Home / FAQ

FAQs

Find a FAQ

What does duplication of materials mean?

ANSWER

A2LA Workplace Training (AWPT) will send course material files electronically, or by mail per request. You may print copies for each course attendee and the instructor from these files. AWPT course materials are proprietary and may not be distributed to anyone who has not registered for the applicable course.

When is my payment due? What are my payment options?

ANSWER

Payment is due at the time of registration. AWPT accepts all major credit cards as well as checks for payment. If you have questions please contact us at 301.644.3235 or via email at info@a2lawpt.org

Are there discounts available for AWPT courses?

ANSWER

Group discounts may be available if multiple employees from the same company register for the same course. For information regarding discounts, please us, at 301.644.3235 or via email at training@A2LAWPT.org.

To receive news about time-sensitive promotions, discounted course bundles, or other cost-saving options, sign up for our mailing list.

AWPT has partnered with A2LA to offer registered A2LA members a discount on courses. To learn about A2LA membership, visit A2LA.org/membership.

Will I receive a certificate of attendance following the course?

ANSWER

How will I get access to course materials?

ANSWER

All course materials, including activities, slides, help documents, and workbooks, will be provided to the learner in digital format either before, during, or after the Virtual Classroom course. For some courses, you will receive a digital course materials via the email address you used to enroll, and for others your instructor will share files with you as they become relevant during the course. How to share materials is at the discretion of individual instructors, based on what they feel is most helpful for the course.

How do I log into my virtual classroom course?

ANSWER

Before your Virtual Classroom course, you will receive an email with instructions detailing how to log into your course, what tools and equipment you might need during your course, and other helpful information. Be sure that the email you use to register is one you have quick access to, as this is where you will receive your instructions, login info, and course materials.

Is the content the same for In-Person vs. Virtual classroom courses?

ANSWER

Yes, learners will get the same valuable educational experience whether they take a course in person or virtually. The only meaningful difference is that Virtual Classroom courses run for different windows of time and utilize different technology than in-person courses.

Can I withdraw from an in-person course due to COVID-related concerns?

ANSWER

Yes. Should any registrant find themselves unable to attend due to COVID-19 pandemic-related restrictions, the registrant may transfer to a future class or request a full refund.

What airports are close to AWPT headquarters?

ANSWER

Airport Code	Name	Estimated Drive Time	Distance to Office
BWI	Baltimore-Washington International [a.k.a. Thurgood Marshall International]	1 hr 10 min	53.5 mi (86 km)
IAD	Dulles International	59 min	43.8 mi (70.5 km)
DCA	Reagan National Airport	1 hr 10 min	49.3 mi (79.3 km)
HGR	Hagerstown Regional Airport	40 min	39.3 mi (63.2 km)

Where will the course(s) be held?

ANSWER

Each course is held at a venue listed under “location” on the individual course page or under “venues” on the full training schedule page of the AWPT website. For those courses held at AWPT Headquarters in Frederick, MD, please contact us, at 301.644.3235 or training@A2LAWPT.org.

Do I need to make my own hotel reservation? Am I required to stay at the listed hotel?

ANSWER

Please call the hotel directly to make your reservation. You may stay at any hotel and are not required to stay at the AWPT-contracted venue. The hotel fee is not included in the training course registration fee. For courses held at AWPT Headquarters, please contact us, at 301.644.3235 or via training@a2lawpt.org for nearby hotel information

Are meals included with my registration?

ANSWER

Afternoon refreshments, drinks and a light snack, are included with registration. You will be responsible for breakfast, lunch, and dinner. A 1-hour lunch break will be scheduled each day for learners to go off-site. AWPT takes great care when selecting individual venues to ensure restaurants/eateries are within walking distance of the venue.

Will I need to rent a car? Is there shuttle service to/from airport to the course venue?

ANSWER

With the exception of courses held at AWPT Headquarters, course venues are chosen so that rental cars are not a necessity. Restaurants and other amenities are located nearby for your convenience. Many hotels offer shuttle service. Please contact the hotel directly to inquire whether or not this service is available. For courses held at AWPT Headquarters, a rental car is recommended due to the distance (approximately 45 minutes) from local airports.

Do I need to bring anything to class?

ANSWER

All course materials will be provided at the start of each course. Blank notepads, notebooks or post-it notes are not provided, however, and learners may wish to bring their own.

Is there a dress code?

ANSWER

No. Most people dress in business casual attire for A2LA WorkPlace Training courses.

Will I receive an official copy of the applicable ISO standard for a custom course?

ANSWER

Licensed copies of ISO standards are not provided for custom courses; however, watermarked copies will be provided.

Can the course content be modified for our organization?

ANSWER

Yes, we allow customizing with all our courses. We can customize to create overview training, or something more specific to your field. There can be additional charges for customizing a course.

When is payment due for on-site training? What are my payment options?

ANSWER

Payment is due by sixty days after the on-site training has occurred. AWPT accepts wire transfers, checks, and all major credit cards.

Will we be billed for everything on the estimate?

ANSWER

We will only bill you for the actual costs incurred, the estimate is simply a general idea of total expenses that could be incurred. The costs charged will never exceed the estimated costs.

When will we receive our course certificates?

ANSWER

Attendees will be asked to register through CVENT and physical certificates will be sent with training materials.

What do you mean by estimated expenses?

ANSWER

Estimated expenses are anything that will be incurred by our instructors for the training. This includes the cost of the training course, hotel, airfare, meals, gas, parking, mileage, car, travel time, miscellaneous, incidentals, etc.

Can we partner with another group in our area to offer custom training?

ANSWER

Yes, but we are only able to invoice one company. Therefore, if you partner with another company and want to split the costs you will have to divide things on your end and send separate payments towards the same invoice.

What is the minimum and maximum number of participants allowed for custom training?

ANSWER

For custom training you must have a minimum of four participants, but no more than twenty-five.

Can one instructor deliver multiple courses?

ANSWER

It depends. Most of our course instructors have been trained to deliver multiple courses. Our technical courses require field specific expertise. Please contact us at info@a2lawpt.org for further assistance.

How do I file a complaint?

ANSWER

In order for us to investigate and assist in resolving your concerns, we ask that you submit as much information as possible about the problem/incident about which you are complaining. Whenever possible, please describe in writing the exact nature of your concern and include names of individuals involved and dates of events. Attach copies of any relevant documentation to support your claims.

There are 3 convenient ways to submit your written complaint to AWPT:

Send an email directly to training@a2lawpt.org
File a complaint online here
Speak directly to a AWPT staff member by calling 301-644-3235

What information do I need to provide A2LA WPT when I file a complaint?

