reviewed and confirmed in 2018. [2] The standard was opened for revision in 2023 and is currently undergoing revision.

This version contains requirements for certification bodies for persons in the following areas:

The major changes between the 2003 version and the 2012 version are within the detailed information regarding the development of the scheme for certification of persons. The 2003 version required the certification body to have a scheme committee that had overall responsibility for the development of the scheme, but it did not elaborate on the components that must be included in the scheme. The 2012 version has an entire clause (clause 8) that provides detailed information regarding the components that must be included in the development and maintenance of the scheme but allows the scheme owner to be outside of the certification body.

Other changes include a change in reference of "personnel certification body" to "certification body for persons", defining of additional terms such as "validity" and "reliability", and the addition of a "principles" section that defines the foundational principles for the standard. [3]

Requirements

This section describes the general requirements for certification bodies. General requirements include criteria for the legal status of the certification body (the certification body must be a legal entity), criteria associated with the financial resources and liability responsibilities of the certification body (the certification body must have sufficient finances to cover its liabilities and for the operation of the entity), requirements regarding the impartiality and impartial operation of the certification body, and requirements that the certification body maintains responsibility for the decision on certification (the decision to award certification to a person cannot be outsourced to any other body).

Structural

This section describes the structural requirements for certification bodies. Structural requirements contain criteria for the organizational structure of the Certification Body for Persons including how it is managed. Specific requirements relating to the structure of the certification body in relation to training is included in this section. Specifically, if the certification body also offers training it must demonstrate how the impartiality of the certification is not compromised by the training.

Resource

This section describes the resource requirements for certification bodies. Resource requirements include criteria for the personnel and staff of the certification body. Specific requirements for persons (both internal to the organization and external to the organization such as consultants and volunteers) involved in certification activities are included as are criteria associated with outsourcing to other bodies. This section also includes requirements for other resources such as examination equipment required to operate the certification activities.

Records and information

This section describes the records and information requirements for certification bodies. The requirements include criteria relating to the records of applicants, candidates and certified persons. Requirements regarding information that must be made public as well as information that must be kept confidential are included in this section and criteria for the information security (exam papers, etc.) are described.

Certification scheme

This section includes requirements for the development and maintenance of the certification scheme. The certification scheme is the competence and other requirements for awarding the certification to a person and includes a scope of certification, job and task description, required competence, abilities (when applicable), prerequisites (when applicable), and a code of conduct (when applicable). Criteria for the initial certification and recertification must be part of the scheme and includes description of the assessment methods, and the criteria for suspending and withdrawing the certification.

Certification process

This section includes requirements for the certification process including criteria for the certification application process, assessment process, examination process, and the decision on certification. Criteria for suspending, withdrawing or reducing the scope of certification and recertification requirements are included in this section. This section also includes requirements for the use of certificates, logos and marks, and requirements associated with appeals and complaints.

Management system

This section requires the certification body to establish, document, implement and maintain a management system capable of supporting the requirements of the standard. A body that has established and maintains a management system in accordance with ISO 9001 and that is capable of supporting the management system requirements of ISO/IEC 17024.

ISO/IEC 17024:2003

Released by the International Organization for Standardization (ISO) in 2003, ISO/IEC 17024 was designed to harmonize the personnel certification process worldwide. [4] In the European Union ISO/IEC 17024 replaced EN 45013 (1989), which was published in the UK as BS 7513:1989.

The issues that ISO/IEC 17024 tackles can be summarized as:

Where competency is typically described as "the demonstrated ability to apply knowledge, skills and attributes".[ This quote needs a citation ]

Guidance

Each accreditation body provides various levels of guidance around compliance and the implementation of ISO/IEC 17024.

Related Research Articles

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) which help organizations ensure that they meet customer and other stakeholder needs within the statutory and regulatory requirements related to a product or service. The ISO refers to the set of standards as a "family", bringing together the standard for quality management systems and a set of "supporting standards", and their presentation as a family facilitates their integrated application within an organisation. ISO 9000 deals with the fundamentals and vocabulary of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. A companion document, ISO/TS 9002, provides guidelines for the application of ISO 9001. ISO 9004 gives guidance on achieving sustained organizational success.

Accreditation is the independent, third-party evaluation of a conformity assessment body against recognised standards, conveying formal demonstration of its impartiality and competence to carry out specific conformity assessment tasks.

