ISO/IEC FDIS 17067

Secretariat: ISO/CASCOISO/IEC FDIS 17067:2026(en)
ISO/CASCO
Secretariat: ISO/CASCO
Date: 2026-XX-XX06-10
Conformity assessment — Fundamentals of and guidelines for
conformity assessment schemes
Évaluation de la conformité — Éléments fondamentaux de l’évaluation de la conformité et lignes directrices
pour les programmes de l’évaluationsystèmes particuliers d’évaluation de la conformité
FDIS stage
TThhiiss d drraftaft i iss s suubbmmiitttteded t too a pa pararallel vallel vootte e iinn I ISSOO,, I IECEC && C CENEN.

© ISO/IEC 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO'sISO’s member body in the country of the requester.
ISO Copyright Officecopyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Email: E-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland.
© ISO/IEC 2026 – All rights reserved
ii
Table of
© ISO/IEC 2026 – All rights reserved
iii
Contents
Foreword . vi
Introduction . viii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Conformity assessment schemes (programmes) and systems . 7
4.1 Difference between conformity assessment schemes and systems . 7
4.2 Object of conformity assessment . 10
4.3 Specified requirements . 11
4.4 Methodology . 11
5 Functional approach to conformity assessment. 11
5.1 General. 11
5.2 Conformity assessment activities . 12
5.3 Selection and determination . 13
5.4 Review, decision and attestation . 13
5.5 Surveillance . 14
6 Content of a scheme . 14
6.1 Functional approach implemented in the scheme . 14
6.2 Controlling the use of statement of conformity . 16
6.3 Reporting to the scheme owner . 16
6.4 Complaints and appeals. 17
6.5 Rules and procedures of a scheme . 17
7 Scheme owner responsibility . 19
7.1 General. 19
7.2 Scheme owner . 23
7.3 Ownership . 23
7.4 Development . 23
7.5 Management . 24
7.6 Maintenance . 24
7.7 Scheme integrity . 25
8 Lifecycle of a scheme . 25
8.1 Identifying the need for conformity assessment schemes . 25
8.2 Development of schemes . 26
8.3 Scheme documentation . 26
8.4 Discontinuing a scheme . 27
9 Categorization and types of schemes . 27
Annex A (informative) Conformity assessment schemes that include product, process or service
certification . 29
Annex B (informative) Conformity assessment schemes that include management system
certification . 33
Annex C (informative) Conformity assessment schemes that include certification of persons . 35
Annex D (informative) Conformity assessment programmes that include validation/verification37
Annex E (informative) Conformity assessment schemes that include inspection . 39
Annex F (informative) Conformity assessment schemes that include testing . 41
© ISO/IEC 2026 – All rights reserved
iv
Annex G (informative) Conformity assessment schemes that include accreditation . 43
Annex H (informative) Conformity assessment schemes that include peer assessment . 45
Annex I (informative) Conformity assessment schemes that include declaration . 47
Annex J (informative) Conformity assessment schemes that include multiple types of objects of
conformity assessment . 48
Annex K (informative) Typical characteristics of schemes . 52
Bibliography . 55

© ISO/IEC 2026 – All rights reserved
v
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members
of ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC
Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the use of
(a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent database
available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held responsible for
identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by the ISO Committee on Conformity Assessment (CASCO), in collaboration with
the European Committee for Standardization (CEN) Technical Committee CEN/CLC/JTC 1, Criteria for
conformity assessment bodies, in accordance with the Agreement on technical cooperation between ISO and
CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO/IEC 17067:2013), which has been technically
revised.
The main changes are as follows:
— — the scope has been expanded to apply to conformity assessment schemes in general;
— — the title has been updated to reflect the extended scope;
— — individual clauses have been rephrased to apply to conformity assessment schemes in general;
— — clauses have been added to provide specifics (e.g. on product certification schemes) where necessary;
— — guidelines for product certification schemes are maintained and moved to an Annex A;
— — Annexesannexes have been added to provide guidelines for other schemes (e.g. schemes including
inspection, management system certification, peer assessment, accreditation).
© ISO/IEC 2026 – All rights reserved
vi
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© ISO/IEC 2026 – All rights reserved
vii
Introduction
This document provides fundamental concepts, principles and guidelines for conformity assessment schemes
(which are sometimes referred to as “conformity assessment programmes”).
