ISO/IEC FDIS 17024

ISO/CASCO
Secretariat: ISO
Date: 2025-06-2311-05
Conformity assessment — General requirements for bodies
operating certification of persons
Évaluation de la conformité — Exigences générales pour les organismes de certification procédant à la
certification de personnes
FDIS stage
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General requirements . 5
4.1 Legal matters . 5
4.2 Responsibility for decision on certification . 5
4.3 Management of impartiality . 5
4.4 Finance and liability . 6
5 Structural requirements . 6
5.1 Management and organizational structure . 6
5.2 Structure of the certification body in relation to education or training . 6
6 Resource requirements . 7
6.1 General requirements for personnel . 7
6.2 Personnel involved in assessment activities . 8
6.3 Outsourcing . 8
6.4 Other resources . 9
6.5 Use of artificial intelligence (AI) in the certification process . 9
7 Records and information requirements . 9
7.1 Records of applicants, candidates and certified persons . 9
7.2 Public information. 10
7.3 Confidentiality . 10
7.4 Security . 10
8 Certification schemes . 11
9 Certification process requirements . 13
9.1 Assessment process . 13
9.2 Application process . 13
9.3 Examination process . 14
9.4 Decision on certification . 14
9.5 Suspending, withdrawing or reducing the scope of certification . 15
9.6 Recertification process . 15
9.7 Use of certificates and marks . 16
9.8 Appeals against decisions on certification . 17
9.9 Complaints . 17
10 Management system requirements . 18
10.1 General. 18
10.2 Policies and responsibilities . 18
10.3 Management review. 19
10.4 Internal audits . 19
10.5 Corrective actions . 20
10.6 Actions to address risks and opportunities . 20
10.7 Documented information . 21
Annex A (informative) Principles for certification of persons . 22
Annex B (informative) Relationship between certification activities . 24
© ISO/IEC 2025 – All rights reserved
iii
Annex ZA (informative) Relationship between this European Standard and the requirements of
Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July
2008 setting out the requirements for accreditation and repealing Regulation (EEC) No
339/93 aimed to be covered . 26
Bibliography . 27

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights
in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s)
which may be required to implement this document. However, implementers are cautioned that this may not
represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by the ISO Committee on Conformity Assessment (CASCO), in collaboration with
the European Committee for Standardization (CEN) Technical Committee CEN/CLC/JTC 1, Criteria for
conformity assessment bodies, in accordance with the Agreement on technical cooperation between ISO and
CEN (Vienna Agreement).
This third edition cancels and replaces the second edition (ISO/IEC 17024:2012), which has been technically
revised.
The main changes are as follows:
— — additional requirements for the use of artificial intelligence (AI) in 6.56.5;;
— — alignment with the PROC/33 text, that establishes common elements for standards developed by
CASCO.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
© ISO/IEC 2025 – All rights reserved
v
Introduction
This document has been developed with the objective of achieving and promoting a globally accepted set of
requirements and principles for bodies operating certification of persons. Certification of persons is one
means of providing assurance that the certified person meets the requirements identified in the certification
scheme. Confidence in the respective schemes for certification of persons is achieved by means of a globally
accepted process of assessment and periodic re-assessments of the competence of certified persons.
However, it is necessary to distinguish between situations where schemes for certification of persons are
justified and situations where other forms of qualification are more appropriate. The development of schemes
for certification of persons, in response to the ever-increasing velocity of technological innovation and
growing specialization of personnel, can compensate for variations in education and training and thus
facilitate the global job market. Alternatives to certification can still be necessary for job positions where
public services, official or governmental operations are concerned.
In either of the above cases, this document can serve as the basis for the recognition of the bodies operating
certification of persons, in order to facilitate their acceptance at the regional, national and international levels.
Only the harmonization of the methodologies for developing and maintaining schemes for certification of
persons can establish the environment for mutual recognition and the global exchange of personnel.
