EN ISO/IEC 17024:2012

SLOVENSKI STANDARD
01-september-2012
1DGRPHãþD
SIST EN ISO/IEC 17024:2004
8JRWDYOMDQMHVNODGQRVWL6SORãQH]DKWHYH]DRUJDQHQDSRGURþMXFHUWLILFLUDQMD
RVHEMD,62,(&
Conformity assessment - General requirements for bodies operating certification of
persons (ISO/IEC 17024:2012)
Konformitätsbewertung - Allgemeine Anforderungen an Stellen, die Personen
zertifizieren (ISO/IEC 17024:2012)
Évaluation de la conformité - Exigences générales pour les organismes de certification
procédant à la certification de personnes (ISO/IEC 17024:2012)
Ta slovenski standard je istoveten z: EN ISO/IEC 17024:2012
ICS:
03.100.30 Vodenje ljudi Management of human
resources
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN ISO/IEC 17024
NORME EUROPÉENNE
EUROPÄISCHE NORM
July 2012
ICS 03.120.20 Supersedes EN ISO/IEC 17024:2003
English version
Conformity assessment - General requirements for bodies
operating certification of persons (ISO/IEC 17024:2012)
Évaluation de la conformité - Exigences générales pour les Konformitätsbewertung - Allgemeine Anforderungen an
organismes de certification procédant à la certification de Stellen, die Personen zertifizieren (ISO/IEC 17024:2012)
personnes (ISO/IEC 17024:2012)
This European Standard was approved by CEN on 2 June 2012.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving
this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning
such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre
has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia,
Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

CEN Management Centre: CENELEC Management Centre:
Avenue Marnix 17, B-1000 Brussels Avenue Marnix 17, B-1000 Brussels
© 2012 CEN/CENELEC All rights of exploitation in any form and by any means reserved Ref. No. EN ISO/IEC 17024:2012 E
worldwide for CEN national Members and for CENELEC
Members.
Contents Page
Foreword .3

Foreword
This document (EN ISO/IEC 17024:2012) has been prepared by Technical Committee ISO/CASCO
"Committee on conformity assessment" in collaboration with Technical Committee CEN/CLC/TC 1 “Criteria for
conformity assessment bodies” the secretariat of which is held by BSI.
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by January 2013, and conflicting national standards shall be withdrawn at
the latest by January 2013.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO/IEC 17024:2003.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.
Endorsement notice
The text of ISO/IEC 17024:2012 has been approved by CEN as a EN ISO/IEC 17024:2012 without any
modification.
INTERNATIONAL ISO/IEC
STANDARD 17024
Second edition
2012-07-01
Conformity assessment — General
requirements for bodies operating
certification of persons
Évaluation de la conformité — Exigences générales pour les
organismes de certification procédant à la certification de personnes

Reference number
ISO/IEC 17024:2012(E)
©
ISO 2012
ISO/IEC 17024:2012(E)
©  ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 — All rights reserved

ISO/IEC 17024:2012(E)
Contents Page
Foreword . iv
Introduction . v
1  Scope . 1
2  Normative references . 1
3  Terms and definitions . 1
4  General requirements . 3
4.1  Legal matters . 3
4.2  Responsibility for decision on certification. 3
4.3  Management of impartiality . 4
4.4  Finance and liability . 4
5  Structural requirements . 4
5.1  Management and organization structure . 4
5.2  Structure of the certification body in relation to training . 5
6  Resource requirements . 5
6.1  General personnel requirements . 5
6.2  Personnel involved in the certification activities . 6
6.3  Outsourcing . 7
6.4  Other resources . 7
7  Records and information requirements . 7
7.1  Records of applicants, candidates and certified persons . 7
7.2  Public information . 8
7.3  Confidentiality . 8
7.4  Security . 8
8  Certification schemes . 9
9  Certification process requirements . 10
9.1  Application process . 10
9.2  Assessment process . 10
9.3  Examination process . 11
9.4  Decision on certification . 11
9.5  Suspending, withdrawing or reducing the scope of certification . 12
9.6  Recertification process . 12
9.7  Use of certificates, logos and marks . 13
9.8  Appeals against decisions on certification . 14
9.9  Complaints . 14
10  Management system requirements . 15
10.1  General . 15
10.2  General management system requirements . 15
Annex A (informative) Principles for certification bodies for persons and their certification
activities . 19
Bibliography . 21

