Certification Decision Process and Authority

The certification decision process governs how a conformity assessment body formally grants, maintains, suspends, or withdraws a certificate following an audit. This page covers the structural mechanics of that process, the authority requirements that must be in place before a decision is rendered, the scenarios in which decisions arise, and the boundaries separating permissible from impermissible decision-making. Understanding these mechanics is essential for organizations seeking certification and for auditors operating within accredited systems.

Definition and scope

A certification decision is the formal act by which a certification body (CB) determines whether a client organization has demonstrated sufficient conformance with a specified standard or regulatory requirement to be granted, continued, expanded, or revoked in its certified status. This act is distinct from the audit itself — auditing produces evidence; the decision evaluates that evidence against normative criteria.

The scope of the decision function encompasses initial certification, surveillance cycle outcomes, recertification, scope extensions, scope reductions, suspensions, and withdrawals. ISO/IEC 17021-1:2015 — the internationally recognized requirements document for bodies providing audit and certification of management systems — establishes that the certification decision must be made by a person or persons who did not participate in the audit being assessed. This separation is not procedural preference; it is a structural impartiality requirement enforced at the accreditation level by bodies such as ANAB (ANSI National Accreditation Board) and A2LA (American Association for Laboratory Accreditation).

For a broader comparison of how certification authority interacts with accreditation oversight, see Accreditation vs Certification.

How it works

The certification decision process follows a defined sequence with discrete phases:

  1. Audit completion and report finalization. The audit team lead submits a complete audit report, including all identified nonconformities classified by severity (major, minor, or observation), to the CB's internal review function.
  2. Nonconformity closure review. Where major nonconformities exist, the client must submit documented corrective action evidence before the decision phase begins. ISO/IEC 17021-1 Clause 9.1.7 sets the expectation that major nonconformities require verified effectiveness of corrective action prior to certification.
  3. Decision authority review. A qualified decision-maker — who must not have participated in the audit — reviews the complete audit record, the nonconformity log, and the corrective action submissions. This reviewer assesses sufficiency, not just compliance with process.
  4. Formal decision issuance. The CB issues the certification decision in writing, specifying the scope, the normative standard, the decision outcome, and the effective date.
  5. Certificate issuance or status update. If positive, a certificate document is generated per the CB's documented scheme. If negative, suspended, or withdrawn, the client receives written notification with specified grounds.

The decision-maker must hold documented competence relevant to the technical sector and standard under review. ISO/IEC 17021-1 Annex A details competence requirements by function, distinguishing between audit team competence and decision-maker competence as separate qualification tracks.

The third-party certification process provides additional context on how the audit-to-decision pipeline operates within accredited third-party schemes.

Common scenarios

Initial certification decision. Following a Stage 1 and Stage 2 audit, the decision-maker reviews whether all major nonconformities are closed and whether the audit team's recommendation for certification is supported by the evidence. A recommendation from the audit team is advisory, not binding; the decision-maker may independently conclude that evidence is insufficient even where the auditor recommends certification.

Surveillance audit outcome. Surveillance audits — typically conducted at 12-month intervals under ISO/IEC 17021-1 — produce a decision on continued certification. Three possible outcomes exist: continued certification confirmed, certification suspended pending corrective action, or certification recommended for withdrawal.

Scope extension request. When a certified organization requests expansion of its certified scope to include additional sites, processes, or product lines, a scoped audit is conducted and a standalone decision is rendered on the extension only. The existing certificate scope remains unaffected unless the extension audit reveals systemic issues.

Recertification decision. At the end of a 3-year certification cycle, a full recertification audit triggers a fresh decision that evaluates continued conformance across the full scope. This decision is not a rollover of the prior certificate; it requires independent evidentiary support.

Handling of Nonconformity Handling in Certification is integral to each of these scenarios, since nonconformity classification directly controls which decision pathways are available.

Decision boundaries

The certification decision function operates within strict boundaries established by ISO/IEC 17021-1 and enforced through accreditation assessments.

Separation of audit and decision functions. The individual rendering the certification decision cannot be the same individual who conducted or led the audit. This is a hard structural boundary, not a soft preference. CBs that assign decision authority to audit team members risk accreditation suspension by ANAB or A2LA upon surveillance assessment.

Decision vs. recommendation distinction. An auditor may recommend certification or non-certification; that recommendation carries weight but does not constitute the decision. The decision-maker bears independent professional responsibility for the outcome and must not delegate that responsibility back to the audit team.

Scope limitations. A certification decision can only apply to the scope that was audited. A CB cannot grant certification covering activities, sites, or processes that were not within the audit scope. This boundary is enforced through documented scope statements on the certificate itself, as described under Scope of Certification Boundaries.

Regulatory overlay. In federally regulated sectors — such as food safety programs under FDA's 21 CFR Part 1, Subpart M for accredited third-party certification — the decision process must additionally meet agency-specific requirements beyond ISO/IEC 17021-1. The FDA's third-party accreditation program for food facilities, administered under the Food Safety Modernization Act (FSMA), imposes additional conflict-of-interest and notification requirements on CBs operating in that regulatory context.

References

📜 2 regulatory citations referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

📜 2 regulatory citations referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Read Next

Accreditation vs. Certification: Key Distinctions Certification: Key Distinctions Accreditation and certification are both formal conformity assessment mechanisms, but they... Third-Party Certification Process Explained This page covers the full structure of the process: how certification bodies operate, the sequential phases from application... Nonconformity Handling in Certification Audits This page covers how certification bodies classify nonconformities, the procedural steps auditors and auditees must follow,...