SIST EN ISO/IEC 17029:2019

SLOVENSKI STANDARD
01-december-2019
Ugotavljanje skladnosti - Splošna načela in zahteve za organe, ki izvajajo
validacijo in verifikacijo (ISO/IEC 17029:2019)
Conformity Assessment - General principles and requirements for validation and
verification bodies (ISO/IEC 17029:2019)
Konformitätsbewertung - Allgemeine Grundsätze und Anforderungen an Stellen, die
Validierungs- und Verifizierungstätigkeiten durchführen (ISO/IEC 17029:2019)
Évaluation de la conformité - Exigences et principes généraux pour les organismes de
validation et de vérification (ISO/IEC 17029:2019)
Ta slovenski standard je istoveten z: EN ISO/IEC 17029:2019
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN ISO/IEC 17029
NORME EUROPÉENNE
EUROPÄISCHE NORM
November 2019
ICS 03.120.20
English version
Conformity Assessment - General principles and
requirements for validation and verification bodies
(ISO/IEC 17029:2019)
Évaluation de la conformité - Principes généraux et Konformitätsbewertung - Allgemeine Grundsätze und
exigences pour les organismes de validation et de Anforderungen an Stellen, die Validierungs- und
vérification (ISO/IEC 17029:2019) Verifizierungstätigkeiten durchführen (ISO/IEC
17029:2019)
This European Standard was approved by CEN on 5 October 2019.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2019 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 17029:2019 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3

European foreword
This document (EN ISO/IEC 17029:2019) has been prepared by Technical Committee ISO/CASCO
"Committee on conformity assessment" in collaboration with Technical Committee CEN/CLC/JTC 1
“Criteria for conformity assessment bodies” the secretariat of which is held by BSI.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by May 2020, and conflicting national standards shall be
withdrawn at the latest by May 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO/IEC 17029:2019 has been approved by CEN as EN ISO/IEC 17029:2019 without any
modification.
INTERNATIONAL ISO/IEC
STANDARD 17029
First edition
2019-10
Conformity assessment — General
principles and requirements for
validation and verification bodies
Évaluation de la conformité — Principes généraux et exigences pour
les organismes de validation et de vérification
Reference number
ISO/IEC 17029:2019(E)
©
ISO/IEC 2019
ISO/IEC 17029:2019(E)
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

ISO/IEC 17029:2019(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 5
4.1 General . 5
4.2 Principles for the validation/verification process . 5
4.2.1 Evidence-based approach to decision making . 5
4.2.2 Documentation . 5
4.2.3 Fair presentation . 5
4.3 Principles for validation/verification bodies . 5
4.3.1 Impartiality . 5
4.3.2 Competence . 6
4.3.3 Confidentiality . 6
4.3.4 Openness . 6
4.3.5 Responsibility . 6
4.3.6 Responsiveness to complaints . 6
4.3.7 Risk-based approach . 6
5 General requirements . 7
5.1 Legal entity . 7
5.2 Responsibility for validation/verification statements. 7
5.3 Management of impartiality . 7
5.4 Liability . 8
6 Structural requirements . 8
6.1 Organizational structure and top management . 8
6.2 Operational control . 9
7 Resource requirements . 9
7.1 General . 9
7.2 Personnel . 9
7.3 Management process for the competence of personnel .10
7.4 Outsourcing.11
8 Validation/verification programme .11
9 Process requirements .11
9.1 General .11
9.2 Pre-engagement .12
9.3 Engagement .13
9.4 Planning .13
9.5 Validation/verification execution .14
9.6 Review .15
9.7 Decision and issue of the validation/verification statement .15
9.7.1 Decision .15
9.7.2 Issue of the validation/verification statement.15
9.8 Facts discovered after the issue of the validation/verification statement .16
9.9 Handling of appeals .16
9.10 Handling of complaints .17
9.11 Records .17
10 Information requirements .18
10.1 Publicly available information .18
10.2 Other information to be available .18
© ISO/IEC 2019 – All rights reserved iii

ISO/IEC 17029:2019(E)
10.3 Reference to validation/verification and use of marks .19
10.4 Confidentiality .19
11 Management system requirements .19
11.1 General .19
11.2 Management review .20
11.3 Internal audits .21
11.4 Corrective action .21
11.5 Actions to address risks and opportunities .21
11.6 Documented information .22
Annex A (informative) Elements of validation/verification programmes .24
Annex B (informative) Terms and concepts defined by ISO/IEC 17029.26
Annex C (informative) Illustration of validation/verification application .28
Bibliography .29
iv © ISO/IEC 2019 – All rights reserved