ISO/IEC 17024:2012(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity
assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of
International Standards and Guides.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
Draft International Standards are circulated to the national bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 17024, was prepared by the ISO Committee on conformity assessment (CASCO).
It was circulated for voting to the national bodies of both ISO and IEC, and was approved by both
organizations.
This second edition cancels and replaces the first edition (ISO/IEC 17024:2003), which has been technically
revised.
iv © ISO 2012 – All rights reserved

ISO/IEC 17024:2012(E)
Introduction
This International Standard has been developed with the objective of achieving and promoting a globally
accepted benchmark for organizations operating certification of persons. Certification for persons is one
means of providing assurance that the certified person meets the requirements of the certification scheme.
Confidence in the respective certification schemes for persons is achieved by means of a globally accepted
process of assessment and periodic re-assessments of the competence of certified persons.
However, it is necessary to distinguish between situations where certification schemes for persons are
justified and situations where other forms of qualification are more appropriate. The development of
certification schemes for persons, in response to the ever increasing velocity of technological innovation and
growing specialization of personnel, can compensate for variations in education and training and thus facilitate
the global job market. Alternatives to certification can still be necessary in positions where public services,
official or governmental operations are concerned.
In contrast to other types of conformity assessment bodies, such as management system certification bodies,
one of the characteristic functions of the certification body for persons is to conduct an examination, which
uses objective criteria to measure competence and scoring. While it is recognized that such an examination, if
well planned and structured by the certification body for persons, can substantially serve to ensure impartiality
of operations and reduce the risk of a conflict of interest, additional requirements have been included in this
International Standard.
In either case, this International Standard can serve as the basis for the recognition of the certification bodies
for persons and the certification schemes under which persons are certified, in order to facilitate their
acceptance at the national and international levels. Only the harmonization of the system for developing and
maintaining certification schemes for persons can establish the environment for mutual recognition and the
global exchange of personnel.
This International Standard specifies requirements which ensure that certification bodies for persons operating
certification schemes for persons operate in a consistent, comparable and reliable manner. The requirements
in this International Standard are considered to be general requirements for bodies providing certification of
persons. Certification of persons can only occur when there is a certification scheme. The certification scheme
is designed to supplement the requirements included in this International Standard and include those
requirements that the market needs or desires, or that are required by governments.
This International Standard can be used as a criteria document for accreditation or peer evaluation or
designation by governmental authorities, scheme owners and others.
In this International Standard, the following verbal forms are used:
 “shall” indicates a requirement;
 “should” indicates a recommendation;
 “may” indicates a permission;
 “can” indicates a possibility or a capability.
Further details can be found in the ISO/IEC Directives, Part 2.

INTERNATIONAL STANDARD ISO/IEC 17024:2012(E)

Conformity assessment — General requirements for bodies
operating certification of persons
1 Scope
This International Standard contains principles and requirements for a body certifying persons against specific
requirements, and includes the development and maintenance of a certification scheme for persons.
NOTE For the purposes of this International Standard, the term "certification body" is used in place of the full term
"certification body for persons", and the term "certification scheme" is used in place of the full term “certification scheme for
persons”.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 17000, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply.
3.1
certification process
activities by which a certification body determines that a person fulfils certification requirements (3.3),
including application, assessment, decision on certification, recertification and use of certificates (3.5) and
logos/marks
3.2
certification scheme
competence (3.6) and other requirements related to specific occupational or skilled categories of persons
NOTE For other requirements, see 8.3 and 8.4.
3.3
certification requirements
set of specified requirements, including requirements of the scheme to be fulfilled in order to establish or
maintain certification
3.4
scheme owner
organization responsible for developing and maintaining a certification scheme (3.2)
NOTE The organization can be the certification body itself, a governmental authority, or other.
ISO/IEC 17024:2012(E)
3.5
certificate
document issued by a certification body under the provisions of this International Standard, indicating that the
named person has fulfilled the certification requirements (3.3)
NOTE See 9.4.7.
3.6
competence
ability to apply knowledge and skills to achieve intended results
3.7
qualification
demonstrated education, training and work experience, where applicable
3.8
assessment
process that evaluates a person's fulfilment of the requirements of the certification scheme (3.2)
3.9
examination
mechanism that is part of the assessment (3.8) which measures a candidate's (3.14) competence (3.6) by
one or more means, such as written, oral, practical and observational, as defined in the certification scheme
(3.2)
3.10
examiner
person competent to conduct and score an examination (3.9), where the examination requires professional
judgement
3.11
invigilator
person authorized by the certification body who administers or supervises an examination (3.9), but does not
evaluate the competence (3.6) of the candidate (3.14)
NOTE Other terms for invigilator are proctor, test administrator, supervisor.
3.12
personnel
individuals, internal or external, of the certification body carrying out activities for the certification body
NOTE These include committee members and volunteers.
3.13
applicant
person who has submitted an application to be admitted into the certification process (3.1)
3.14
candidate
applicant (3.13) who has fulfilled specified prerequisites and has been admitted to the certification process
(3.1)
3.15
impartiality
presence of objectivity
NOTE 1 Objectivity means that conflicts of interest do not exist, or are resolved, so as not to adversely influence
subsequent activities of the certification body.
2 © ISO 2012 – All rights reserved

