Over the years, I’ve helped certification bodies prepare for accreditation audits, and I’ve noticed something consistent — even well-organized CBs get caught off guard when assessors start asking deeper questions.
They have the documents. They have the procedures. But when it comes to showing evidence — competence evaluations, impartiality records, or certification-decision trails — things start to unravel.
The truth is, most findings during ISO/IEC 17021-1 audits aren’t about misunderstanding the standard. They’re about weak implementation. In this article, we’ll unpack the most common non-conformities clause by clause, and I’ll show you what causes them — plus what actually works to prevent them.
Clause 6: Structural Requirements – Impartiality and Organizational Independence
If there’s one area accreditation bodies always scrutinize first, it’s impartiality. And for good reason — it’s the foundation of your credibility as a certification body.
Here’s what assessors keep finding:
Impartiality committees that exist on paper but never meet.
Conflict-of-interest assessments done once, years ago.
Certification decisions influenced by commercial interests or consultancy links.
Pro Tip: Keep a living impartiality-risk register and update it every quarter. Don’t just list risks — record what actions you’ve taken to mitigate them.
Common Mistake: Thinking a signed “impartiality declaration” is enough. Assessors want to see ongoing evaluation, not one-time paperwork.
Example: A CB I supported had their impartiality committee meet annually but never analyzed new risks. The assessor flagged it as a major non-conformity. Once they started tracking risk trends quarterly, that issue never came back.
Clause 7: Resource Requirements – Auditor and Decision-Maker Competence
Competence is the backbone of ISO/IEC 17021-1 — and it’s where the majority of findings appear.
Typical problems include:
Missing competence evidence for auditors and technical experts.
Outdated training records.
Decision-makers approving certifications outside their technical scope.
Pro Tip: Build a simple “Competence File” for each person. Include qualifications, scope coverage, witnessed audits, training, and re-approvals. Keep it updated and centralized.
Common Pitfall: Assuming ISO 9001 lead-auditor training equals competence. Under 17021-1, competence must match the specific certification scope.
Example: One certification body failed because its decision-maker, though experienced, hadn’t been evaluated for the construction-sector scope they were approving. After fixing the matrix and re-evaluating everyone, their next audit went smoothly.
Clause 8: Information Requirements – Confidentiality, Complaints & Public Information
Clause 8 is where administrative discipline really matters. Assessors expect tight control over public information, confidentiality, and complaints.
Common findings:
Public lists of certified clients not up to date.
Missing confidentiality agreements for subcontracted auditors.
Complaints logged but not resolved or analyzed for trends.
Pro Tip: Keep one master complaint and appeal tracker. Add timestamps, root-cause notes, and resolution details — all in a single file.
Common Mistake: Splitting complaint and appeal records between departments. That fragmentation makes it look like you’re not managing them consistently.
Example: A CB avoided escalation to a major finding when they switched to a digital tracker that linked each complaint to corrective actions and closure verification. Assessors loved it — it showed traceability and responsiveness.
Clause 9: Process Requirements – Audit, Review & Certification Decisions
Clause 9 is the heart of your operations, and it’s where assessors find the most non-conformities.
Here’s what goes wrong most often:
Audit programs don’t reflect client size, risk, or complexity.
Audit reports lack objective evidence or clear conclusions.
Certification decisions made before non-conformities are closed.
The same person performing and reviewing the audit.
Pro Tip: Implement a “four-eye” review system — every audit report should be reviewed and approved by a qualified, independent reviewer before certification.
Common Pitfall: Mixing roles. ISO/IEC 17021-1 requires separation between auditing, reviewing, and certification decision-making.
Example: One CB was downgraded in their accreditation review because their audit reports lacked reviewer signatures. A simple revision of their report-approval workflow fixed the issue permanently.
Clause 10 often looks easy but causes repeat findings. The issue isn’t usually missing audits — it’s the quality of those audits and follow-up actions.
Typical findings include:
Internal audits that don’t cover all processes annually.
Corrective actions closed without verifying effectiveness.
Management reviews missing impartiality or performance data.
Pro Tip: Schedule smaller, rolling internal audits instead of one big annual event. It keeps findings current and easier to manage.
Common Mistake: Treating management reviews like formalities. They should analyze trends, performance metrics, and risks — not just approve minutes.
Example: One CB turned around its recurring Clause 10 non-conformity by redesigning its management-review template. It now includes data dashboards and risk updates, which assessors praised for transparency.
Pro Tip: Conduct a clause-by-clause readiness check using your internal-audit checklist a month before accreditation. It’s the closest simulation you’ll get to a real assessment.
Common Pitfall: Waiting for assessors to find problems for you. Internal audits are your best opportunity to discover and fix issues before anyone else does.
FAQs – ISO/IEC 17021-1 Audit Non-Conformities
Q1. What counts as a major non-conformity? Anything that casts doubt on your ability to make impartial, competent certification decisions — like missing competence evidence or unresolved impartiality risks.
Q2. How fast do we need to close non-conformities? Usually within 30–60 days. Your corrective-action plan must include cause analysis, action taken, and effectiveness verification.
Q3. Can repeated minor findings lead to suspension? Yes. Multiple repeat minors often signal a systemic issue and can escalate to a major non-conformity during re-accreditation.
Learn from Common Mistakes and Strengthen Your System
Most non-conformities aren’t surprises — they’re missed opportunities for follow-up. When you treat impartiality reviews, competence checks, and internal audits as living processes instead of one-time tasks, findings start disappearing.
In my experience, 80% of ISO/IEC 17021-1 issues can be avoided with one thing: consistent internal auditing and documentation discipline.
If you’re preparing for accreditation, start by reviewing these five clauses. Then go one step further — use a structured checklist to verify compliance, record evidence, and close gaps before assessors walk in.
Download the ISO/IEC 17021-1 Non-Conformity Prevention Checklist and keep your next audit free of surprises.
I hold a Master’s degree in Quality Management, and I’ve built my career specializing in the ISO/IEC 17000 series standards, including ISO/IEC 17025, ISO 15189, ISO/IEC 17020, and ISO/IEC 17065.
My background includes hands-on experience in accreditation preparation, documentation development, and internal auditing for laboratories and certification bodies.
I’ve worked closely with teams in testing, calibration, inspection, and medical laboratories, helping them achieve and maintain compliance with international accreditation requirements.
I’ve also received professional training in internal audits for ISO/IEC 17025 and ISO 15189, with practical involvement in managing nonconformities, improving quality systems, and aligning operations with standard requirements.
At QSE Academy, I contribute technical content that turns complex accreditation standards into practical, step-by-step guidance for labs and assessors around the world.
I’m passionate about supporting quality-driven organizations and making the path to accreditation clear, structured, and achievable.