This document specifies requirements which ensure that bodies operating certification of persons operate in
a consistent, comparable and reliable manner. The requirements in this document are considered to be
general requirements for bodies operating certification of persons. Certification of persons can only occur
when there is a certification scheme. Schemes for certification of persons are based on market needs or desires
or can be required by governments.
This document can be used for accreditation or peer assessment or designation by governmental authorities,
scheme owners and others.
© ISO/IEC 2025 – All rights reserved
vi
FINAL DRAFT International Standard ISO/IEC FDIS 17024:2025(en)

Conformity assessment — General requirements for bodies operating
certification of persons
1 Scope
This document specifies principles and requirements for a body operating certification of persons and
includes the development and maintenance of a scheme for certification of persons.
NOTE 1 For the purposes of this document, the term "certification body" is used in place of the full term " body
operating certification of persons", and the term "certification scheme" is used in place of the full term “scheme for
certification of persons”.
NOTE 2 Annex AAnnex A contains principles for certification of persons.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17000, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— — ISO Online browsing platform: available at https://www.iso.org/obp
— — IEC Electropedia: available at https://www.electropedia.org/
3.1 3.1
certification process
activities by which a certification body (3.7(3.7)) determines that a person fulfils certification requirements
(3.4(3.4))
Note 1 to entry: Certification process includes application, assessment (3.12(3.12),), decision on certification,
recertification (3.30(3.30),), and issuance of certificates (3.6(3.6).). It can include surveillance (3.29(3.29). The figure (B1)
in Annex B). Annex B can assist in the understanding of these terms.
3.2 3.2
certification scheme
scheme for certification of persons
set of rules and procedures that specifies the competence (3.9(3.9)) criteria and other requirements related to
specific categories of skills or occupations of persons and specifies the methodology(ies) for performing
certification of persons
© ISO/IEC 2025 – All rights reserved

3.3 3.3
scheme owner
organization responsible for developing and maintaining a certification scheme (3.2(3.2))
Note 1 to entry: The organization can be the certification body (3.7(3.7)) itself, a governmental authority, or other bodies.
3.4 3.4
certification requirements
set of specified requirements including requirements of the certification scheme (3.2(3.2)) to be fulfilled in
order to establish or maintain certification
3.5 3.5
scope of certification
specific job(s), role(s),) or function(s) that a certified person (3.20(3.19) is able to) can perform competently
3.6 3.6
certificate
attestation by a certification body (3.7(3.7)) indicating that the certified person (3.20(3.20)) has fulfilled the
certification requirements (3.4(3.4))
Note 1 to entry: The certificate can take the form of a document, card or other medium.
3.7 3.7
certification body
body operating certification of persons
conformity assessment body operatingperforming certification of persons in accordance with certification
schemes (3.2(3.2))
3.8 3.8
certification mark
mark issued by a certification body (3.7(3.7),), indicating that a person has fulfilled certification requirements
(3.4(3.4))
Note 1 to entry: The mark can be a logo or a symbol.
3.9 3.9
competence
ability (3.10) to apply knowledge and skills to achieve intended results
3.10 3.10
ability
person’s capacity to perform a task
3.11 3.11
qualification
demonstrated education, training or work experience
3.12 3.12
assessment
evaluation of a person's fulfilment of the certification requirements (3.4(3.4)) specified in the certification
scheme (3.2(3.2))
© ISO/IEC 2025 – All rights reserved
ISO/IEC DISFDIS 17024:2025(en)
3.13 3.13
examination
part of the assessment (3.12(3.12)) which measures a candidate's (3.19(3.19)) competence (3.9(3.9)) by one
or more means, such as written, oral, practical and observational, as defined in the certification scheme
(3.2(3.2))
3.14 3.14
examiner
person competent to conduct and score an examination (3.13(3.13),), where the examination requires
judgement on the competence (3.9(3.9)) of persons
3.15 3.15
invigilator
person authorized by the certification body (3.7(3.7)) to perform the invigilation (3.16(3.16),), but does not
evaluate the competence (3.9(3.9)) of the candidate (3.19(3.19))
Note 1 to entry: Other terms used in practice are, for example are, proctor, test administrator, supervisor.