ISO/IEC 17024:2012(E)
NOTE 2 Other terms that are useful in conveying the element of impartiality are: independence, freedom from conflict
of interests, freedom from bias, lack of prejudice, neutrality, fairness, open-mindedness, even-handedness, detachment,
balance.
3.16
fairness
equal opportunity for success provided to each candidate (3.14) in the certification process (3.1)
3.17
validity
evidence that the assessment (3.8) measures what it is intended to measure, as defined by the certification
scheme (3.2)
NOTE In this international Standard, validity is also used in its adjective form "valid".
3.18
reliability
indicator of the extent to which examination (3.9) scores are consistent across different examination times
and locations, different examination forms and different examiners (3.10)
3.19
appeal
request by applicant (3.13), candidate (3.14) or certified person for reconsideration of any decision made by
the certification body related to her/his desired certification status
3.20
complaint
expression of dissatisfaction, other than appeal (3.19), by any individual or organization to a certification body,
relating to the activities of that body or a certified person, where a response is expected
NOTE Adapted from ISO/IEC 17000:2004, definition 6.5.
3.21
interested party
individual, group or organization affected by the performance of a certified person or the certification body
EXAMPLES Certified person; user of the services of the certified person; employer of the certified person; consumer;
governmental authority.
3.22
surveillance
periodic monitoring, during the periods of certification, of a certified person's performance to ensure continued
compliance with the certification scheme
4 General requirements
4.1 Legal matters
The certification body shall be a legal entity, or a defined part of a legal entity, such that it can be held legally
responsible for its certification activities. A governmental certification body is deemed to be a legal entity on
the basis of its governmental status.
4.2 Responsibility for decision on certification
The certification body shall be responsible for, shall retain authority for, and shall not delegate, its decisions
relating to certification, including the granting, maintaining, recertifying, expanding and reducing the scope of
the certification, and suspending or withdrawing the certification.
ISO/IEC 17024:2012(E)
4.3 Management of impartiality
4.3.1 The certification body shall document its structure, policies and procedures to manage impartiality and
to ensure that the certification activities are undertaken impartially. The certification body shall have top
management commitment to impartiality in certification activities. The certification body shall have a statement
publicly accessible without request that it understands the importance of impartiality in carrying out its
certification activities, manages conflict of interest and ensures the objectivity of its certification activities.
4.3.2 The certification body shall act impartially in relation to its applicants, candidates and certified persons.
4.3.3 Policies and procedures for certification of persons shall be fair among all applicants, candidates and
certified persons.
4.3.4 Certification shall not be restricted on the grounds of undue financial or other limiting conditions, such
as membership of an association or group. The certification body shall not use procedures to unfairly impede
or inhibit access by applicants and candidates.
4.3.5 The certification body shall be responsible for the impartiality of its certification activities and shall not
allow commercial, financial or other pressures to compromise impartiality.
4.3.6 The certification body shall identify threats to its impartiality on an ongoing basis. This shall include
those threats that arise from its activities, from its related bodies, from its relationships, or from the
relationships of its personnel. However, such relationships do not necessarily present a body with a threat to
impartiality.
NOTE 1 A relationship that threatens the impartiality of the body can be based on ownership, governance,
management, personnel, shared resources, finances, contracts, marketing (including branding) and payment of a sales
commission or other inducement for the referral of new applicants, etc.
NOTE 2 Threats to impartiality can be either actual or perceived.
NOTE 3 A related body is one which is linked to the certification body by common ownership, in whole or part, and has
common members of the board of directors, contractual arrangements, common names, common staff, informal
understanding or other means, such that the related body has a vested interest in any certification decision or has a
potential ability to influence the process.
4.3.7 The certification body shall analyse, document and eliminate or minimize the potential conflict of
interests arising from its certification activities. The certification body shall document and be able to
demonstrate how it eliminates, minimizes or manages such threats. All potential sources of conflict of interest
that are identified, whether they arise from within the certification body, such as assigning responsibilities to
personnel, or from the activities of other persons, bodies or organizations, shall be covered.
4.3.8 Certification activities shall be structured and managed so as to safeguard impartiality. This shall
include balanced involvement of interested parties (see definition 3.21).
4.4 Finance and liability
The certification body shall have the financial resources necessary for the operation of a certification process
and have adequate arrangements (e.g. insurance or reserves) to cover associated liabilities.
5 Structural requirements
5.1 Management and organization structure
5.1.1 The certification body activities shall be structured and managed so as to safeguard impartiality.
5.1.2 The certification body shall document its organizational structure, describing the duties,
responsibilities and authorities of management, certification personnel and any committee. When the
4 © ISO 2012 – All rights reserved

