Last Updated on October 13, 2025 by Melissa Lazaro

Understanding ISO/IEC 17020 Mandatory Procedures

Let’s be honest—most inspection bodies I meet are confident in their technical skills but stumble when it comes to documentation. They know their inspections are solid, but when the assessor asks, “Can I see your documented procedure for impartiality or internal audit?”, that confidence suddenly fades.

I’ve seen this pattern repeatedly while helping organizations prepare for ISO/IEC 17020 accreditation. Teams spend months fine-tuning their inspection process, yet overlook the simple fact that some procedures must be written down—explicitly, clearly, and consistently applied.

Here’s what I’ve noticed: the confusion usually starts with the wording of the standard itself. ISO/IEC 17020 doesn’t always say “you shall have a documented procedure” in plain English. Instead, it expects you to understand which clauses imply mandatory documentation. The result? Some inspection bodies submit for accreditation with missing or incomplete procedures—only to get non-conformities that could’ve been easily avoided.

In this guide, I’ll walk you through the complete ISO/IEC 17020 mandatory procedures list, explain why each one matters, and share practical tips to make them audit-ready. Whether you’re building your system from scratch or tightening your existing documentation, you’ll learn exactly which procedures you need, how to structure them, and how to keep them simple yet compliant.

By the end, you’ll have a clear checklist—and more importantly, the confidence that your system won’t crumble under an assessor’s questions.

Now that we’ve set the stage, let’s dive into the foundation of it all: what mandatory procedures really mean under ISO/IEC 17020 and why they’re the backbone of your inspection body’s credibility.

ISO/IEC 17020 Mandatory Procedures Overview

Here’s the thing—ISO/IEC 17020 isn’t just about doing inspections right; it’s about proving you do them right. That’s where documented procedures come in. They’re not optional paperwork; they’re the evidence of consistency, competence, and impartiality that accreditation bodies look for.

In my experience, the biggest gap between inspection teams and auditors often lies in interpretation. The team thinks, “We already do that.” The auditor asks, “Where is it written?” That’s the difference between being compliant in practice and being compliant on paper.

Let’s break it down.
The standard’s Clause 8—Management System Requirements—is where most of these procedures live. It’s essentially your rulebook for how the organization operates. Clauses 4–7 deal with operational control (things like impartiality, confidentiality, and inspection activities), while Clause 8 ensures all of that is documented, reviewed, and improved.

Here’s what I tell clients:

• Document what’s critical to consistency. If the process affects impartiality, competence, or validity of results—it needs to be written.

• Avoid over-documentation. Don’t create a procedure for every minor task. Focus on what the standard actually requires or what your system needs to run smoothly.

• Keep it usable. Procedures should guide your team, not sit in a binder no one opens.

Pro Tip: A good litmus test—if a new employee can follow the document and perform the task correctly, you’ve written it well.

Common pitfall: Mixing up “records” with “procedures.” Records show evidence that something happened (like an audit report or complaint form). Procedures describe how it happens. Both are needed, but they serve different purposes.

Now that we’re clear on what procedures represent in ISO/IEC 17020, let’s move to the heart of this article—the complete list of mandatory procedures every inspection body must establish and maintain.

List of Mandatory Procedures under ISO/IEC 17020:2012

Here’s the part most inspection bodies skip straight to—the actual list of mandatory procedures. But before we get into it, a quick note from experience: knowing the list isn’t enough. You need to understand why each one exists and how it supports your inspection body’s credibility during accreditation.

When assessors review your system, they’re not just checking if a procedure exists—they’re checking if it’s implemented, understood, and producing consistent results.

Below is the full list of mandatory ISO/IEC 17020 procedures, organized by clause, with each one’s key purpose.

Here’s what I tell every client preparing for accreditation: print this table and keep it visible. It becomes your blueprint for documentation readiness.

Pro Tip: Create a “Procedure Register” or Document Control Matrix mapping each of these procedures to its related forms and records. Auditors love seeing that linkage—it shows your system is both structured and traceable.