3.16 3.16
invigilation
process of administering an examination (3.13(3.13)) or supervising candidates (3.19(3.19)) during an
examination (3.13) to prevent fraudulent examination behaviour, unauthorised disclosure of examination
material or other misconduct
Note 1 to entry: Invigilation can include the following: an invigilator (3.15(3.15)) physically or remotely present viewing
an examination (3.13) in real time, or an examiner (3.14(3.14)) or invigilator physically or remotely present viewing a
practical examination which may be recorded and reviewed later.
Note 2 to entry: Invigilation by artificial intelligence (3.31(3.31)) may also be used provided it meets the requirements of
this document.
3.17 3.17
personnel
individuals, internal or external, of the certification body (3.7(3.7)) carrying out activities for the certification
body
Note 1 to entry: These include committee members, volunteers, contractors, personnel of external bodies or persons
acting on the certification body’s behalf.
3.18 3.18
applicant
person who has submitted an application for certification
3.19 3.19
candidate
person who has fulfilled application requirements
Note 1 to entry: The application requirements can include prerequisites.
3.20 3.20
certified person
person who has fulfilled and continues to fulfil the certification requirements (3.4(3.4)) after the decision to
certify has been taken by the certification body (3.7(3.7))
© ISO/IEC 2025 – All rights reserved
3.21 3.21
impartiality
objectivity with regard to the activities of the certification body (3.7(3.7),), its certification process (3.1(3.1))
and its outcome
Note 1 to entry: Other terms that are useful in conveying the element of impartiality are freedom from undue influence,
freedom from conflicts of interest, absence of bias (3.23(3.23),), neutrality and lack of prejudice.
3.22 3.22
fairness
equal opportunity for success provided to each applicant (3.18(3.18),), candidate (3.19(3.19)) and certified
person (3.20(3.20)) in the certification process (3.1(3.1))
Note 1 to entry: Fairness can be described as acting free from bias (3.23(3.23)) towards any gender, age, race, ethnicity,
specific population (including individuals with disabilities) or any other identified characteristic.
3.23 3.23
bias
presence of any factors that can unfairly influence certification outcomes
3.24 3.24
validity
evidence that an assessment (3.12(3.12)) measures what it is intended to measure, as defined by the
certification scheme (3.2(3.2))
Note 1 to entry: In this document, validity is also used in its adjective form "valid".
3.25 3.25
reliability
extent to which examination (3.13(3.13)) scores are consistent across different examination times and
locations, different examination forms and different examiners (3.14(3.14))
3.26 3.26
appeal
request by applicant (3.18(3.18),), candidate (3.19(3.19)) or certified person (3.20(3.20)) for reconsideration
of any decision made by the certification body (3.7(3.7)) related to their desired certification status
3.27 3.27
complaint
expression of dissatisfaction, other than appeal (3.26(3.26),), by any individual or organization to a
certification body (3.7(3.7),), relating to the activities of that body or a certified person (3.20(3.20),), where a
response is expected
3.28 3.28
interested party
person or organization with a direct or indirect interest in the performance of a certification body (3.7(3.7))
or a certified person (3.20(3.20),), or in the certification scheme (3.2(3.2))
Note 1 to entry: Interested parties can include the certified persons, conformity assessment bodies, associations and
clients, industry and trade associations, scheme owners (3.3,), employers of the certified persons, regulatory authorities,
non-governmental organizations, consumers, or consumer organizations.
3.29 3.29
surveillance
periodic monitoring, during the validity (3.24) period of certification, of a certified person's (3.20(3.20))
performance to ensure continued compliance with the certification scheme (3.2(3.2))
© ISO/IEC 2025 – All rights reserved
ISO/IEC DISFDIS 17024:2025(en)
3.30 3.30
recertification
process for certification renewal to confirm continued competence (3.9(3.9)) of a certified person (3.20(3.20))
3.31 3.31
artificial intelligence
AI
autonomous system that performs functions normally associated with human intelligence, such as reasoning,
learning, and self-improvement
4 General requirements
4.1 Legal matters
The certification body shall be a legal entity, or a defined part of a legal entity, such that it can be held legally
responsible for its certification activities. A governmental certification body is deemed to be a legal entity on
the basis of its governmental status.