ISO/IEC 17024:2012(E)
certification body is a defined part of a legal entity, documentation of the organizational structure shall include
the line of authority and the relationship to other parts within the same legal entity.
The party/parties or individuals responsible for the following shall be identified:
a) policies and procedures relating to the operation of the certification body;
b) implementation of the policies and procedures;
c) finances of the certification body;
d) resources for certification activities;
e) development and maintenance of the certification schemes;
f) assessment activities;
g) decisions on certification, including the granting, maintaining, recertifying, expanding, reducing,
suspending or withdrawing of the certification;
h) contractual arrangements.
5.2 Structure of the certification body in relation to training
5.2.1 Completion of training may be a specified requirement of a certification scheme (see 8.3). The
recognition/approval of training by the certification body shall not compromise impartiality or reduce the
assessment and certification requirements.
5.2.2 The certification body shall provide information regarding education and training if they are used as
pre-requisites for being eligible for certification. However, the certification body shall not state or imply that
certification would be simpler, easier or less expensive if any specified education/training services are used.
5.2.3 Offering training and certification for persons within the same legal entity constitutes a threat to
impartiality. A certification body that is part of a legal entity offering training shall:
a) identify and document the associated threats to its impartiality on an ongoing basis: the body shall have a
documented process to demonstrate how it eliminates or minimizes those threats;
b) demonstrate that all processes performed by the certification body are independent of training to ensure
that confidentiality, information security and impartiality are not compromised;
c) not give the impression that the use of both services would provide any advantage to the applicant;
d) not require the candidates to complete the certification body's own education or training as an exclusive
prerequisite when alternative education or training with an equivalent outcome exists;
e) ensure that personnel do not serve as an examiner of a specific candidate they have trained for a period
of two years from the date of the conclusion of the training activities: this interval may be shortened if the
certification body demonstrates it does not compromise impartiality.
6 Resource requirements
6.1 General personnel requirements
6.1.1 The certification body shall manage and be responsible for the performance of all personnel involved
in the certification process.
ISO/IEC 17024:2012(E)
6.1.2 The certification body shall have sufficient personnel available with the necessary competence to
perform certification functions relating to the type, range and volume of work performed.
6.1.3 The certification body shall define the competence requirements for personnel involved in the
certification process. Personnel shall have competence for their specific tasks and responsibilities.
6.1.4 The certification body shall provide its personnel with documented instructions describing their duties
and responsibilities. These instructions shall be kept up-to-date.
6.1.5 The certification body shall maintain up-to-date personnel records, including relevant information, e.g.
qualifications, training, experience, professional affiliations, professional status, competence and known
conflicts of interest.
6.1.6 Personnel acting on the certification body's behalf shall keep confidential all information obtained or
created during the performance of the body's certification activities, except as required by law or where
authorized by the applicant, candidate or certified person.
6.1.7 The certification body shall require its personnel to sign a document by which they commit themselves
to comply with the rules defined by the certification body, including those relating to confidentiality, impartiality
and conflict of interests.
NOTE Where permitted by law, other methods, including electronic signature, are acceptable.
6.1.8 When a certification body certifies a person it employs, the certification body shall adopt procedures to
maintain impartiality.
6.2 Personnel involved in the certification activities
6.2.1 General
The certification body shall require its personnel to declare any potential conflict of interest in any candidate.
6.2.2 Requirements for examiners
6.2.2.1 Examiners shall meet the requirements of the certification body. The selection and approval
processes shall ensure that examiners:
a) understand the relevant certification scheme;
b) are able to apply the examination procedures and documents;
c) have competence in the field to be examined;
d) are fluent, both in writing and orally, in the language of examination; in circumstances where an
interpreter or a translator is used, the certification body shall have procedures in place to ensure that it
does not affect the validity of the examination;
e) have identified any known conflicts of interest to ensure impartial judgements are made.
6.2.2.2 The certification body shall monitor the performance of the examiners and the reliability of the
examiners' judgements. Where deficiencies are found, corrective actions shall be taken.
NOTE Monitoring procedures for examiners can include, for example, on-site observation, review of examiners'
reports, feedback from candidates.
6.2.2.3 If an examiner has a potential conflict of interest in the examination of a candidate, the
certification body shall undertake measures to ensure that the confidentiality and impartiality of the
examination are not compromised. These measures shall be recorded.
6 © ISO 2012 – All rights reserved

