One of the most crucial steps to gaining your ISO certification is the completion of a Stage 1 and Stage 2 assessment, conducted by an accredited Certification Body. A quick reminder – your certification doesn’t mean much if you haven’t received certification from an accredited Certification Body – so make sure you do your research!
Businesses going through their final Assessments to gain ISO certification may see any decisions made by Certification Body Assessors as infallible, however there’s still a very human aspect which can lead to some common pitfalls.
Last week we dived into the requirements of ISO 17021 – the Conformity Assessment Standard designed for Certification Bodies, and more specifically the requirements in relation to you as a client.
In this weeks’ episode, Steve Mason joins Mel once again to share some issues raised by Blackmores’ clients against Certification Bodies, and explains the related rules in ISO 17021 which Certification Bodies should abide by.
You’ll learn
- What is ISO 17021?
- Key issues raised by Blackmores’ clients in relation to Certification Bodies
- Related ISO 17021 requirements
Resources
In this episode, we talk about:
[00:24] What is ISO 17021? It’s the Conformity Assessment Standard designed for Certification Bodies. In effect, it acts as a service level agreement. These are the rules that these certification bodies need to comply with if they are accredited by an accreditation body like UKAS. Listen to the previous episode to learn more.
[01:10] What are we focusing on in this episode? There have been some issues raised by some of our clients time and time again over the last 6 – 8 months. We want to break some of these issues down, and help listeners to understand what are the actual rules around these areas in relation to ISO 17021.
[01:40] Issue #1: Cancellations – Sometimes a cancellation is unavoidable, however there are still rules that any Certification Body needs to follow – most importantly they should notify the client.
Steve shares his experience with an Assessor who was due to show up on the 5th September 2023, and never turned up! it turned out that whilst the date was in the previous report, it had been removed from his diary, but it hadn’t then been put into somebody else’s diary, and because it hadn’t been put into somebody else’s diary, there was no flag to anybody to let the client know that the visits should take place. Now that visit had to be pushed back into January next year, which is the only time we can make it.
[02:50] Balancing Expectations – There’s an expectation from certification bodies that clients should not cancel a month or less than a month before they visit. Steve recommends that should apply to certification bodies cancelling for clients too.
There are many considerations to Certification Body visits, including:- cost, scheduling the right people to be present, setting time aside for the audit ect.
[04:30] One-sided penalties – Penalties seem to be very one-sided. For example: if the client cancelled two or three weeks beforehand because they had personal circumstances which meant that they couldn’t attend, they would be penalised and would have to pay in full for that visit. Yet the certification body can not show up on a day, and there’s no compensation whatsoever.
[05:10] This is not the norm for Certification Bodies – A reminder that the issues were raising are not the norm for Certification Bodies – however we are seeing an increase of complaints raised by our clients. This may have been exacerbated due to the recent shortage of Assessors.
[05:50] Issue #2: Planning Audits – Another issue that’s been cropping up is about planning audits – not just surveillance audits, but also stage 1 and stage 2 Assessments.
In regards to ISO 17021, Certification Bodies should be providing an Stage 1 Audit plan to the client to detail what will happen during the visit.
That plan is often not happening, or there’s a generic plan that gets sent out by the certification body which bears no relevance to what the assessor ends up doing. So that’s as useful as a chocolate teapot.
It should be sent a month ahead of the visit, not 2 -3 days before the visit takes place. Companies need time to organise the right people and Certification Bodies need to be considerate of that fact.
[07:35] Steve’s experience with a poor Audit plan from a Certification Body – Steve had an occasion where he had to write a plan on behalf of the Certification Body Assessor for the client as they’d neglected to even send one!
Steve used to be an Assessor, so is familiar with how these plans should be structured. The designated Assessor ended up using his plan – but this should not have been the case.
[07:58] Poor planning – There have been instances where the planning has been so poor that they send the wrong Assessor to a client site. We’ve had experiences where an ISO 27001 Audit was due to take place and the Assessor turned up expecting to Audit against ISO 9001.
[08:50] What should Certification Bodies be providing following a Stage 1 Assessment visit? – After your Stage 1, you should have another plan come out of that stage, after what’s known as the Programme Management Day. The reason for that is because the assessor sometimes needs to go away, look at what they’ve written up, and take into account what they’ve heard from the client, and put a reasonable plan in place.