Conformity assessment performed in accordance with a conformity assessment scheme can provide
assurance to interested parties via demonstration that specified requirements are fulfilled. Conformity
assessment can thus provide assurance to interested parties in various areas, including but not limited to,
legal compliance, health and safety, suitability for intended use, performance, durability, compatibility,
environmental impacts, governance and social impacts, resource use efficiency and resource circularity,
management and use of information technology, climate change and sustainability matters.
This document is intended for those who have an interest in conformity assessment schemes, particularly
those who own or operate schemes, or are considering development of a scheme. These people and their
organizations can include:
a) a) governments and regulatory authorities;
b) b) industry, trade associations and organizations (e.g. retailers) within value chains;
c) c) procurement and purchasing agencies;
d) d) non-governmental organizations (NGOs);
e) e) consumer organizations;
f) f) bodies undertaking conformity assessment activities.
A conformity assessment scheme can be operated at an international, regional, national, sub-national level, or
for a specific industry sector or value chain. A scheme can be documented or only orally created.
A conformity assessment scheme is defined as a set of rules and procedures that:
g) a) describes objects of conformity assessment;
h) b) identifies the specified requirements; and
i) c) provides the methodology for performing conformity assessment.
This document is one of the ISO/IEC and ISO documents on conformity assessment that are developed and
maintained by the ISO Committee on Conformity Assessment (CASCO). These ISO/IEC and ISO documents are
colloquially known as the “CASCO toolbox” and contribute to the development of “conformity assessment
procedures” as referenced in the World Trade Organization Agreement on Technical Barriers to Trade
(WTO/TBT). These documents are applied and used by ISO and its members, IEC and its national committees,
and organizations outside of ISO and IEC (e.g. regulatory authorities, NGOs, accreditation bodies and
agreement groups) for globally accepted conformity assessment practice.
Unless explicitly stated otherwise, for ease of comprehension of this document, the terms "conformity
assessment scheme" and "conformity assessment programme" are considered synonyms, and referred to in
this document by the short term "scheme".
Where the context is unambiguous, "scheme" and "system" areis used in short for the full terms "conformity
assessment scheme" and "“conformity assessment programme”. For ease of comprehension of this document,
the terms "conformity assessment scheme" and “conformity assessment programme” are considered
synonyms, unless explicitly stated otherwise.
© ISO/IEC 2026 – All rights reserved
viii
Where the context is unambiguous, "system" is used in short for the full term "conformity assessment system",
respectively.".
Where the context is unambiguous, "object" is used in short for the full term "object of conformity assessment".
© ISO/IEC 2026 – All rights reserved
ix
Conformity assessment — Fundamentals of and guidelines for
conformity assessment schemes
1 Scope
This document specifies the fundamental principles and concepts of conformity assessment schemes
(programmes) and provides guidelines for understanding, developing, operating or maintaining them.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17000:2020, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— — ISO Online browsing platform: available at https://www.iso.org/obp
— — IEC Electropedia: available at https://www.electropedia.org/
3.1 3.1
conformity assessment
demonstration that specified requirements (3.3(3.3)) are fulfilled
Note 1 to entry: The process of conformity assessment as described in the functional approach in ISO/IEC 17000:2020,
Annex A can have a negative outcome, i.e. demonstrating that the specified requirements are not fulfilled.
Note 2 to entry: Conformity assessment includes activities, such as but not limited to testing, inspection, validation,
verification, certification (3.17(3.17),), and accreditation (3.18(3.18).).
Note 3 to entry: Conformity assessment is explained in ISO/IEC 17000:2020, Annex A as a series of functions. Activities
contributing to any of these functions can be described as conformity assessment activities.
Note 4 to entry: This document does not include a definition of “conformity”. “Conformity” does not feature in the
definition of “conformity assessment”. Nor does this document address the concept of compliance.
[SOURCE: ISO/IEC 17000:2020, 4.1, modified — In notes to entry 1 and 3, "ISO/IEC 17000:2020" has been
added.]]
3.2 3.2
object of conformity assessment
object
entity to which specified requirements (3.3(3.3)) apply
EXAMPLE Product, process, service, system, installation, project, data, design, material, claim, person, body or
organization, or any combination thereof.
