ISO/IEC 17024:2012
Conformity Assessment — General Requirements for Bodies
Operating Certification of Persons
COMPLETE AUDIT CHECKLIST
Organization Name:
___________________________________
Certification Body:
___________________________________
Audit Type:
☐ Initial ☐ Surveillance ☐ Re-certification
Audit Date:
___________________________________
Lead Auditor:
___________________________________
Audit Team Members:
___________________________________
Scope of Certification:
___________________________________
Document Reference No.:
___________________________________
Version:
1.0
NOTE: This checklist is based on ISO/IEC 17024:2012 — Conformity Assessment: General Requirements for Bodies Operating Certification of Persons. Each clause of the standard is mapped to audit questions. Auditors should document objective evidence for each requirement. Findings should be classified as Conformity (C), Minor Non-Conformity (MNC), Major Non-Conformity (MajNC), or Observation (OBS).
— CONFIDENTIAL AUDIT DOCUMENT —
Audit Scoring Summary
Section
Total
Yes
No
N/A
Remarks
4. General Requirements
5. Structural Requirements
6. Resource Requirements
7. Process Requirements
8. Management System Requirements
TOTAL
Classification Guide: ✔ Yes = Full compliance | ✘ No = Non-conformity identified | N/A = Not applicable to scope. All 'No' findings must have a corresponding Corrective Action Request (CAR) raised.
Clause 4 — General Requirements
These requirements establish the foundational legal, financial, and impartiality obligations that a certification body must maintain at all times.
Clause
Requirement / Audit Question
Evidence / Documents
Compliance
4.1 — Legal and Contractual Matters
4.1.1
Is the certification body a legal entity, or a defined part of a legal entity, that can be held legally responsible for its certification activities?
Legal registration document, articles of incorporation
☐ Yes ☐ No ☐ N/A
4.1.2
Does the certification body have a documented agreement with the applicant/candidate defining the rights and obligations of both parties?
Application form, candidate agreement, contract templates
☐ Yes ☐ No ☐ N/A
4.1.3
Does the certification body have documented processes for addressing complaints and appeals, including procedures for when decisions may be reviewed?
Complaints & appeals procedure, decision review records
☐ Yes ☐ No ☐ N/A
4.1.4
Is the certification body financially stable and able to carry out its certification activities?
Financial statements, insurance records, budget reports
☐ Yes ☐ No ☐ N/A
4.2 — Management of Impartiality
4.2.1
Has the certification body identified risks to its impartiality on an ongoing basis and documented controls to mitigate those risks?
Impartiality risk register, conflict of interest policy
☐ Yes ☐ No ☐ N/A
4.2.2
Does top management demonstrate commitment to impartiality and ensure all certification decisions are free from commercial, financial, or other pressures?
Management policy statements, impartiality policy
☐ Yes ☐ No ☐ N/A
4.2.3
Does the certification body have a committee or mechanism to safeguard impartiality and provide advice on matters affecting impartiality?
Impartiality/Advisory Committee records, Terms of Reference
☐ Yes ☐ No ☐ N/A
4.2.4
Is the certification body's impartiality policy documented, publicly available, and signed off by top management?
Published impartiality policy, signed by senior management
☐ Yes ☐ No ☐ N/A
4.2.5
Does the certification body avoid allowing related body activities (training, consulting) to compromise impartiality?
Separation of training/consulting from certification records
☐ Yes ☐ No ☐ N/A
4.2.6
Is there a documented policy preventing certification decisions from being influenced by other organizations or persons?
Decision-making independence records, governance structure
☐ Yes ☐ No ☐ N/A
4.3 — Liability and Financing
4.3.1
Does the certification body have identified mechanisms (insurance, reserves) to cover liabilities arising from its certification activities?
Professional indemnity insurance, financial reserves documentation
☐ Yes ☐ No ☐ N/A
4.3.2
Are financial arrangements in place that do not adversely affect impartiality or the credibility of certification decisions?
Financial management policy, funding source documentation
☐ Yes ☐ No ☐ N/A
Clause 5 — Structural Requirements
These requirements define the organizational structure, governance, and administrative processes necessary for operating a certification body for persons.