ISO/IEC 17029:2019(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by the ISO Committee on Conformity Assessment (CASCO).
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO/IEC 2019 – All rights reserved v

ISO/IEC 17029:2019(E)
Introduction
Validation and verification as conformity assessment are understood to be a confirmation of reliability
of information declared in claims. Other terms in use for the object of assessment by validation and
verification are “statement”, “declaration”, “assertion”, “prediction” or “report”.
Both activities are distinguished according to the timeline of the assessed claim. Validation is applied
to claims regarding an intended future use or projected outcome (confirmation of plausibility), while
verification is applied to claims regarding events that have already occurred or results that have
already been obtained (confirmation of truthfulness).
Since the requirements in this document are generic in nature, a programme for the particular
validation/verification needs to be operated. Such a programme further specifies definitions,
principles, rules, processes and requirements for validation/verification process steps, as well as for
the competence of validators/verifiers for a specific sector. Programmes can be legal frameworks,
international, regional or national standards, global initiatives, sector applications as well as individual
agreements with clients of the validation/verification body.
Assurance is provided by validation/verification and gives confidence to stakeholders and parties
interested in the claim. The programme can define levels of assurance, e.g. a reasonable or limited level
of assurance.
According to ISO/IEC 17000, the functional approach to the demonstration that specified requirements
are fulfilled describes conformity assessment as a series of the three functions:
— selection;
— determination;
— review and attestation.
The relationship between the generic terms and concepts defined by ISO/IEC 17000 and the terms and
concepts defined by this document is given in Table B.1.
According to this functional approach, validation and verification as conformity assessment include a
decision on the confirmation of the claim. The decision as to whether (or not) the claim conforms with
the initially specified requirements is then issued by the validation/verification body as the validation/
verification statement. The specified requirements can be general or detailed, e.g. the claim being
free from material misstatements. The applicable programme can define additional steps within the
validation/verification process.
When determining whether the claim by a client can be confirmed, validation/verification bodies need
to gather information and develop a complete understanding regarding fulfilment of the specified
requirements. This can include an appropriate evaluation of data and plans, reviewing documentation,
performing alternative calculations, visiting sites or interviewing people.
The requirements specified by this document are common to both activities, validation as well as
verification. Wherever a requirement applies only to one activity it is identified.
Validation/verification bodies can be internal bodies of the organization that provides the claim (first
party), bodies that have a user interest in the claim (second party) or bodies that are independent of the
person or organization that provides the claim and have no user interests in that claim (third party).
By defining validation/verification as confirmation, these activities are differentiated from other
conformity assessment tools as neither resulting in a characterization (testing) nor providing
examination (inspection) or an attestation of conformity for a defined period (certification). However,
validation/verification is intended to match applications of the conformity assessment system. Just
as test reports from a laboratory can be included for inspection purposes, or auditing the producer’s
management system can be used as an input for product certification, validation/verification
statements can be used as an input for another conformity assessment activity. Likewise, results of
vi © ISO/IEC 2019 – All rights reserved

ISO/IEC 17029:2019(E)
other conformity assessment activities can be used as an input when performing validation/verification
activities.
Statements of conformity themselves, issued as a result of another conformity assessment activity,
are not considered to be objects of validation/verification according to this document. This includes,
for example, a supplier’s declaration of conformity regarding product specifications according to
ISO/IEC 17050, certificates according to ISO/IEC 17021-1 or design examination and verification in the
context of inspection according to ISO/IEC 17020.
Furthermore, this document does not apply to situations where validation/verification activities
are undertaken as steps within the process of testing (ISO/IEC 17025, ISO 15189), inspection
(ISO/IEC 17020) or certification (ISO/IEC 17021-1, ISO/IEC 17065) and where specific requirements
need to be applied for structuring and performing these processes. Examples are method validation as
a step of a testing performed in accordance with ISO/IEC 17025 and design validation/verification in
the context of implementing a management system according to ISO 9001.
Current examples for validation/verification as conformity assessment activities include claims
related to greenhouse gas emissions (e.g. according to ISO 14064-3), environmental labelling, product
declarations and footprints (e.g. according to ISO 14020 and ISO 14040, such as the environmental
product declaration), sustainability or environmental reporting (e.g. according to ISO 14016). Potential
new applications can include claims relating to construction technology, energy management, financial
management, industrial automation systems, software and systems engineering, artificial intelligence,
information technology, healthcare products and medical devices, machine safety, safety and design
engineering, and social responsibility. However, in sector applications where validation/verification
are not performed as conformity assessment activities as defined by this document, these activities are
not within the scope of this document.
In this document, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.
Further details can be found in the ISO/IEC Directives, Part 2.
For the purposes of research, users are encouraged to share their views on this document and their
priorities for changes to future editions. Click on the link below to take part in the online survey:
https:// fr .surveymonkey .com/ r/ NG3LYKD
© ISO/IEC 2019 – All rights reserved vii