ANSWER

In order for AWPT to investigate and assist in resolving your concerns, please submit as much information as possible about the problem or incident, including the following:

Whenever possible, describe in writing the exact nature of your concern.
Include names of individuals involved and dates of events.
Provide supporting copies of any relevant documentation to support your claims.

4.1.4 - How often must laboratories identify risks to impartiality?

ANSWER

The standard does not state a frequency, nor mandate one be documented by the lab. However, the Standard expects the laboratory to be constantly aware and prepared to identify and manage risks to impartiality.

4.1.4 - What must my laboratory do if we have not identified any risks to impartiality which need a mitigating action?

ANSWER

There are always risks to impartiality (see clause 4.1.3 and Note to this clause 4.1.4 for some examples) and the laboratory is required to identify them, be structured and managed to safeguard impartiality (4.1.1.) However, the Standard does not specify which risks require mitigating action. At a minimum, the laboratory must clearly include a statement in the management review input documentation (see 8.9.2.m) stating that no new risks were identified requiring action. If previous actions were put in place, this is also where the laboratory is expected to discuss the status of effectiveness of those actions (see 8.5.2.b, bullet 2, and 8.9.3.a)

4.1.5 - If a risk to impartiality is identified but no records are in place yet to show mitigating action has been taken, is this a non-conformity?

ANSWER

The Standard does not include expectations on timeliness of records demonstrating mitigation actions.

At a minimum, the risk that was identified must be recorded in the laboratory’s next management review (see 8.9.2.m), and the laboratory must also be prepared to discuss what plan(s) of action are being readied to address the risk (see 8.5.2).

4.2.1 - How are we to tell if our agreement is Legally Enforceable?

ANSWER

‘Legally enforceable agreements” are records of understanding between two or more parties regarding services provided or received. For purposes of this clause, A2LA determines a “legally enforceable agreement” to be a record which indicates responsibilities for maintaining confidentiality and repercussions for breaches of that responsibility.

4.2.3 - What does between the customer and the lab mean in the context of this clause?

ANSWER

If the laboratory were to obtain information about the customer other than from the customer itself, the laboratory shall not reveal this information to any other party other than the customer. The laboratory shall also protect the source of the information if the information about the customer is shared with the customer.

5.1 - What is meant by the term Legally Responsible?

ANSWER

The laboratory may be a public, governmental or private entity, an established business or corporation, or an identifiable division or in-house activity of a business or corporation, which meets the applicable legal requirements of the jurisdiction in which it conducts business.

5.3 - What is the Range of Activities my lab performs? Does this mean my scope of accreditation?

ANSWER

The range of laboratory activities, as defined by the Standard, are those tests, calibrations and sampling activities (with subsequent testing or calibration) a laboratory claims as enveloped under their ISO/IEC 17025:2017 conformant management system. These may be as generic as testing, calibration and/or sampling activities (with subsequent testing or calibration), as specific as particular activities, methods, measurement ranges, etc., or anything in between. This does not explicitly or implicitly reference or require the scope of accreditation. This Standard was not specifically written for accrediting bodies or accreditation.

5.3 - What if a testing lab has the capability and competence to perform a test and it is on their scope of accreditation, but they always outsource this work.

ANSWER

If a laboratory has or has access to all of the resources and processes necessary to perform a test, then the laboratory may claim it as part of the range of activities a laboratory can perform. The laboratory must demonstrate it retains the proficiency necessary to perform the test through an interlaboratory comparison, proficiency test, or demonstrate proficiency during an assessment.

5.3 - What if the CAB has not performed a test on their scope for an extended period, but the test remains on their Scope?

ANSWER

The reason for the statement, “which excludes externally provided laboratory activities on an ongoing basis” was for laboratories that do not maintain the competence and resources to perform the laboratory activity. If the laboratory demonstrates competency and have the resources necessary to perform the activity during the assessment, then this meets the intent of the Standard. In addition to the verification of competency during the assessment, the laboratory may also demonstrate competency through proficiency testing and/or interlaboratory comparisons.

5.5.a - Does the requirement for my lab to define the organization and management structure mean that I have to keep this company outline under document control?

ANSWER

The Standard does not require a document for this clause. However, if the laboratory does document the organization and management structure then clause 8.2.4 applies. Clause 8.2.4 states, “All documentation . . . related to the fulfillment of the requirements of this document shall be included in, referenced from or linked to the management system.”

5.5.b - Is my lab required to document these listed responsibilities and authorities in a job description?

ANSWER

The Standard does not require a job description and, therefore, does not require the responsibilities and authorities to be documented in a job description. See section 6.2 on Personnel for more information on the documentary requirements of responsibilities and authorities.

5.5.c - What does consistent application mean in the context of this clause?

ANSWER

“Consistent application” means that when a procedure is written it must be detailed enough so that when it is performed by competent and authorized personnel, that undocumented steps or variances in its implementation do not adversely impact the validity of the laboratory activities and the validity of results.

5.6 - Are records required for these specific authorizations?

ANSWER

Under this clause, records are not required for specific authorizations. This clause focuses on personnel having the authority to carry out their duties. Authorizations and records thereof are covered in clause 6.2.5.

6.2.2 - Do these competence requirements have to be present in my laboratory’s job descriptions?

ANSWER

Job descriptions are not required in the Standard. Competence requirements shall be documented and controlled within the laboratory’s management system. The Standard allows the laboratory to document its competency requirements in any manner it deems appropriate.

6.2.3 - Is a record required specifically calling out authorization to evaluate deviations?

ANSWER

No, this clause in the Standard does not explicitly require the laboratory to document this authorization. The Standard states, “The laboratory shall ensure that the personnel have the competence . . . to evaluate the significance of deviations.” However, a record would be required, as per 6.2.5 e), for authorizing personnel.

6.2.4 - Is my lab required to keep a special record of communicating duties, responsibilities, and authorities to its personnel, or will their job descriptions function to meet this requirement?

ANSWER

No, the standard does not explicitly call out a record of communication for this requirement since communication may occur in a variety of ways, although many laboratories will keep track of this information communication via “job descriptions,” performance reviews, etc.

6.2.5 f - Does my laboratory have to define the frequency at which we review our personnel’s competence?

ANSWER

No, the Standard does not require “monitoring” to be a “defined” frequency. Frequencies might be defined and/or adjusted by the laboratory or required as part of a contract (7.1), regulatory requirement (5.4), or included as a means of mitigating a perceived risk in this process.

6.3.4 - Does this clause require our lab to keep a record of monitoring or checking facility controls?

