WG64

ISO/IEC CD 17007
CASCO

Date: 2024-02-27

Conformity assessment — Guidance for drafting normative

documents suitable for use for conformity assessment

CD stage
Warning for WDs and CDs
This document is not an ISO Document. It is distributed for review and comment. It is subject to change without
notice and may not be referred to as an Document.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.

© ISO #### – All rights reserved

 WG64

© ISO 20XX
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission
can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland

© ISO #### – All rights reserved 1

ISO/IEC CD 17007

Contents

Foreword ................................................................................................................................................................ 3
Introduction .......................................................................................................................................................... 4
1 Scope ................................................................................................................................................................ 6
2 Normative references ................................................................................................................................ 6
3 Terms and definitions................................................................................................................................ 6
4 Principles........................................................................................................................................................ 9
4.1 General ............................................................................................................................................................ 9
4.2 Principle 1: separation of specified requirements for the object of conformity
assessment, methods and procedures, and rules and methodology for conformity
assessment............................................................................................................................................... 9
4.3 Principle 2: neutrality towards parties performing conformity assessment activities ..11
4.4 Principle 3: functional approach to conformity assessment .....................................................11
4.5 Principle 4: comparability of conformity assessment results ..................................................12
4.6 Principle 5: good practice in conformity assessment ..................................................................12
5 Guidance for the development of normative documents stating specified requirements
for objects of conformity assessment ..........................................................................................12
5.1 General ..........................................................................................................................................................12
5.2 Drafting specified requirements..........................................................................................................13
6 Guidance for the development of normative documents stating specific methods and
procedures for individual conformity assessment activity .................................................14
7 Guidance for the development of normative documents stating rules and methodology
for conformity assessment ..............................................................................................................15
7.1 General ..........................................................................................................................................................15
7.2 Conformity assessment schemes .........................................................................................................15
Annex A The CASCO toolbox (informative) ..............................................................................................17
A.1 General ..........................................................................................................................................................17
Bibliography ........................................................................................................................................................19

2 © ISO #### – All rights reserved

 WG64

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing Documents is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has
been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates
closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical
standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by the ISO Committee on Conformity Assessment (CASCO).
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.

© ISO #### – All rights reserved 3

ISO/IEC CD 17007

Introduction

This document provides principles and guidance on how to write normative documents, such as
standards, technical specifications, codes of practice and regulations, such that they are concise and clear,
especially in the context of any subsequent conformity assessment activity.
Conformity assessment is a demonstration that specified requirements are fulfilled and includes
activities such as assessment, auditing, design review, evaluation, examination, inspection, testing,
surveillance, validation, verification, and certification. The methods and procedures for performing
specific individual conformity assessment activities can be combined under rules and methodology
through which approvals, certificates, consents, licenses, labels, markings, marks of conformity,
permissions, reports and various forms of statements are issued.
This document is intended for the following users:
— standards developers;
— industry associations and consortia;
— purchasers;
— regulators;
— consumers and non-government groups;
— accreditation bodies;
— conformity assessment bodies;
— conformity assessment scheme owners; and
— other interested parties, e.g. insurance organizations.
This Document is intended to assist the above users in developing specific normative documents at
national, regional or international levels, both in regulated or non-regulated applications.
Users of this Document may also find useful the ISO/IEC Directives (which specify the requirements for
ISO and IEC normative documents containing specified requirements), in ISO/IEC 17060 Conformity
assessment Code of good practice and the WTO Agreement on Technical Barriers to Trade, Annex 3, Code
of Good Practice for the Preparation, Adoption and Application of Standards.
ISO/IEC Directives, Part 2, also covers aspects for conformity assessment, mandatory for standards
developers in ISO, IEC and ISO/IEC committees.
This document also includes reference to documents and guides in the domain of conformity assessment,
known as the CASCO toolbox. These are principally the work of CASCO in cooperation with IEC. Reference
to these generic publications is included to emphasise that they contain internationally agreed, globally
applied provisions covering conformity assessment activities. Reliance on such publications facilitates
reproducibility and mutual acceptance of conformity assessment results around the world.
To make this document easy to follow, technical terminology has been avoided as much as possible.
However, in some cases, the use of some technical terminology has been unavoidable. For example, the
requirements in normative documents can relate to many different areas, e.g. a particular material,
product, service, installation, data, information, process, system, person or body. In a conformity
assessment context, these are all examples of an “object of conformity assessment”..
In the field of conformity assessment “object of conformity assessment” or “object” (see 3.3) is a generic
term used to represent anything that can fulfil specified requirements. In a normative document suitable
for use in conformity assessment, the term “object of conformity assessment” or “object” would not be
used. A normative document should include a scope which either explicitly or implicitly defines the
related object of conformity assessment, for example a type of product, process, service, installation,
design, land used for a specific purpose, management system, conformity assessment body, etc. In this

4 © ISO #### – All rights reserved

 WG64

document, the term “object of conformity assessment” or “object” is used so that this document can be
applied to any individual normative document regardless of the scope of the normative document.

© ISO #### – All rights reserved 5

ISO/IEC CD 17007

Conformity assessment — Guidance for drafting normative

documents suitable for use for conformity assessment

1 Scope
This document provides principles and guidance for developing normative documents that contain:
— specified requirements for the object of conformity assessment;

— specific methods and procedures for individual conformity assessment activity (e.g. test
methods); or

— rules and methodology for conformity assessment (i.e. conformity assessment schemes including
requirements for organizations that undertake conformity assessment).

This document is intended for use by standards developers, industry associations and consortia,
purchasers, regulators, consumers and non-government groups, accreditation bodies, conformity
assessment bodies, conformity assessment scheme owners, and other interested parties, such as
insurance organizations.

