Skip to content
IAC Verifiable Registry
Verify code

Editorial · Standards & Research

How to choose an accredited certification body

The choice of certification body decides, before the audit, how much the certificate you obtain will be worth. This reading orders the criterion that matters: real accreditation and scope, verifiable impartiality and the controls worth completing before you sign.

Published 2026-06-17 International Accreditation Center Selection criterion

The error of choosing by price

The sequence repeats with striking regularity: an organization asks for three quotes, compares figures and timelines, and hires the cheapest or the fastest. The certificate arrives with no apparent friction. The problem appears later, when a demanding client, a tender or a second-party auditor asks who accredits the issuer and within what scope.

At that moment it emerges that the low price was not buying the same thing as a market price. A certificate is worth only what the backing behind it is worth: the accreditation of the body that issued it, within a scope that covers the standard and the sector of whoever receives it. Without that backing, the document exists, but it does not withstand the only test that counts, which is verification by a third party.

Price is negotiated once: the backing of the certificate is put to the test every time someone verifies it.

Choosing well is not choosing expensive. It is choosing with the right data in front of you: whether the body is accredited, in what scope, and whether its impartiality withstands examination. Cheap, when it cuts those elements, is paid for later and with interest.

First: is it accredited, and in what scope?

Before price, timeline or commercial reputation comes a two-part question: is the body accredited, and does its accreditation cover your case? Accreditation is the independent evaluation of the certification body’s technical competence, governed by ISO/IEC 17011:2017, the standard that sets the requirements for accreditation bodies. Without that layer, a certification body assesses itself, and a certificate that backs itself backs nothing.

Confirming the accreditation has a method. The body must name its accreditation body; you locate that accreditor’s public directory and verify that the issuer appears as accredited, with a current status and within a scope that includes the standard and the sector you care about. On 1 January 2026 the IAF ceased operations and the international level of mutual recognition entered a transition. The change reordered that level without altering the validity of certificates issued under recognized accreditation.

  • · Verifiable institutional identity: legal name, jurisdiction and its own official site.
  • · The accreditation body that backs it, named explicitly.
  • · Scope of accreditation: which standards and which sectors it covers, with a reference code.
  • · Status of the accreditation: current, suspended or withdrawn, lookupable in the accreditor’s directory.
  • · An impartiality procedure and the rules of incompatibility with consultancy.
  • · A public channel to verify the certificates it issues.

Real impartiality, not declared

A competent body may still lack independence. That is why ISO/IEC 17021-1:2015, the standard of requirements for bodies that certify management systems, makes impartiality its governing principle: clause 4.2 states it and clause 5.2 requires managing the threats to that impartiality. The threats have technical names: self-interest, self-review, familiarity and intimidation.

The self-review threat explains the most concrete rule in the whole selection: a body should not certify a system it itself helped to build. The standard sets a minimum gap of two years between consultancy on a management system and the certification audit of that same system. An issuer that offers to implement your system and then audit it to certify it is, by design, reviewing its own work.

Whoever sells you the solution should not be the one who certifies that the solution works.

There is a second safeguard, equally concrete: the certification decision is taken by someone who did not perform the audit. Clause 9.5 separates the auditor from whoever reviews the file and grants the certificate, so that no person validates their own evaluation. When you choose, ask for the written impartiality rules and read who decides. The answer says more than any commercial argument. The difference between the two layers —who accredits and who certifies— is developed in Accreditation vs certification.

Warning signs when hiring

No single sign disqualifies a body; several together justify widening the verification before committing. The most frequent:

  • · The body avoids naming its accreditation body, or cites it without a verifiable scope code.
  • · It offers consultancy and implementation of the system it will later audit for certification.
  • · It promises guaranteed certification, deadlines without a serious audit or approval with no possible nonconformities.
  • · The price is far below market without any explanation of what is being cut.
  • · It pressures you to sign before you verify the accreditation and the scope.
  • · It has no public channel to verify the certificates it has already issued.

How to verify before signing

The selection closes with a short circuit, prior to any signature. Each control leaves its own evidence and protects the decision against a third party who questions it later.

  1. 01 Confirm the accreditation at its source

    It is not enough for the body to declare itself accredited. Locate the accreditation body it cites and confirm the status in that accreditor’s public directory. Accreditation is governed by ISO/IEC 17011:2017, and the accreditor’s public directory is the primary source for that fact.

  2. 02 Match the scope against your standard and your sector

    An accreditation covers precise standards and sectors. Verify that the accredited scope includes exactly the standard you want to certify and the economic activity of your organization. A scope that does not cover your case turns the certificate into a document with no backing for your decision.

  3. 03 Read the impartiality rules

    ISO/IEC 17021-1:2015 requires the body to manage the threats to its impartiality. Ask for the written rules: how it separates consultancy from audit, how it declares conflicts and who takes the certification decision. The absence of these rules, or their vagueness, is information about the body’s seriousness.

  4. 04 Tell price apart from real cost

    A quote that cheapens the audit usually cuts evaluation time, team competence or the independence of the decision. The real cost of a certification without backing appears later: before a client who rejects it, a tender that discards it or an accreditor that flags it.

  5. 05 Document the selection

    Record which accreditation body backs the issuer, which scope it covers, on what date you confirmed the status and through which channel. The traceability of the choice protects both the purchase decision and the later defense of the certificate before a third party.

These are the same controls applied by whoever receives a certificate already issued. The sibling guide How to verify an ISO certificate in 2026 orders that circuit step by step. And if the credential in front of you cites an IAC Trust Registry code, you verify it directly at /verify.

From criterion to practice

Verify before you sign, not after.

The criterion works when it is applied. Before committing to a certification, confirm the issuer’s accreditation and scope; and if a credential cites a Trust Registry code, check its status at the moment of the consultation.