Common Pitfall: Don’t just copy ISO 9001 templates. ISO/IEC 17020 has unique needs—for example, impartiality and confidentiality are central to inspection activities but not covered the same way in ISO 9001.

Now that you know the exact procedures required, let’s talk about how to develop and implement them effectively so they work in practice—not just on paper.

Developing and Implementing ISO/IEC 17020 Procedures

Here’s what I’ve noticed after helping dozens of inspection bodies prepare for accreditation: many teams think writing procedures is a one-time paperwork exercise. It’s not. A procedure only matters if it’s actually used, understood, and followed by the people doing the work every day.

In my experience, the best-performing organizations treat each procedure as a living document—something that guides daily operations, evolves with experience, and reflects real practice on the ground.

Let’s walk through the process step by step.

1. Map Each Procedure to a Process Owner

Start by assigning clear ownership. Every mandatory procedure should have a responsible person—for example:

• Quality Manager → Internal Audit, Corrective Actions, Document Control

• Technical Manager → Inspection Methods, Competence, Report Review

• Top Management → Management Review, Impartiality, Confidentiality

This makes accountability visible and prevents overlap or confusion during audits.

Pro Tip: Always include the process owner’s name and title in the header of each procedure. It helps auditors trace accountability instantly.

2. Define Inputs, Steps, and Outputs

A well-written procedure should clearly show:

• Input: What triggers the process (e.g., a client complaint, new inspection request).

• Steps: What must be done, in sequence, and by whom.

• Output: What evidence or record is produced (e.g., audit report, approval form).

Avoid wordy descriptions—use short, clear, action-driven sentences. Think of it as a recipe your team can actually follow.

3. Integrate with Your Management System

If you already follow ISO 9001 or ISO 17025, there’s no need to reinvent the wheel. Many of your existing procedures (like document control or management review) can be adapted—just make sure they address the inspection body context.

Example:
A testing lab transitioning to ISO 17020 used its existing internal audit procedure but added an impartiality review step and a clause reference to 8.4. That minor change made it fully compliant.

4. Validate Before Finalizing

Run a short pilot test of each new procedure with your team. Ask:

• “Is this realistic for us?”

• “Do we already do this another way?”

• “What could make this clearer?”

You’ll often find that what looks perfect on paper doesn’t fit daily workflow until it’s tested.

5. Maintain and Communicate Updates

Once finalized, train your staff on every new or revised procedure. Record attendance and understanding—this will save you during audits.

Pro Tip: Use a simple Document Change Log that captures the revision number, date, change summary, and approver. Auditors love it—it shows real control and transparency.

Common Pitfall: Writing all procedures at once without feedback. That approach usually leads to documents nobody reads or applies. Build them iteratively—one, test, improve, then move on.

Common Audit Findings Related to ISO/IEC 17020 Procedures

Here’s the reality—most nonconformities during ISO/IEC 17020 accreditation aren’t about technical mistakes. They’re about gaps in procedures. Either the document exists but isn’t followed, or it’s missing the key details assessors expect to see.

I’ve sat through dozens of accreditation audits, and I can tell you this: assessors don’t want to catch you out; they just want proof that your system runs the way you claim it does. But when procedures are vague or inconsistent, it raises red flags fast.

Below are the most common findings linked to ISO/IEC 17020 mandatory procedures—and how to avoid them.

Here’s what I’ve noticed: organizations that treat procedures as “audit checkboxes” usually get recurring findings. Those that treat them as operational tools rarely do.

Pro Tip: Before each external audit, perform a Procedure Compliance Cross-Check. It’s simple:

1. List each mandatory procedure.

2. Identify the latest revision and who’s responsible.

3. Review at least one real record generated by it (audit report, complaint file, management review minutes, etc.).

If any procedure has no matching evidence—there’s your red flag.

Common pitfall: Copy-pasting text from generic templates without tailoring them. ISO/IEC 17020 procedures must fit your actual inspection type (vehicles, construction, food, etc.). Assessors can tell instantly when documents look “borrowed.”