Clause
Requirement / Audit Question
Evidence / Documents
Compliance
5.1 — Organizational Structure
5.1.1
Is there a documented organizational structure identifying responsibilities of top management and all key certification personnel?
Organizational chart, role descriptions
☐ Yes ☐ No ☐ N/A
5.1.2
Has the certification body appointed a technically competent person responsible for all certification activities?
Appointment letter, CV of responsible person
☐ Yes ☐ No ☐ N/A
5.1.3
Are the roles and responsibilities of all persons involved in the certification process clearly documented and communicated?
Job descriptions, responsibility matrices
☐ Yes ☐ No ☐ N/A
5.1.4
Does the certification body have appropriate governance arrangements to ensure accountability and oversight of certification activities?
Board minutes, governance policy documents
☐ Yes ☐ No ☐ N/A
5.2 — Certification Scheme
5.2.1
Is there a documented certification scheme specifying requirements, including competence requirements for the certification?
Certification scheme documentation, competence framework
☐ Yes ☐ No ☐ N/A
5.2.2
Does the certification scheme define the requirements for initial certification, surveillance, recertification, and if applicable, extension and reduction of scope?
Scheme requirements covering all certification lifecycle stages
☐ Yes ☐ No ☐ N/A
5.2.3
Are the certification scheme requirements developed by a process that ensures they are technically valid and reflect current practice in the field?
Scheme development records, subject matter expert input, industry consultation
☐ Yes ☐ No ☐ N/A
5.2.4
Is the scheme maintained and reviewed periodically to ensure it remains current, relevant, and reflects changes in practice, knowledge, or regulation?
Scheme review records, change management log
☐ Yes ☐ No ☐ N/A
5.2.5
Are relevant interested parties consulted in the development and review of the certification scheme?
Consultation records, stakeholder meeting minutes
☐ Yes ☐ No ☐ N/A
5.2.6
Is the certification scheme publicly available or accessible to applicants and interested parties?
Published scheme document, website access, or distribution records
☐ Yes ☐ No ☐ N/A
5.3 — Administrative Processes
5.3.1
Does the certification body have documented administrative processes for handling applications, scheduling examinations, issuing certificates, and maintaining records?
Application management procedure, scheduling process
☐ Yes ☐ No ☐ N/A
5.3.2
Are there processes for managing the certification registry/database including issued, suspended, and withdrawn certifications?
Certification registry, database records, suspension/withdrawal logs
☐ Yes ☐ No ☐ N/A
5.3.3
Is there a publicly available or easily accessible list (register) of currently certified persons?
Online registry, public register, certificate verification system
☐ Yes ☐ No ☐ N/A
Clause 6 — Resource Requirements
These requirements address the competence, qualifications, and management of personnel involved in certification activities, including examination and assessment personnel.
Clause
Requirement / Audit Question
Evidence / Documents
Compliance
6.1 — Certification Body Personnel
6.1.1
Are all personnel (internal and external) involved in the certification process competent for the functions they perform?
CVs, qualification records, training records, competence assessments
☐ Yes ☐ No ☐ N/A
6.1.2
Has the certification body defined the competence requirements for each function in the certification process?
Competence framework, role-specific criteria documents
☐ Yes ☐ No ☐ N/A
6.1.3
Is there a process to verify and maintain competence of all personnel involved in certification activities?
Competence evaluation records, ongoing monitoring processes
☐ Yes ☐ No ☐ N/A
6.1.4
Are personnel kept informed of, and required to comply with, applicable policies and procedures?
Training records, policy acknowledgment forms, staff communications
☐ Yes ☐ No ☐ N/A
6.1.5
Does the certification body have procedures for selecting, training, monitoring, and re-evaluating its personnel?
HR procedures, performance review records, monitoring logs
☐ Yes ☐ No ☐ N/A
6.1.6
Are all examination personnel (examiners, assessors, invigilators) free from conflict of interest with respect to candidates they assess?
Conflict of interest declarations, assessor assignment records
☐ Yes ☐ No ☐ N/A
6.2 — External Resources (Subcontracting)
6.2.1
If examination or assessment activities are subcontracted, does the certification body have formal agreements with the subcontractors covering required activities and conditions?
Subcontractor agreements, service level agreements
☐ Yes ☐ No ☐ N/A
6.2.2
Does the certification body maintain responsibility for certification decisions even when activities are subcontracted?