Note 1 to entry: The term “body” is used in this document to refer to the conformity assessment body (3.19(3.19)) and
accreditation body (3.20(3.20).). The term “organization” is used in its general meaning and may include bodies according
© ISO/IEC 2026 – All rights reserved
to the context. The more specific ISO/IEC Guide 2 definition of an organization as a body based on membership is not
applicable to the field of conformity assessment (3.1(3.1).).
[SOURCE: ISO/IEC 17000:2020, 4.2]
3.3 3.3
specified requirement
need or expectation that is stated
Note 1 to entry: Specified requirements can be stated in normative documents such as regulations, standards and
technical specifications.
Note 2 to entry: Specified requirements can be detailed or general.
[SOURCE: ISO/IEC 17000:2020, 5.1]
3.4 3.4
conformity assessment scheme
conformity assessment programme
set of rules and procedures (3.21(3.21)) that describes the objects of conformity assessment (3.2(3.2),),
identifies the specified requirements (3.3(3.3)) and provides the methodology (3.22(3.22)) for performing
conformity assessment (3.1(3.1))
Note 1 to entry: A conformity assessment scheme can be managed within a conformity assessment system (3.5(3.5).).
Note 2 to entry: A conformity assessment scheme can be operated at an international, regional, national, sub-national, or
industry sector level.
Note 3 to entry: A scheme can cover all or part of the conformity assessment functions explained in ISO/IEC 17000:2020,
Annex A.
[SOURCE: ISO/IEC 17000:2020, 4.9, modified — In note 3 to entry, "ISO/IEC 17000:2020" has been added.]]
3.5 3.5
conformity assessment system
set of rules and procedures (3.21(3.21)) for the management of similar or related conformity assessment
schemes (3.4(3.4))
Note 1 to entry: A conformity assessment system can be operated at an international, regional, national, sub-national, or
industry sector level.
[SOURCE: ISO/IEC 17000:2020, 4.8]
3.6 3.6
owner
owner of a system
owner of a scheme
system owner
scheme owner
person or organization responsible for the development and maintenance of a conformity assessment system
(3.5(3.5)) or conformity assessment scheme (3.4(3.4))
Note 1 to entry: A scheme owner does not necessarily operate the scheme (3.4(3.4).).
Note 2 to entry: A system owner or a scheme owner can be a conformity assessment body (3.19(3.19)) itself, a
governmental authority, a trade association, a group of conformity assessment bodies or others.
© ISO/IEC 2026 – All rights reserved
[SOURCE: ISO/IEC 17000:2020, 4.13]
3.7 3.7
participant
participant in a system
participant in a scheme
person or organization that implements or operates under the rules and procedures (3.21(3.21)) of a
conformity assessment system (3.5(3.5)) or scheme (3.4(3.4)) without being involved in their development,
revision or approval
[SOURCE: ISO/IEC 17000:2020, 4.11]
3.8 3.8
member
member of a system
member of a scheme
person or organization that is involved in the development, revision or approval of the rules and procedures
(3.21(3.21)) of a conformity assessment system (3.5(3.5)) or scheme (3.4(3.4))
[SOURCE: ISO/IEC 17000:2020, 4.12]
3.9 3.9
first-party conformity assessment activity
conformity assessment (3.1(3.1)) activity that is performed by the person or organization that provides or that
is the object of conformity assessment (3.2(3.2))
Note 1 to entry: The first-, second- and third-party descriptors used to characterize conformity assessment activities in
relation to a given object are not to be confused with the legal identification of the relevant parties to a contract.
EXAMPLE Activities performed by providers, designers or owners of the object, investors in the object, and
advertisers or promoters of the object.
Note 2 to entry: If an activity is performed by an external body acting on behalf of and controlled by a person or
organization that provides or is the object, the activity is still called a first-party conformity assessment activity (e.g.
internal audits performed by a consultant who is not part of the organization).
[SOURCE: ISO/IEC 17000:2020, 4.3]
3.10 3.10
second-party conformity assessment activity
conformity assessment (3.1(3.1)) activity that is performed by a person or organization that has a user interest
in the object of conformity assessment (3.2(3.2))
Note 1 to entry: The first-, second- and third-party descriptors used to characterize conformity assessment activities in
relation to a given object are not to be confused with the legal identification of the relevant parties to a contract.
