According to the definition, certification refers to the assessment of conformity. In most cases, requirements have been specified in standards, which include the international ISO, European EN and Finnish SFS.
A management system, a product, a process or a person can be certified. Examples of management systems include quality, environmental management, occupational health and safety, and information security systems. Concrete products, such as building products, electrical equipment and components, or processes, such as welding processes, are the targets of product certification.
The certification body assesses whether the system, product or person complies with the certification requirements. There are different kinds of assessment methods, and they can include the assessment, testing or review of data on practical operations based on documents and a written or competence-based qualification in the case of personnel certification. Based on the assessment, the certification body issues a certificate in which it verifies that the management system, product, process or person meets the specified requirements. The certification is valid for a fixed period, after which time a recertification can be performed. The maintenance of the certification may include assessment procedures to be performed during the validity of the certification, such as annually.
Certification bodies covered by accreditation offer their clients management system certification, product certification and personnel certification.
In most cases, certification is a voluntary procedure that can be used to demonstrate that the certified target complies the requirements imposed on it. Certification can also be used to demonstrate compliance with legislative requirements, including those in directives or EU regulations.
Accredited certification bodies are impartial third parties independent of the target of certification, and they must have the competence specified in international standards and other prerequisites for their operations.
Requirements and guidelines (updated 13th of September 2024)
The accreditation requirement for certification bodies is one of these standards:
SFS-EN ISO/IEC 17021-1:2015 Conformity assessment. Requirements for bodies providing audit and certification of management systems. Part 1: Requirements
SFS-EN ISO/IEC 17065:2012 Conformity assessment -- Requirements for bodies certifying products, processes and services
SFS-EN ISO/IEC 17024:2012 Conformity assessment - General requirements for bodies operating certification of persons
An additional requirement:
Together with SFS-EN ISO/IEC 17021-1:2015:
- SFS-EN ISO/IEC 17021-2:2018 Conformity assessment -- Requirements for bodies providing audit and certification of management systems -- Part 2: Competence requirements for auditing and certification of environmental management systems
- SFS-EN ISO/IEC 17021-3:2018 Conformity assessment -- Requirements for bodies providing audit and certification of management systems -- Part 3: Competence requirements for auditing and certification of quality management systems
- ISO/IEC TS 17021-10:2018 Conformity assessment -- Requirements for bodies providing audit and certification of management systems -- Part 10: Competence requirements for auditing and certification of occupational health and safety management systems
- ISO/IEC TS 17021-15:2023 Conformity assessment requirements for bodies providing audit and certification of management systems -- Part 15: Competence requirements for auditing and certification of management systems for quality in healthcare organizations
ISO 22003-1:2022 Food safety — Part 1: Requirements for bodies providing audit and certification of food safety management systems
ISO 22003-2:2022 Food safety — Part 2: Requirements for bodies providing evaluation and certification of products, processes and services, including an audit of the food safety system
- ISO/IEC 27006:2020 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems
- ISO/IEC 20000-6:2017 Information technology -- Service management -- Part 6: Requirements for bodies providing audit and certification of service management systems
- ISO 50003:2021 Energy management systems -- Requirements for bodies providing audit and certification of energy management systems
Mandatory guidelines relating to accreditation of certification activities
Guidelines relating to certification activities
Examples of guidelines for certification activities are given below. The list does not necessarily cover all guidelines prepared for the accredited activities.
Accreditation symbol
Accredited bodies are entitled to use the FINAS accreditation symbol, which consists of the FINAS logo, the accredited body's identification number and the accreditation requirement. The FINAS accreditation symbol must be used when the accredited body refers to the accreditation in its reports, for example.
Accredited certification bodies use an identifier in which the identification number of the accredited body is of the format SXXX.