ANSWER

No, the Standard does not require, in this clause, that a laboratory keep records of monitoring or checking facility controls.

6.4.7 - What evidence is required to demonstrate the calibration program has been reviewed and adjusted?

ANSWER

There is no requirement to document the review but any adjustments must be identifiable (8.3.2 c.)

6.6.2 - Is there an expected time-period for re-evaluating our external service providers?

ANSWER

No, there is not an expected frequency or time-period for re-evaluating external service providers per the Standard. However, including a frequency or time-period as a means of mitigating a perceived risk in this process may be considered.

7.1.3 - My laboratory performs tests which historically do not require measurement uncertainty estimates (such as those called out under note 1 for clause 7.6.3).

ANSWER

My laboratory performs tests which historically do not require measurement uncertainty estimates (such as those called out under note 1 for clause 7.6.3). If a customer contract requests a statement of conformity for such a test, what must my laboratory do to conform with the requirements related to decision rules?

If the method defines the decision rule and the laboratory follows the method, then the laboratory meets the intent of the Standard. Methods, in many cases, control the measurement process well enough to manage measurement precision and bias, but might not evaluate measurement uncertainty or define a decision rule for conformity statements. At this point, the Standard does not provide examples of decision rules other than Note (ISO/IEC Guide 98-4) but does require that one be selected and shall be communicated to and agreed with the customer. If the laboratory deviates from the method in 7.6.3 (under note 1), the laboratory is required to validate the method (section 7.2) and evaluate the impact on the decision rule as it pertains to making statements of conformance and the decision rule shall be communicated to and agreed with the customer.

7.5.1 / 7.5.2 - Does the standard allow for laboratories to note a measurement result on an item such as a sticky note, transfer the data to a log book, and dispose of the sticky note?

ANSWER

The Standard is silent on the “transfer” of original observations in 7.5 and 8.4. However, in clause 7.11.6 it states that “calculations and data transfers be checked . . .” The form of the original recording need not be maintained in the record system after transfer, i.e., the original form of the record may be disposed if the requirements of 7.5 and 8.4 are met in the system receiving the transferred result.

7.7.1 - If more than one QC activity is appropriate for a particular measurement my lab performs, must we perform both (or more than one) of those activities?

ANSWER

According to the words of the Standard, the monitoring shall include all the activities, that are appropriate to ensure the validity of the tests. Appropriateness is determined by the laboratory and may result in the laboratory choosing to only perform one activity despite the availability and seeming appropriateness of other options.

7.7.2 - There are no commercially available proficiency testing programs offered for the tests on my scope of accreditation.

ANSWER

There are no commercially available proficiency testing programs offered for the tests on my scope of accreditation. How can my laboratory meet the requirement (7.7.2.b) for participating in interlaboratory comparisons other than proficiency testing if we are concerned with confidentiality and do not have a corporate branch structure of laboratories in place?

There may be reasons for which a laboratory is not able to assemble or participate in ILCs. In the event the laboratory can justify the position that relevant and available interlaboratory comparison programs do not exist, the laboratory must still perform intra-laboratory comparisons (see 7.7.1). For example, if it is not appropriate for a laboratory to share artifacts with their competitors due to intellectual property or proprietary reasons or if the test method is proprietary, then the laboratory shall employ the means it used to validate the method, see 7.7.1.

7.8.2.1 - Does the valid reason for not including topics in a final report mean reports could be extremely void of the typical information?

ANSWER

Yes. It is important to remember, however, clause 7.8.1.3 states, “Any information listed in 7.8.2 to 7.8.7 that is not reported to the customer shall be readily available.”

7.9.2 - Does the description of our complaint handling process need to be made publicly available?

ANSWER

No, the Standard does not require the “complaint handling process” be “made publicly available.” The Standard requires that it “be available to any interested party on request.”

8.2.1 - Is there a record of acknowledgment needed for this clause?

ANSWER

No, this clause does not require a record of acknowledgement. Communication of policies and objectives may occur through many avenues and so follows the acknowledgement by the recipients of the communication.

8.3.2 - Am I required to keep records showing that I have periodically reviewed my controlled documents?

ANSWER

No, the laboratory is not required to record that it periodically reviewed controlled documents. The Standard only requires the laboratory to “ensure” they are periodically reviewed (see 8.9.2 c) and records regarding the suitability of policies and procedures).

8.5.2 - Are records of planned and implemented actions to address risks and/or opportunities required by the standard?

ANSWER

Yes, the records might appear in any number of areas but, as a minimum, are required as part of the management review (8.9.2 and 8.9.3).

Who determines the adequacy of my organization's liability coverage arrangements?

ANSWER

In some cases there may be contractual obligations which detail the minimum amount of coverage or there may be requirements imposed by the regulators for which the inspections are being performed or by the inspection scheme owners.

In the absence of such requirements, the inspection body is responsible for determining what “adequate” levels are with respect to having liability coverage arrangements. As exemplified in this clause, such arrangements can include insurance or cash reserves. A2LA assessors may raise questions about the adequacy of the coverage and how the organization arrived at the decision this was adequate coverage. Additionally, A2LA assessors may raise questions about coverage for certain aspects of the inspection activities which are normally excluded from insurance policies and write a deficiency if the policy will not cover accredited activities; an example of this would be a policy that did not cover data breaches for an organization that provide cyber security assessments.

Who is considered to be top management?

ANSWER

For all types of inspection bodies, top management is considered to be those individuals who have the authority and can provide the resources necessary to make changes to any aspect regarding the inspection activities. Although it is up to the organization to identify top management, it is important that these individuals lead the management review and that it be clear in the records.

What constitutes evidence of commitment by top management?

ANSWER

For either independent or in-house inspection bodies of larger organizations, top management is considered to be those individuals who have authority and can provide the resources necessary to make changes to any aspect within the inspection body. It is, therefore, important that these individuals participate in the management review, stress the importance of meeting customer requirements and ensure integrity of the management system. Evidence that proper resources are allocated to the performance of appropriate and effective internal audits, management reviews, etc. could also be considered evidence of top management’s commitment to its management system. As a result, records demonstrating top management’s participation in these functions could be considered evidence of compliance with this particular section of the standard.

What does A2LA consider to be external documents that my organization must control under our document control procedure?

ANSWER

For the purposes of A2LA accreditation, accredited Inspection Bodies are required to own or have direct access to, and have under their document control system, current versions of the normative documents that are vital to maintaining their accreditation and to perform their inspection activities.

