Site icon

ISO 17065 and the Standard for Certification Bodies

ISO 17065 featured

There is no substitute for a competent and impartial auditor in terms of compliance, security, and correct operations. Organizations that can assess and certify technologies and organizations are essential for ensuring accountability and standards of excellence in place, applying to systems that store sensitive data. To modify a common saying, “who watches the auditors?” That’s where ISO 10765 comes in.

This article will cover this ISO document and what it means for assessors and auditors in any industry.

 

What Is ISO 17065?

ISO 17065 (also known as ISO/IEC 17065) is a standard released by the International Organization for Standardization to impart a common set of standards and practices for organizations that provide assessments and certifications. 

As an ISO publication, it isn’t technically required by any industry. However, it provides a set of practices and standards that promote a high standard of competence for companies that certify “products, services, or processes.”

What do those standards apply to?

This last standard is of most interest in cybersecurity, where auditors are regularly responsible for assessing and authorizing businesses and agencies based on their overall IT and data security processes. 

 

What Are the Requirements for ISO 17065?

ISO 10765 focuses on ensuring that an organization maintains well-regulated and well-documented assessment standards predicated on their relevant industry and their relation to the product, service, or process they certify. Additionally, there is ample attention paid to impartiality and accountability.

 

General Requirements

Under ISO 17065, an organization must be a legal entity such that it may be held accountable and legally liable for certification activities. 

 

Structural Requirements 

 

Resource Requirements 

 

Process Requirements

Organizations must use one or more certification schemes to cover the relative certification. This scheme must be coupled with process surveillance and apply to the requirements under which the clients’ products, services, or processes are created and maintained. 

 

Management System Requirements

Per ISO 17065, certification bodies will have management systems to ensure consistent evaluations and fulfillment of ISO requirements. These management systems may operate under two options:

 

Get On Top of ISO Certifications with Continuum GRC

Continuum GRC is cloud-based, always available and plugged into our team of experts. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

And more. We are the only FedRAMP and StateRAMP Authorized compliance and risk management solution worldwide.

Continuum GRC is a proactive cyber security®, and the only FedRAMP and StateRAMP Authorized cybersecurity audit platform worldwide. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

[wpforms id=”43885″]

 

Exit mobile version