The Engine That Keeps Certification Bodies Running Smoothly
If you’ve ever managed or audited a certification body, you already know that policies alone don’t make a system work—it’s the processes behind them. Clauses 9 and 10 of ISO/IEC 17021-1 are where all the moving parts finally come together.
These clauses define how certification bodies operate day to day: how they handle client applications, audits, decisions, complaints, and internal management. In my experience helping CBs through accreditation audits, I’ve seen these clauses expose weak systems fast—but they also create structure and confidence when done right.
In this guide, we’ll walk through what Clauses 9 and 10 actually require, how to apply them step by step, and how to turn your CB’s internal system into a well-oiled certification engine.
Clauses 9 and 10 are essentially the “operating manual” of your certification body.
Clause 9 focuses on the process requirements—how you deliver certification consistently and impartially.
Clause 10 defines the management system that keeps everything controlled, reviewed, and improved over time.
Put simply, Clause 9 is what you do, and Clause 10 is how you manage what you do.
Pro Tip: Imagine Clause 9 as your front-line operations (the audit process) and Clause 10 as your control center (the system that monitors and improves it). The two must talk to each other.
Common mistake: Many CBs treat Clause 10 as a “mini ISO 9001.” It’s not about chasing QMS certificates—it’s about managing your own certification activities with the same discipline you expect from your clients.
Clause 9 – Certification Process Requirements: From Application to Decision
Clause 9 is where the certification body’s process lives and breathes. Every single step—from a client’s first inquiry to the final certificate—must be planned, controlled, and documented.
Here’s a simple breakdown of what needs to happen:
Application Review: Confirm the client’s scope, readiness, and impartiality risks. Don’t take on a client you can’t serve competently.
Audit Planning: Assign qualified auditors, define audit objectives, and plan man-days based on risk and complexity.
Stage 1 & Stage 2 Audits: Conduct according to defined procedures. Stage 1 checks readiness; Stage 2 verifies implementation.
Certification Decision: Must be made by someone not involved in the audit. Independence here is everything.
Surveillance & Recertification: Schedule periodic follow-ups to ensure the system still meets requirements.
One CB I worked with mapped their entire certification workflow on a single A3 sheet—each step linked to the responsible role and supporting record. During their accreditation, assessors literally said, “This is how Clause 9 should look.”
Pro Tip: Insert impartiality checkpoints in every phase—application, audit, and decision. It’s an easy way to prove independence during assessments.
Clause 9 Sub-Processes – Handling Complaints, Appeals, and Nonconformities
Clause 9 doesn’t end with certification decisions—it also defines how you handle the tough stuff: complaints, appeals, and process errors.
Here’s what assessors look for:
A documented process for receiving, investigating, and resolving complaints.
A clear appeals process so clients can challenge decisions fairly.
A system for identifying process nonconformities, analyzing root causes, and applying corrective actions.
One CB I helped introduced a “Complaint and Appeal Register” that tracked every issue from receipt to closure, with lessons learned discussed at management reviews. Not only did it satisfy Clause 9, it reduced client escalations dramatically.
Pro Tip: Always review complaints and appeals during your management-review meetings. It shows transparency and helps identify recurring weaknesses.
Clause 10 – Management System Requirements: Building Internal Consistency
Clause 10 is about your CB’s own management system—the framework that ensures everything under Clause 9 runs smoothly and consistently.
It starts with two options:
Option A: Create a system that meets all the requirements directly within ISO/IEC 17021-1.
Option B: Use a full ISO 9001-based Quality Management System that also meets 17021-1 clauses.
In my experience, most CBs go with Option B because it’s easier to integrate and demonstrates a clear improvement culture. But if you’re smaller or just starting out, Option A can work fine—just document how you meet every applicable clause.
Pro Tip: Whichever route you take, your system must include policies, objectives, internal audits, and management reviews. Don’t overcomplicate it—clarity beats volume.
Common pitfall: Choosing Option A and assuming that means “no documentation required.” Accreditation bodies will still expect procedures, records, and evidence of control.
Keywords: management system, Option A vs B, ISO/IEC 17021-1 Clause 10
Corrective Actions: Track them to closure with root-cause analysis and effectiveness checks.
A CB I supported built a visual Management Review Dashboard that linked key metrics—like audit timeliness, complaints, and staff competence—to real actions. Their next accreditation audit had zero findings in Clauses 9 and 10.
Pro Tip: Use management reviews to tell your story—how data drives decisions, and how lessons from one client improve your whole process.
Integrating Clauses 9 & 10 – From Process Control to System Maturity
Clauses 9 and 10 are two sides of the same coin. Clause 9 ensures your certification processes are consistent and impartial; Clause 10 ensures your system learns and improves from those processes.
How to connect them:
Use audit results from Clause 9 as inputs for your management review in Clause 10.
Feed complaint trends into corrective actions and process updates.
Link auditor competence development (Clause 7) with management-review outcomes (Clause 10).
One CB I worked with combined all of this into a “Process & System Flowchart.” It showed exactly how feedback from clients, auditors, and reviews fed back into continuous improvement. Assessors called it “a model of traceability.”
Pro Tip: Don’t treat Clauses 9 and 10 as separate checklists—they’re one feedback system. Clause 9 gives you data; Clause 10 turns that data into improvement.
Keywords: integrated management, process control, continual improvement
FAQs – ISO/IEC 17021-1 Clauses 9 & 10
Q1:Do we need ISO 9001 certification to comply with Clause 10? No. You can follow Option A and meet requirements directly through your internal procedures. ISO 9001 is optional—but it’s often easier to align both systems.
Q2:How often should internal audits be conducted? At least once a year—and more often for critical processes or new programs.
Q3:Who can make certification decisions? Only authorized personnel who were not involved in the audit or sales process. Independence here is key for impartiality.
Turning Process Control into Long-Term Credibility
Clauses 9 and 10 are the heart of a credible certification body. They ensure your operations are consistent, your system is monitored, and your improvements are intentional—not accidental.
After years of consulting with CBs across multiple standards, I can tell you this: accreditation bodies always recognize those who live these clauses daily—not just document them. When your processes are well-controlled and your system continually improves, your credibility speaks for itself.
If you’re refining your certification process or building a management system that truly meets ISO/IEC 17021-1, we can help you structure it step by step.
[Schedule a consultation with QSE Academy’s ISO/IEC 17021-1 experts →] We’ll help you design a process-driven management system that’s audit-proof, efficient, and built to last.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