Integrating ISO/IEC 17020 Procedures with ISO 9001 or ISO 17025 Systems

Here’s what I’ve learned working with organizations that run multiple accreditations: the smartest inspection bodies don’t build separate systems—they integrate them. If you already operate under ISO 9001 or ISO 17025, your management system can absolutely support ISO/IEC 17020 requirements with a few targeted adjustments.

Let’s break down how this integration actually works in practice.

1. Map Shared Clauses Across Standards

Start by identifying where your systems overlap. For example:

• Internal Audits, Management Review, Corrective Actions — identical in intent across ISO 9001, ISO 17025, and ISO 17020.

• Document Control and Records Management — same principles, slightly different terminology.

• Competence and Training — ISO 17020 focuses on inspectors; ISO 9001/17025 focus on all personnel.

Pro Tip: Create a Cross-Reference Matrix listing each clause from ISO 17020 beside its equivalent in ISO 9001 or 17025. This helps you avoid double work and shows auditors how your system maintains alignment.

2. Harmonize Core Procedures

Rather than writing three separate “Internal Audit Procedures,” build one comprehensive version that:

• References all applicable standards in its scope.

• Defines clear roles and responsibilities per accreditation type.

• Ensures findings are tracked under one corrective action system.

Example:
A testing lab that expanded into inspection activities used its existing ISO 17025 internal audit procedure. They added a note stating, “Audit coverage includes ISO 17020 Clause 8.4 requirements applicable to inspection processes.” Simple, clean, and audit-ready.

3. Consolidate Documentation and Version Control

All standards require controlled documents—so use one document numbering system across your organization.

• Prefix documents by function: e.g., QP-07 for “Inspection Process Procedure,” QP-09 for “Internal Audit Procedure.”

• Use the same revision log and approval format for every standard.

This approach avoids confusion and keeps your documentation professional and traceable.

4. Integrate Data and Evidence Collection

Where possible, merge supporting records:

• One Training Matrix for all personnel, with columns specifying the relevant standard (9001, 17025, 17020).

• One Audit Schedule covering all systems—each clause ticked once per year.

• Unified Corrective Action Register with references to all applicable standards.

Pro Tip: Assessors appreciate efficiency—as long as you can still demonstrate compliance with each standard individually.

5. Keep Standard-Specific Controls Intact

Integration doesn’t mean blending everything into one. Some ISO/IEC 17020 procedures—like Impartiality, Confidentiality, or Handling of Inspection Items—are unique to inspection bodies. Those must remain distinct, even if managed under the same umbrella system.

Common pitfall: Merging too much and losing traceability. Each standard’s intent should still be recognizable in your documents.

Maintaining and Updating ISO/IEC 17020 Mandatory Procedures

Here’s the truth—most inspection bodies don’t lose their accreditation because of big nonconformities. They lose it slowly, through outdated or neglected procedures that no longer reflect how the organization actually works.

I’ve seen it happen many times: a team builds a beautiful set of procedures, gets accredited, and then files everything away. A year later, during surveillance, the assessor opens a document last revised three years ago. The team says, “Oh, we don’t do it that way anymore.” That’s a red flag.

Keeping your procedures current isn’t just about compliance—it’s about credibility. Let’s go through how to do it right.

1. Review Procedures Annually (or After Major Changes)

Every mandatory procedure should have a review frequency—ideally once a year, or immediately after:

• Organizational changes (new management, scope expansion).

• Updates in ISO/IEC 17020 or accreditation body policies.

• Client or regulatory feedback.

Pro Tip: Schedule your document review cycle right after your Management Review Meeting. That’s when you already have performance data and feedback to guide updates.

2. Use Version Control and Change Tracking

A good procedure should always show:

• Version number and revision date

• Change description (what changed and why)

• Approver name and signature/date

Create a Document Revision Log—a simple table at the end of each procedure works perfectly. It shows auditors that you’re actively maintaining control.

3. Train and Communicate Updates

Each time a procedure is revised, make sure affected staff:

• Receive a short briefing or email summary.