EXAMPLE Persons or organizations performing second-party conformity assessment activities include, for
example, purchasers or users of products, or potential customers seeking to rely on a supplier's management system, or
organizations representing those interests. Examples of organizations representing user interest include consumer
advocacy organizations, regulators implementing legislation governing products and services for the protection of
consumer and public interests, centralized government procurement organizations and private sector purchasing agents.
Note 2 to entry: If an activity is performed by an external body acting on behalf of and controlled by a person or
organization with a user interest, the activity is still called a second-party conformity assessment activity (e.g. supply
chain audits conducted by an external body on behalf of the purchaser).
[SOURCE: ISO/IEC 17000:2020, 4.4]
© ISO/IEC 2026 – All rights reserved
3.11 3.11
third-party conformity assessment activity
conformity assessment (3.1(3.1)) activity that is performed by a person or organization that is independent of
the provider of the object of conformity assessment (3.2(3.2)) and has no user interest in the object
Note 1 to entry: The first-, second- and third-party descriptors used to characterize conformity assessment activities in
relation to a given object are not to be confused with the legal identification of the relevant parties to a contract.
[SOURCE: ISO/IEC 17000:2020, 4.5]
3.12 3.12
review
consideration of the suitability, adequacy and effectiveness of selection and determination activities, and the
results of these activities, with regard to fulfilment of specified requirements (3.3(3.3)) by an object of
conformity assessment (3.2(3.2))
Note 1 to entry: A description of “selection and determination activities” is included in 5.15.1, 5.3, 5.3 and ISO/IEC
17000:2020, A.2 and A.3.
[SOURCE: ISO/IEC 17000:2020, 7.1, modified – Note to entry 1 added.]
3.13 3.13
decision
conclusion, based on the results of review (3.12(3.12),), that fulfilment of specified requirements (3.3(3.3)) has
or has not been demonstrated
[SOURCE: ISO/IEC 17000:2020, 7.2]
3.14 3.14
attestation
issue of a statement, based on a decision (3.13(3.13),), that fulfilment of specified requirements (3.3(3.3)) has
been demonstrated
Note 1 to entry: The resulting statement, referred to in this document as a “statement of conformity”, is intended to
convey the assurance that the specified requirements have been fulfilled. Such an assurance does not, of itself, provide
contractual or other legal guarantees.
Note 2 to entry: First-party attestation and third-party attestation are distinguished by the terms declaration
(3.16(3.16),), certification (3.17(3.17)) and accreditation (3.18(3.18),), but there is no corresponding term applicable to
second-party attestation.
[SOURCE: ISO/IEC 17000:2020, 7.3]
3.15 3.15
surveillance
systematic iteration of conformity assessment (3.1(3.1)) activities as a basis for maintaining the validity of the
statement of conformity
[SOURCE: ISO/IEC 17000:2020, 8.1]
3.16 3.16
declaration
first-party attestation (3.14(3.14))
[SOURCE: ISO/IEC 17000:2020, 7.5]
© ISO/IEC 2026 – All rights reserved
3.17 3.17
certification
third-party attestation (3.14(3.14)) related to an object of conformity assessment (3.2(3.2),), with the exception
of accreditation (3.18(3.18))
[SOURCE: ISO/IEC 17000:2020, 7.6]
3.18 3.18
accreditation
third-party attestation (3.14(3.14)) related to a conformity assessment body (3.19(3.19),), conveying formal
demonstration of its competence, impartiality and consistent operation in performing specific conformity
assessment activities
[SOURCE: ISO/IEC 17000:2020, 7.7]
3.19 3.19
conformity assessment body
body that performs conformity assessment activities, excluding accreditation (3.18(3.18))
[SOURCE: ISO/IEC 17000:2020, 4.6]
3.20 3.20
accreditation body
authoritative body that performs accreditation (3.18(3.18))
Note 1 to entry: The authority of an accreditation body can be derived from government, public authorities, contracts,
market acceptance or scheme owners.
[SOURCE: ISO/IEC 17000:2020, 4.7]
3.21 3.21
procedure
specified way to carry out an activity or a process
Note 1 to entry: In this context, a process is defined as a set of interrelated or interacting activities that use inputs to
deliver an intended result.
[SOURCE: ISO/IEC 17000:2020, 5.2]
3.22 3.22
methodology
systematic collection of methods
Note 1 to entry: In conformity assessment (3.1(3.1),), a systematic approach, or collection of methods, for performing
activities contributing to the functions described in ISO/IEC 17000:2020, Annex A, (the functional approach) is one part
of a conformity assessment scheme (3.9().). Individual demonstrations performed in accordance with the same conformity
assessment scheme follow the same methodology.
