Certification Scheme Development and Structure

A certification scheme defines the complete framework within which conformity is assessed, decisions are made, and certificates are granted, maintained, suspended, or withdrawn. This page covers the structural components of a scheme, how schemes are developed and governed, the regulatory and normative drivers that shape scheme design, and the classification boundaries that distinguish one scheme type from another. Understanding scheme architecture is foundational for organizations seeking certification, conformity assessment bodies operating under accreditation, and regulators who embed certification requirements in legislation or procurement.

Definition and scope

A certification scheme, as defined in ISO/IEC 17000:2020, is a "conformity assessment system related to specified objects of conformity assessment, to which the same specified requirements, specific rules, and procedures apply." The term "object" in this definition encompasses products, processes, services, management systems, and persons — meaning a scheme is not inherently tied to any single domain.

The scope of a scheme answers three structural questions: what is being certified (the object and its normative requirements), who performs the certification (first-, second-, or third-party), and under what authority the scheme operates (voluntary, regulatory mandate, or contractual obligation). ISO/IEC 17067:2013 — the international standard that governs fundamentals of product certification — establishes that a scheme owner is distinct from a certification body; a single scheme may be operated by multiple certification bodies simultaneously.

At the national level in the United States, scheme-like structures appear across at least 20 federal regulatory programs, from UL product marks recognized under OSHA's Nationally Recognized Testing Laboratory (NRTL) program (29 CFR 1910.7) to food safety program certifications under FDA's oversight. The Federal Trade Commission also maintains scheme-relevant guidance for environmental marketing claims (FTC Green Guides, 16 CFR Part 260), where unsubstantiated certification marks can constitute deceptive trade practice.

Core mechanics or structure

Every operative certification scheme contains at least six structural components, regardless of domain:

1. Normative requirements document. The technical baseline against which objects are assessed. This may be an ISO standard, a federal regulation, an industry specification, or a proprietary scheme document. The requirements must be unambiguous and auditable.

2. Conformity assessment activities. ISO/IEC 17000:2020 identifies selection, determination, and review/attestation as the three functional phases of conformity assessment. In a third-party certification context, these map to application review, audit or testing, and certification decision.

3. Certification decision function. Per ISO/IEC 17021-1:2015 (management system certification) and ISO/IEC 17065:2012 (product certification), the decision to grant or refuse certification must be made by a person or committee with authority independent from those who conducted the assessment. This structural separation is a core impartiality control.

4. Surveillance and recertification cycle. Schemes define surveillance frequency (commonly annual for management systems under ISO 17021), recertification interval (commonly 3 years for ISO management system schemes), and the conditions triggering extraordinary surveillance. The surveillance audits and recertification process must be specified in the scheme document before a certification body can operate under it.

5. Nonconformity handling. The scheme must specify how major and minor nonconformities are classified, the timelines for corrective action (typically 90 days for major nonconformities under ISO 17021-based schemes), and the decision logic for suspension or withdrawal.

6. Certification mark rules. The scheme owner controls mark usage rights. Misuse of a certification mark — displaying it on uncertified products or outside the certified scope — is the primary enforcement trigger. Detailed requirements appear in scheme-specific mark usage policies and are reinforced by FTC guidance on certification and endorsement marks (16 CFR Part 255).

Causal relationships or drivers

The architecture of a scheme reflects the problem it was built to solve. Four primary drivers account for the structural variation observed across schemes:

Regulatory mandate. When a federal or state agency requires certification as a market-access condition, scheme structure is constrained by rulemaking. The OSHA NRTL program (29 CFR 1910.7) specifies that recognized testing laboratories must apply specific test standards and follow defined procedures; the scheme parameters are embedded in the regulation, not negotiated by the scheme owner.

Accreditation requirements. Accreditation bodies such as ANAB (ANSI National Accreditation Board) and A2LA (American Association for Laboratory Accreditation) evaluate certification bodies against ISO/IEC 17021-1, 17065, or 17024 depending on scheme type. A certification body's recognition depends on demonstrating that the scheme it operates under is coherent, documented, and technically sound. This creates upstream pressure on scheme owners to align with ISO/IEC 17067 principles.

Market signaling. In voluntary markets, scheme credibility depends on stakeholder trust. When the Sustainable Forestry Initiative or the Rainforest Alliance developed their certification schemes, multi-stakeholder governance was embedded in scheme structure precisely to prevent capture by a single interest group — a structural response to market credibility demands.

Liability and procurement logic. Government procurement specifications and private supply chain requirements increasingly name specific certifications. When a scheme is named in a federal contract or referenced in a consent decree, the scheme structure acquires legal weight. The third-party certification process becomes a documented chain of custody for compliance evidence.

Classification boundaries

Scheme types are classified along three primary axes in ISO/IEC 17067:2013:

By object type: Product/process/service certification schemes, management system certification schemes, and personnel certification schemes operate under distinct normative frameworks — ISO/IEC 17065, ISO/IEC 17021-1, and ISO/IEC 17024, respectively.

By assurance level (ISO/IEC 17067 Type 1a through Type 6): Type 1a involves supplier declaration with third-party evaluation of the declaration; Type 5 is the full third-party scheme incorporating initial product testing, factory inspection, market surveillance, and periodic retesting. Type 6 applies to management system certification. Higher type numbers do not universally mean higher assurance — the appropriate level depends on risk profile and end-use context.

By governance structure: Proprietary schemes (single owner, restricted access), consortium schemes (industry body ownership, member-defined rules), and governmental schemes (agency-mandated, often codified in regulation) present different accountability structures and different obligations for scheme owners.