4.2 Responsibility for decision on certification
The certification body shall be responsible for, shall retain authority for, and shall not delegate, its decisions
relating to certification, including the granting, maintaining, recertifying, expanding and reducing the scope of
the certification, and suspending, reinstating or withdrawing the certification.
4.3 Management of impartiality
4.3.1 4.3.1 Certification activities shall be undertaken impartially. The certification body shall document
its structure, policies and procedures to manage impartiality and to ensure that the certification activities are
undertaken impartially.
4.3.2 4.3.2 The certification body shall have top management commitment to impartiality. The
certification body shall have a statement publicly available without request that it understands the importance
of impartiality in carrying out its certification activities, manages conflicts of interests and ensures the
objectivity of its certification activities.
4.3.3 4.3.3 The certification body shall act impartially in relation to its applicants, candidates and certified
persons.
4.3.4 4.3.4 Policies and procedures for certification of persons shall be fair for all applicants, candidates
and certified persons.
4.3.5 4.3.5 When a certification body uses artificial intelligence (AI) to carry out any certification activity,
it shall document and demonstrate how it eliminates, minimizes or manages any risks to impartiality (e.g.
bias).
4.3.6 4.3.6 The certification body shall not unfairly impede or inhibit access by applicants and candidates.
Certification shall not be restricted on the grounds of undue financial or other limiting conditions, such as
membership of an association or group.
4.3.7 4.3.7 The certification body shall be responsible for the impartiality of its certification activities and
shall not allow commercial, financial or other pressures to compromise its impartiality.
4.3.8 4.3.8 The certification body shall monitor its activities and its relationships to identify threats to its
impartiality on an ongoing basis. The monitoring shall include the relationships of its personnel and its related
bodies.
© ISO/IEC 2025 – All rights reserved
NOTE 1 A relationship can be based on ownership, governance, management, personnel, shared resources, finances,
contracts or marketing (including branding), and payment of a sales commission or other inducement for the referral of
new applicants, etc. Such relationships do not necessarily present a body with a threat to impartiality.
NOTE 2 A related body is one which is linked to the certification body by common ownership, in whole or part, or has
common members of the board of directors, contractual arrangements, common names, common staff, informal
understanding or other means, such that the related body has a vested interest in any certification decision or has a
potential ability to influence the certification process.
NOTE 3 Threats to impartiality can be either actual or perceived.
4.3.9 4.3.9 If a threat to impartiality is identified, its effect shall be eliminated or minimized so that the
impartiality is not compromised.
4.3.10 4.3.10 The certification body shall identify, analyse, monitor, document and eliminate or minimize
potential conflicts of interest arising from its certification activities. The certification body shall document and
be able to demonstrate how it eliminates, minimizes or manages such conflicts of interest. All potential sources
of conflicts of interest that are identified, whether they arise from within the certification body, such as
assigning responsibilities to personnel, or from the activities of other persons, bodies or organizations, shall
be covered.
4.4 Finance and liability
The certification body shall have the financial resources necessary for the operation of certification activities
and have adequate arrangements (e.g. insurance or reserves) to cover associated liabilities.
5 Structural requirements
5.1 Management and organizational structure
5.1.1 5.1.1 The certification body shall be structured and managed so as to safeguard impartiality.
5.1.2 5.1.2 The certification body shall document its organizational structure, describing the duties,
responsibilities and authorities of management, its personnel and any committees. When the certification
body is a defined part of a legal entity, documentation of the organizational structure shall include the line of
authority and the relationship to other parts within the same legal entity.
