SIST-TS ISO/IEC TS 17035:2024

SLOVENSKI STANDARD
01-november-2024
Ugotavljanje skladnosti - Smernice za programe validacije in verifikacije
Conformity assessment - Guidelines for validation and verification programmes
Évaluation de la conformité — Lignes directrices pour les programmes de validation et
de vérification
Ta slovenski standard je istoveten z: ISO/IEC TS 17035:2024
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

Technical
Specification
ISO/IEC TS 17035
First edition
Conformity assessment —
2024-09
Guidelines for validation and
verification programmes
Évaluation de la conformité — Lignes directrices pour les
programmes de validation et de vérification
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Validation/Verification programmes . 4
4.1 General .4
4.2 Programme content .5
4.2.1 Scope of validation/verification .5
4.2.2 Competence, impartiality and operation of validation/verification bodies .5
4.2.3 Steps for the validation/verification process .6
4.2.4 Evidence gathering activities .6
4.2.5 Reporting .7
4.3 Programme development . .7
4.4 Programme maintenance, review and improvement .8
5 Programme owner . 9
Annex A (informative) Clarification of logo/symbol/mark . 10
Annex B (informative) Recognition of validation/verification programmes .12
Annex C (informative) Questions to help recognize a validation/verification programme . 14
Bibliography . 17

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by the ISO Committee on Conformity Assessment (CASCO).
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
This document is aligned with ISO/IEC 17029 which provides principles and requirements for bodies
providing validation/verification services. ISO/IEC 17029 is a generic standard that can apply to validation/
verification bodies in any economic sector or industry. It is distinct from other standards for conformity
assessment bodies in that it requires the object of conformity to be a claim, and for this to be validated
and/or verified in accordance with a validation or verification programme. Validation/verification bodies
operating in accordance with ISO/IEC 17029 can provide services as first-, second- or third-party activities.
This document is also aligned with sector-specific applications of ISO/IEC 17029, such as ISO 14065 which
references the requirements of ISO/IEC 17029 and includes specific requirements related to bodies that
validate or verify environmental information.
To validate or verify a claim, validation/verification bodies must often review large amounts of data and
information, including aspects such as the suitability of the boundaries of the claim; the way data has been
defined, collected and recorded; how quantification and calculation methods that support the claim have
been undertaken; and provision of a professional judgement on matters that are material or significant to
the claim.
The issuance of a validation or verification statement will normally be a one-off attestation based on the
information available at that point in time. Validation/verification statements normally do not have a period
of validity associated with them. Each subsequent validation/verification is a new separate conformity
assessment and is not considered to be a surveillance activity that supports an original or previous
validation/verification statement.
The result of validation or verification activities will frequently be a validation or verification statement.
These statements normally provide an opinion from the validation or verification body on the plausibility
of a claim that is made about the future based on projected data (validation), or the truthfulness of the
claim based on historical data (verification). The results from a validation and verification programme can
sometimes be combined to support a claim (e.g. a mixed engagement or in the management of similar or
related programmes). Validation/verification bodies can also be asked to undertake a validation/verification
process and issue a report of their findings, but without any formal statement or opinion on the plausibility
or truthfulness of the claim being made.
NOTE This is often referred to undertaking validation or verification activities on the basis of Agreed Upon
Procedures (AUP).
Within ISO/IEC 17029, there is a requirement for validation/verification bodies to operate within the
context of at least one validation or verification programme. Within ISO/IEC 17029 requirements, there
are many references to validation/verification programmes, and it is expected that validation/verification
programmes give direction to the validation/verification body. The importance of appropriate validation/
verification programmes when undertaking validation/verification activities in accordance with
ISO/IEC 17029 is critical to the correct operation of this type of conformity assessment.
ISO/IEC 17029:2019, Annex A also provides a comprehensive informative list of elements to be considered in
the development and operation of validation/verification programmes. The content of ISO/IEC 17029:2019,
Annex A has been included and amplified in this document.
To assist in the development, operation and recognition of validation/verification programmes suitable for
use with ISO/IEC 17029, this document covers the following:
a) an overview of validation/verification programmes in the context of ISO/IEC 17029;
b) development of validation/verification programmes;
c) recognition of validation/verification programmes.

