FAQs about conformity assessment, accreditation and certification in ...

February 2015

FAQs about conformity assessment, accreditation and certification in relation to the IAM’s Endorsed Assessor Scheme There can be confusion with the terminology associated with conformity assessment for the certification of management systems, and who can issue certificates of conformity. Also, although in everyday language the terms accreditation and certification are often used interchangeably, the terms do have very specific meanings in international standards. This document seeks to address some FAQs (Frequently Asked Question) related to these issues, and identify:  the relevant terminology, where to find the definitions in ISO standards / guidelines, and provide some explanations  the standards / guidelines relevant to assessment of the requirements in ISO 55001  who can issue certificates for ISO 55001:2014, and how National Accreditation Body schemes and the IAM Endorsed Assessor scheme relate to this  how the IAM is clarifying the competence required for ISO 55001 auditors within the Endorsed Assessor scheme To get the most from this document it is recommended that you read it from the beginning, as the responses to the later questions assume an understanding of the earlier questions.

FAQs 1. 2. 3. 4. 5.

What is conformity assessment? What is accreditation? What is certification? Who can issue a certificate for a management system standard? Can organisations that are not Certification Bodies assess conformity against ISO 55001? 6. Why is an assessor’s knowledge and understanding of asset management important, and how can it be demonstrated?

FAQs - conformity assessment accreditation and certification.docx

Page 1 of 5

February 2015

What is conformity assessment? Conformity assessment is defined in 2.1 of ISO 17000:20041 as ‘demonstration that specified requirements relating to a product, process, system, person or body are fulfilled’. Note 2 of this definition identifies ‘A service is covered by the definition of a product.’ In everyday language, the term ‘compliance’ is often incorrectly used in relation to assessing management systems. Within ISO management system standards, ‘compliance’ means compliance with legal, or other (e.g. regulatory) requirements. ISO 17021:20112 identifies that ‘A management system certification audit is not a legal compliance audit.’ This difference between assessment of conformity and compliance is further clarified in Notes 1 and 3 associated with the definition of audit findings in 3.4 of ISO 19011:20113.  NOTE 1 Audit findings indicate conformity or nonconformity.  NOTE 3 If the audit criteria are selected from legal or other requirements, the audit finding is termed compliance or non-compliance.

1. What is accreditation? ISO’s formal definition of accreditation is “third party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks.” (ISO 17000:2004) A fuller description of accreditation is the formal recognition by an Accreditation Body4 to the technical and organisational competence of a conformity assessment body to carry out a specific service in accordance to the standards and technical regulations as described in their scope of accreditation. By way of example5, for ISO 55001:2014 for the UK (similar arrangements would apply in other countries):  the Accreditation Body would be UKAS (United Kingdom Accreditation Service).  the Conformity Assessment Bodies who would be accredited by UKAS to assess organisations against the requirements of ISO 55001, and issue certificates of conformity, would be known as Certification Bodies6  UKAS would accredit ISO 55001:2014 Certification Bodies by assessing them against the standards: o ISO 17021:2011 - This specifies generic requirements for such certification bodies performing audit and certification of management systems.

1

ISO 17000:2004 ‘Conformity assessment – Vocabulary and general principles’ ISO 17021:2011 ‘Conformity assessment — Requirements for bodies providing audit and certification of management systems’ 3 ISO 19011:2011 ‘Guidelines for auditing management systems’ 4 Accreditation Bodies are also referred to as Accreditation Authorities 5 Please note that this is an illustration, and as at February 2015, UKAS does not have an accreditation scheme in place for ISO 55001:2014 6 The term ‘Certification Bodies’ is identified in clause 1 (Scope) of ISO 17021:2011 2


Page 2 of 5

February 2015 o ISO 17021-57 - This complements the requirements of ISO 17021:2011, specifying additional competence requirements for personnel involved in the certification process for asset management systems. It should be noted that it is not compulsory to be accredited by an Accreditation Body to issue a certificate of conformity for a management system standard. However, in the UK, only UKAS accredited Certification Bodies and the organisations they have certificated are allowed to use the relevant UKAS accreditation marks (incorporating the tick and royal crown). UKAS is a national signatory, along with other nationally recognised Accreditation Bodies, to multilateral agreements for the purposes of mutual recognition of accreditations. This is achieved through the European Co-operation for Accreditation (EA) and the International Accreditation Forum (IAF). The Accreditation Bodies that are signatory to these agreements are deemed to be equivalent having undergone stringent peer evaluations.