These documents include all relevant regulations, standards and/or technical methods, etc. related to the inspection activities. Additionally, ISO/IEC 17020:2012, general A2LA policy documents, and the specific A2LA program requirement documents relating directly to their field of accreditation. A2LA does not consider “terminology documents”, such as ISO/IEC 17000 and the VIM, to be normative documents that an organization must control within their system.

For inspection bodies the A2LA normative documents are as follows:

R301 – General Requirements: Accreditation of ISO/IEC 17020 Inspection Bodies
R102 – Conditions for Accreditation
R105 – Requirements When Making Reference to A2LA Accredited Status
P102 – A2LA Policy on Metrological Traceability (only when inspections require the use of traceable measuring equipment) or
P113 – A2LA Policy on Measurement Traceability for Life Sciences Testing and Forensic Conformity Assessment Bodies (CABs)(for Forensic organizations)
ILAC P15-Application of ISO/IEC 17020:2012 for the Accreditation of Inspection Bodies (This document can be found at ILAC.org)

Specific program requirements (examples):

R310 – Specific Requirements: Special Inspection Agencies Inspection Body Accreditation Program (only for special inspection agencies)
R311 – Specific Requirements: Federal Risk and Authorization Management Program (only for FedRAMP)
R318 – Specific Requirements: Forensic Examination Accreditation Program (only for forensic inspection)
R332 – Specific Requirements: NFPA Field Evaluation Bodies (only for NFPA field evaluation bodies)

What is the minimum amount of time I must retain records?

ANSWER

In some instances external requirements, standards and specifications provide specific requirements for the retention of records. If there are no specifics provided then per A2LA requirement document R102-Conditions for Accreditation, item 4 states, “Retain all quality records and technical records supporting reported results throughout the period between A2LA full assessments bearing in mind that adequate records must be available to demonstrate full compliance with the requirements for accreditation.” Therefore, at minimum records shall be retained for the period of time from one full assessment to the next.

Can the results of an external audit be accepted as part of or entirely in place of an inspection body’s internal audit?

ANSWER

No. ISO/IEC section 8.6.3 requires that the inspection body conduct internal audits. With the understanding that it is the inspection body’s responsibility to conduct their own internal audit, third party audits of the organization are not acceptable for meeting any portion of this requirement of the standard. Only internal audits completed by the inspection body staff or contracted consultants of the organization are acceptable.

My internal audit process consists of only completing the A2LA C301 checklist-is this sufficient to demonstrate a complete internal audit?

ANSWER

Not necessarily – The standard calls for the inspection body to “verify that it fulfills the requirements of this International Standard, and that the management system is effectively implemented and maintained.” An inspection body must provide evidence that their internal audit consists of at least the following:

Determination of compliance with all ISO/IEC 17020 requirements
Determination of compliance with all policies, procedures, inspection processes, instructions, etc. that form your management system
Determination of compliance with all relevant A2LA policies and requirements.

This can be done on the C301 checklist by confirming compliance and providing detailed notes on the objective evidence reviewed in making that determination. Where such detailed information on the C301 is not provided, the inspection body must maintain additional evidence that all requirements noted above were audited.

What is meant by determining the causes of nonconformity and how do I go about this?

ANSWER

Determining the cause of nonconformity is deemed equivalent to root cause analysis. Root cause analysis can be the most challenging part of the corrective action process and should be used as a tool for continuous improvement, which may reduce or eliminate the likelihood of future deficiencies. Understanding why an event occurred is the key to developing effective corrective actions. In some cases, the root cause is singular and easily discerned; in most cases it is not, and there may be multiple root causes. Because of this, there is no single ‘recipe’ that can be followed. While it is impossible to create a procedure that would apply to all scenarios, there are some guiding principles which can be employed, the most important of which is that the root cause should address the question: “Why did this deficiency occur?”. Other point to consider:

Statements of root cause which are essentially a restatement of the nonconformity provide no new information beyond the facts of what was found and are not considered to be an acceptable response.
Each non-conformance should be evaluated independently.
While each non-conformance and its associated root cause should be approached individually, trends in the identified root causes for a group of non-conformances is a strong indicator that further investigation is needed. For example, upon conclusion of an assessment during which 8 non-conformances were cited, it is determined that the root cause of 6 of the 8 non-conformances pertain to employee training. In this example, additional investigation into the employee training program would be prudent and should be evident in a response.

Additional resources that may be of help are found at:

Presentation on Root Cause Analysis”, found under “A2LA Guidance Documents” in the Document Finder on the A2LA website.
The February 2007 Issue of the A2LA Newsletter, found under the “Publications” tab, and “Newsletter Archive” menu item on the A2LA website.

Our parent company has a division which offers consulting services on both the types of products our Certification Body certifies, as well as product types that we do not offer certification for. Is this allowed, and if so, under what restrictions?

ANSWER

CASCO, the ISO Committee responsible for issues relating to conformity assessment policies and standards, has indicated that it is permissible for a Certification Body to offer consulting services in certain situations so long as the risks to the CB’s impartiality are identified and shown to be eliminated or mitigated in such a manner as to show that the CB has erred on the side of caution.

A2LA’s expectations on these scenarios are as follows:

1) In the case where the CB’s parent company offers consulting on the types of products being certified, two situations exist:

1.A) Offering of consultancy on the product types the CB certifies to NON-CERTIFICATION CLIENTS – A2LA considers this to be a 100% risk to the CB’s impartiality which must be documented and eliminated, with supporting records of the identification, elimination, and ongoing monitoring of the risk. At a minimum, A2LA expects to see the CB document how it ensures that the consulting client does not become a certification client for the types of products certified by the CB. Additional elimination and mitigating actions are at the discretion of the CB, but due to the significant risk to impartiality such a scenario presents, this minimum threshold must be met for this situation.

1.B) Offering of consultancy on the product types the CB certifies to clients which are, or intend to be, certification clients – This situation is expressly prohibited under clause 4.2.6 of ISO/IEC 17065. It is inherent that the CB ensure that its parent company consulting division is aware of existing or likely certification clients to prevent this non-conforming situation from occurring.

2) In the case where the CB’s parent company offers consulting on product types that are NOT being certified, the CB must still document this clear risk to its impartiality, and provide evidence of elimination / mitigating actions to ensure that the CB’s impartiality is not compromised.

The ISO/IEC 17021-1 (2015) standard (for Management System Certification Bodies) offers more information on the concepts and principles of impartiality (for example, see ISO/IEC 17021-1 section 4, and clauses 5.2.7, 7.3, and 9.1.1.e), as well as potential ideas for mitigating risks to impartiality, that a Product Certification Body may wish to consider implementing or augmenting.