© ISO/IEC 2024 – All rights reserved
v
Technical Specification ISO/IEC TS 17035:2024(en)
Conformity assessment — Guidelines for validation and
verification programmes
1 Scope
This document provides guidance to validation/verification programme owners, validation/verification
bodies and interested parties on the development, content and operation of validation/verification
programmes.
When implemented by validation/verification bodies, this document is intended to be used in conjunction
with ISO/IEC 17029 and sector-specific applications of ISO/IEC 17029.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17000, Conformity assessment — Vocabulary and general principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
claim
information declared by the client
Note 1 to entry: The claim is the object of conformity assessment by validation (3.2)/verification (3.3).
Note 2 to entry: The claim can represent a situation at a point in time or could cover a period of time.
Note 3 to entry: The claim should be clearly identifiable and capable of consistent evaluation or measurement against
specified requirements by a validation body (3.4)/verification body (3.5).
Note 4 to entry: The claim can be provided in the form of a report, a statement, a declaration, a project plan, or
consolidated data.
[SOURCE: ISO/IEC 17029:2019, 3.1]
3.2
validation
confirmation of a claim (3.1), through the provision of objective evidence, that the requirements for a specific
intended future use or application have been fulfilled
Note 1 to entry: Objective evidence can come from real or simulated sources.
Note 2 to entry: Validation is considered to be a process to evaluate the reasonableness of the assumptions, limitations,
and methods that support a claim about the outcome of future activities.

© ISO/IEC 2024 – All rights reserved
Note 3 to entry: Validation is applied to claims regarding an intended future use based on projected information
(confirmation of plausibility).
Note 4 to entry: In this document, the expression “validation/verification” means either validation or verification (3.3),
or both.
[SOURCE: ISO/IEC 17029:2019, 3.2, modified – The original Note 4 to entry has been deleted and a new Note
4 to entry has been added.]
3.3
verification
confirmation of a claim (3.1), through the provision of objective evidence, that specified requirements have
been fulfilled
Note 1 to entry: Verification is considered to be a process for evaluating a claim based on historical data and
information to determine whether the claim is materially correct and conforms with specified requirements.
Note 2 to entry: Verification is applied to claims regarding events that have already occurred or results that have
already been obtained (confirmation of truthfulness).
Note 3 to entry: In this document, the expression “validation/verification” means either validation (3.2) or verification,
or both.
[SOURCE: ISO/IEC 17029:2019, 3.3, modified – The original Note 3 to entry has been deleted and a new Note
3 to entry has been added.]
3.4
validation body
body that performs validation (3.2)
Note 1 to entry: A validation body can be an organization, or part of an organization.
Note 2 to entry: In this document, the expression “validation/verification body” means either validation body or
verification body (3.5), or both.
[SOURCE: ISO/IEC 17029:2019, 3.4, modified – Note 2 to entry has been added.]
3.5
verification body
body that performs verification (3.3)
Note 1 to entry: A verification body can be an organization, or part of an organization.
Note 2 to entry: In this document, the expression “validation/verification body” means either validation body (3.4) or
verification body, or both.
[SOURCE: ISO/IEC 17029:2019, 3.5, modified – Note 2 to entry has been added.]
3.6
validation statement
declaration by the validation body (3.4) of the outcome of the validation (3.2) process
Note 1 to entry: Validation statements can be referred to using specific programme terminology, such as “decisions”,
“opinions” or “reports”.
Note 2 to entry: The validation statement reflects only the situation at the point in time it is issued.
Note 3 to entry: The validation statement can be confirming or not confirming the claim (3.1), with or without
comments, according to the programme requirements.
Note 4 to entry: In this document, the expression “validation/verification statement” means either validation
statement or verification statement (3.7), or both.
[SOURCE: ISO/IEC 17029:2019, 3.6, modified – Note 4 to entry has been added.]

