What the ISO/IEC 17021-1 Certification Decision Log Is (and Why It Matters)
Every certification body knows that the certification decision is where things get serious. It’s not just the final step in the process — it’s the one that accreditation assessors scrutinize most.
In my experience, the difference between a clean assessment and a finding often comes down to one thing: how well you document your certification decisions. That’s exactly where your Certification Decision Log comes in.
This record isn’t just paperwork. It’s your proof that certification decisions were made independently, competently, and based on verified audit evidence. Whether you’re granting, maintaining, suspending, or withdrawing certification, every decision needs to be justified — and traceable.
By the end of this guide, you’ll know exactly what your certification decision log should include, how to set it up, and what assessors expect to see during ISO/IEC 17021-1 accreditation.
Purpose of the Certification Decision Log (Clause 9.5 Explained)
Let’s start with the “why.”
Clause 9.5 of ISO/IEC 17021-1 makes it clear: certification decisions must be based on sufficient, reviewed evidence and made by authorized, impartial personnel. The log is your formal record of that process.
Think of it as a decision evidence trail. It shows that your CB didn’t just issue certificates — you made those decisions through review, competence, and independence.
Pro Tip: Use your decision log as a dashboard, not a filing cabinet. It should give you a quick overview of all active certifications, their status, and the evidence behind each decision.
Common pitfall: Some CBs only record “approved” decisions. That’s risky. Your log should also include decisions to suspend, withdraw, or deny certifications — those are the ones assessors always check first.
Example: A certification body I worked with used to confirm approvals by email only. When their assessor asked for evidence of impartial review, they couldn’t show a clear record. Once we built a standardized decision log, every certification and suspension had a traceable entry — and zero findings in their next audit.
Key Information Every Certification Decision Log Must Contain
To meet ISO/IEC 17021-1 requirements, your log needs to include enough information to prove each decision was controlled and justified.
Here’s what should be there:
Client name and certificate number
Standard/scheme certified (e.g., ISO 9001, ISO 14001)
Audit reference (Stage 2, Surveillance 1, etc.)
Decision type (grant, maintain, suspend, withdraw, reinstate)
Date of decision
Reviewer/decision maker name and signature
Summary of reviewed evidence (audit report, NC closure, competence confirmation)
Notes on impartiality review or conflict checks
Certification validity and renewal date
Pro Tip: Include a column that links each decision entry to the corresponding audit report ID. Assessors love being able to trace the logic instantly.
Common pitfall: Missing decision dates or reviewer details. I’ve seen this lead to major findings — because it looks like no one formally authorized the certification.
Example: One CB added a “Decision Justification” field where the reviewer could note:
“Audit findings closed – corrective actions verified – no open NCs.” That one line was enough to prove due diligence.
Roles and Responsibilities – Who Approves and Records Certification Decisions
The certification decision must be independent — that’s non-negotiable under ISO/IEC 17021-1.
Your log should clearly show who made the decision and why they were authorized. Typically, you’ll have three key roles:
Audit Team: Conducts the audit and submits the report.
Reviewer: Verifies completeness and objectivity.
Decision Maker: Approves or rejects certification based on evidence.
Pro Tip: Maintain an “Authorized Decision Maker” list that’s reviewed annually. Include their competence records, qualifications, and training dates.
Common pitfall: Allowing auditors to decide on their own audits. That’s a direct breach of impartiality.
Example: A small CB I supported solved this by creating a rotating decision-maker pool. Three managers shared responsibility, ensuring no one ever reviewed their own clients. It worked flawlessly during accreditation.
Designing the Certification Decision Log Template
Your log doesn’t have to be fancy — it just needs to be clear, controlled, and consistent.
Here’s what works best:
Format: a single controlled spreadsheet or database.
Columns:
Client Name
Standard
Decision Type
Audit Reference
Decision Date
Decision Maker
Evidence Reviewed
Status / Notes
Header: include document code, revision, and approval date.
Controls: protect cells that shouldn’t be edited; track changes or use a version history.
Common pitfall: Keeping separate logs for each scheme. That just invites inconsistency. Combine everything into one version-controlled master log.
Example: One CB color-coded its entries: green for approved, yellow for pending, red for suspended. During accreditation, the assessor called it “the cleanest system I’ve seen.”
Linking the Decision Log to Other ISO/IEC 17021-1 Records
Your certification decision log doesn’t stand alone — it’s part of a chain of evidence.
Here’s how it links across your system:
Clause 9.4: Connects to audit reports and findings.
Clause 7: Confirms decision makers’ competence and training.
Clause 6: Demonstrates impartiality controls and conflict management.
Clause 10: Shows your management system is reviewing decisions as part of continual improvement.
Pro Tip: Use hyperlinks or file IDs that connect each log entry to its corresponding audit report and certificate. Assessors appreciate when you make traceability effortless.
Common pitfall: Storing the decision log separately from client files. Always keep it accessible as part of your controlled certification records.
Example: A CB implemented an online decision log linked directly to client folders in SharePoint. The assessor could open the log, click the audit ID, and instantly see the supporting report — total transparency.
Common Non-Conformities in Certification Decision Logs (and How to Fix Them)
After dozens of accreditation audits, I can tell you — the same issues show up repeatedly.
Here are the top ones (and how to fix them):
Unsigned decisions – Always require decision-maker authorization before certificates are released.
Missing impartiality checks – Include a simple checkbox confirming no conflicts.
No evidence of review – Log what was reviewed (audit report, NC closure, etc.).
Outdated records – Version control your log and archive old revisions.
Incomplete data – Fill every field; blanks raise red flags.
Pro Tip: Review your certification decision log quarterly as part of your management review. It keeps records current and shows proactive control.
Example: One CB’s assessor found two “approved” certifications without logged justification. After adding a simple review step in their log, they cleared all findings at their next visit.
Pro Tip: Keep a “Reviewed By” and “Approved By” field. It’s a simple way to show separation of duties.
Example: An assessor once praised a CB because they could trace each certification from the audit report to the decision log to the issued certificate — in two clicks. That’s exactly what ISO/IEC 17021-1 wants to see.
FAQs – Understanding the Certification Decision Log
Q1: Can our decision log be electronic? Yes, absolutely. Many CBs use Excel, Google Sheets, or an internal database. The key is control — restrict editing rights, track revisions, and back it up.
Q2: How long should we retain certification decision logs? At least the current certification cycle plus one full cycle (usually six years). Always check your accreditation body’s retention policy.
Q3: Do we need a signature for each decision? Yes — either digital or handwritten. It’s your formal evidence that an authorized, competent person made the call.
Turning Your Certification Decision Log Into a Strength
A well-maintained certification decision log does more than meet Clause 9.5. It builds trust. It shows assessors your CB runs with discipline, traceability, and impartiality.
I’ve seen CBs go from reactive to confident just by cleaning up this one record. When your decisions are documented clearly, you protect your accreditation, your credibility, and your clients.
Book a consultation to tailor your decision-log system for your accreditation scope.
Because in the end, a clean decision log doesn’t just pass audits — it proves you’re running a certification body that lives by the same quality principles you certify others for.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