ISO/IEC 17024:2012(E)
6.2.3 Requirements for other personnel involved in the assessment
6.2.3.1 The certification body shall have a documented description of the responsibilities and
qualifications of other personnel involved in the assessment process (e.g. invigilators).
6.2.3.2 If other personnel involved in the assessment have a potential conflict of interest in the
examination of a candidate, the certification body shall undertake measures to ensure that confidentiality and
impartiality of the examination is not compromised. These measures shall be recorded.
6.3 Outsourcing
6.3.1 The certification body shall have a legally enforceable agreement covering the arrangements,
including confidentiality and conflict of interests, with each body that provides outsourced work related to the
certification process.
NOTE For the purposes of this International Standard, the terms “outsourcing” and “subcontracting” are considered
to be synonyms.
6.3.2 When a certification body outsources work related to certification, the certification body shall:
a) take full responsibility for all outsourced work;
b) ensure that the body conducting outsourced work is competent and complies with the applicable
provisions of this International Standard;
c) assess and monitor the performance of the bodies conducting outsourced work in accordance with its
documented procedures;
d) have records to demonstrate that the bodies conducting outsourced work meet all requirements relevant
to the outsourced work;
e) maintain a list of the bodies conducting outsourced work.
6.4 Other resources
The certification body shall use adequate premises, including examination sites, equipment and resources for
carrying out its certification activities.
7 Records and information requirements
7.1 Records of applicants, candidates and certified persons
7.1.1 The certification body shall maintain records. The records shall include a means to confirm the status
of a certified person. The records shall demonstrate that the certification or recertification process has been
effectively fulfilled, particularly with respect to application forms, assessment reports (which include
examination records) and other documents relating to granting, maintaining, recertifying, expanding and
reducing the scope, and suspending or withdrawing certification.
7.1.2 The records shall be identified, managed and disposed of in such a way as to ensure the integrity of
the process and the confidentiality of the information. The records shall be kept for an appropriate period of
time, for a minimum of one full certification cycle, or as required by recognition arrangements, contractual,
legal or other obligations.
7.1.3 The certification body shall have enforceable arrangements to require that the certified person informs
the certification body, without delay, of matters that can affect the capability of the certified person to continue
to fulfil the certification requirements.
ISO/IEC 17024:2012(E)
7.2 Public information
7.2.1 The certification body shall verify and provide information, upon request, as to whether an individual
holds a current, valid certification and the scope of that certification, except where the law requires such
information not to be disclosed.
7.2.2 The certification body shall make publicly available without request information regarding the scope of
the certification scheme and a general description of the certification process.
7.2.3 All pre-requisites of the certification scheme shall be listed and the list shall be made publicly available
without request.
7.2.4 Information provided by the certification body, including advertising, shall be accurate and not
misleading.
7.3 Confidentiality
7.3.1 The certification body shall establish documented policies and procedures for the maintenance and
release of information.
7.3.2 The certification body shall, through legally enforceable agreements, keep confidential all information
obtained during the certification process. These agreements shall cover all personnel.
7.3.3 The certification body shall ensure that information obtained during the certification process, or from
sources other than the applicant, candidate or certified person, is not disclosed to an unauthorized party
without the written consent of the individual (applicant, candidate or certified person), except where the law
requires such information to be disclosed.
7.3.4 When the certification body is required by law to release confidential information, the person
concerned shall, unless prohibited by law, be notified as to what information will be provided.
7.3.5 The certification body shall ensure that the activities of related bodies do not compromise
confidentiality.
7.4 Security
7.4.1 The certification body shall develop and document policies and procedures necessary to ensure
security throughout the entire certification process and shall have measures in place to take corrective actions
when security breaches occur.
7.4.2 Security policies and procedures shall include provisions to ensure the security of examination
materials, taking into account the following:
a) the locations of the materials (e.g. transportation, electronic delivery, disposal, storage, examination
centre);
b) the nature of the materials (e.g. electronic, paper, test equipment);
c) the steps in the examination process (e.g. development, administration, results reporting);
d) the threats arising from repeated use of examination materials.
7.4.3 Certification bodies shall prevent fraudulent examination practices by:
a) requiring candidates to sign a non-disclosure agreement or other agreement indicating their commitment
not to release confidential examination materials or participate in fraudulent test-taking practices;
b) requiring an invigilator or examiner to be present;
8 © ISO 2012 – All rights reserved

