News & Commentary on ISO Management System Standards

    ISO Accreditation vs ISO Certification: Which Do You Need?
    ISO Accreditation vs ISO Certification: Which Do You Need?

    Photo of a group of people having a business meeting

    You've got the Certificate, but are you certified to the ISO Standard or accredited to it?

    It may seem unimportant in the scheme of things, but people, like potential customers, will judge you based on your correct use of technical and allied terms.

    Difference Between ISO Certification and ISO Accreditation

    ISO certification, often called third-party certification or registration, is a process where an independent certification body assesses if an organization, product, service, or management system complies with the requirements of a specific ISO standard. If the organization meets these requirements, it receives a certificate affirming its conformity.

    Accreditation, on the other hand, is the formal recognition of a conformity assessment body's (a.k.a Certification Body's) competence, impartiality, and performance capability. It is typically carried out by an independent accreditation body and is awarded to certification bodies, testing laboratories, and inspection agencies that meet specified standards and guidelines.

    ISO Certification or ISO Accreditation: Which One Do You Need?

    If your organization performs testing, assessments, or inspections of any kind, you might want to consider applying for ISO accreditation; if not, you might want to work towards ISO certification.

    Benefits of Having ISO Certification or ISO Accreditation

    ISO certification and accreditation can offer significant benefits to organizations that can secure them.

    Both validate an organization's adherence to widely accepted industry standards and best practices. It also helps them increase their efficiency, reduce their errors, and improve the overall performance of their management systems.

    Because of this, having an ISO certification or accreditation can help your organization demonstrate your expertise in your given field and show your commitment to quality, competence, and compliance. This can give you a substantial market edge, particularly in sectors where accreditation is required or heavily favored when choosing firms to do business with.

    Lastly, because ISO standards were designed to create a common language and framework for industries irrespective of geographical location, cross-border collaborations can proceed more smoothly due to aligned goals and processes.

    ISO Certification Process vs ISO Accreditation Process


    Obtaining ISO certification or accreditation involves several steps tailored to the specific standard or accreditation body. Here's a quick overview of how the process goes.

    ISO Certification Process ISO Accreditation Process
    Determine the Relevant Standard

    Identify the ISO standard(s) applicable to your industry or business needs (e.g., ISO 9001 for quality management, ISO 14001 for environmental management, etc.).
    Select Accreditation Body:

    Identify and choose an appropriate accreditation body recognized for accrediting organizations to the specific standard (e.g., IAF for ISO certifications).
    Understand Requirements:

    Familiarize yourself with the requirements outlined in the chosen ISO standard to assess your organization's current practices against the standard's criteria.
    Assess Compliance:

    Assess and ensure that your organization meets the requirements set by the accreditation body, including technical competence, management system compliance, and other specific criteria.
    Gap Analysis

    Conduct a Gap Analysis to identify areas where your organization needs improvement or alignment with the standard's requirements.

    Application Submission

    Submit an application to the accreditation body, providing detailed documentation demonstrating conformity to the accreditation requirements.


    Implement necessary changes and establish systems, procedures, and documentation to meet the requirements of the chosen ISO standard.

    Assessment and Evaluation:

    Undergo an assessment by the accreditation body, which includes on-site inspections, reviews of documentation, and evaluations to determine compliance.

    Internal Audit:

    Perform an internal audit to assess whether your organization's systems and processes align with the ISO standard's requirements.
    Accreditation Decision:

    Based on the assessment, the accreditation body decides whether to grant accreditation to your organization.
    Certification Body Selection:

    Choose an accredited certification body recognized for issuing ISO certifications. Engage with them to initiate the certification process.
    Maintaining Accreditation:

    Maintain compliance with the standards and requirements to retain accreditation, often involving periodic assessments and audits by the accreditation body.
    External Audit:

    Undergo an external audit conducted by the chosen certification body to evaluate your organization's conformity to the ISO standard.
    Certification Decision:

    Based on the audit findings, the certification body will decide whether to grant ISO certification.


    Requirements for ISO Certification or ISO Accreditation

    ISO standards have different requirements based on the needs of the specific industry or the intended outcome. These include differences in the depth of requirements, the scope of application, and the level of specificity within each standard.

    Some standards may have more prescriptive and detailed requirements, while others offer broader frameworks adaptable to various organizational structures and industries.