INTERNATIONAL STANDARD ISO/IEC 17029:2019(E)
Conformity assessment — General principles and
requirements for validation and verification bodies
1 Scope
This document contains general principles and requirements for the competence, consistent operation
and impartiality of bodies performing validation/verification as conformity assessment activities.
Bodies operating according to this document can provide validation/verification as a first-party,
second-party or third-party activity. Bodies can be validation bodies only, verification bodies only, or
provide both activities.
This document is applicable to validation/verification bodies in any sector, providing confirmation
that claims are either plausible with regards to the intended future use (validation) or truthfully stated
(verification). However, results of other conformity assessment activities (e.g. testing, inspection and
certification) are not considered to be subject to validation/verification according to this document.
Neither are situations where validation/verification activities are performed as steps within another
conformity assessment process.
This document is applicable to any sector, in conjunction with sector specific programmes that contain
requirements for validation/verification processes and procedures.
This document can be used as a basis for accreditation by accreditation bodies, peer assessment within
peer assessment groups, or other forms of recognition of validation/verification bodies by international
or regional organizations, governments, regulatory authorities, programme owners, industry bodies,
companies, clients or consumers.
NOTE This document contains generic requirements and is neutral with regard to the validation/verification
programme in operation. Requirements of the applicable programmes are additional to the requirements of this
document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17000, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
claim
information declared by the client (3.13)
Note 1 to entry: The claim is the object of conformity assessment by validation (3.2)/verification (3.3).
© ISO/IEC 2019 – All rights reserved 1

ISO/IEC 17029:2019(E)
Note 2 to entry: The claim can represent a situation at a point in time or could cover a period of time.
Note 3 to entry: The claim should be clearly identifiable and capable of consistent evaluation or measurement
against specified requirements by a validation body (3.4)/verification body (3.5).
Note 4 to entry: The claim can be provided in the form of a report, a statement, a declaration, a project plan, or
consolidated data.
3.2
validation
confirmation of a claim (3.1), through the provision of objective evidence, that the requirements for a
specific intended future use or application have been fulfilled
Note 1 to entry: Objective evidence can come from real or simulated sources.
Note 2 to entry: Validation is considered to be a process to evaluate the reasonableness of the assumptions,
limitations, and methods that support a claim about the outcome of future activities.
Note 3 to entry: Validation is applied to claims regarding an intended future use based on projected information
(confirmation of plausibility).
Note 4 to entry: Figure C.1 illustrates the application of validation.
[SOURCE: ISO 9000:2015, 3.8.13, modified — The words “of a claim” and “future” have been added to
the definition and the Notes to entry have been modified.]
3.3
verification
confirmation of a claim (3.1), through the provision of objective evidence, that specified requirements
have been fulfilled
Note 1 to entry: Verification is considered to be a process for evaluating a claim based on historical data and
information to determine whether the claim is materially correct and conforms with specified requirements.
Note 2 to entry: Verification is applied to claims regarding events that have already occurred or results that have
already been obtained (confirmation of truthfulness).
Note 3 to entry: Figure C.2 illustrates the application of verification.
[SOURCE: ISO 9000:2015, 3.8.12, modified — The words “of a claim” have been added to the definition
and the Notes to entry have been modified.]
3.4
validation body
body that performs validation (3.2)
Note 1 to entry: A validation body can be an organization, or part of an organization.
3.5
verification body
body that performs verification (3.3)
Note 1 to entry: A verification body can be an organization, or part of an organization.
3.6
validation statement
declaration by the validation body (3.4) of the outcome of the validation (3.2) process
Note 1 to entry: Validation statements can be referred to using specific programme terminology, such as
“decisions”, “opinions” or “reports”.
Note 2 to entry: The validation statement reflects only the situation at the point in time it is issued.
2 © ISO/IEC 2019 – All rights reserved