© ISO/IEC 2024 – All rights reserved
3.7
verification statement
declaration by the verification body (3.5) of the outcome of the verification (3.3) process
Note 1 to entry: Verification statements can be referred to using specific programme terminology, such as “decisions”,
“opinions” or “reports”.
Note 2 to entry: The verification statement reflects only the situation at the point in time it is issued.
Note 3 to entry: The verification statement can be confirming or not confirming the claim (3.1), with or without
comments, according to the programme requirements.
Note 4 to entry: In this document, the expression “validation/verification statement” means either validation statement
(3.6) or verification statement, or both.
[SOURCE: ISO/IEC 17029:2019, 3.7, modified – Note 4 to entry has been added.]
3.8
validation programme
rules, procedures and management for carrying out validation (3.2) activities in a specific sector
Note 1 to entry: Validation programmes can be operated at international, regional, national, sub-national or sector-
specific level.
Note 2 to entry: A programme can also be called a “scheme”.
Note 3 to entry: A set of standards able to cover all the requirements of ISO/IEC 17029 can serve as a programme.
Note 4 to entry: In this document, the expression “validation/verification programme” means either validation
programme or verification programme (3.9), or both.
[SOURCE: ISO/IEC 17029:2019, 3.8, modified – Note 4 to entry has been added.]
3.9
verification programme
rules, procedures and management for carrying out verification (3.3) activities in a specific sector
Note 1 to entry: Verification programmes can be operated at international, regional, national, sub-national or sector-
specific level.
Note 2 to entry: A programme can also be called a “scheme”.
Note 3 to entry: A set of standards able to cover all the requirements of ISO/IEC 17029 can serve as a programme.
Note 4 to entry: In this document, the expression “validation/verification programme” means either validation
programme (3.8) or verification programme, or both.
[SOURCE: ISO/IEC 17029:2019, 3.9, modified – Note 4 to entry has been added.]
3.10
programme owner
person or organization responsible for developing and maintaining a specific validation programme (3.8) or
verification programme (3.9)
Note 1 to entry: The programme owner can be the validation body (3.4)/verification body (3.5) itself, a governmental
authority, a trade association, a group of validation bodies/verification bodies, an external programme owner or others.
[SOURCE: ISO/IEC 17029:2019, 3.10]
3.11
normative document
document that provides rules, guidelines or characteristics for activities or their results
Note 1 to entry: The term “normative document” is a generic term that covers such documents as standards, technical
specifications, codes of practice and regulations.

© ISO/IEC 2024 – All rights reserved
Note 2 to entry: A “document” is to be understood as any medium with information recorded on or in it.
Note 3 to entry: The terms for different kinds of normative documents are defined considering the document and its
content as a single entity.
[SOURCE: ISO/IEC Guide 2:2004, 3.1]
4 Validation/Verification programmes
4.1 General
4.1.1 In accordance with ISO/IEC 17029, validation/verification are always undertaken within the context
of a validation/verification programme, in which case the operated validation/verification programme
cannot exclude any of the requirements specified by ISO/IEC 17029. This document can be used by
programmes that use another document for validation/verification bodies, in which case the programme
should not exclude or contradict the requirements in that document.
4.1.2 Programmes can be legal frameworks, a set of international, regional or national standards,
global initiatives and sector applications, as well as individual agreements with clients of the validation/
verification body.
4.1.3 Conformity assessment schemes in general comprise the full set of rules and procedures:
— describing the object of conformity assessment (claim),
— identifying the specified requirements applicable to the claim, and
— providing the methodology for performing conformity assessment (validation/verification).
NOTE The specified requirements to be identified apply to the object (i.e. relate to describing the claim). The
methodology relates to the way conformity assessment is performed (i.e. how, when, by whom), e.g. providing specific
methods and procedures for certain activities or rules for validation/verification bodies.
4.1.4 ISO/IEC 17029:2019, 3.11 defines the scope of validation/verification as the identification of the claim
as being the object of conformity assessment and the identification of the applicable specified requirements.
4.1.5 ISO/IEC 17029:2019, Clause 8 lists the following elements as content of programmes:
a) scope of validation/verification;
b) specific competence criteria for the validation/verification team and body;
c) process for validation/verification;
d) evidence gathering activities of validation/verification ;
e) reporting of validation/verification.
NOTE ISO/IEC 17029:2019, Annex A also provides additional elements.
4.1.6 The content of the programme (see 4.2) is specified by the programme owner (see 4.3).
4.1.7 Where validation/verification is performed as conformity assessment, i.e. including a decision on
whether or not to confirm the claim, the result or deliverable of the outcome of this process is a validation/
verification statement (see ISO/IEC 17029:2019, 9.7).
Where validation/verification is performed as an activity contributing to the selection, determination, and
review functions of the validation/verification process (see ISO/IEC 17029:2019, Annex B), other deliverables
than a validation/verification statement result from this activity.