    The more you understand these distinctions, the more your organization will be able to implement the most suitable ISO standard(s) aligned with your objectives and operational context.

    Check out the table below for a quick guide on which standard is meant for which use and where to learn more about them.

    ISO Standard and where to find more information about them



    Implementation Guides

    ISO 9001:2015 - Quality Management System (QMS)

    Focuses on establishing a quality management system to ensure consistent delivery of products/services that meet customer and regulatory requirements.


    Implement ISO 9001 yourself: it's easy with our 24/7 Tutor Support

    ISO 14001:2015 - Environmental management systems

    Requirements with guidance for use

    Provides guidelines for managing environmental responsibilities, reducing environmental impacts, and ensuring compliance with environmental regulations.


    Ready to implement ISO 14001? Here's everything you'll need

    ISO/IEC 27001:2022

    Information security, cybersecurity and privacy protection

    Information security management systems


    Offers a framework for managing information security risks, protecting sensitive data, and ensuring the confidentiality, integrity, and availability of information assets.


    ISO 27001 Implementation Made Easy With 24/7 Tutor Support

    ISO 45001:2018 - Occupational Health and Safety Management System (OHSMS)

    Focuses on creating a safe and healthy work environment, reducing workplace injuries, and improving overall occupational health and safety performance.


    Implement ISO 45001 yourself: it's easy with our 24/7 Tutor Support

    ISO 22000:2018 - Food Safety Management System (FSMS)

    Addresses food safety hazards in the food chain, ensuring safe production, handling, and distribution of food products.



    ISO 50001:2018 - Energy Management System (EnMS)

    Provides a framework for improving energy performance, reducing energy consumption, and enhancing energy efficiency within organizations.



    ISO 13485:2016(en)

    Medical devices — Quality management systems — Requirements for regulatory purposes

    Specifies quality management system requirements for organizations involved in the design, production, and servicing of medical devices.



    ISO 20000-1:2018 - Information technology - Service management system (SMS) - Requirements for service management




    ISO/IEC 17025 - General requirements for the competence of testing and calibration laboratories

    Accreditation to ISO/IEC 17025 demonstrates that a laboratory operates competently and generates valid results, enhancing confidence in its work.



    ISO/IEC 17020 - General criteria for the operation of various types of bodies performing inspection

    This standard outlines requirements for the competence of bodies performing inspection activities. Organizations that perform inspections in various fields, such as construction, manufacturing, or certification, may seek accreditation to ISO/IEC 17020.



    ISO/IEC 17021 - Conformity assessment - Requirements for bodies providing audit and certification of management systems

    It provides requirements for bodies providing audit and certification of management systems. While this standard itself does not grant certification, it's used by certification bodies to demonstrate their competence in certifying management systems such as ISO 9001 (Quality Management), ISO 14001 (Environmental Management), etc.



    ISO/IEC 17024 - Conformity assessment - General requirements for bodies operating certification of persons

    This standard sets requirements for bodies operating certification of persons. Organizations that certify individuals' competencies or qualifications in various professions, like personnel certification bodies, use this standard as a basis for their accreditation.



    ISO 22301:2019 - Security and resilience - Business continuity management systems

    Focuses on providing effective IT services by establishing processes for service management and continual improvement.




    Other FAQs on ISO Certification and ISO Accreditation

    What is the difference between ISO and IEC?

    ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) are separate entities that develop and publish international standards but focus on different areas.

    ISO primarily creates standards for various industries and sectors, covering multiple topics such as quality management, environmental management, information security, occupational health and safety, food safety, energy management, and more.

    On the other hand, the IEC specifically deals with international standards in electrical, electronic, and related technologies.

    That said, they sometimes collaborate to develop joint standards, especially in areas where their respective interests overlap.

    An excellent example of this is ISO/IEC 27001. Jointly published by ISO and IEC, it outlines best practices and requirements for establishing, implementing, maintaining, and continually improving an information security management system. ISO/IEC 17025, which specifies the general requirements for testing and calibration laboratories' competence, is another good example.

    Which certification or accreditation level should you start with?

    ISO certification and accreditation typically do not come with predefined levels in the same way that other certifications like Project Management Professional (PMP), Leadership in Energy and Environmental Design (LEED), Cisco Career, and Information Technology Infrastructure Library (ITIL) do.