2. What is certification? ISO’s formal definition of Certification is "third party attestation related to products, processes, systems or persons." (ISO 17000:2004) ISO 17021:2011 identifies certification of management systems as third-party conformity assessment that ‘provides independent demonstration that the management system of the organization a) conforms to specified requirements, b) is capable of consistently achieving its stated policy and objectives, and c) is effectively implemented.’ Certification provides written assurance (a certificate) by an independent Certification Body that a management system achieves the above, and thereby provides value to the organization, its customers and interested parties.

3. Who can issue a certificate for a management system standard? In practice anybody can declare themself to be a Certification Body and issue a certificate of conformity for an ISO management system standard. It is therefore important that there are mechanisms available to independently assess a Certification Body’s competence, credibility, independence and integrity in carrying out its conformity assessment activities. Such mechanisms provide assurances to prospective client organisations when they are selecting organisations to assess the extent of their conformity to a management system standard.

7

ISO 17021-5 ‘Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 5: Competence requirements for auditing and certification of asset management systems’ FAQs - conformity assessment accreditation and certification.docx

Page 3 of 5

February 2015 It was for this very reason that the IAM originally established the Endorsed Assessor (EA) scheme for PAS 55, and has since extended it to cover ISO 55001. Although the IAM has chosen not to use the term Certification Bodies to describe its EAs, in practice this would be a correct use of the term for those EAs it has endorsed to issue certificates of conformity against ISO 55001:2014 or PAS 55:2008. IAM EAs can only describe themselves as being accredited for assessing against ISO 55001:2014 if they have also been separately accredited against ISO 17021-5 by a National Accreditation Body (such as UKAS).

4. Can organisations that are not Certification Bodies assess conformity against ISO 55001? The majority of organisations seeking to achieve a certificate of conformity to ISO 55001:2014 are likely to begin the process by undertaking a gap analysis against the requirements of the standard. However, this is not necessarily the case for case all organisations. Some may wish to be assessed against ISO 55001:2014 and not aspire to achieve a certificate of conformity. They may be seeking to understand where they have gaps in their capability with a view to considering the business value that could be gained from addressing these. In either of the above cases, an organization does not have to engage a Certification Body to undertake the gap analysis. However, the IAM believes that for client organisations to have confidence in, and gain value from, the process of gap analysis, organisations providing this assessment service should be part of a formal scheme that requires them to demonstrate the same competence, credibility, independence and integrity as Certification Bodies.

5. Why is an assessor’s knowledge and understanding of asset management important, and how can it be demonstrated? The IAM strongly believes that for a client to gain most value from assessment of the conformity of their management system against ISO 55001:2014, the assessor they engage must have knowledge and understanding of asset management as well as the management system standard. For the audit team, and those reviewing the audit report and making the certification decision, Clause 5 of ISO 17021-5 identifies competence requirements in relation to: 5.1 - Asset management terminology, definitions and principles 5.2 - Asset management practices, activities and methodologies 5.3 - Asset management system standards and normative documents


Page 4 of 5

February 2015 In conjunction with the other international members of the Global Forum, the IAM has developed a GFMAM specification8 for the competence of personnel who are to assess management systems against the requirements of ISO 55001:2014. The competence requirements in the specification conform to, at least, the requirements of ISO 17021-5. The asset management knowledge identified in the GFMAM specification can be objectively tested by examination. There are currently 2 examinations designed to achieve this:  the IAM’s Certificate in Asset Management  the CAMA (Certified Asset Management Assessor) qualification, developed between 5 of the other 10 Global Forum members. The IAM has recently changed the Endorsed Assessor Scheme to require all auditors operating within the scheme to be qualified by one of the above 2 examinations, in addition to demonstrating appropriate experience. The IAM Certificate is designed to support Continuing Professional Development (CPD), so auditors who are also IAM members would find it beneficial to sit the IAM examination. The IAM is aware that some National Accreditation Bodies are developing accreditation schemes for ISO 55001. This document will be updated when the IAM understands how National Accreditation Bodies intend to assess asset management knowledge and understanding against the requirements in ISO 17021-5.

Further questions or comments If you should have questions or comments related to the content of this document, please email them to the IAM’s Endorsed Assessor scheme administrator at [email protected]

Notes: In producing this document, reference has been made to the websites of ISO and UKAS. It is recommended that you explore the resources on these websites if you want to find out more about conformity assessment, accreditation or certification. (1) the ISO FAQ webpage Conformity assessment and certification (2) the UKAS webpages About Accreditation and FAQs If your organization is based outside the UK and you wish to find out about arrangements related to your own country, you should be able to find further information via these websites: European Co-operation for Accreditation (EA) International Accreditation Forum (IAF)

8

GFMAM Competency Specification for an ISO 55001 Asset Management System Auditor / Assessor


Page 5 of 5