ISO/IEC 17065 Clause 7: Process Requirements Step‑by‑Step
ISO/IEC 17065 Clause 7: Process Requirements Step‑by‑Step
The Heart of ISO/IEC 17065: How Certification Really Works
Every time I help a certification body prepare for accreditation, I notice one thing: they often underestimate Clause 7.
It’s not because it’s hard—it’s because it’s detailed. Clause 7 is the engine room of ISO/IEC 17065. It turns your structure, people, and policies into a functioning certification process.
This clause outlines the entire journey: from a client’s first application to certificate withdrawal years later.
If you can show that each step is controlled, impartial, and traceable—you’ll pass with confidence.
By the end of this guide, you’ll know exactly how to:
- Build a step-by-step certification workflow that meets accreditation expectations.
- Spot where most certification bodies go wrong.
- Simplify documentation so assessors can easily follow your process.
What Clause 7 Covers – Turning Principles into Practice
Clause 7 is long for a reason. It captures everything your certification body does.
It’s the operational proof that you’re impartial, consistent, and technically sound.
Here’s what it covers:
- Application and contract review
- Evaluation activities
- Review and decision
- Certification documentation
- Surveillance and changes
- Complaints, appeals, and records
Think of it as your product certification lifecycle. Each stage must connect seamlessly with the next—no gaps, no shortcuts.
Pro Tip: Visualize Clause 7 as your production line. Every certificate is a product, and every step must leave evidence of control.
Common Mistake: Treating certification forms as isolated checklists instead of one coherent, auditable process.
Application and Contract Review – Setting the Stage Right
Clauses 7.1 to 7.3 are all about preparation. Before you say “yes” to a new client, you must know exactly what you’re agreeing to certify.
That means confirming three things:
- The scope—Are the products within your accreditation?
- Competence—Do you have qualified staff for this product category?
- Impartiality—Is there any potential conflict of interest?
Once that’s clear, you move to a formal contract defining responsibilities, confidentiality, and use of certification marks.
Pro Tip: Create an “Application Review Checklist.” It keeps your scope, competence, and impartiality checks consistent for every client.
Example: One certification body declined a high-profile client when the product fell outside its accredited scope. It was a smart move—accepting it would’ve triggered a major non-conformity later.
Common Mistake: Accepting clients before checking competence. You can’t audit a scope your staff isn’t qualified for.
Evaluation Stage – Gathering the Evidence
Clause 7.4 is where the real work begins. Evaluation is the process of collecting objective evidence—through audits, testing, or inspection—to verify the product meets all requirements.
Whether you perform evaluations internally or subcontract them, you must control how they’re planned, executed, and recorded.
Pro Tip: Always link your evaluation evidence to specific product batches, reports, or photos. Traceability is what makes your process credible.
Example: A certification body strengthened its process by tagging every sample and test report with a unique product ID. During assessment, the auditor could trace results straight back to the client’s application—no questions asked.
Common Mistake: Keeping test reports and evaluation records in separate folders with no clear link between them.
Review and Decision – Ensuring Independence
Clauses 7.5 and 7.6 separate two critical steps—review and decision.
- Review checks whether all required evidence is complete and technically sound.
- Decision determines whether to grant, deny, or maintain certification.
The people who perform these tasks must be independent from the evaluation team. That separation protects impartiality and credibility.
Pro Tip: Use a “Review & Decision Checklist” that confirms completeness, impartiality, and conflict-of-interest clearance before final approval.
Example: A CB avoided suspension by showing that decision-makers were structurally separate from auditors—even though they worked in the same office. The documentation proved independence.
Common Mistake: Allowing evaluators to approve their own audits. Even if they’re qualified, it undermines the entire impartiality system.
Certification Documentation – Proving Compliance
Clause 7.7 defines what your certificates and related documents must contain.
Each certificate should clearly identify:
- The certified product and standard reference
- The client’s name and address
- Effective dates, validity period, and certificate ID
- Accreditation marks (if applicable)
Pro Tip: Control certificates through your document-management system. Every issued certificate should have a version, approval signature, and revocation record.
Example: One CB implemented electronic certificates with secure QR verification. It reduced forgery risks and impressed the accreditation assessor.
Common Mistake: Using outdated accreditation logos or issuing certificates outside the approved scope.
Surveillance and Ongoing Control – Keeping Certifications Valid
Clauses 7.9 and 7.10 focus on surveillance—the follow-up activities that ensure certified products continue to comply.
Surveillance may include audits, product testing, or document reviews. The frequency depends on product risk and scheme rules.
Pro Tip: Build a simple “Surveillance Calendar” tied to your client database. Automated reminders prevent overdue follow-ups.
Example: A CB introduced pre-audit reminders for clients 30 days before surveillance visits. Compliance improved, and non-conformities dropped by 30%.
Common Mistake: Treating surveillance as routine paperwork. Accreditation bodies expect proof that issues found during surveillance are tracked to closure.
Handling Changes, Reductions, and Withdrawals
Clauses 7.11 and 7.12 cover what happens when things change—whether it’s product modifications, ownership transfers, or major non-conformities.
Certification bodies must:
- Evaluate any client-reported changes for impact.
- Update certificates or reduce scope if needed.
- Withdraw certification when requirements are no longer met.
Pro Tip: Keep a “Certificate Status Register” with reason codes for reductions and withdrawals. Assessors rely on it to check process consistency.
Example: A CB avoided a sanction by showing full traceability for a voluntarily withdrawn certificate—including correspondence and justification.
Common Mistake: Forgetting to update withdrawn or suspended clients on the CB website or database.
Records, Complaints, and Appeals – Closing the Loop
Clauses 7.13 to 7.15 emphasize accountability. Certification bodies must maintain complete records of every certification activity—and have documented procedures for handling complaints and appeals.
Pro Tip: Maintain a single log for all complaints and appeals with dates, actions taken, and management review notes. It proves you take feedback seriously.
Example: A CB turned a negative complaint into a positive example by demonstrating timely corrective action and customer communication. Assessors called it “good practice.”
Common Mistake: Storing complaints but not recording how they were resolved. Assessors need to see both action and follow-up.
Integrating Clause 7 into Your Management System
Clause 7 doesn’t stand alone. It ties directly to Clause 4 (impartiality), Clause 5 (structure), Clause 6 (resources), and Clause 8 (management system).
Your goal is to make the certification process visible and auditable.
Flowcharts, matrices, and linked procedures help assessors see how everything fits together.
Pro Tip: Map your Clause 7 workflow in one diagram—application to certificate withdrawal—with references to supporting documents. It cuts audit time in half.
FAQs – Clause 7 Simplified
Q1: Can one person handle both review and decision?
Yes—but only if impartiality is demonstrated and roles are clearly documented as separate.
Q2: Are subcontracted test reports acceptable as evaluation evidence?
Absolutely, provided the subcontractor is competent and approved under Clause 6 controls.
Q3: How often should surveillance occur?
Typically once a year, though high-risk products may require more frequent monitoring.
Conclusion – Process Discipline Creates Trust
Clause 7 is where credibility meets consistency.
Every form, review, and certificate you issue should tell a story of control and impartiality.
When your process is transparent and evidence-based, both clients and accreditation bodies trust your decisions.
At QSE Academy, we’ve guided certification bodies in mapping and refining their Clause 7 systems—many passed accreditation with zero major non-conformities.
If you’re ready to refine your certification process:
→ Download the ISO/IEC 17065 Certification-Process Flowchart Template
or
→ Book a consultation to review your certification workflow with our experts.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