Welder certification, is a process which examines and documents a welder's capability to create welds of acceptable quality following a well defined welding procedure.

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

Certified Software Development Professional (CSDP) is a vendor-neutral professional certification in software engineering developed by the IEEE Computer Society for experienced software engineering professionals. This certification was offered globally since 2001 through Dec. 2014.

Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

<span class="mw-page-title-main">Product certification</span> Performance and quality assurance

Product certification or product qualification is the process of certifying that a certain product has passed performance tests and quality assurance tests, and meets qualification criteria stipulated in contracts, regulations, or specifications.

ISO/IEC 17025General requirements for the competence of testing and calibration laboratories is the main standard used by testing and calibration laboratories. In most countries, ISO/IEC 17025 is the standard for which most labs must hold accreditation in order to be deemed technically competent. In many cases, suppliers and regulatory authorities will not accept test or calibration results from a lab that is not accredited. Originally known as ISO/IEC Guide 25, ISO/IEC 17025 was initially issued by ISO/IEC in 1999. There are many commonalities with the ISO 9000 standard, but ISO/IEC 17025 is more specific in requirements for competence and applies directly to those organizations that produce testing and calibration results and is based on more technical principles. Laboratories use ISO/IEC 17025 to implement a quality system aimed at improving their ability to consistently produce valid results. Material in the standard also forms the basis for accreditation from an accreditation body.

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

The Common Criteria model provides for the separation of the roles of evaluator and certifier. Product certificates are awarded by national schemes on the basis of evaluations carried by independent testing laboratories.

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.

ISO/IEC 27006 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Part of the ISO/IEC 27000 series of ISO/IEC Information Security Management System (ISMS) standards, it is titled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.

ISO/IEC 27007 is a standard on Information security, cybersecurity and privacy protection that provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011. This standard is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme. It was published on November 14, 2011, and revised on January 21, 2020.

<span class="mw-page-title-main">International Requirements Engineering Board</span>

The International Requirements Engineering Board (IREB) e.V. was founded in Fürth in Germany in October 2006. IREB e.V. is as a legal entity based in Germany.

The United Kingdom Accreditation Service (UKAS) is the sole national accreditation body recognised by the British government to assess the competence of organisations that provide certification, testing, inspection and calibration services. It evaluates these conformity assessment bodies and then accredits them where they are found to meet relevant internationally specified standards.

The Global Food Safety Initiative (GFSI) is a private organization that works as a "coalition of action" from the Consumer Goods Forum (CGF) and brings together retailers and brand owners (manufacturers) from across the CGF membership. The GFSI operates under multi-stakeholder governance, with the objective to create "an extended food safety community to oversee food safety standards for businesses and help provide access to safe food for people everywhere". GFSI's work in benchmarking and harmonization aims to foster mutual acceptance of GFSI-recognized certification programs across the industry, with the ambition to enable a "once certified, accepted everywhere" approach.

IEC 62443 is a series of standards that address cybersecurity for operational technology in automation and control systems. The series is divided into different sections and describes both technical and process-related aspects of automation and control systems cybersecurity. The series is also known as ISA/IEC 62443 in recognition of the fact that much of the initial development was done by the ISA99 committee of the International Society for Automation.

The European Organization for Quality (EOQ) is an autonomous, non-profit making association under Belgian law, having its legal office in Brussels. EOQ is the European interdisciplinary organization striving for effective improvement in the sphere of quality management as the coordinating body and catalyst of its National Representative Organizations (NR's). EOQ's Network comprises National Representative, Associated, Affiliated members’ and partners’ organizations from 40 countries, reaching up to 70,000 members and 500,000 companies linked to its members.

eCOGRA is a London-based testing agency and standards organisation in the realm of online gambling. The company was established in 2003 in the United Kingdom at the behest of the online gaming industry as the first industry self-regulation system. eCOGRA is a testing laboratory, inspection body, and certification body, specializing in the certification of online gaming software and the audit of Information Security Management Systems.

References

  1. Gasiorowski-Denis, E. (24 July 2012). "New and improved ISO/IEC 17024 standard for personnel certification programmes". ISO.
  2. "ISO/IEC 17024:2012". ISO. Retrieved 27 January 2021.
  3. MacCurtain, S.; Woodley, C. "Presentation of the New Standard:ISO/IEC 17024:2012" (PPT). ISO.
  4. Davies, S. (June 2007). "Easy reference for ISO 17024". Personnel Certification and Training.