How to Prepare for Your ISO/IEC 17020:2026 Assessment
Most preparation advice tells you to get your documents in order. That is necessary, but it is not what the assessment turns on. An ISO/IEC 17020 assessment is not a paperwork review with a site visit attached. The assessor reads your system, then watches one of your inspectors perform a real inspection, and spends the day probing the judgement, the impartiality and the data behind your work. This guide prepares you for that room: what the assessor actually does, what they ask, and the specific ways bodies fail on the day even with a tidy manual.
The honest answer to “are we ready” is rarely about whether the documents exist. It is about whether your people can stand in front of an assessor, perform their work, and explain why they did it that way, with the records to back it. Inspection is defined in the standard as examination of an item and determination of its conformity, on the basis of professional judgement where general requirements apply, so the assessor is entitled to test that judgement directly. That is what we are preparing for here.
What the assessment actually involves
An accreditation assessment against ISO/IEC 17020 has three parts that run together. There is a document and system review, where the assessor checks your management system against the standard’s requirements. There is an assessment of how that system operates in practice: your competence records, equipment, impartiality monitoring and management processes. And there is the witnessed assessment, where the assessor observes your inspectors performing actual inspections within your scope. Accreditation bodies size much of their assessment effort around how many witnessed inspections your scope needs, so the witnessed part is central, not a formality.
Where most articles get this wrong is stopping at the document review. The document review is the part you can fully control in advance, so it is the part most guides cover. The witnessed assessment and the live questioning are where readiness is genuinely tested, and they are where bodies with a clean manual still pick up findings. That is why the bulk of the preparation in this guide is aimed at the room rather than the binder.
The witnessed inspection: the part you cannot fake
During a witnessed assessment the assessor watches your inspector work and tests three things at once: whether the inspection follows your documented method, whether the inspector is authorized and competent for exactly that activity, and whether their professional judgement holds up. Because the standard defines inspection around professional judgement, the assessor is entitled to ask why a call was made, and a competent inspector should be able to answer in terms of the method, the specified requirements and the evidence in front of them.
The way to prepare for this is to run your own internal witnessed inspections first. The standard already points you here: clause 6.1.7 expects each inspector to be observed performing inspection as part of competence monitoring. Use that mechanism deliberately before the assessment. Have an authorized, competent colleague observe each inspector against the documented method and ask the awkward questions an assessor would. The inspectors who struggle in rehearsal are almost never incompetent; they are usually competent people who have never had to narrate their reasoning out loud. Practising that narration is the single highest-value preparation activity, and it costs nothing but time.
What the assessor probes, and how you fail it
These are the areas an assessor presses hardest on a 2026-edition assessment, each tied to the clause behind it, with the failure mode that catches bodies out.
Impartiality (Clause 4.1). What they ask: show me how you identify threats to impartiality on an ongoing basis, and what you did the last time one appeared.
How you fail: producing a risk assessment dated twelve months ago and nothing since. The 2026 wording is ongoing monitoring (4.1.3), so a single annual form reads as a gap.
Competence and authorization (Clause 6.1). What they ask: prove this specific inspector is authorized and competent for this specific activity.
How you fail: a generic training certificate with no link to the authorization decision or the monitoring that maintains it. The competence process in 6.1.2 has to be visible person by person, with the records 6.1.9 requires.
Control of data (Clause 7.5). What they ask: which systems collect, process and store your inspection data, and how were they validated and secured?
How you fail: treating a spreadsheet or inspection app as invisible. Clause 7.5 is new and standalone, and assessors look for validation, safeguarding against unauthorized access and a record of system failures with corrective actions.
Technology and method validation (Clauses 6.2.9 and 7.2.6). What they ask: you use a drone, a remote technique or an AI-assisted tool; show me the validation evidence.
How you fail: using the technology in practice but holding no validation record. The 2026 edition names artificial intelligence, augmented reality and remote inspection techniques explicitly in 6.2.9, so an unvalidated tool is a finding waiting to happen.
Records traceability (Clause 7.4). What they ask: this report was amended; show me the original observation and the amendment, with dates.
How you fail: overwriting records so the original is gone. Clause 7.4.4 requires that amendments are traceable and that both the original and amended data are retained, including the date.
Appeals and complaints (Clauses 7.7 and 7.8). What they ask: where is your public appeals process, and your separate public complaints process?
How you fail: one combined procedure that is not publicly available. The 2026 edition handles appeals (7.7) and complaints (7.8) in separate clauses, and each process must be publicly available.
Before the assessor arrives: making the document review easy
The document review sets the tone for the whole assessment. An assessor who can find each requirement quickly arrives at the witnessed inspection in a constructive frame; one who has spent two hours hunting for your impartiality monitoring arrives looking for problems. The single most useful thing you can prepare here is a clause-by-clause cross-reference: a simple index that maps each clause of the 2026 edition to the document and record that satisfies it. The standard does not demand that index, but it signals a system that knows itself, and it shortens the assessment.