Policy statement, governance records on subcontracting
☐ Yes ☐ No ☐ N/A
6.2.3
Does the certification body assess and monitor the performance of subcontractors?
Subcontractor evaluation records, audit reports of subcontractors
☐ Yes ☐ No ☐ N/A
6.2.4
Are candidates informed when subcontractors are used in certification activities?
Candidate information documents, application pack disclosures
☐ Yes ☐ No ☐ N/A
6.3 — Examination Resources
6.3.1
Does the certification body ensure that examination materials (question banks, practical tasks, simulation materials) are appropriate, valid, and fit for purpose?
Examination item bank, validation records, blueprinting documents
☐ Yes ☐ No ☐ N/A
6.3.2
Is there a process for developing, reviewing, and updating examination materials to ensure continued validity and relevance?
Item development procedure, review cycle records
☐ Yes ☐ No ☐ N/A
6.3.3
Are appropriate physical, environmental, and technological resources available and maintained for conducting examinations?
Examination facility inspection records, IT system logs
☐ Yes ☐ No ☐ N/A
6.3.4
Are procedures in place to protect the security and confidentiality of examination materials?
Security procedures, access control records, NDA agreements
☐ Yes ☐ No ☐ N/A
Clause 7 — Process Requirements
These requirements cover the complete certification lifecycle — from application through examination, certification decision, surveillance, recertification, and withdrawal.
Clause
Requirement / Audit Question
Evidence / Documents
Compliance
7.1 — Application
7.1.1
Does the certification body provide sufficient information to applicants about the certification process, eligibility requirements, examination details, fees, and candidate obligations?
Information pack, website content, application guide
☐ Yes ☐ No ☐ N/A
7.1.2
Does the application process capture all required information to determine candidate eligibility (education, experience, prior certifications)?
Application form, eligibility checklist, supporting document requirements
☐ Yes ☐ No ☐ N/A
7.1.3
Is there a documented procedure for reviewing and making eligibility decisions on applications?
Eligibility review procedure, application assessment records
☐ Yes ☐ No ☐ N/A
7.1.4
Are candidates informed of the outcome of their application in a timely manner?
Acceptance/rejection letters, communication logs
☐ Yes ☐ No ☐ N/A
7.1.5
Does the certification body have arrangements to accommodate special needs or reasonable adjustments for candidates with disabilities?
Special accommodations policy, accommodation request records
☐ Yes ☐ No ☐ N/A
7.2 — Evaluation (Examination / Assessment)
7.2.1
Are examinations and assessments designed to evaluate only the competence defined in the certification scheme?
Examination blueprint, competence mapping records
☐ Yes ☐ No ☐ N/A
7.2.2
Are examination processes documented, including the types of examinations used (written, practical, oral, portfolio), scoring methods, and passing criteria?
Examination procedure, marking guides, passing score rationale
☐ Yes ☐ No ☐ N/A
7.2.3
Is the examination conducted under standardized, controlled, and secure conditions?
Examination administration procedure, invigilation records, security logs
☐ Yes ☐ No ☐ N/A
7.2.4
Are examiners/assessors provided with clear instructions and trained in examination administration and assessment procedures?
Examiner training records, assessment instructions, calibration sessions
☐ Yes ☐ No ☐ N/A
7.2.5
Are examination results documented, securely stored, and traceable?
Results database, secure storage records, audit trail
☐ Yes ☐ No ☐ N/A
7.2.6
Are there processes to detect and address examination irregularities or misconduct?
Misconduct policy, investigation procedure, incident records
☐ Yes ☐ No ☐ N/A
7.2.7
Are examination results reported to candidates in a timely and clearly understandable manner?
Results notification procedure, candidate score reports
☐ Yes ☐ No ☐ N/A
7.3 — Certification Decision
7.3.1
Are certification decisions made only by person(s) not involved in the examination/assessment of the candidate (independence of decision)?
Decision authority records, segregation of duties policy
☐ Yes ☐ No ☐ N/A
7.3.2
Is the certification decision based solely on the information gathered during the evaluation process and in accordance with the certification scheme requirements?
Certification decision records, traceability to assessment evidence
☐ Yes ☐ No ☐ N/A
7.3.3
Is the certification decision process documented and are all decisions recorded with the basis for the decision?
