Accreditation vs certification: how they differ

The confusion that comes at a price

In everyday language, accredited and certified are used as if they were the same thing. They are not, and the difference is not semantic. When a buyer accepts that a supplier is accredited because it displays a certificate, they conflate two distinct levels of one chain and are left without the guarantee they thought they had.

The error has a simple root: both terms speak of trust, but about different objects. Certification rests on an organization; accreditation, on the body that certified it. Whoever equates them loses sight of the fact that a certificate is worth only as much as the competence of whoever issued it, and that competence is precisely what accreditation verifies.

A certificate proves that an organization was assessed; accreditation proves that whoever assessed it was competent to do so.

The chain, link by link

Technical trust does not rest on a single actor, but on a chain in which each link oversees the one before it. At the base sits the standard; on it, the certification body that applies it; above that, the accreditation body that confirms the competence of that body; and, at the top level, the international cooperation that sustains mutual recognition.

1. 01 The organization

   Implements a management system against a standard —ISO 9001:2015, ISO/IEC 27001:2022, whichever applies— and asks an independent third party to assess it. It holds the certificate; it does not issue it.

2. 02 The certification body

   Audits the organization against the standard and, if it concludes conformity, issues the certificate. It certifies management systems under ISO/IEC 17021-1:2015, whose clause 4.2 requires impartiality toward the client it assesses.

3. 03 The accreditation body

   Does not certify the organization: it accredits the competence of the certification body. It applies ISO/IEC 17011:2017, the standard that sets the requirements for accrediting conformity-assessment bodies.

4. 04 International cooperation

   Sustains mutual recognition between national accreditation bodies, so that an accreditation recognized in one economy is accepted in the others. Since 1 January 2026, that function belongs to GLOBAC, successor to the IAF.

The correct reading runs from the bottom up: an organization’s certificate rests on the accreditation of whoever issued it, and that accreditation rests on international recognition. Removing a link does not weaken the document: it leaves it without verifiable backing.

What each actor does

Ordering the verbs clears up the confusion. Each actor does one single thing, on one single object, under a standard of its own. No one certifies itself and no one accredits itself: that is the condition of independence that gives value to the whole circuit.

• · Certification body — Certifies the organization, against the management-system standard.
• · Accreditation body — Accredits the certification body, not the organization (ISO/IEC 17011:2017).
• · International cooperation (GLOBAC) — Recognizes national accreditation bodies among themselves.

The standard governing the accreditation of conformity-assessment bodies is ISO/IEC 17011:2017, in its second edition. The one ruling the bodies that certify management systems is ISO/IEC 17021-1:2015, whose clause 4.2 makes impartiality a requirement, not an aspiration. Equivalent standards exist for other objects: ISO/IEC 17024:2012 for the certification of persons and ISO/IEC 17065 for that of products and services. The full family is developed in the sibling note The conformity-assessment standards: 17011, 17021, 17024, 17065.

Above the national accreditation bodies operates the international cooperation that sustains mutual recognition. Since 1 January 2026, that function belongs to GLOBAC, successor to the IAF. Removing this top level does not invalidate a national accreditation, but it strips it of the reciprocity that lets it travel across borders.

What changes for whoever decides

For a buyer, a procurement function or a compliance team, the distinction is not theoretical: it defines what guarantee they receive in exchange for their trust. Accepting a certificate without looking at the accreditation of its issuer amounts to taking the issuer’s word for its own competence.

• · An organization is certified; a body is accredited. The terms are not interchangeable.
• · Whoever decides buys the work of the certified organization, but relies on the backing of the body that certified it and of the accreditation that backs that body.
• · A certificate without recognized accreditation is a statement the issuer makes about itself: no one independent has verified its competence.
• · Accreditation does not certify the quality of the product or service: it confirms that whoever certifies is technically competent and impartial.

The practical consequence is direct: faced with a certificate, the useful question is not only whether the organization is certified, but who certified it and whether that body is accredited within the technical scope the document declares. The first question the certificate answers; the second requires verifying the chain.

How it is checked

The chain of trust is checkable, and that is its virtue. National accreditation bodies publish the list of certification bodies they accredit and the technical scope of each accreditation. Serious certification bodies maintain a public directory of current certificates. And independent registries of evidence publish records with a public code, status and declared scope.

The IAC Trust Registry belongs to this last category: it verifies the records IAC itself issues within its declared scope, with a public code, current status and last-updated date. If the credential in front of you cites an IAC code, verify it directly at /verify. The full procedure for confirming an ISO certificate with its issuing body is in the sibling guide How to verify an ISO certificate in 2026.