The boundary between product certification versus management system certification is operationally significant: product certification attests that a specific output meets defined requirements; management system certification attests that an organization's processes are structured to consistently produce conforming outputs. A management system certificate is not a product conformity declaration.

Tradeoffs and tensions

Specificity versus flexibility. Highly prescriptive scheme documents reduce interpretation variance but can make the scheme brittle when technology or practice changes faster than the standard revision cycle. The ISO 9001 management system standard is revised approximately every 7–10 years; product-specific schemes may require more frequent updates.

Impartiality versus market access. Strict impartiality rules under ISO/IEC 17021-1 and 17065 prohibit certification bodies from providing consultancy to certification clients. This prevents conflicts of interest but also means that small organizations seeking certification cannot obtain guidance from the same body that will audit them — a friction point that disproportionately affects new market entrants with limited internal compliance resources.

Scheme proliferation versus harmonization. Across the U.S. food industry alone, suppliers may face certification requirements under GFSI-recognized schemes (SQF, BRCGS, FSSC 22000), FDA's Voluntary Qualified Importer Program (VQIP), and individual retailer standards simultaneously. Scheme proliferation increases total audit burden without proportional increase in assurance.

Scheme owner interest versus certification body independence. When a scheme owner is also a certification body — or has financial relationships with preferred certification bodies — impartiality is structurally compromised. ISO/IEC 17067:2013 calls for governance that separates these functions, but enforcement depends on the accreditation body's oversight rigor.

Common misconceptions

Misconception: Accreditation and certification are the same function.
Accreditation is the competence assessment of a conformity assessment body; certification is the conformity assessment of an organization, product, or person. ANAB accredits certification bodies; it does not certify organizations. The accreditation vs. certification distinction is codified in ISO/IEC 17000:2020 definitions.

Misconception: A certification scheme can be owned by the certification body.
Under ISO/IEC 17067:2013, the scheme owner sets requirements; the certification body applies them. These can be the same legal entity in some constructs, but the functions must be structurally separated. Where a certification body writes its own scheme without independent governance, accreditation bodies assess this as a potential impartiality risk.

Misconception: All ISO certifications are equivalent in assurance.
An ISO 9001 certificate attests to a quality management system, not product quality. An ISO/IEC 27001 certificate covers a defined scope of an information security management system — frequently less than the full organization. Scope limitations are a scheme design feature, not a deficiency, but comparing certificates without examining scope is analytically invalid.

Misconception: Regulatory compliance equals scheme conformity.
Meeting the legal minimum under OSHA, FDA, or EPA does not automatically satisfy a voluntary certification scheme's requirements, which are often more demanding. Conversely, holding a voluntary certification does not guarantee regulatory compliance unless the scheme explicitly maps to regulatory requirements.

Checklist or steps (non-advisory)

The following sequence reflects the structural phases documented in ISO/IEC 17067:2013 and ISO/IEC 17021-1:2015 for developing and launching a third-party certification scheme:

  1. Define the scheme object — Specify whether the object is a product, process, service, management system, or person, and identify the applicable normative framework (ISO standard, regulation, sector specification).
  2. Identify applicable conformity assessment standard — Select from ISO/IEC 17065 (product), ISO/IEC 17021-1 (management system), or ISO/IEC 17024 (personnel) as the governing framework for certification body operation.
  3. Draft normative requirements document — Establish the measurable requirements against which conformity will be assessed. Requirements must be objective and auditable.
  4. Establish governance structure — Define scheme owner identity, stakeholder consultation mechanism, and the process for requirements revision.
  5. Define assessment activities — Specify methods (document review, audit, testing, inspection), sampling rules, and qualification requirements for assessors.
  6. Establish certification decision rules — Document criteria for granting, refusing, suspending, and withdrawing certification, including nonconformity classification and corrective action timelines.
  7. Define surveillance and recertification cycle — Set intervals, triggers for extraordinary surveillance, and criteria for recertification.
  8. Develop mark usage policy — Define authorized uses, prohibited uses, and enforcement mechanisms for the certification mark.
  9. Pilot the scheme — Conduct controlled assessments with a defined cohort before full launch to identify procedural gaps.
  10. Submit scheme documentation to accreditation body — Provide to ANAB, A2LA, or other relevant accreditation body for evaluation against applicable ISO/IEC standards.

Reference table or matrix

Scheme Type Governing Standard Object of Certification Assessment Body Standard Typical Surveillance Cycle
Management System ISO/IEC 17021-1:2015 Organization's management system ISO/IEC 17021-1 Annual surveillance; 3-year recertification
Product / Process / Service ISO/IEC 17065:2012 Specific product, process, or service ISO/IEC 17065 Varies by scheme; often annual market surveillance
Personnel ISO/IEC 17024:2012 Individual competence ISO/IEC 17024 Recertification by examination or CPD; typically 3–5 years
NRTL (US regulatory) 29 CFR 1910.7 (OSHA) Electrical/safety products OSHA NRTL recognition criteria Product follow-up as specified by NRTL procedures
GFSI-recognized food safety GFSI Benchmarking Requirements v2020.1 Food safety management GFSI-benchmarked scheme standards Annual; unannounced options in some schemes
ISO/IEC 17067 Type 5 ISO/IEC 17067:2013 Product with full factory + market surveillance ISO/IEC 17065 Market surveillance + periodic retesting

References

Read Next

Surveillance Audits and Recertification Without these ongoing verification activities, a certificate issued at one point in time would carry no assurance beyond that... Certification Body Recognition and Accreditation This page covers how certification bodies earn formal recognition, what accreditation means in operational terms, which bodies... Third-Party Certification Process Explained This page covers the full structure of the process: how certification bodies operate, the sequential phases from application...