• Confirm understanding (a quick sign-off sheet works).

• Know where to find the latest approved version.

Pro Tip: Store procedures in a central digital folder with read-only access for everyone except document controllers. This eliminates “old versions floating around.”

4. Verify Implementation During Internal Audits

Your internal audit isn’t just to check compliance—it’s your best tool to confirm procedures are being followed as written.
During each audit cycle, verify:

• Is the current revision in use?

• Are staff following the documented steps?

• Are records consistent with the procedure?

If not, issue a corrective action—don’t wait for the accreditation body to find it first.

5. Encourage Continual Improvement

ISO/IEC 17020 Clause 8.8 focuses on continual improvement for a reason. Use your procedures as living documents:

• Add new steps that simplify work.

• Remove unnecessary bureaucracy.

• Record lessons learned after audits or incidents.

Common Pitfall: Treating procedures as static. If a process becomes simpler or more efficient, reflect that change immediately—don’t wait for “the next audit.”

FAQs — ISO/IEC 17020 Mandatory Procedures

Q1. Are all procedures in ISO/IEC 17020 required to be documented?
Not exactly. Only procedures that directly impact impartiality, competence, and consistency must be formally documented. For example, internal audits, complaints, and corrective actions all require written procedures. Others—like certain operational controls—can be demonstrated through records or consistent practice.
Pro Tip: When in doubt, document it. It’s easier to simplify later than to defend an undocumented process during an audit.

Q2. Can I use my ISO 9001 or ISO 17025 procedures for ISO/IEC 17020?
Yes, absolutely—but only if they meet the specific intent of ISO 17020 clauses. For instance, your ISO 9001 management review procedure may already satisfy Clause 8.5, but your impartiality procedure must be unique to inspection activities.
Here’s what I’ve noticed: integrated systems save time, but assessors will still check that your documentation explicitly references the right clauses.

Q3. How often should I update my ISO/IEC 17020 procedures?
At least once a year, or whenever your operations, team, or accreditation requirements change. You should also review them after internal audits and management reviews to capture lessons learned.
Pro Tip: Keep a “Procedure Review Register” that tracks revision dates and next review due dates—it shows clear evidence of proactive management.

Q4. What happens if a required procedure is missing during an audit?
That’s typically a major nonconformity. The assessor will expect immediate corrective action, which could delay your accreditation or renewal. Always double-check your mandatory procedures list before any audit.

Q5. Can templates or purchased kits fully replace customized procedures?
Templates can give you a solid start—but they must be adapted. Assessors recognize generic content instantly. Tailor every document to reflect your real workflow, staff roles, and terminology.

Your Next Step Toward ISO/IEC 17020 Compliance

If there’s one thing I’ve learned after years of helping inspection bodies reach accreditation, it’s this: documentation doesn’t earn you ISO/IEC 17020 accreditation—discipline does.

The mandatory procedures you just reviewed aren’t meant to fill binders; they’re there to build reliability, traceability, and trust in every inspection you perform. When each procedure is clear, current, and genuinely applied, assessors can see that your system works—not because you said so, but because the evidence proves it.

Here’s what to keep in mind:

• Your mandatory procedures list is the backbone of your management system.

• Keep them aligned with your real operations, not just the clauses.

• Review and update them regularly—it’s easier to stay compliant than to catch up before an audit.

In my experience, organizations that maintain their procedures as living tools rarely struggle during accreditation. They walk into audits confidently because everything—every action, every record, every review—flows from a controlled and documented process.

So, your next move is simple:
Audit your own procedures using this article’s checklist.
If any are missing, outdated, or unclear, now’s the perfect time to fix them—before the assessors ask the same questions.

And if you’d rather not start from scratch, you can save weeks of effort.
Download QSE Academy’s ISO/IEC 17020 Mandatory Procedures Kit—a complete, editable set aligned with the latest accreditation requirements, ready to customize for your inspection body.

Take this final step, and you won’t just be audit-ready—you’ll be system-strong and accreditation-proof.