In the world of ISO conformity assessment, the line between certification and consultancy is one of the most heavily guarded boundaries—and rightly so. Impartiality isn’t just a good idea; it’s a non-negotiable pillar of trust.
But here’s the nuanced reality: a certification body (CB) can perform consulting services—only if it’s for clients it doesn’t certify, and only under strict conditions.
Let’s break it down.
What the Standard Actually Says
ISO/IEC 17021-1 Clause 5.2.8 sets the tone:
“The certification body and any part of the same legal entity shall not offer or provide management system consultancy.”
Translation: if you certify someone, you cannot consult for them. Not before, not after, not via a back door.
However, this doesn’t mean certification bodies are banned from all forms of consultancy—as long as it’s clearly separate.
When Consulting Is Allowed
Certification bodies may engage in consultancy if the following conditions are met:
- The consulting is done for clients they never audit or certify
- The consultancy arm is legally and operationally distinct from the certification arm
- There’s no shared personnel, branding, or financial cross-benefit
- They never intend to certify the same client—now or later
This separation ensures no conflict of interest, no influence over audit outcomes, and no reputational compromise.
Common Violations to Watch For
- Certifying a client after previously consulting for them—even through a “different” team
- Using “funnel companies” that quietly route clients from consultancy into the certifying arm
- Sharing back-end staff, database access, or branding between both functions
- Marketing consultancy as a precursor or “easy path” to certification
These aren’t just bad optics—they’re outright breaches of impartiality under ISO 17021-1 and threaten accreditation status under ISO/IEC 17011.
Why It Matters
At its core, ISO certification is about trust. Clients rely on CBs to provide unbiased assessment. The moment a CB consults, that trust falters—and so does the credibility of the system.
Reforming ISO practices doesn’t mean bending the rules. It means defending the principles that give those rules their meaning.
Final Thought
Certification bodies have every right to expand their offerings—but not at the cost of impartiality. Consulting and certifying are two lanes that must never intersect. If we’re serious about restoring integrity in the ISO ecosystem, we must ensure that oversight doesn’t become a business strategy—and that impartiality doesn’t become a loophole.