A2LA assessors will not expect that an ISO/IEC 17065 accredited Product Certification Body follow these 17021-1 requirements for mitigating risks, unless the certification scheme requires the CB to implement them. However, in all cases, the offering of consultancy of any kind by the CB and/or its parent company is an acknowledged risk to the certification body’s impartiality (however minimal that risk may be), and is expected to be identified and mitigated with supporting records. The Certification Body must err on the side of protecting its impartiality in all situations.

My Certification Body operates under a larger corporate umbrella, and we send portions of our Evaluation work to another department in the corporation. Is this considered “outsourcing” the work to an outside body?

ANSWER

Note 2 of clause 6.2.2.1 states “Use of external personnel under contract is not outsourcing.”

If there exists a properly executed agreement (e.g. contract) between the department/personnel in question and the Certification Body which meets the requirements of clause 6.1.3, then no, the example given does not constitute “Outsourcing” of activities by the Certification Body. (This documentation also answers the question, “Is the resource under the direct control of the Certification Body?” for purposes of judging whether or not the entity in question is an Internal Resource of the Certification Body – see clause 6.2.1)

If the documentation linking the other department or its personnel to the Certification Body does not meet the requirements called out under clause 6.1.3, or if the Certification Body cannot provide evidence that the additional requirements stated under clause 6.1.2 are met for the personnel in question, then the actions taken by the Certification Body are considered “Outsourcing,” and the Certification Body must demonstrate that it complies with the requirements related to Outsourced activities.

My certification body outsources our evaluation activities to an ISO/IEC 17025 accredited testing laboratory. Can we leverage the status of this laboratory’s accreditation as our means of qualifying, assessing, and monitoring this external resource?

ANSWER

The NOTE below clause 6.2.2.4 clarifies when a Certification Body may utilize accreditation as part of their qualification, assessment, and monitoring of an external resource.

In summary, A2LA permits a Certification Body to reference an external resource’s accreditation (e.g. to ISO/IEC 17025) only if this is clearly allowed within the scheme(s) being operated, the resource’s scope of accreditation is applicable to the evaluation activity being performed (including appropriate test or inspection methods), and the Certification Body has a documented frequency and supporting records for verifying the accreditation status.

If the scheme does not mention allowing the Certification Body to rely on accreditation without other qualification / assessing / monitoring activities of their own, A2LA requires the Certification Body to clearly state in their required policies and procedures how the qualification / assessing / monitoring activities are undertaken, and to keep records showing that those actions have been undertaken for all approved providers of outsourced services.

My organization issues a blanket statement on our contracts which states: your product may be sent to an outside laboratory for testing in the event we are unable to perform timely evaluation – does this meet the requirements of the standard?

ANSWER

Clause 6.2.2.4(f) requires the certification body to notify the client in advance of subcontracting in order for the client to have the opportunity to object to that action. A2LA understands that certification bodies may not always immediately know what outside entity will be used to perform evaluation tasks when taking on an application.

At a minimum, the certification body may issue a blanket statement (or make known in some other clear manner) of possible subcontracting to its clients and potential clients. The client then has an opportunity to object to the use of external resources, or to request clarification on the matter. If clarification is requested, the certification body is expected to answer the client’s question, and identify the potential entity that would be used before the evaluation activity takes place in order to allow the customer the opportunity to object to the use of that particular external resource, while still accepting the possible use of a different external evaluation resource.

Records of correspondence are required to demonstrate that the CB has given adequate notice to the client and, if necessary, has identified the specific subcontractor if so requested.

The critical idea in this clause is that the CB has given the client a reasonable opportunity to object to the use of outside evaluation resources, whether that be objecting to a specific entity (such as a chosen test lab) or objecting to the entire concept of outsourcing. (Note that ISO/IEC 17065 does not explicitly require the certification body to receive a written approval from the client to initiate the subcontracting, but it may be beneficial for a certification body to attempt to obtain this documented approval.)

Is Application Review considered part of the Evaluation stage in the Certification Process, such that my Application Reviewer cannot also be a formal Reviewer (per Section 7.5) or Certification Decision Maker (per Section 7.6)?

ANSWER

The Application Review stage of the certification process is a very fine line for Certification Bodies to walk when considering duties assigned to its personnel. The Application Review cannot be automatically assumed to be an Evaluation activity without further examination by an assessor. The assessor will sample certification records and will interview various persons within the Certification Process in order to collect evidence demonstrating whether or not the person taking part in the Application Review has performed activity which is considered Evaluation.

When the tasks performed by the Application Reviewer are found to be administrative in nature only (e.g. requesting missing pages from an evaluation report, requesting a missing signature on the certification agreement, or requesting a sample of the product to be certified), then no, the Application Reviewer is not considered as having performed any Evaluation tasks.

However, any work performed by the Application Reviewer which results in the selection of a product to be certified, or which results in data/information that is or could be used in determining whether or not a product meets certification requirements, is considered part of the Evaluation process. This work would then preclude the Application Reviewer from taking part in the formal certification Review (7.5) and Decision (7.6) phases of the certification process.

A client has asked us to certify a new product which we have not certified before, but this new product is somewhat similar to ones we have been certifying in the past. How do we determine whether or not we have “prior experience” with the new product we

ANSWER

The Certification Body should compare the new product to be certified against those with which it has similar experience by examining the schemes (if different) used for performing the certifications, the technologies inherent in the products, the evaluation techniques which must be implemented to characterize the product to determine its compliance with the requirements in the certification scheme(s), and the technical knowledge of its own personnel in order to ensure that a knowledgeable review and decision on certification can ultimately be made.

The NOTE under this clause gives excellent guidance for the Certification Body to consider when comparing the new product they are being asked to certify against products they have certified in the past. Similar comparisons should also be made when a new certification scheme or new normative document (such as a different evaluation specification) is introduced to the Certification Body by their client.

If the certification body determines that the new product is of the same type as ones with which it has previous experience, no records are needed, but the Certification Body may be asked to explain its rationale in determining that the new product is of the same type as ones that were previously certified.

If the Certification Body cannot explain this rationale to an assessor’s satisfaction, a deficiency may be cited if the assessor can justify that a certification was not “of the same type” as certifications previously granted by the Certification Body (for example, by showing that the new product has substantial differences in technical underpinnings from those the Certification Body used in its comparison).

A2LA NOTE: Performing certifications against schemes and underlying technical standards not shown on the Certification Body’s Scope of Accreditation cannot be claimed as Accredited work in accordance with A2LA R105 – Requirements When Making Reference to A2LA Accredited Status. A2LA does offer a “F330 – Request for Expansion of Scope of Accreditation – Product Certification” form for Certification Bodies wishing to expand their Scope of Accreditation for situations such as these. The Certification Body must fill out and have the Scope expansion request approved by A2LA and their most recent assessor before offering these certifications as Accredited.