The assessor should then sit down with the client to discuss the plan and what sites are going to be visited during the Stage 2 Assessment.
[09:30] Using the right language – Often we see plans come out with language in the plans that is alright for certification body, but the client has no idea what the assessor is going on about. Steve always used to sit down with his clients and say right, ‘what language do you want me to use?’ And then would use their language and would also put the clause from the related standard next to that and say ‘that’s the bit I’m going to audit’. You’re writing the plan for the customer, not for yourself.
It also acts as assurance for a potential replacement Assessor if the first Assessor is off sick and can’t make the next visit.
[11:33] What does ISO 17021 say? – In clause 9, ISO 17021 states that: the certification should ensure that the audit plan is established prior to each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities.
If they fail to put a plan in place, they are not meeting a requirement.
ISO 17021 also says that if you’ve got an organisation that’s got different sites, then the plan should take into account the different sites and whether the visit is going to be on site off site – as remote audits have become more common place post-pandemic.
[12:35] Steve’s experience with a flimsy plan provided by a Certification Body – ‘I came across an audit plan which was just a list of all the requirements a standard. It was across 5 days. But there was no indication as to which day those requirements were going to be assessed. There’s no indication as to how long each of those requirements are going to be assessed? So what could the client do to prepare for that?’
Steve did say to client send it back and get a proper plan, but they have absolutely no joy with the certification body.
[13:50] Issue #3: Unnecessary charges – Mel recounts a recent incident where a Certification Body cancelled 2 site visits, and due to the long delay between rebooking, the client had moved office. However, they only relocated a few doors down in one instance and across the road in another. The client then received a quote for an extension to scope – amounting to 3 extra days due to the address change!
Mel checked ISO 17021 and confirmed that an extension to scope is only applicable if changing what you’re doing or you’re adding a new location to the scope – however if you’re using the exact same scope and are only moving your business from one location to the next – it is not an extension to scope, it’s just a change of address.
Steve recounts a similar instance where a client was charged £160 for the address to be changed on their certificate! Which is a ridiculous and unnecessary admin fee which only serves to upset the client.
[17:50] Issue #4: No disclosure of the appeals process – if client a company isn’t happy with their nonconformities, there is an appeals process, which is a requirement of ISO 17021.
Steve highlights an incident where an Assessor told a client ‘don’t bother with the appeals process because it’ll only delay the delivery your certificate’ – Which was highly unprofessional of that particular Assessor to say.
The appeals process there is there to help clients if they disagree with their assessor, and allow them to go to a sort of third party that’s within the certification body and say, look, I don’t agree with this. Can you explain why it’s a nonconformity?
Top tip: If you do get a non-conformity that you’re confused about – Ask the Assessor to show you where in the standard it requires you to do that. If an assessor cannot show you that, then it is not a nonconformity.
[20:30] The complaints process – The complaints process really is not about appealing against a nonconformity, but complaining against perhaps not getting your plans in your reports and all that sort of thing.
[21:20] These issues are not the norm – don’t be put off ISO certification! – While we have noticed an increase in complaints in the last year, we also want to highlight that these have mostly been for 1 or 2 select Certification Bodies.
On the whole, Certification Bodies provide a wonderful service to their clients. We just wanted to bring their code of practice to your attention, that you can check ISO 17021 to verify that the Certification Body is being fair to you and fulfilling their own requirements in relation to customer service.
[23:35] Receiving reports – Lastly a reminder that reports to clients following visits should not take months to get to them. Clients should expect reports from Assessors in 2 – 3 days – not months!
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes’:
Stitcher | Spotify | YouTube | iTunes | Soundcloud |
If you are going for certification, or currently manage a certified ISO Management System, then you should also be aware of ISO 17021 ahead of any Assessments or Surveillance audits conducted by an accredited Certification Body.
ISO 17021 sets out requirements for bodies providing audit and certification of management systems. It ensures that Certification Bodies provide a reliable assessment of compliance with the applicable requirements, carried out by a competent impartial audit team, to achieve a consistent result for all clients.
So, why should you be aware of this Standard in particular? ISO 17021 also establishes what you as a client should expect from your Certification Body.