ISO/IEC 17029:2019(E)
Note 3 to entry: The validation statement can be confirming or not confirming the claim (3.1), with or without
comments, according to the programme requirements.
3.7
verification statement
declaration by the verification body (3.5) of the outcome of the verification (3.3) process
Note 1 to entry: Verification statements can be referred to using specific programme terminology, such as
“decisions”, “opinions” or “reports”.
Note 2 to entry: The verification statement reflects only the situation at the point in time it is issued.
Note 3 to entry: The verification statement can be confirming or not confirming the claim (3.1), with or without
comments, according to the programme requirements.
3.8
validation programme
rules, procedures and management for carrying out validation (3.2) activities in a specific sector
Note 1 to entry: Validation programmes can be operated at international, regional, national, sub-national or
sector-specific level.
Note 2 to entry: A programme can also be called a “scheme”.
Note 3 to entry: A set of standards able to cover all the requirements of this document can serve as a programme.
3.9
verification programme
rules, procedures and management for carrying out verification (3.3) activities in a specific sector
Note 1 to entry: Verification programmes can be operated at international, regional, national, sub-national or
sector-specific level.
Note 2 to entry: A programme can also be called a “scheme”.
Note 3 to entry: A set of standards able to cover all the requirements of this document can serve as a programme.
3.10
programme owner
person or organization responsible for developing and maintaining a specific validation programme
(3.8) or verification programme (3.9)
Note 1 to entry: The programme owner can be the validation body (3.4)/verification body (3.5) itself, a
governmental authority, a trade association, a group of validation bodies/verification bodies, an external
programme owner or others.
[SOURCE: ISO/IEC 17065:2012, 3.11, modified — The term “scheme owner” has been replaced with
“programme owner” and the words “certification scheme” have been replaced with “validation
programme or verification programme” in the definition.]
3.11
scope of validation/verification
identification of:
— the claim (3.1) to be the object of validation (3.2) or verification (3.3), including the boundaries of
the claim,
— the applicable validation programme (3.8)/verification programme (3.9), and
— the standards and other normative documents, including their date of publication, to which the
claim is validated/verified
© ISO/IEC 2019 – All rights reserved 3

ISO/IEC 17029:2019(E)
3.12
impartiality
presence of objectivity
Note 1 to entry: Objectivity means that conflicts of interest do not exist, or are resolved so as not to adversely
influence activities of the validation body (3.4)/verification body (3.5).
Note 2 to entry: Other terms that are useful in conveying the element of impartiality include “independence”,
“freedom from conflict of interests”, “freedom from bias”, “lack of prejudice”, “neutrality”, “fairness”, “open-
mindedness”, “even-handedness”, “detachment”, “balance”.
[SOURCE: ISO/IEC 17021-1:2015, 3.2, modified — The words “subsequent activities of the certification
body” have been replaced with “activities of the validation body/verification body” in Note 1 to entry.]
3.13
client
organization or person requesting validation (3.2)/verification (3.3)
3.14
consultancy
participation in establishing the claim (3.1) that will be the object of validation (3.2)/verification (3.3)
Note 1 to entry: The term “consultancy” is used in relation to activities of validation bodies (3.4)/verification
bodies (3.5), their personnel and organizations related or linked to the validation bodies/verification bodies.
Note 2 to entry: Participation in establishing the claim also includes involvement in design of the object leading
to the claim or providing object specific expertise that supports the preparation of the claim.
Note 3 to entry: Arranging training and participating as a trainer is not considered as consultancy, provided
that, where the course relates to the claim that will be the object of validation/verification, it is confined to the
provision of generic information; i.e. the trainers should not provide client (3.13) specific solutions.
Note 4 to entry: The provision of generic information, but not client specific solutions for establishing the claim
that will be the object of validation/verification, is not considered to be consultancy. Such information can
include:
— explaining the meaning and intention of validation/verification requirements;
— explaining associated theories, methodologies, techniques, or tools;
— sharing non-confidential information on related best practices.
3.15
level of assurance
degree of confidence in the claim (3.1)
Note 1 to entry: The levels of assurance and the conditions to achieve them can be defined in the programme (e.g.
absolute, reasonable, limited).
3.16
material
significant to intended users
Note 1 to entry: Materiality is the concept that misstatements, individually or aggregated, can influence the
reliability of the claim (3.1) or decisions made by the intended user.
Note 2 to entry: Materiality can be qualitative or quantitative.
4 © ISO/IEC 2019 – All rights reserved