Decision log, certification approval records
☐ Yes ☐ No ☐ N/A
7.3.4
Are certificates issued by the certification body? Do they contain all required information (name, certificate number, scope, issue date, expiry date, certification mark)?
Sample certificates, certificate template review
☐ Yes ☐ No ☐ N/A
7.4 — Surveillance (where applicable)
7.4.1
Where the certification scheme requires surveillance, is there a documented surveillance process?
Surveillance procedure, surveillance schedule
☐ Yes ☐ No ☐ N/A
7.4.2
Are surveillance activities adequate to confirm that certified persons continue to meet the scheme requirements during the validity period?
Surveillance records, CPD tracking, recertification records
☐ Yes ☐ No ☐ N/A
7.4.3
Are certified persons required to inform the certification body of any matters that may affect their ability to continue to meet the certification requirements?
Candidate agreement, self-reporting obligation documentation
☐ Yes ☐ No ☐ N/A
7.5 — Recertification
7.5.1
Is there a documented recertification process that evaluates continued competence of certified persons?
Recertification procedure, renewal examination/CPD requirements
☐ Yes ☐ No ☐ N/A
7.5.2
Are candidates informed in advance of recertification requirements and timelines?
Renewal reminder procedure, recertification notification records
☐ Yes ☐ No ☐ N/A
7.6 — Use of Certificates and Logos
7.6.1
Is there a documented policy on the correct use of certificates, logos, and marks by certified persons?
Logo/mark usage policy, candidate agreement on mark usage
☐ Yes ☐ No ☐ N/A
7.6.2
Does the certification body monitor and take action against misuse of certificates, marks, or claims of certification?
Monitoring records, enforcement actions, complaints log
☐ Yes ☐ No ☐ N/A
7.7 — Suspension, Withdrawal, and Reduction of Certification
7.7.1
Are there documented procedures for suspending, withdrawing, or reducing the scope of certification?
Suspension/withdrawal procedure, decision criteria
☐ Yes ☐ No ☐ N/A
7.7.2
Is due process followed, including notification of the certified person and opportunity to respond before suspension or withdrawal?
Due process records, notification letters, response records
☐ Yes ☐ No ☐ N/A
7.7.3
Is the certification register updated promptly when certification status changes (suspended, withdrawn)?
Registry update records, timeline of status changes
☐ Yes ☐ No ☐ N/A
7.8 — Appeals and Complaints
7.8.1
Is there a documented, publicly available procedure for handling appeals against certification decisions?
Appeals procedure, published in candidate information pack
☐ Yes ☐ No ☐ N/A
7.8.2
Are appeals handled by person(s) who were not involved in the original certification decision?
Appeals panel records, independence documentation
☐ Yes ☐ No ☐ N/A
7.8.3
Is there a documented procedure for receiving, investigating, and resolving complaints?
Complaints procedure, complaints log and resolution records
☐ Yes ☐ No ☐ N/A
7.8.4
Are complainants and appellants acknowledged, kept informed of progress, and provided with final outcomes in writing?
Correspondence records, closure letters, communication log
☐ Yes ☐ No ☐ N/A
7.8.5
Are all complaints and appeals tracked for trends, and used for continual improvement?
Trend analysis reports, management review records
☐ Yes ☐ No ☐ N/A
Clause 8 — Management System Requirements
ISO/IEC 17024 requires that the certification body implement either a management system per Option A (full QMS as per clause 8) or demonstrate operation of a QMS meeting ISO 9001 requirements (Option B). This section covers Option A.
Clause
Requirement / Audit Question
Evidence / Documents
Compliance
8.1 — Management System Options
8.1.1
Has the certification body selected and documented whether it operates under Option A (management system as described in 8.2–8.8) or Option B (ISO 9001 compliant QMS)?
Quality manual or equivalent policy document
☐ Yes ☐ No ☐ N/A
8.2 — General Management System Documentation (Option A)
8.2.1
Does the certification body have a documented quality policy and quality objectives?
Quality policy, quality objectives document
☐ Yes ☐ No ☐ N/A
8.2.2
Is there a quality manual or equivalent document describing the management system, its scope, and references to related procedures?