Note 2 to entry: A method or procedure for a specific individual conformity assessment activity (3.5()) within the
functional approach (e.g. a sampling protocol, test method, calibration method, inspection procedure, a general plan for
an audit of a management system, a general plan for validation or verification of a type of claim, the formatting of a
statement of conformity) can be included or referenced in the methodology provided in a conformity assessment scheme.
However, a method or procedure for a specific individual conformity assessment activity is not by itself a methodology
for demonstrating the fulfilment of specified requirements (3.1().).
[SOURCE: ISO/IEC 17007:2026, 3.10]
© ISO/IEC 2026 – All rights reserved
3.23 3.23
complaint
expression of dissatisfaction, other than appeal (3.24(3.24),), by any person or organization to a conformity
assessment body (3.19(3.19)) or an accreditation body (3.20(3.20),), relating to the activities of that body,
where a response is expected
[SOURCE: ISO/IEC 17000:2020, 8.7]
3.24 3.24
appeal
request by the person or organization that provides, or that is, the object of conformity assessment (3.2(3.2))
to a conformity assessment body (3.19(3.19)) or an accreditation body (3.20(3.20)) for reconsideration by that
body of a decision (3.13(3.13)) it has made relating to that object
[SOURCE: ISO/IEC 17000:2020, 8.6]
3.25 3.25
testing
testing determination of one or more characteristics of an object of conformity assessment (4.2(4.2),),
according to a procedure (5.2(5.2))
[SOURCE: ISO/IEC 17000:2020, 6.2]
3.26
3.26
inspection
inspection examination of an object of conformity assessment (4.2(4.2)) and determination of its conformity
with detailed requirements or, on the basis of professional judgement, with general requirements.
[SOURCE: ISO/IEC 17000:2020, 6.3]
3.27
3.27
validation
validation confirmation of plausibility for a specific intended use or application through the provision of
objective evidence that specified requirements (5.1(5.1)) have been fulfilled.
[SOURCE: ISO/IEC 17000:2020, 6.5]
3.28
3.28
verification
verification confirmation of truthfulness through the provision of objective evidence that specified
requirements (5.1(5.1)) have been fulfilled.
[SOURCE: ISO/IEC 17000:2020, 6.6]
3.29 3.29
agreement group
bodies that are signatories to the agreement on which an arrangement is based
[SOURCE: ISO/IEC 17000:2020, 9.10]
© ISO/IEC 2026 – All rights reserved
3.30 3.30
recognition
recognition of a conformity assessment result
acknowledgement of the validity of a conformity assessment result provided by another person or
organization
Note 1 to entry: The expression “conformity assessment result” signifies the output of any conformity assessment
activity (e.g. a report or certificate) and can include a finding of nonconformity.
[SOURCE: ISO/IEC 17000:2020, 9.5]
3.31
3.31
acceptance
acceptance of a conformity assessment result
use of a conformity assessment result provided by another person or organization
Note 1 to entry: The expression “conformity assessment result” signifies the output of any conformity assessment
activity (e.g. a report or certificate) and can include a finding of nonconformity.
[SOURCE: ISO/IEC 17000:2020, 9.6]
4 Conformity assessment schemes (programmes) and systems
4.1 Difference between conformity assessment schemes and systems
4.1.1 4.1.1 The set of rules and procedures defined as a “conformity assessment scheme” or “conformity
assessment programme” relates to:
a) a) a description of the object of conformity assessment (see 4.24.2););
b) b) identification of the specified requirements (see 4.34.3););
c) c) provision of the methodology (see 4.44.4 and Clause 5Clause 5)) for performing conformity
assessment (e.g. rules for persons and organizations involved in conformity assessment, procedures for
individual activities, rules and procedures for issuing statements of conformity).
4.1.2 4.1.2 Rules and procedures can be unique to a conformity assessment scheme or shared by multiple
schemes. The rules and procedures shared by multiple schemes can be described and documented separately
from the content of the individual schemes. Such common rules and procedures can relate to concepts (e.g.
specific to a sector or an application), structure, methodology, requirements, or other content shared by the
schemes. Documents providing such general contents for multiple schemes are different from documents
containing an individual conformity assessment scheme. Sometimes these documents are referred to as
“frameworks”.