Steve Mason, Managing Consultant at Blackmores, joins Mel to discuss what ISO 17021 is, why you should be aware of it and the requirements related to expected service delivery from Certification Bodies.
You’ll learn
- What is ISO 17021
- The difference between accredited and non-accredited certification bodies
- A brief overview of the Standard and client related requirements
Resources
In this episode, we talk about:
[01:40] Why are we talking about ISO 17021 now? In our internal Team Meetings, Certification Bodies are an established talking point. Highlighting the good and the bad, but in recent months it’s been more on the negative side. Steve had highlighted ISO 17021 as the Standard to look at in regard to expected service delivery requirements from Certification Bodies – so here we are!
[03:00] What is ISO 17021? The reason for the standard is that it ensures that all certification bodies are delivering the same level of service to all customers. Certification Bodies don’t need to be certified to other standards such as ISO 9001, as ISO 17021 was specifically designed for the purpose of delivering certifications.
It’s also the standard where you can find out what’s expected of Certification Bodies – like a Terms and Conditions or service level agreement.
[05:00] The difference between accredited and non-accredited Certification Bodies – Go back and watch episode 19 to learn more.
[06:10] Why is it important that the Certification Body is accredited? – Accreditation proves that the Certification Body is being checked by another body. Accreditation is also recognised worldwide – it’s trusted as a gold standard of performance. There are many different accreditation bodies around the world, here in the UK it’s UKAS, but there are others such as ANAB in the US. Check out the International Accreditation Forum website to confirm the accreditation body for your country.
[08:10] Ultimately, a Certification Body can’t offer accredited certification services unless they’ve actually been assessed by the applicable accreditation body to ISO 17021, and they need to do that on an ongoing basis like any other certification.
They also may not be accredited to deliver every standard they offer – so make sure you verify with the certification body that they are in fact accredited to ISO 9001, ISO 27001 ect.
[09:15] A brief overview of what’s included in ISO 17021 – A lot of the clauses before this are really about the management of certification body, but when it comes to clause 9, this is where the customer becomes a lot more involved in the requirements. It covers topics such as planning audits, conducting audits, certification decision making, maintaining certification, the appeals process, the complaints process and then keeping client records.
Clause 9 in particular is where you, as a client, should focus.
[11:00] What core principles are described in ISO 17021? – Impartiality, competence, responsibility, openness, confidentiality, responsiveness to complaints, risk based approach and legal responsibilities.
[12:20] What personal behaviors should you expect from your assessor? – In Steve’s experience, he’s seen more and more assessors not living up to the requirements of ISO 17021. This could be for a number of reasons, i.e. they could have an uncooperative client, they may not have had adequate training, perhaps there’s a break down between clients and client managers. Either way, these are a few of the qualities that Assessors should embody: ethical, fair, truthful, sincere, honest, discrete and open-minded.
[14:00] A lack of open mindedness – Steve had encountered an Assessor that stated ‘This must be wrong because I’ve never seen it done that way’ – which is not open minded in the least. This resulted in a non-conformity which should have never been raised.
ISO 17021, clause 9.4.5 states that any non-conformity raised shall be recorded against a specific requirement in the Standard being audited. Assessors need to take heed not to assess to their preference.
[15:15] Top Tip – If you get asked a question, then give an answer and they raise that as a non-conformity that you’re unsure as to why it’s being raised – it’s always worth asking the Assessor to show you where in the standard they’re raising the non-conformity against.
It’s a case of clarifying the question and verifying what they’re raising a non-conformity against, and if there’s a justification for it. If there is, then great, they’re doing a great job! If not, it may be the Assessor’s personal bias, and there’s a chance you can get that non-conformity down to an opportunity for improvement.
[17:05] Other expected traits for Assessors to be aware of – Collaborative: It should be a partnership between the client and Assessor – they want what’s best for you.
Tenacious: This can sometimes be taken too far. For example, if your Assessor it still assessing past 5pm, tell them to go home. If they need more time, then it’s up to the certification body to work that one out.
Other basic traits include: Observational, being perceptive and versatile.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes’
Stitcher | Spotify | YouTube | iTunes | Soundcloud


Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our ISO Consultants, our isologists, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.
Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.
What our clients have to say
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.

Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.