ISO/IEC 17024:2012(E)
c) confirming the identity of the candidate;
d) implementing procedures to prevent any unauthorized aids from being brought into the examination area;
e) preventing candidates from gaining access to unauthorized aids during the examination;
f) monitoring examination results for indications of cheating.
8 Certification schemes
8.1 There shall be a certification scheme for each category of certification.
8.2 A certification scheme shall contain the following elements:
a) scope of certification;
b) job and task description;
c) required competence;
d) abilities (when applicable);
e) prerequisites (when applicable);
f) code of conduct (when applicable).
NOTE 1 Abilities can include physical capabilities such as vision, hearing and mobility.
NOTE 2 A code of conduct describes the ethical or personal behaviour required by the scheme.
8.3 A certification scheme shall include the following certification process requirements:
a) criteria for initial certification and recertification;
b) assessment methods for initial certification and recertification;
c) surveillance methods and criteria (if applicable);
d) criteria for suspending and withdrawing certification;
e) criteria for changing the scope or level of certification (if applicable).
8.4 The certification body shall have documents to demonstrate that, in the development and review of the
certification scheme, the following are included:
a) the involvement of appropriate experts;
b) the use of an appropriate structure that fairly represents the interests of all parties significantly concerned,
without any interest predominating;
c) the identification and alignment of prerequisites, if applicable, with the competence requirements;
d) the identification and alignment of the assessment mechanisms with the competence requirements;
e) a job or practice analysis that is conducted and updated to:
 identify the tasks for successful performance;
ISO/IEC 17024:2012(E)
 identify the required competence for each task;
 identify prerequisites (if applicable);
 confirm the assessment mechanisms and examination content;
 identify the recertification requirements and interval.
NOTE Where the certification scheme has been developed by an entity other than the certification body, the job or
practice analysis might already be available as part of that work. In this case, the certification body can obtain details from
the scheme documentation for verification.
8.5 The certification body shall ensure that the certification scheme is reviewed and validated on an on-
going, systematic basis.
8.6 When the certification body is not the scheme owner of a certification scheme it implements, the
certification body shall ensure that the requirements contained in this clause (Clause 8) are met.
9 Certification process requirements
9.1 Application process
9.1.1 Upon application, the certification body shall make available an overview of the certification process in
accordance with the certification scheme. As a minimum, the overview shall include the requirements for
certification and its scope, a description of the assessment process, the applicant's rights, the duties of a
certified person and the fees.
9.1.2 The certification body shall require the completion of an application, signed by the applicant seeking
certification, which includes as a minimum the following:
a) information required to identify the applicant, such as name, address and other information required by
the certification scheme;
b) the scope of the desired certification;
c) a statement that the applicant agrees to comply with the certification requirements and to supply any
information needed for the assessment;
d) any supporting information to demonstrate objectively compliance with the scheme prerequisites;
e) notice to the applicant of his/her opportunity to declare, within reason, a request for accommodation of
special needs (see 9.2.5).
NOTE Where permitted by law, other methods, including electronic signature, are acceptable.
9.1.3 The certification body shall review the application to confirm that the applicant complies with the
application requirements of the certification scheme.
9.2 Assessment process
9.2.1 The certification body shall implement the specific ass
...