4.1.3 4.1.3 Depending on the object of conformity assessment and the needs of users of conformity
assessment, a scheme can be used only once or repeatedly.
4.1.4 4.1.4 The rules and procedures in a scheme can be provided in a single document or in multiple
documents linked by reference. Documented schemes can be intended for repeated use over a long period of
time.
4.1.5 4.1.5 A conformity assessment system is also a set of rules and procedures. However, these rules and
procedures are to manage several conformity assessment schemes that are similar or related. An example for
a conformity assessment system is the IEC CA System to manage the IECEE, IECQ, IECRE, IECEx certification
schemes. Whenever conformity assessment is performed, a scheme always exists, but a system for managing
schemes is optional.
© ISO/IEC 2026 – All rights reserved
Figure 1Figure 1 illustrates the relationship between a scheme and a system.

© ISO/IEC 2026 – All rights reserved
© ISO/IEC 2026 – All rights reserved
Figure 1 — Relationship between conformity assessment scheme and conformity assessment system
4.2 Object of conformity assessment
4.2.1 4.2.1 An object of conformity assessment can be, for example, a product, process, service,
management system, system, design, project, data, information, software, material, installation, claim, person,
body or organization, or any combination thereof (e.g. a product and its production process, an installation
and its maintenance service). The conformity assessment scheme should clearly describe the object of
conformity assessment to which the specified requirements within the scheme will apply.
4.2.2 4.2.2 The object can be a single item or a group of items based on common characteristics (e.g. any
area of land used for a specific purpose, any person with a specific ability, any management system for a
specific discipline, or any person performing a specific type of activity).
4.2.3 4.2.3 Schemes that describe multiple objects can identify unique specified requirements to be used
for each object. Specified requirements are identified for each object in the scheme.
© ISO/IEC 2026 – All rights reserved
4.3 Specified requirements
4.3.1 4.3.1 Specified requirements applicable to the object of conformity assessment are stated needs or
expectations. The content of specified requirements should indicate the type of object of conformity
assessment to which they apply.
4.3.2 4.3.2 Specified requirements are chosen for the scheme so that, when fulfilled, needs and concerns
for assurance are resolved.
4.3.3 4.3.3 Specified requirements are often in the form of provisions in normative documents such as
standards, technical specifications, codes of practice and regulations.
4.3.4 4.3.4 Specified requirements can be detailed (e.g. specific expression of measurements or data) or
general (e.g. properties and qualities, such as “safe to use” or “fit for intended purpose” or “fit for intended
use”).
4.3.5 4.3.5 Where applicable, the specified requirements should be written in terms of results or
outcomes, together with limiting values and tolerances. The specified requirements should be stated
unambiguously using wording that is objective, logical, valid, specific and should enable consistent application
by organizations as well as consistent evaluation across conformity assessment bodies.
4.3.6 4.3.6 Identification of the specified requirements for the conformity assessment scheme can be
made by reference (e.g. to the applicable standards, technical specifications, regulation, or other normative
documents) or by documentation as content element of the scheme itself.
4.3.7 4.3.7 Further guidance for drafting normative documents suitable for use for conformity
assessment, including documents which provide specified requirements, can also be found in ISO/IEC 17007.
4.4 Methodology
4.4.1 4.4.1 The rules and procedures for methodology are one element of a conformity assessment
scheme. They include methods and procedures for performing conformity assessment activities in the
functions described in ISO/IEC 17000:2020, Annex A (the functional approach). Individual demonstrations
performed in accordance with the same scheme follow the same methodology provided by the scheme.
4.4.2 4.4.2 A method or procedure for a specific individual activity within the functional approach (e.g. a
sampling protocol, test method, calibration method, inspection procedure, a general plan for an audit of a
management system, a general plan for validation or verification of a type of claim, the formatting of a
statement of conformity) can be included or referenced in the methodology provided in a scheme.
4.4.3 4.4.3 Methodology for performing conformity assessment can include rules and procedures for:
a) a) conformity assessment activities including methods for individual activities such as
assessment, auditing, design review, evaluation, examination, inspection, testing, calibration, validation,
verification, review, decision and attestation;
b) b) conformity assessment activities during surveillance;
c) c) a certificate, mark, label, listing in databases or on websites, approval, consent, permission,
licence, report, letter, or other statement of conformity issued to communicate that a successful
demonstration of fulfilment of specified requirement by a specific object of conformity assessment exists.