What type of records are required to justify our organization’s competence and capability to perform a certification we have not performed before (such as called out in clause 7.3.2)?

ANSWER

A2LA does not specify what form a record must take that would offer justification for undertaking a new type of certification. However, the records must show that the Certification Body has performed an analysis of the new certification to be performed, and compared the requirements of the new certification against the existing experiences and competencies of its resources to perform similar certifications, as well as verifying that the certification body is capable of performing the certification activities required by the new certification being undertaken.

The justification records should be sufficiently detailed such that the assessor can reach the same conclusions that the certification body reaches with respect to moving forward with the new certification. An assessor may cite a deficiency if there is, in his or her opinion, insufficient information in the justification records for undertaking the new certifications, or supporting evidence that the certifications were improperly granted as a result of insufficient or improper justification.

Clause 7.6.4 seems to indicate that my organization MUST have organizational control over some entity. Is this the correct reading of this clause?

ANSWER

A2LA reads clause 7.6.4 to be more of a definition of what Organizational Control IS, rather than something a Certification Body must exert. As such, there are many instances where Organizational Control will not come into play for a Certification Body. There are three clauses in the standard which reference Organizational Control of an outside entity by the Certification Body. A2LA assessors are instructed to examine how each Certification Body implements the following clauses, and, if no related bodies are utilized in the implementation of these steps, then clause 7.6.4 is Not Applicable for the Certification Body.

7.6.3: The Certification Body is permitted to essentially “outsource” the certification decision, but only if the person/group of persons making the decision is employed by or contracted to the Certification Body itself, or an entity that the Certification Body holds more than 50% control in. If the person/group making the decision is not employed or contracted by the CB or an “organizationally-controlled” entity, the CB cannot utilize that person or group to make the final certification decision. Note that committees are excluded from this clause by virtue of the requirements in clause 5.1.4 of the standard.

4.2.6: Any entity which the Certification Body has Organizational Control over is not permitted to design, manufacture, install, distribute, or maintain the product being certified. The Certification Body must be prepared to explain how they are ensuring that all related entities which are under Organizational Control are not performing any of these actions. Related entities NOT under Organization Control are not subject to these requirements, but are instead subject to examination for risks to impartiality under clauses 4.2.3 and 4.2.7.

7.6.5: The Certification Body must be able to demonstrate (with supporting record evidence) how it ensures that personnel in entities under organizational control are fulfilling the ISO/IEC 17065 requirements. Fulfillment of these requirements includes (but may not be limited to) requiring the existence of a contract with those personnel which meets the requirements of clause 6.1.3.

The certification scheme our organization operates does not include any guidance on the information that must be made available to the public about certified products. Is our organization allowed to make no information available in this case?

ANSWER

There is a defined minimum amount of information required in clause 7.8 which must be published or made available upon request even if the scheme is silent on this subject. This minimum is “information … about the validity of a given certification,” as outlined in the final sentence of this clause (e.g. by answering “Yes, that is a valid certification”).

The certification body may certainly go above and beyond the scheme in making information publicly available, but must meet the requirements in section 4.5 of ISO/IEC 17065 (confidentiality) in those instances.

The certification scheme our organization operates uses a certification mark for ongoing certification, but is completely silent on the actual surveillance actions to be taken. How is this to be handled so that we meet the requirements of clauses 7.9.1 an

ANSWER

While Note 2 under clause 7.9.1 indicates that criteria and processes for surveillance are to be defined by the certification scheme, A2LA realizes that many schemes are not written (or have not been updated) sufficiently to address the needs of the certification body.

In the case of a certification scheme being silent on any of the requirements for surveillance (e.g. frequency of surveillance, actions to be taken, percentages of certified products to be reviewed, etc.), and assuming that the Scheme Owner does not respond with any objective instruction for the certification body, A2LA requires the certification body to clarify how the surveillance will be performed, using a process similar to that called out in clause 7.1.3 for creating explanations for certification requirements. This information is then also to be made publicly available (upon request) pursuant to clause 4.6.a, as it relates to the certification scheme(s) being operated by the certification body.

The certification body must, at a minimum, define the actions taken to establish appropriate surveillance activities related to the product (e.g. how many products will be included, how they are to be acquired/selected, etc.), define the frequency of surveillance activities (e.g. per calendar year, in the first quarter of every year, etc.), and define the requirements which the product must meet (e.g. the product must meet original certification requirements in order to continue certification). The examples given in this paragraph are not meant to be all-encompassing, but should be taken as guidance in considering how to address the needs of the certification body and the ISO/IEC 17065 standard.

Additional guidance can be found in ISO/IEC 17067 for surveillance activities. A2LA encourages the use of this International guidance document for Certification Bodies which need to define their own surveillance activities.

Our organization is considering operating a scheme where the scheme owner notifies the clients of changes to the certification requirements themselves, and does not require any re-verification of compliance until the current certification expires. Does cl

ANSWER

Clause 7.10.1 is required to be implemented by all certification bodies, regardless of what changes and subsequent action (or inaction) is stated by the scheme.
In all cases of certification changes, it remains the responsibility of the accredited certification body to be aware of these changes, to gain assurance that the changes have been communicated to clients in some manner, and to take some action to verify that the changes have been implemented by its clients. If the scheme specifies any further actions, such as mandating immediate re-evaluation of any certified product, then the certification body has further tasks to undertake.

In the case of a scheme owner sending out email notifications, actions taken by the CB to assure themselves that the communication has taken place may be minimal (but caution should still be taken in the event that a client is not receiving those notifications). In other cases, such as the CB being the scheme owner, a notification blast (e.g., via email or letter) to all clients could be submitted as evidence of the steps the CB has taken to comply with this requirement.

With regard to actions taken to verify implementation, these will depend on the instructions included (or not included) by the scheme owner. This might include re-evaluation of certified products (as mentioned previously), a re-review of currently certified product documentation and evaluation results to verify that the product continues to comply with certification requirements, an audit of client facilities, or even a simple evaluation of products at the next scheduled certification renewal point without taking immediate action.

However, in the event that the scheme or scheme owner is silent on actions to be taken, the certification body is still required to take some action of their own choosing to verify implementation of the changes by the client. This could include (for example) an analysis of the changes to determine whether or not re-evaluation is necessary, with a record of this analysis being kept. If any action is necessary, as per clause 7.10.3, it shall be performed in accordance with the appropriate part of section 7 of the standard, with records kept of those activities as required by section 7.12.