The certification body shall determine responsibility for the following:
a) a) policies and procedures relating to the operation of the certification body;
b) b) finances of the certification body;
c) c) resources for certification activities;
d) d) development and maintenance of the certification schemes;
e) e) assessment activities;
f) f) decisions on certification, including the granting, maintaining, recertifying, expanding,
reducing, suspending, reinstating or withdrawing of the certification;
g) g) contractual arrangements.
5.2 Structure of the certification body in relation to education or training
5.2.1 5.2.1 Completion of education or training may be a prerequisite for certification, however education
or training prerequisites shall not compromise impartiality or reduce the certification requirements.
© ISO/IEC 2025 – All rights reserved
ISO/IEC DISFDIS 17024:2025(en)
5.2.2 5.2.2 A certification body shall not state or imply that certification would be simpler, easier or less
expensive if any specific education or training services are used.
5.2.3 5.2.3 Offering education or training and certification of persons within the same legal entity or a
related body constitutes a threat to impartiality. In such a case the certification body shall:
a) a) identify and document the associated threats to its impartiality on an ongoing basis: the
certification body shall have a documented process to demonstrate how it eliminates or minimizes those
threats;
b) b) demonstrate that all processes performed by the certification body are independent of
education or training to ensure that confidentiality, information security and impartiality are not
compromised;
c) c) not give the impression that the use of both services would provide any advantage to the
applicant;
d) d) not require the applicant to complete education or training offered within the same legal entity
or related body as an exclusive prerequisite when alternative education or training with an equivalent
outcome exists;
e) e) ensure that personnel do not serve as an examiner or invigilator of a specific candidate they
have trained unless the certification body can demonstrate how it controls for conflicts of interest and
impartiality.
6 Resource requirements
6.1 General requirements for personnel
6.1.1 6.1.1 The certification body shall manage and be responsible for the performance of all personnel
involved in certification activities.
6.1.2 6.1.2 All personnel of the certification body that could influence the certification activities shall act
impartially.
6.1.3 6.1.3 The certification body shall have access to a sufficient number of competent persons to
perform its certification activities.
6.1.4 6.1.4 The certification body shall have a process for managing competence of its personnel.
6.1.5 6.1.5 The certification body shall specify the competence requirements for personnel involved in the
certification process and shall have up to date documented information demonstrating competence of its
personnel.
NOTE Documented information can include qualifications, certifications, training, education, skills, professional
affiliations, professional status, competence and known conflicts of interest.
6.1.6 6.1.6 The certification body shall provide its personnel with documented instructions describing
their duties and responsibilities. These instructions shall be kept up to date.
6.1.7 6.1.8 Personnel, including any committee members, contractors, personnel of external bodies or
personnel acting on the certification body's behalf, shall keep confidential all information obtained or created
during the performance of the body's certification activities, except where authorized by the applicant,
candidate or certified person. The certification body shall be aware of applicable legal requirements which
can require the disclosure of this type of information.
© ISO/IEC 2025 – All rights reserved
6.1.8 6.1.9 The certification body shall maintain records of its personnel’s agreement to comply with the
policies and procedures defined by the certification body, including those relating to confidentiality,
impartiality and conflicts of interests.
6.1.9 6.1.10 When a certification body certifies a person it employs or it contracts, the certification body
shall adopt procedures to maintain impartiality.
6.2 Personnel involved in assessment activities
6.2.1 General
The certification body shall require its personnel to declare potential or known conflicts of interest with any
applicant, candidate or certified person.
6.2.2 Requirements for examiners
6.2.2.1 6.2.2.1 Examiners shall meet the requirements of the certification body. The selection
and approval processes shall ensure that examiners:
a) a) have competence in the field to be examined;
b) b) understand the relevant certification scheme;
c) c) are able to apply the examination procedures and documents;
d) d) have the skills to conduct the examination;
e) e) have declared any known conflicts of interest to ensure impartial judgements are made.
6.2.2.2 6.2.2.2 The certification body shall have procedures to ensure that where
interpretation or translation is used by the examiner it does not affect the validity, reliability and fairness of
the examination.