5 Functional approach to conformity assessment
5.1 General
5.1.1 5.1.1 Conformity assessment is a series of functions that satisfy the need or demand for
demonstration that specified requirements are fulfilled.
© ISO/IEC 2026 – All rights reserved
NOTE See ISO/IEC 17000:2020, Annex A.
The functions are:
— — selection, which involves planning and preparation activities in order to collect or produce all the
information and input needed for the subsequent determination function (see 5.3.15.3.1););
— — determination, which relates to activities that are undertaken to develop or to gather complete
information regarding fulfilment of the specified requirements by the object of conformity assessment or
its sample (see 5.3.25.3.2););
— — review, decision and attestation, which includes review as the final stage of checking before taking the
important decision as to whether or not the object of conformity assessment has been reliably
demonstrated to fulfil the specified requirements (see 5.4.15.4.1)) and attestation, which results in a
statement of conformity communicating that fulfilment of specified requirements has been demonstrated
(see 5.4.25.4.2).).
5.1.2 5.1.2 The functional approach is the general structure for the methodology provided by conformity
assessment schemes.
5.1.3 5.1.3 The aspects of the functional approach addressed by the scheme’s rules and procedures for
methodology and the level of detail in those rules and procedures are decided when the scheme is developed
and can be altered as the scheme is maintained.
5.1.4 5.1.4 When the rules and procedures for methodology are general, the scheme can be flexible and
used broadly. However, leaving the choice of specific activities and details to bodies performing conformity
assessment can result in significant differences in individual demonstrations performed in accordance with
the scheme which can negatively impact the consistency of the assurance among these demonstrations.
Very detailed rules and procedures, on the other hand, result in highly consistent assurance among different
demonstrations performed in accordance with the scheme. However, very detailed rules and procedures can
result in the applicability of the scheme being very narrow or delay improvement or innovation in the scheme.
Implementing the appropriate balance between flexibility and consistency should be considered in developing
and maintaining a scheme.
5.2 Conformity assessment activities
5.2.1 5.2.1 Activities contributing to any of the functions are described as “conformity assessment
activities”.
5.2.2 5.2.2 The rules and procedures for methodology can specify, for example:
a) a) what activities are to be performed;
b) b) who performs activities;
c) c) when activities are performed and their sequence;
d) d) where activities are performed;
e) e) how often activities are performed;
f) f) the method, plan, procedure, or instructions for individual activities.
5.2.3 5.2.3 Conformity assessment activities are performed in accordance with the rules and procedures
of the scheme by conformity assessment bodies, accreditation bodies (collectively “bodies”) or agreement
© ISO/IEC 2026 – All rights reserved
groups. Any activities or details needed for demonstrating fulfilment of specified requirements but not
addressed by the rules and procedures of the scheme are left for the bodies to decide when performing
activities in accordance with the scheme.
5.3 Selection and determination
5.3.1 5.3.1 Conformity assessment activities contributing to the selection function include, but are not
limited to, planning, sampling and sample preparation.
5.3.2 5.3.2 Conformity assessment activities contributing to the determination function include, but are
not limited to, assessment, auditing, design review, evaluation, examination, inspection, peer assessment,
testing, calibration, validation and verification.
5.3.3 5.3.3 Rules and procedures for testing and inspection can include decision rules as a basis for stating
whether the tested or inspected items fulfil specified requirements. Such statements are part of the reported
results of testing or inspection, pertain only to the tested or inspected items, and are different from the
statement of conformity issued during attestation (see 5.4.25.4.2).).
Rules and procedures for testing and inspection can specify that results are reported with no indication of
whether items tested or inspected fulfil specified requirements.
5.3.4 5.3.4 Likewise, rules and procedures for validation and verification can specify that reports include
a conclusion regarding fulfilment of specified requirements. Such conclusions are part of the reported results
of validation and verification, pertain only to the evidence reviewed, and are different from the statement of
conformity issued during attestation (see 5.4.25.4.2).).
Rules and procedures for validation and verification can specify reports with no indication of whether the
declared information (claim) fulfils specified requirements.
5.4 Review, decision and attestation
5.4.1 5.4.1 The decision i
...