Quality manual, process documentation
☐ Yes ☐ No ☐ N/A
8.2.3
Are all documents required by the management system controlled, including their approval, review, and distribution?
Document control procedure, master document list
☐ Yes ☐ No ☐ N/A
8.3 — Control of Documents
8.3.1
Is there a procedure for document control ensuring current versions are used, obsolete documents are withdrawn, and changes are tracked?
Document control register, version control logs
☐ Yes ☐ No ☐ N/A
8.3.2
Are all critical certification documents (procedures, schemes, forms) uniquely identified with version numbers and dates?
Document register showing ID, version, date, approval status
☐ Yes ☐ No ☐ N/A
8.4 — Control of Records
8.4.1
Is there a records management procedure defining how records are identified, stored, protected, retrieved, and disposed of?
Records management procedure, retention schedule
☐ Yes ☐ No ☐ N/A
8.4.2
Are certification records retained for an appropriate period (typically the certification validity period plus a defined retention period)?
Record retention policy, archive records
☐ Yes ☐ No ☐ N/A
8.4.3
Are records protected from damage, loss, or unauthorized access?
IT security records, access control logs, backup procedures
☐ Yes ☐ No ☐ N/A
8.5 — Management Review
8.5.1
Does top management conduct periodic reviews of the management system at planned intervals?
Management review meeting minutes, schedule
☐ Yes ☐ No ☐ N/A
8.5.2
Do management reviews cover all required inputs including audit results, complaints, appeals, changes affecting the system, and opportunities for improvement?
Management review agenda, input records
☐ Yes ☐ No ☐ N/A
8.5.3
Are management review outputs documented, including decisions and actions relating to improvement of the management system and its processes?
Management review action log, improvement records
☐ Yes ☐ No ☐ N/A
8.6 — Internal Audits
8.6.1
Does the certification body conduct periodic internal audits of all certification activities and management system processes?
Internal audit schedule, completed audit reports
☐ Yes ☐ No ☐ N/A
8.6.2
Are internal auditors independent from the activities they audit, and competent to conduct audits?
Auditor competence records, audit independence records
☐ Yes ☐ No ☐ N/A
8.6.3
Are audit findings documented, and are corrective actions tracked to completion and verified for effectiveness?
Audit findings log, CAR records, verification records
☐ Yes ☐ No ☐ N/A
8.7 — Corrective Actions
8.7.1
Is there a documented procedure for identifying, investigating root causes of, and implementing corrective actions for non-conformities?
Corrective action procedure, CAR log
☐ Yes ☐ No ☐ N/A
8.7.2
Are corrective actions verified for effectiveness, and are follow-up reviews conducted?
Corrective action effectiveness review records
☐ Yes ☐ No ☐ N/A
8.7.3
Are recurring non-conformities analyzed to identify systemic issues?
Trend analysis, systemic issue identification records
☐ Yes ☐ No ☐ N/A
8.8 — Preventive Actions
8.8.1
Does the certification body have a process for identifying and addressing potential non-conformities before they occur (preventive action)?
Preventive action procedure, risk register, improvement records
☐ Yes ☐ No ☐ N/A
8.8.2
Are preventive actions documented and monitored for implementation?
Preventive action log, monitoring records
☐ Yes ☐ No ☐ N/A
Audit Findings Log
Use this section to record all findings identified during the audit. Attach additional sheets if required.
#
Clause
Finding Type
Description of Finding
Objective Evidence
CAR Reference
1
☐ MajNC
☐ MinNC
☐ OBS
☐ C
2
☐ MajNC
☐ MinNC
☐ OBS
☐ C
3
☐ MajNC
☐ MinNC
☐ OBS
☐ C
4
☐ MajNC
☐ MinNC
☐ OBS
☐ C
5
☐ MajNC
☐ MinNC
☐ OBS
☐ C
Audit Sign-Off & Declarations
Lead Auditor
Name: ___________________________
Signature: ______________________
Date: ___________________________
Representative of Auditee
Name: ___________________________
Signature: ______________________
Date: ___________________________
By signing above, both parties confirm that the audit was conducted in accordance with the agreed audit plan, and that the findings have been presented and acknowledged. This signature does not imply acceptance of non-conformity findings.
End of ISO/IEC 17024:2012 Audit Checklist