Why Product Evaluation & Testing Records Matter Under ISO/IEC 17065

When you work in certification, decisions are only as strong as the evidence behind them. ISO/IEC 17065 expects that evidence to be complete, traceable, and defendable. Over the years, I’ve helped Certification Bodies refine their evaluation workflows, organize documentation, and strengthen their testing records so they can withstand intensive accreditation scrutiny. And one thing always stands out: poor documentation is the #1 reason CBs receive nonconformities.

Clients may believe testing alone proves conformity. You know better. Without proper evaluation records—sampling documentation, traceability markers, laboratory evidence, evaluation summaries, and decision-linked justification—your certification decisions lose credibility. This guide breaks down exactly what records you need, how they must be structured, and how to document them in a way that keeps you audit-ready.

Evaluation Plan Documentation (ISO/IEC 17065 Evaluation Planning Requirements)

Your evaluation plan sets the tone for the entire assessment. It should clearly explain who does what, how it’s done, and when each activity occurs. This plan must align with scheme requirements and reflect the technical demands of the product category.

A complete evaluation plan includes:

• evaluation objectives
• step-by-step activities
• sampling plan reference
• test method selection
• equipment needs
• personnel assignments
• subcontractor roles
• timelines and deliverables

This isn’t a generic form you reuse across product types. Each product category requires customization.

Pro Tip:
Build a standard evaluation-plan template, but always adapt it to the scheme’s normative references.

Common Mistake:
CBs often reuse a template without updating references. Auditors quickly spot outdated standards or irrelevant test methods.

Example:
One CB kept referencing a withdrawn regulatory method. During surveillance, the accreditation body issued an NC because evaluation plans hadn’t been updated for three years.

Sampling & Sample Identification Records (ISO/IEC 17065 Sampling Traceability Controls)

Sampling records are the backbone of traceability. They show where the sample came from, who collected it, how it was sealed, and how it moved through the process. These details protect the integrity of the evaluation.

Your sampling records must include:

• unique sample ID
• batch/LOT information
• location of sampling
• date/time
• conditions of sampling
• seal numbers
• chain-of-custody documentation
• photos if appropriate

Every sample must be traceable from collection → transport → testing → decision.

Pro Tip:
Use barcodes or QR-coded sample IDs to eliminate manual-recording errors.

Common Mistake:
Sample IDs on the sampling form don’t match the IDs in the laboratory test report. Auditors treat this as a major traceability failure.

Example:
During accreditation, a CB couldn’t explain how a sample moved from collection to the lab because the chain-of-custody form was incomplete. This resulted in a major NC.

Laboratory Test Reports & Technical Data (ISO/IEC 17065 Testing Documentation Requirements)

Your laboratory test reports must clearly support the conformity criteria defined in the scheme. Records should show method selection, equipment used, environmental conditions, results, and uncertainties. If you rely on subcontracted laboratories, you must prove they’re competent.

A complete test-report record includes:

• test objectives
• detailed test method reference
• environmental/test conditions
• test equipment calibration status
• results with numerical values
• uncertainties or tolerance ranges
• signature of authorized personnel
• evidence of lab accreditation (e.g., ISO/IEC 17025)

Pro Tip:
Before accepting a subcontracted test report, verify that the selected method matches your scheme’s acceptance criteria.

Common Mistake:
Approving reports with missing test-method references or unclear pass/fail limits. Accreditation bodies view vague results as weak evidence.

Example:
A CB accepted multiple reports from a subcontracted lab that used different test protocols from those documented in the certification scheme. The auditor issued a major NC for inconsistent evaluation methodology.

Evaluation Review Records (ISO/IEC 17065 Evaluation Summary Documentation)

The evaluation review brings everything together. It consolidates document review outcomes, testing results, inspection findings, safety checks, regulatory assessments, and unresolved issues. This summary must be objective, evidence-based, and aligned with the conformity criteria.

Your evaluation summary should include:

• evidence table
• conformity assessment conclusion
• gaps and issues
• recommended corrective actions
• evaluator comments
• signature & date of responsible evaluator

Avoid subjective language like “seems correct” or “appears acceptable.” ISO/IEC 17065 expects factual references tied directly to standards and scheme requirements.

Pro Tip:
Use a single consolidated evaluation summary format across all product categories to maintain consistency.

Common Mistake:
Evaluators personalize the structure or wording. Inconsistencies make it harder for decision-makers to follow the evidence trail.

Example:
During an accreditation audit, the team found that each evaluator used their own format. Findings were unclear, making the decision-making process inconsistent.

Decision Linking Documentation (ISO/IEC 17065 Linking Evaluation to Certification Decision)

Your decision must show an explicit link to the evaluation evidence. Accreditation bodies expect your records to show exactly how evaluation findings led to approval, rejection, suspension, or conditional certification.

A strong decision-record package includes:

• summary of evaluation findings
• cross-reference to conformity criteria
• justification for approval
• restrictions or conditions applied
• unresolved issues and corresponding actions
• final reviewer signature

Pro Tip:
Use a cross-reference table so reviewers can see evaluation evidence at a glance.

Common Mistake:
Issuing certification decisions before complete test reports or evaluation summaries are available.

Example:
A CB certified a product while awaiting final lab results. The accreditation assessor flagged this as a major breach of impartial, evidence-based decision-making.

Record Retention & Data Integrity Controls (ISO/IEC 17065 Data Management Requirements)

You must store evaluation and testing records in a secure, controlled system. Retention periods should support surveillance cycles and regulatory requirements. ISO/IEC 17065 also expects you to maintain integrity, confidentiality, and accessibility.

Your record-retention system must include:

• defined retention period
• secure storage rules
• access control levels
• digital backup schedule
• confidentiality and protection protocols
• retrieval procedures during surveillance

Pro Tip:
Track any modification with version-control logs so you can show how records evolved.

Common Mistake:
Migrating to a new digital system without safeguarding old records. Accreditation bodies expect full traceability even across system changes.

Example:
After transitioning to a cloud-based system, a CB lost two years of surveillance records. Their accreditation body issued a major NC for incomplete evidence.

FAQs — Product Evaluation & Testing Records Under ISO/IEC 17065

1. What are the essential records required under ISO/IEC 17065?
Evaluation plans, sampling records, laboratory test reports, evaluation summaries, decision-linkage documents, and retention evidence.

2. Are subcontracted testing records allowed?
Yes, but you must document competence verification, control, and alignment with scheme-defined methods.

3. How long should records be retained?
Retention must support the scheme’s surveillance cycle and comply with regulatory requirements. Accreditation bodies expect access to historical records at all times.

Conclusion — Strengthen Your ISO/IEC 17065 Evaluation & Testing Record System

Clear, structured, and traceable evaluation records are essential for consistent and impartial certification decisions. Strong documentation not only supports accreditation but protects your organization and the integrity of your certification program. From evaluation plans to final decision logs, every record must tell a coherent story backed by objective evidence.

After helping many Certification Bodies refine documentation systems and resolve audit findings, one truth remains consistent: organized, well-structured testing records significantly reduce audit risk and improve operational confidence.