© ISO/IEC 2024 – All rights reserved
In principle, a validation/verification programme can specify deliverables resulting from activities
contributing to each of the functions. For example,
— a “validation/verification plan” as a result of selection activities (see ISO/IEC 17029:2019, 9.2 and 9.4);
— an “evidence report” as a result of the selection and determination activities (see ISO/IEC 17029:2019,
9.2, 9.4 and 9.5);
— a “findings report” as a result of the review of the gathered evidence (see ISO/IEC 17029:2019, 9.6);
— a “report of actual findings”, i.e. the outcome of agreed upon procedures (AUP).
4.1.8 The deliverables associated with validation/verification programmes can be used as inputs to other
conformity assessment activities.
EXAMPLE A validation/verification statement can be used as an input into an evaluation activity of a product
certification body that fulfils ISO/IEC 17065.
Similarly, validation/verification programmes can specify that the results of other conformity assessment
activities (such as auditing, inspection, testing or certification) can be used as inputs into the validation/
verification process.
4.2 Programme content
4.2.1 Scope of validation/verification
4.2.1.1 The programme describes the claim to be the object of validation/verification, e.g. specifying
types of claims and boundaries.
4.2.1.2 The programme contains or references specified requirements to be fulfilled by the claim in order
to be confirmed.
4.2.1.3 The programme can allow for specific levels of assurance provided with the outcome of validation/
verification, e.g. reasonable, limited (see ISO/IEC 17029:2019, 9.2.2).
4.2.2 Competence, impartiality and operation of validation/verification bodies
4.2.2.1 The programme should describe means of monitoring to identify and to mitigate threats to
impartiality, e.g. consulting with the committee of the interested parties (see ISO/IEC 17029:2019, 5.3.3).
4.2.2.2 The programme can allow and set rules for providing both validation and verification to the same
client or in the context of the same project (see ISO/IEC 17029:2019, 5.3.8).
4.2.2.3 The programme can require or recommend specific arrangements to cover liability (see
ISO/IEC 17029:2019, 5.4).
4.2.2.4 The programme can specify requirements for resources, i.e. personnel, facilities, equipment,
systems and support services (see ISO/IEC 17029:2019, 7.1).
4.2.2.5 The programme can specify a period for personnel who have provided consultancy before
performing validation/verification activities (see ISO/IEC 17029:2019, 7.2.5).
4.2.2.6 The programme can require or recommend specific confidentiality requirements (see
ISO/IEC 17029:2019, 7.2.6).
© ISO/IEC 2024 – All rights reserved
4.2.2.7 The programme can specify the training requirements of personnel, including requirements for
their monitoring (see ISO/IEC 17029:2019, 7.3.2).
4.2.2.8 The programme can set rules for outsourcing, including prohibitions on outsourcing (see
ISO/IEC 17029:2019, 7.4).
4.2.2.9 The programme can specify requirements for persons carrying out the review, e.g. not being
involved in planning (see ISO/IEC 17029:2019, 9.6.2).
4.2.2.10 The programme can specify the requirements for persons making the decision on whether or not
to confirm the claim and issuing the validation/verification statement, e.g. not being involved in planning
(see ISO/IEC 17029:2019, 9.7.1.2).
4.2.3 Steps for the validation/verification process
4.2.3.1 The programme contains rules and procedures for carrying out validation/verification, e.g.
specific requirements for the pre-engagement (see 4.2.3.2), engagement (see 4.2.3.3), planning, execution
(see 4.2.4), review and decision (see 4.2.3.5 and 4.2.4.2).
4.2.3.2 Pre-engagement activities specified by the programme can include information to be submitted by
the client for pre-engagement review, time frames and any applicable fees (see ISO/IEC 17029:2019, 9.2).
4.2.3.3 Specification of the engagement agreement between the client and the validation/verification body
by the programme can include identification of the programme requirements to be covered by agreement
[see ISO/IEC 17029:2019, 9.3.1 and 9.3.3 bullet b)].
4.2.3.4 Planning and preparation activities specified by the programme can include specific terms, e.g.
evidence-gatheri
...