2.2.3 The certification body shall monitor the performance of the examiners and the
6.2.2.3 6.
reliability and fairness of the examiners' judgements. Where deficiencies are found, corrective actions shall be
taken. The results of monitoring and any corrective actions taken shall be supported by evidence.
NOTE Monitoring procedures for examiners can include, for example, on-site observation, review of examiners'
reports, feedback from candidates.
6.2.2.4 6.2.2.4 If an examiner has potential or known conflicts of interest in the examination
of a candidate or certified person, the certification body shall undertake measures to ensure that the
confidentiality and impartiality of the examination are not compromised. These measures shall be recorded.
6.2.3 Requirements for other personnel involved in the assessment
If other personnel involved in the assessment (e.g. invigilators, persons who develop content for
examinations) have potential conflicts of interest in the assessment of a candidate or certified person, the
certification body shall undertake measures to ensure that confidentiality and impartiality of the assessment
are not compromised. These measures shall be recorded.
6.3 Outsourcing
6.3.1 6.3.1 The certification body shall have a legally enforceable agreement covering the arrangements,
ensuring confidentiality and avoiding conflicts of interest, with each body that provides outsourced services
related to certification activities.
© ISO/IEC 2025 – All rights reserved
ISO/IEC DISFDIS 17024:2025(en)
NOTE For the purposes of this document, the terms “outsourcing” and “subcontracting” are considered to be
synonyms.
6.3.2 6.3.2 When a certification body outsources services related to certification activities, the
certification body shall:
a) a) take full responsibility for all outsourced services;
b) b) ensure that the body conducting outsourced services is competent and conforms to this
document;
c) c) assess and monitor the performance of the bodies conducting outsourced services in
accordance with its documented procedures;
d) d) have records to demonstrate that the bodies conducting outsourced services meet all
requirements relevant to the outsourced services;
e) e) maintain a list of the bodies conducting outsourced services.
6.4 Other resources
The certification body shall use adequate premises, including examination sites, equipment and resources for
carrying out its certification activities.
6.5 Use of artificial intelligence (AI) in the certification process
If artificial intelligence (AI) is used to perform any part of the certification process, the certification body shall:
a) a) verify, manage and monitor AI on an ongoing basis to ensure the intended results;
b) b) validate outcomes of AI with subject matter experts;
c) c) ensure personnel have the necessary competence in the oversight and use of AI;
d) d) provide human oversight of AI;
NOTE ISO/IEC 42105 provides additional information on human oversight.
e) e) demonstrate the validity, reliability and fairness of the use of AI;
f) f) disclose its use of AI and obtain acknowledgement by the individual (applicant, candidate or
certified person), where communication or interaction with AI is performed.
7 Records and information requirements
7.1 Records of applicants, candidates and certified persons
7.1.1 7.1.1 The certification body shall maintain records of applicants, candidates and certified persons.
The records shall confirm the status of a certified person. The records shall demonstrate that the certification
or recertification process has been effectively completed, particularly with respect to application forms,
assessment reports (which include examination records) and other documented information relating to
granting, maintaining, recertifying, expanding and reducing the scope, and suspending or withdrawing
certification.
7.1.2 7.1.2 The records shall be identified, managed, safeguarded from unauthorized access, and disposed
of in such a way as to ensure the integrity of the certification process and the confidentiality of the information.
© ISO/IEC 2025 – All rights reserved
The records shall be kept for an appropriate period of time, for a minimum of one full certification cycle, or
longer as required by recognition arrangements or other obligations.
7.2 Public information
7.2.1 7.2.1 The certification body shall provide information, upon request, as to whether an individual
holds a current, valid certification and the scope of that certification.
7.2.2 7.2.2 The certification body shall make publicly available without request:
a) a) scope of the certification;
b) b) prerequisites, if applicable;
c) c) application requirements;
d) d) initial certification requirements;
e) e) surveillance requirements, if applicable;
f) f) recertification interval and requirements;
g) g) description of the certification process, including the assessments.
7.2.3 7.2.3 Information provided by the certification body, including marketing or promotional
communication, shall be accurate and not misleading.