    New call-to-action

    Until how many years are ISO Certifications or Accreditation valid?

    The validity period or duration of specific ISO certifications or accreditations can vary based on several factors, including the type of certification or accreditation, the ISO standard involved, and the certification or accreditation body's policies.

    Once an organization achieves certification, it is usually considered valid for three years. In addition, Certification Bodies typically require organizations to undergo periodic surveillance audits (usually once a year or every few years) to assess the organization's management system's continued effectiveness and adherence to the standard.

    Accreditation granted to conformity assessment bodies by accreditation bodies is usually valid for five years. And again, accreditations are typically subject to periodic reassessments and evaluations to maintain validity. The frequency of these reassessments can depend on factors like the type of conformity assessment activity, the accreditation body's policies, and the specific standard being applied.

    What are Certification Bodies?

    Certification bodies are independent legal entities that certify an organization's compliance with a particular standard. Most certification bodies are private businesses, though some are associated with national standards organizations. There are hundreds of certification bodies operating across the globe.

    They carry out their work in compliance with ISO 17021, an ISO standard for the management and administration of certification bodies. The intention is that all certification bodies should offer external auditing services of an equivalent standard.

    However, there are many bogus certification bodies in operation. The question that comes to mind is: how do we distinguish between a genuine certification body and a bogus one? The answer lies in accreditation, which we look at next.

    What are Accreditation Boards?

    Accreditation boards exist to ensure that accredited certification bodies operate to a uniform and high standard of external auditing. Typically, there is one national accreditation board per country.

    These boards audit the activities of certification bodies in a manner very similar to how certification bodies audit certified companies. Occasionally, you will find that when a certification body comes to carry out an external audit at your site, the auditor is accompanied by an observer from the accreditation board. This is part of the accreditation board's auditing activity and is geared towards ensuring a uniform auditing standard by the certification body.


    Free ISO 17025 Gap Analysis tool


    What is the International Accreditation Forum (IAF)?

    They have joined to form the International Accreditation Forum, IAF, to ensure a uniform standard between accreditation boards.

    This global group of approximately 60 boards actively maintains and improves auditing standards. To that end, they continue to produce guidance to be followed by accreditation boards and certification bodies.IAF-logo-205x132

    The various accreditation bodies have mutual agreements to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide.

    [For a listing of UK Accredited Certification Bodies with details of the scope of their accreditation, visit the UKAS site; for Ireland, see INAB.

    Who Provides ISO Certification?

    ISO does not itself certify organizations, contrary to common belief. Many countries have formed accreditation bodies to authorize certification bodies. Certification bodies, in turn, audit organizations applying for ISO 9001 certification. The diagram illustrates the relationships concerned.


    Heirarchial infographic showing who oversees certification and accreditation of organizations







    How to Get International Recognition

    The most important way is to ensure that your organization is audited by an accredited certification body. And this so that you will be audited fairly to a high, uniform standard, which will have international recognition.

    [Don’t forget: Your organization is certified to ISO 9001 or other management system standards.  And it is your Certification Body that is accredited to ISO 17021]

    Accredited Training vs. Certified Training

    There is no international body, the equivalent of the IAF, when it comes to ISO training.   Many commercial and/or professional bodies claim to accredit certain courses. 

    Sometimes, this 'accreditation' can be purchased by the training organization. So, as a buyer of training, you need to check out claims regarding the accreditation of the training course of interest.

    In the marketplace, generally speaking, the distinction between accreditation and certification is becoming blurred. The terms, where training is concerned, are routinely used interchangeably.


    Graphic showing the list of ISO training and certification courses that deGRANDSON offers and a button leading to the auditor courses overview page


    Click on the image thumbnail to see the image in full size, or click the button on the other side to go to our ISO auditor overview page to learn more about our courses.


    Note: First published in June 2020; revised and updated in September 2021.


    Related Articles

    deGRANDSON Global is an ISO Certified Educational Organization

    New call-to-actionIn October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

    • ISO 21001, Educational Organizational Management System,
    • ISO 29993, Learning Services outside formal Education,  and
    • ISO 29994, Learning Services – additional requirements for Distance Learning.

    We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


    Written by Dr John FitzGerald

    Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
    Find me on:

    Subscribe to Email Updates

    Recent Posts