Accredited, certified, verified: three words that are not synonyms

A certificate reads like a guarantee. It is not, at least not on its own. It is a statement with a scope, a validity period and a source; beyond those limits, it says nothing. Most trust problems are born there: in reading into a certificate more than the certificate declares.

To avoid confusion, it helps to separate three acts that everyday language blends together and that are, technically, distinct things.

To accredit is to assess the competence of a body to do its work: an accreditation body, under ISO/IEC 17011, assesses whether a certification body is in a position to audit and certify. To certify is what that certification body does under ISO/IEC 17021-1: it audits an organization, decides and issues a certificate. To verify is a third act: confirming that the certificate is authentic, and reading correctly its standard, its holder, its scope, its sites, its validity and its source.

IAC operates on the third plane. It registers and verifies evidence, and endorses the system under its own scheme and independent committee. It does not accredit and does not certify: those verbs belong to other links in the chain.

The cost of failing to distinguish these planes is paid by whoever trusts. Marks no one issued; inflated scopes that cover a single line and are displayed as if they covered the whole organization; expired certificates still circulating in a commercial proposal. None of these deceptions survives a serious verification of source and scope.

That is why public verification is not an administrative formality: it is the concrete defense against trust fraud. When anyone can check what a certificate actually says, the mark stops being an image and goes back to being a verifiable statement.

The rule is old and applies intact to the era of automated systems: trust is not declared, it is verified. Everything else is marketing in the typography of a standard.