The certification scheme operated by my organization requires that we re-evaluate products on a four month cycle. Does the language in this clause mean that we only have to keep records for 8 months total, in order to meet the “current and previous” cycle

ANSWER

Clause 8.4.2 of the standard indicates that the Certification Body’s procedures for record retention must be consistent with any contractual and legal obligations. Those legal and contractual obligations would take precedence over the shorter retention cycle given in the example above.

Above and beyond any legal or scheme obligations for record retention, A2LA requires, as one of the Conditions and Criteria for Accreditation (A2LA R102 – Conditions for Accreditation, clause 4), that the accredited (or applicant) organization must keep copies of records for the entire time period between on-site assessments. Legal and scheme obligations may require longer retention periods, but under no circumstances may the Certification Body dispose of records in any shorter time period.

How should my organization demonstrate compliance to this clause if we receive an anonymous complaint?

ANSWER

In many instances, it may not be possible for a certification body to give a formal notice of complaint resolution to the complainant; one such example is if a complaint is received anonymously. Other examples where it may not be possible to formally notify a complainant could include the complainant not leaving any contact information for receiving feedback, or the complainant changing contact information either voluntarily (i.e. relocation) or involuntarily, (i.e. being dismissed from an employment position).

Possible evidence which would show that the certification body has performed their due diligence when the complainant is unreachable could include records of attempted emails with read receipts, phone logs, voicemails, certified postal mailings, or generalized resolution notices to alternate persons that are known to be related to the original complainant.

These examples, are not intended to be all-inclusive, nor are they mandatory actions that must be undertaken by the Certification Body.

Ultimately, the Certification Body must show evidence that they have done reasonable due diligence in attempting to contact or locate the original complainant, and these examples may be useful when considering what actions to undertake to notify the complainant of the outcome. In all cases, these attempts to contact the complainant must be part of the records associated with complaint resolution as required by clause 7.13.1.

What does A2LA consider to be “External documents” that my organization must control under our document control procedures?

ANSWER

For the purposes of A2LA accreditation, accredited Certification Bodies are required to own or have direct access to, and have under their document control system, current versions of the normative documents that are vital to maintaining their accreditation and to perform their certification activities.

These documents include (in addition to relevant regulations, standards and/or technical methods, etc.) ISO/IEC 17065:2012, general A2LA policy documents, and the specific A2LA program requirement documents relating directly to their field of accreditation. A2LA does not consider “terminology documents”, such as ISO/IEC 17000 and the VIM, to be normative documents that an organization must control within their system.

For example, a Telecommunications Certification Body (TCB) would be expected to possess (or have direct access to) and have under its document control system current versions of the following A2LA documents:

R307 – General Requirements – Accreditation of ISO-IEC 17065 Product Certification Bodies
R105 – Requirements When Making Reference to A2LA Accredited Status
R102 – Conditions for Accreditation
R308 – Specific Requirements – 17065 – Telecommunication Certification Body Accreditation Program

Furthermore, such a TCB would be expected to control copies of all test methods called out in the certification schemes being operated, as well as copies of the schemes themselves.

I am a Certification Body getting ready to apply for accreditation to ISO/IEC 17065, do I have to perform a complete Management Review before I can become accredited?

ANSWER

No, A2LA does not require that a complete management review be done prior to accreditation. The records from your management review and any evidence of implementing actionable outputs shall be available for review at the time of the initial assessment and will be reviewed and confirmed during your surveillance assessment.

I am a Certification Body getting ready to apply for accreditation to ISO/IEC 17065, do I have to perform a complete Internal Audit before I can become accredited?

ANSWER

No, A2LA does not require that a complete internal audit be done prior to accreditation. Your documented internal audit program and any evidence of implementation shall be available for review at the time of the initial assessment and the progression of your audit per your audit schedule will be reviewed and confirmed during your surveillance assessment.

My internal audit process consists of only completing the A2LA C309 checklist – is this sufficient to demonstrate a complete internal audit?

ANSWER

Not necessarily – The standard calls for the certification body to “verify that it fulfills the requirements of this International Standard, and that the management system is effectively implemented and maintained.” (emphasis added) A CB must provide evidence that their internal audit consists of at least the following:

Determination of compliance with all ISO/IEC 17065 requirements;
Determination of compliance with all policies, procedures, instructions, etc. that form your management system;
Review of all Certification Process steps (i.e. application, evaluation, review, decision, certification documents, and surveillance, where applicable); and,
Determination of compliance with all relevant A2LA policies and requirements.

My Scope of Accreditation includes multiple product types under a larger scheme. Does my internal audit have to include every product type on my Scope?

ANSWER

At a minimum, A2LA requires each scheme for which the certification body is accredited to be included in their Internal Audit in order to ensure that the steps in the certification process, as well as the CB’s management system requirements are being properly implemented across all certification schemes offered.

The Internal Audit is considered incomplete if the organization fails to include all schemes during its internal audit. It is not required that every product type be addressed in one internal audit cycle, but it is recommended that different product types be reviewed from audit to audit.

As a reminder, Clause 8.6.2 requires the internal audit program to take into account previous audit findings – if any findings related to a specific product type were found at a previous audit, those must be taken into account when planning the current internal audit.

What does the standard mean when it says that my internal audit shall normally be performed at least once every 12 months?

ANSWER

A certification body’s initial internal audit schedule should show that internal audits will be performed once in a 12 month period (or show that one full audit will be performed over a rolling 12 month period).f the certification body feels that they need to initially schedule more frequent audits, or if the results of any audit show the need to schedule a subsequent audit sooner than 12 months, the certification body should not hesitate to adjust their schedule accordingly.

Regardless of the period or frequency defined, any changes to the schedule of the audits as well as the rationale behind the decisions to change, must be documented and kept under record control by the certification body.

Any changes to reduce the frequency (that is, make the time span between internal audits longer) must be supported by records that demonstrate ongoing stability and effectiveness of the management system.

Is my organization required to keep records of training for our internal auditors?

ANSWER

Clause 8.6.4(a) requires internal auditors to be competent in three areas – knowledge of the standard, knowledge of the certification process, and knowledge of auditing. The determination of auditor competence levels (that is, what an auditor needs to do to show they are “knowledgeable”) is the responsibility of the certification body, and records are required by A2LA to show that the auditors have demonstrated their knowledge to the certification body for whichever of the three aspects they are responsible for covering during an audit.

What does the standard mean when it states that my organization must ensure that any actions resulting from our internal audits are taken in a timely and appropriate manner?