7.3 Confidentiality
7.3.1 7.3.1 The certification body shall establish documented policies and procedures for the maintenance
and release of information.
7.3.2 7.3.2 The certification body shall have policies and procedures to ensure data privacy and data
protection.
7.3.3 7.3.3 The certification body shall be responsible, through legally enforceable agreements, for the
management of all information obtained or created during the performance of certification activities. The
certification body shall inform the applicant, candidate or certified person, in advance, of the information it
intends to place in the public domain. Except for information that the applicant, candidate or certified person
makes publicly available, or when agreed between the certification body and applicant, candidate or certified
person, all other information is considered proprietary information and shall be regarded as confidential.
7.3.4 7.3.3 When the certification body is required by law or authorized by contractual arrangements to
release confidential information, the applicant, candidate or certified person concerned shall be notified of the
information released, unless prohibited by law.
7.3.5 7.3.4 The certification body shall ensure that the activities of related bodies do not compromise
confidentiality.
7.3.6 7.3.5 The certification body shall identify threats to the confidentiality of the information. If a threat
is identified its effect shall be eliminated or minimised so that confidentiality is not compromised.
7.4 Security
7.4.1 7.4.1 The certification body shall establish and document policies and procedures necessary to
ensure security throughout its certification activities and shall have measures in place to take corrective
actions when security breaches occur.
© ISO/IEC 2025 – All rights reserved
ISO/IEC DISFDIS 17024:2025(en)
7.4.2 7.4.2 The certification body shall identify security threats impacting the effectiveness of the
certification activities including those associated with the use of technology. If a threat is identified its effect
shall be eliminated or minimised so that the security of the certification process is not compromised.
7.4.3 7.4.3 Policies and procedures related to security shall include provisions to ensure the security of
examination materials, taking into account the following:
a) a) the locations or handling of the materials (e.g. transportation, electronic delivery, disposal,
storage, examination site);
b) b) the nature of the materials (e.g. electronic, paper, test equipment);
c) c) the steps in the examination process (e.g. development, administration, results reporting);
d) d) the threats arising from repeated use of examination materials.
7.4.4 7.4.4 Certification bodies shall prevent fraudulent examination behaviour, unauthorised disclosure
of examination material or other misconduct by:
a) a) requiring candidates to sign a non-disclosure agreement or other agreement indicating their
commitment not to release confidential examination materials or participate in fraudulent practices;
b) b) conducting invigilation; invigilation in real time shall be required unless the certification body
can demonstrate how the other requirements of this clause are met;
c) c) confirming the identity of the candidate, as part of the examination;
d) d) implementing procedures to prevent any unauthorized aids from being brought into the
examination;
e) e) preventing candidates from gaining access to unauthorized aids during the examination;
f) f) monitoring examination results for indications of cheating.
7.4.5 7.4.5 The certification body shall identify the threats to the security of examination materials. If a
threat is identified, its effect shall be eliminated or minimised so that the integrity of the examination materials
is not compromised.
8 Certification schemes
8.1 8.1 There shall be a certification scheme for each category of certification of persons.
8.2 8.2 A certification scheme shall contain the following:
a) a) scope of certification;
b) b) job and task description;
c) c) required competence;
d) d) required abilities (if applicable);
e) e) prerequisites (if applicable);
f) f) code of conduct (if applicable).
NOTE 1 Abilities can include physical capabilities such as vision, hearing and mobility.
© ISO/IEC 2025 – All rights reserved
NOTE 2 Prerequisites can be specific qualifications, work experience, etc. and can be met at application or anytime
before the certification decision.
NOTE 3 A code of conduct describes the ethical or personal behaviour required by the certification scheme.
8.3 8.3 A certification scheme shall include the following certification process requirements:
a) a) criteria for initial certification and recertification;
b) b) assessment methods for initial certification and recertification;
c) c) surveillance methods and criteria (if applicable);
d) d) criteria for suspending and withdrawing certification;
e) e) criteria for changing the scope or level of certification (if applicable).
8.4 8.4 The certif
...