ISO/IEC 17029:2019(E)
4 Principles
4.1 General
4.1.1 The principles described in this clause provide the basis for the requirements specified in this
document. These principles should be applied as guidance for decisions that sometimes need to be made
for unanticipated situations. Principles are not requirements.
4.1.2 The overall aim of validation/verification is to give confidence to all parties that a validated/
verified claim fulfils the specified requirements. The value of validation/verification is the confidence
that is established by an impartial evaluation by a competent validation/verification body.
4.1.3 Parties that have an interest in validation/verification include, but are not limited to:
a) clients of the validation/verification bodies;
b) programme owners;
c) users of the validated/verified claims;
d) regulatory authorities.
4.2 Principles for the validation/verification process
4.2.1 Evidence-based approach to decision making
The process deploys a method for reaching reliable and reproducible validation/verification conclusions
and is based on sufficient and appropriate objective evidence. The validation/verification statement is
based on evidence collected through an objective validation/verification of the claim.
4.2.2 Documentation
The validation/verification process is documented and establishes the basis for the conclusion and
decision regarding conformity of the claim with the specified requirements.
4.2.3 Fair presentation
Validation/verification activities, findings, conclusions and statements, including significant obstacles
encountered during the process, as well as unresolved, diverging views between the validation/
verification body and the client are truthfully and accurately reflected.
4.3 Principles for validation/verification bodies
4.3.1 Impartiality
Decisions are based on objective evidence obtained through the validation/verification process and are
not influenced by other interests or parties.
Threats to impartiality can include but are not limited to the following.
a) Self-interest: threats that arise from a person or body acting in their own interest. A concern
related to validation/verification, as a threat to impartiality, is financial self-interest.
b) Self-review: threats that arise from a person or body reviewing the work done by themselves.
c) Familiarity (or trust): threats that arise from a person or body being too familiar with or trusting
of another person instead of seeking evidence for validation/verification.
© ISO/IEC 2019 – All rights reserved 5

ISO/IEC 17029:2019(E)
d) Intimidation: threats that arise from a person or body having a perception of being coerced openly
or secretively, such as a threat to be replaced or reported to a supervisor.
4.3.2 Competence
Personnel have the necessary knowledge, skills, experience, training, supporting infrastructure and
capacity to effectively perform validation/verification activities.
4.3.3 Confidentiality
Confidential information obtained or created during validation/verification activities is safeguarded
and not inappropriately disclosed.
4.3.4 Openness
A validation/verification body needs to provide public access to, or disclosure of, appropriate
information about its validation/verification process.
4.3.5 Responsibility
The client of the validation/verification body, and not the validation/verification body, has the
responsibility for the claim and its conformity with the applicable specified requirements.
The validation/verification body has the responsibility to base a validation/verification statement
upon sufficient and appropriate objective evidence.
4.3.6 Responsiveness to complaints
Parties that have an interest in validation/verification have the opportunity to make complaints. These
complaints are appropriately managed and resolved. Responsiveness to complaints is necessary in
order to demonstrate integrity and credibility to all users of validation/verification outcomes.
4.3.7 Risk-based approach
Validation/verification bodies need to take into account the risks associated with providing competent,
consistent and impartial validation/verification. Risks can include, but are not limited to, those
associated with:
a) the objectives of the validation/verification and the programme requirements;
b) competence, consistency and real as well as perceived impartiality;
c) legal, regulatory and liability issues;
d) the client organization, where validation/verification is being carried out, and its management
system, operating environment, geographic location, etc.;
e) the susceptibility of any parameter included in the claim to generate a material misstatement, even
if there is a control system implemented;
f) the level of assurance to be achieved and the corresponding evidence-gathering used in the
validation/verification process;
g) perception of interested parties;
h) misleading claims or misuse of marks by the client;
i) risk control and opportunities for improvement.
6 © ISO/IEC 2019 – All rights reserved

ISO/IEC 17029:2019(E)
5 General requirements
5.1 Legal entity
The validation/verification body shall be a legal entity, or a defined part of a legal entity, that can be
held legally responsible for all its validation/verification activities.
NOTE A governmental validation/verification body is a legal entity on the basis of its governmental status.
5.2 Responsibility for validation/verification statements
The validation/verification body shall be responsible for, and shall retain autho
...