What is ISO/IEC 17024
1st Oct 2020: IPCERT announced it has started implementation of ISO/IEC 17024:2012 to ensure conformity assessment of general requirements for bodies operating certification of persons.
ISO/IEC 17024: Conformity assessment – General requirements for bodies operating certification of persons is an International Standard which specifies criteria for the operation of a Personnel Certification Body (also known as a certification body for persons). The standard includes requirements for the development and maintenance of the certification scheme for persons upon which the certification is based.
The most recent version of the standard is ISO/IEC 17024:2012 updated in July 2012.
This version contains requirements for (Certification Body for Persons) in the following areas
- General Requirements for the Certification Body for Persons
- Structural Requirements for the Certification Body for Persons
- Resource Requirements for the Certification Body for Persons
- Records and Information Requirements for the Certification Body for Persons
- Certification Scheme (Development of)
- Certification Process Requirements for the Certification Body for Persons
- Management System Requirements for the Certification Body for Persons
The major changes between the 2003 version and the 2012 version is the detailed information regarding the development of the scheme for certification of persons. The 2003 version required the Certification Body to have a Scheme Committee who had overall responsibility for the development of the scheme but did not elaborate on the components that must be included in the scheme. The 2012 version has an entire clause (Clause 8) that provides detailed information regarding the components that must be included in the development and maintenance of the scheme but allows the scheme owner to be outside of the Certification Body for Persons.
Other changes include a change in reference of “Personnel Certification Body” to “Certification Body for Persons”, defining of additional terms such as “validity” and “reliability”, and the addition of a “principles” section that defines the foundational principles for the standard.
This section describes the general requirements for Certification Bodies for Persons. General requirements include criteria for the legal status of the Certification Body for Persons (the certification body must be a legal entity), criteria associated with the financial resources and liability responsibilities of the Certification Body for Persons (the certification body must have sufficient finances to cover its liabilities and for the operation of the entity), requirements regarding the impartiality and impartial operation of the Certification Body for Persons, and requirements that the Certification Body for Persons maintains responsibility for the decision on certification (the decision to award certification to a person cannot be outsourced to any other body).
This section describes the structural requirements for Certification Bodies for Persons. Structural requirements contain criteria for the organizational structure of the Certification Body for Persons including how it is managed. Specific requirements relating to the structure of the Certification Body in relation to training is included in this section. Specifically, if the certification body also offers training it must demonstrate how the impartiality of the certification is not compromised by the training.
This section describes the resource requirements for Certification Bodies for Persons. Resource requirements include criteria for the personnel and staff of the Certification Body for Persons. Specific requirements for persons (both internal to the organization and external to the organization such as consultants and volunteers) involved in certification activities are included as are criteria associated with outsourcing to other bodies. This section also includes requirements for other resources such as examination equipment required to operate the certification activities.
Records and Information Requirements
This section describes the records and information requirements for Certification Bodies for Persons. The requirements include criteria relating to the records of applicants, candidates and certified persons. Requirements regarding information that must be made public as well as information that must be kept confidential are included in this section and criteria for the information security (exam papers, etc.) are described.
This section includes requirements for the development and maintenance of the certification scheme. The certification scheme is the competence and other requirements for awarding the certification to a person and includes a scope of certification, job and task description, required competence, abilities (when applicable), prerequisites (when applicable), and a code of conduct (when applicable). Criteria for the initial certification and recertification must be part of the scheme and includes description of the assessment methods, and the criteria for suspending and withdrawing the certification.
Certification Process Requirements
This section includes requirements for the certification process including criteria for the certification application process, assessment process, examination process, and the decision on certification. Criteria for suspending, withdrawing or reducing the scope of certification and recertification requirements are included in this section. This section also includes requirements for the use of certificates, logos and marks, and requirements associated with appeals and complaints.
Management System Requirements
This section requires the Certification Body for Persons to establish, document, implement and maintain a management system capable of supporting the requirements of the standard. A body that has established and maintains a management system in accordance with ISO 9001 and that is capable of supporting ISO/IEC 17024 fulfills the management system requirements of ISO/IEC 17024.
Released by the International Organization for Standardization (ISO) in 2003, ISO/IEC 17024 was designed to harmonize the personnel certification process worldwide. In the European Union ISO/IEC 17024 replaced EN 45013 (1989), which was published in the UK as BS 7513:1989.
The issues that ISO 17024 tackles can be summarized as:
- Defining what it is you examine (the competencies)
- Knowledge, skills and personal attributes
- Examination must be independent
- Examination must be a valid test of competence
Where competency is typically described as “the demonstrated ability to apply knowledge, skills and attributes”.
Each accreditation body provides various levels of guidance around compliance and the implementation of ISO 17024.