ANSWER

A2LA cannot define what “timely and appropriate” means for its certification bodies. The intent of this clause is for the organization to take action as soon as they are able, in order to ensure that the organization’s quality system is running smoothly, and that the certifications being offered are not negatively impacted. An assessor may cite a deficiency if there is evidence that the quality system or offered certifications are being affected by lack of action on an internal audit finding. The certification body is still responsible for meeting all requirements related to corrective actions (section 8.7) and preventive actions (section 8.8) when acting upon their internal audit findings.

What is a Legally Enforceable Agreement, and will my assessor be responsible for determining its legality?

ANSWER

For purposes of this clause, A2LA determines a “legally enforceable agreement” to be any signed or sign-able record between the certification body and its client/customer which meets the requirements of clause 4.1.2.2, and which (as stated in 4.1.2.1) takes into account the responsibilities of the two parties in that agreement. This record can be known by any name, but is typically referred to as a “Contract” for ease of reference.

A2LA assessors will not be determining, nor can they be held responsible for, the legality of the certification body / client agreements. Their purpose is solely to find facts as to whether or not an agreement is in place which accounts for the responsibilities of the two parties and the client compliance requirements listed in clause 4.1.2.2.

Does our Certification Agreement need to list who is responsible (our organization, or the client) for the evaluation of a product when the scheme allows or requires the product to be evaluated before an application for certification can be filed? Or is a

ANSWER

Historically, verbal agreements are difficult, if not impossible, to legally enforce. As such, because the Certification Agreement must be legally enforceable and must address the responsibilities of each party, A2LA requires that the responsibilities of the client with regard to any evaluation of the product performed prior to filing the application for certification be clearly outlined in writing in the Certification Agreement. This is also encompassed by clause 4.1.2.2.c.1 which requires the client to “make all necessary arrangements for… the conduct of the evaluation and surveillance (if required)…”

Is our organization required to keep records of all of the risks to impartiality we have investigated, even those which were determined not to be actual risks?

ANSWER

The standard requires the certification body to keep records of risks to impartiality that have been eliminated or mitigated, via clauses:

4.2.4 (the CB shall be able to demonstrate how it eliminates or minimizes such risk; the information shall be made available to the mechanism specified in 5.2),
5.2.1.c (the mechanism (for safeguarding impartiality) shall provide input on… matters affecting impartiality…), and
8.5.2c (inputs to the recorded management reviews shall include … feedback from the mechanism for safeguarding impartiality)

Who determines the adequacy of my organization’s liability coverage arrangements?

ANSWER

Are expedite fees or volume discounts on certification fees considered discriminatory or undue financial conditions?

ANSWER

In order for expedite fees or volume discounts (or other financial considerations between certifier and client) to be considered non-discriminatory and justifiable, the availability of such fees and discounts should be made known to all potential clients, and a process for applying such fees must be clearly laid out so that all parties taking advantage of them are considered equally. (Clause 4.6(b) of ISO/IEC 17065 requires that descriptions of fees charged to clients be documented and made available to clients upon request.)

While not explicitly required by the standard nor A2LA, if a certification body wishes to offer special pricing structures, it may be good practice to consider specifying “categories” that a client would fall into for these special pricing structures (e.g. “Clients with 0 to 50 applications per year receive no discount; 50 to 100 receive a 5% discount; etc.” or “To include your application in our expedited workflow line, the fee is xxx dollars due upon application receipt”). These suggested clarifications may assist the certification body in supporting their position if any questions over discriminatory practices are raised.

The certifier must take care to ensure that no special treatments are given, for example, to one client over another if both clients are equivalent in all other senses (e.g. both have paid the same expedite fee, or both have been informed of the same pricing discount). The fees, and the application of them, must not be constructed or used in such a manner as to impede or inhibit access by an otherwise qualified applicant.

If a potential client were to issue a complaint about the prices charged by a certifier, A2LA expects the certifier to keep a record of those complaints received, and any subsequent actions, as required by section 7.13 of ISO/IEC 17065.

Does my organization’s Publicly Available Information need to explicitly address each of the procedures called out in this clause if one or more are not applicable to our certification activities?

ANSWER

Yes, the Certification Body must address each required procedure under this clause, even if the certification activities being performed do not include those actions. For example, an organization operating a certification scheme which does not allow for extensions or reductions to the scope of certification must have documented some statement to the effect of, “We do not offer any extensions or reductions to our certifications.”

My organization has invited numerous possible stakeholders to be part of our “Mechanism for Safeguarding Impartiality,” but all of those stakeholders have declined to participate. How can my organization show that we are maintaining the required balanced

ANSWER

Note 2 to clause 5.2.1 and Note 1 to clause 5.2.4 of ISO/IEC 17065 both identify examples of mechanisms and potential invitees that the Certification Body may have overlooked during its invitation process, and should be examined prior to determining that all possible avenues have been exhausted.

The certification body must be able to demonstrate (e.g. by providing records) that they have ensured a balanced interest in their mechanism by identifying and inviting potentially interested parties, and that they have ensured that the composition of their Mechanism is such that no single interest predominates. In all cases, the certification body cannot hold more than 50% stake in this Mechanism – it is up to the certification body to take additional suitable actions to ensure that these balanced interest requirements are met.

What are the applicable requirements that Internal Resources must meet in order for my organization to comply with this clause?

ANSWER

The “applicable requirements” that an internal resource must meet shall be defined and documented, and are considered to fall under the following hierarchy:

Requirements should be defined by the Certification Scheme;
If the requirements are not defined in the scheme, the Certification Body should define what requirements are or are NOT applicable in their quality system, with justification on any omitted clauses of the relevant International Standard(s);
If the CB and/or Scheme do not define the “applicable requirements,” an A2LA assessor will assume that all requirements in the relevant International Standard(s) are applicable.

A2LA NOTE – if an Evaluation standard (testing / inspection method specified in the Certification Scheme) explicitly requires an aspect contained in (for example) ISO/IEC 17020, 17021, or 17025, such as measurement uncertainty calculations, it cannot be excluded when considering whether or not the resource meets the requirements of those standards.

What are the “applicable requirements” that External Resources must meet in order for my organization to comply with this clause?

ANSWER

The “applicable requirements” that an external resource must meet shall be defined and documented, and are considered to fall under the following hierarchy:

Requirements should be defined by the Certification Scheme;
If the requirements are not defined in the scheme, the Certification Body should define what requirements are or are NOT applicable in their quality system, with justification on any omitted clauses of the relevant International Standard(s);
If the CB and/or Scheme do not define the “applicable requirements,” an A2LA assessor will assume that all requirements in the relevant International Standard(s) are applicable.