Make your scope statement the front door. Clause 5.2.3 requires you to define and document the inspection activities you conform to the standard for, including the field and range of inspection, the stage, and the schemes or specifications you inspect against. The assessor reads that scope to decide what to assess and what to witness, so it has to be precise. A vague scope creates uncertainty about what is being accredited, and uncertainty turns into questions. Confirm too that your independence type under Annex A is stated and justified, because the assessor will check that your declared type, Type A or Type non-A, matches how you actually operate, especially for any activity where you reclassified from a former Type B or C.
What does not change here is the value of honesty in your own documents. If a control is still maturing, show the assessor your improvement action for it rather than dressing it up. Assessors test claims against reality during the witnessed work, so a gap you have already identified and are acting on reads far better than one they discover for you.
A phased preparation roadmap
Work backward from the assessment date in three phases.
Early phase: close the system gaps
Run a full internal audit against every clause of the 2026 edition. Clause 8.6 requires that internal audits cover all the requirements of the standard, for all fields of inspection and all premises where inspection activities are managed or performed, so scope the audit that widely. Treat the new and strengthened clauses as priority: the independence type under Annex A, ongoing impartiality monitoring (4.1.3), control of data (7.5), technology validation (6.2.9) and the now-mandatory actions to address risks and opportunities (8.4). Close the nonconformities you find, then hold a management review (8.7) that takes the audit results, the impartiality threat conclusions and the effectiveness of your competence process as inputs, all of which 8.7.2 lists.
Middle phase: rehearse the witnessed inspections
Run internal witnessed inspections for each inspector and each activity in your scope. Confirm every inspector who will be witnessed is demonstrably authorized for that exact activity. Have a colleague play the assessor and ask the why questions until the answers are fluent. Fix any documentation the rehearsal exposes, then run it again. This is also where you catch the practical gaps, an out-of-calibration instrument, a method that has drifted from what the inspector actually does, before the assessor does.
Final phase: assemble the evidence and brief the team
Pull together the evidence pack the assessor will sample: the scope, impartiality monitoring records, competence and authorization records, equipment and calibration records, technology validation, data-control evidence, a recent inspection with its report, the internal audit and the management review. Brief everyone who will be in the room on what they own and how to answer plainly. Confirm the logistics of the inspections that will be witnessed, including access, equipment and the client’s agreement where the inspection is on their site.
When a nonconformity is raised in the room
Findings during the assessment are normal, and how you respond is itself a signal of a working system. Do not argue a finding in the moment unless it rests on a factual error you can show on the spot. Acknowledge it, make sure you understand exactly which requirement it relates to, and record it. Your corrective action process under clause 8.5 is what resolves it afterward: react to the nonconformity and correct it, evaluate the cause by reviewing and analysing the nonconformity and determining whether similar ones exist or could occur elsewhere, implement the action in a timely manner, and review whether the corrective action was effective. An assessor would far rather see a calm, structured response that shows 8.5 actually functions than a defensive one.
After the assessment: the decision and surveillance
The assessment rarely ends with a clean yes or no on the day. More often you leave with a set of findings to clear, and the accreditation decision follows once you have responded to them through your corrective action process and the accreditation body has accepted those responses. This is why a functioning clause 8.5 process matters so much in practice: the speed and quality of your corrective actions directly affect how quickly accreditation is granted. Plan for that gap rather than treating the assessment date as the finish line.
Accreditation is also not a one-off event. Your accreditation body schedules periodic surveillance assessments to confirm you keep meeting the standard, with a fuller reassessment on a longer cycle. The practical implication for preparation is that the system you build for the initial assessment has to keep running afterward. The internal audits, the management reviews, the ongoing impartiality monitoring and the competence records are the same evidence every surveillance visit will sample, so they cannot lapse the week after you are accredited. Confirm your accreditor’s surveillance cycle and set the cadence of your internal audits and management reviews to match it.
The document-readiness step
Everything above assumes your documents already map cleanly to the 2026 clauses. If you are not certain they do, the fastest way to close that uncertainty is a structured checklist that walks each clause and tells you what evidence the assessor expects against it. The ISO/IEC 17020:2026 Transition Checklists Bundle does exactly that: it turns the clause-by-clause readiness check into a worksheet you score and act on, which is the document-readiness step this prep guide assumes you have finished. Use this guide to prepare for the room, and the checklist to settle the paperwork behind it.
Where to take this next
If your system is not yet built to the point where you could run a witnessed inspection, step back to the implementation build guide first and come back when you have run a full cycle. To pressure-test what the assessor will read your system against, the clause-by-clause requirements guide is the reference. The official scope of the standard sits on the ISO catalogue page, and ANAB’s overview of the 2026 changes is on the ANSI National Accreditation Board blog.
Assessment mechanics vary by accreditation body. Clause references here are from ISO/IEC 17020:2026; confirm the exact witnessed-inspection counts, surveillance intervals and scheduling with your own accreditor (ANAB, A2LA, IAS, UKAS, NATA or SCC) before you plan.