2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17000:2020, Conformity assessment — Vocabulary and general principles.

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 17000 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/

3.1
specified requirements
need or expectation that is stated
Note 1 to entry: Specified requirements can be stated in normative documents (3.2).
Note 2 to entry: Specified requirements can be detailed or general.
[ISO/IEC 17000:2020, 5.1]

3.2
normative document
<conformity assessment>

6 © ISO #### – All rights reserved

 WG64

documents that provide:

a) specified requirements for the object of conformity assessment;
b) specific methods and procedures for individual conformity assessment activity (e.g. test methods);
or
c) rules and methodology for conformity assessment (i.e. conformity assessment schemes including
requirements for organizations that undertake conformity assessment).
Note 1 to entry The term “normative document” is a generic term that covers such documents as
standards, technical specifications, codes of practice and regulations.

Note 2 to entry A “document” is to be understood as any medium with information recorded on or in it.

3.3
object of conformity assessment
object
entity to which specified requirements (3.1) apply

EXAMPLE Product, process, service, system, installation, project, data, design, material, claim, person,
body or organization, or any combination thereof.

Note 1 to entry: The term “body” is used in this document to refer to conformity assessment bodies and
accreditation bodies. The term “organization” is used in its general meaning and may include bodies
according to the context. The more specific ISO/IEC Guide 2 definition of an organization as a body
based on membership is not applicable to the field of conformity assessment.
[ISO/IEC 17000:2020, 4.2]

3.4
conformity assessment
demonstration that specified requirements are fulfilled
Note 1 to entry: The process of conformity assessment as described in the functional approach in ISO/IEC
17000:2020 Annex A can have a negative outcome, i.e. demonstrating that the specified requirements are
not fulfilled.
Note 3 to entry: Conformity assessment is explained in ISO/IEC 17000:2020 Annex A as a series of
functions..
Note 4 to entry: This document does not include a definition of “conformity”. “Conformity” does not
feature in the definition of “conformity assessment”. Nor does this document address the concept of
compliance
[ISO/IEC 17000:2020, 4.1]

3.5
conformity assessment activity
any activity contributing to any of the functions in the functional approach described in ISO/IEC
17000:2020 Annex A
Note to entry: Conformity assessment activities include but are not limited to testing, auditing,
examination, evaluation, inspection, validation, verification, certification, and accreditation.

3.6
conformity assessment body
body that performs conformity assessment activities, excluding accreditation
[ISO/IEC 17000:2020, 4.6]

© ISO #### – All rights reserved 7

ISO/IEC CD 17007

3.7
accreditation
third-party attestation related to a conformity assessment body, conveying formal demonstration of its
competence, impartiality and consistent operation in performing specific conformity assessment
activities
[ISO/IEC 17000:2020, 7.7]
Note to entry: Accreditation is performed by accreditation bodies, whose authority can be derived
from government, public authorities, contracts, market acceptance or scheme owners.
3.8
accreditation body
authoritative body that performs accreditation
Note 1 to entry: The authority of an accreditation body can be derived from government, public
authorities, contracts, market acceptance or scheme owners
[ISO/IEC 17000:2020, 4.7]

3.9
conformity assessment scheme
conformity assessment programme

set of rules and procedures that describes the objects of conformity assessment, identifies the specified
requirements and provides the methodology for performing conformity assessment

Note 1 to entry: A conformity assessment scheme can be managed within a conformity assessment
system.
Note 2 to entry: A conformity assessment scheme can be operated at an international, regional, national
sub-national, or industry sector level.
Note 3 to entry: A scheme can cover all or part of the conformity assessment functions explained in Annex
A.
[ISO/IEC 17000:2020, 4.9]

3.10
methodology
a systematic approach or collection of methods and procedures used in an area of conformity assessment

Note to entry 1 – in conformity assessment, a systematic approach, or collection of methods and

procedures, for performing activities in the functions described in ISO/IEC 17000 Annex A (the
Functional Approach) is one part of a conformity assessment scheme (see ISO/IEC 17000 4.9). Individual
demonstrations performed in accordance with the same scheme will follow the same methodology
provided by the scheme.

Note to entry 2 – a method or procedure for a specific individual conformity assessment activity within
the Functional Approach (e.g. a sampling protocol, test method, calibration method, inspection
procedure, a general plan for an audit of a management system, a general plan for validation or
verification of a type of claim, the formatting of a statement of conformity, etc.) can be included or
referenced in the methodology provided in a scheme. However, a method or procedure for a specific
individual conformity assessment activity is not by itself a methodology for demonstrating fulfilment of
requirements as represented by the Functional Approach.

8 © ISO #### – All rights reserved

 WG64

4 Principles
4.1 General
4.1.1 The principles listed below are the basis for the subsequent guidance in this document. This
document does not provide specific guidance for all situations that can occur. Nevertheless, following the
below principles, users of this document may receive guidance for any situations:
— principle 1: separation of specified requirements for the object of conformity assessment,
methods and procedures, and rules and methodology for conformity assessment (see 4.2);

— principle 2: neutrality towards parties performing conformity assessment activities (see 4.3);

— principle 3: functional approach to conformity assessment (see 4.4);

— principle 4: comparability of conformity assessment results (see 4.5);

— principle 5: good practice in conformity assessment (see 4.6).

4.1.2 Principles 1 and 2 are primarily directed towards the development of normative documents that
contain specifications for objects of conformity assessment (Clause 5 provides further information).
Principle 3 is directed towards the development of separate normative documents that contain
specifications for how conformity assessment schemes are structured and carried out (Clause 7 provides
further information). However, the functional approach can assist the developer of normative documents
for characteristics of the object of conformity assessment to anticipate and formulate requirements that
can be used in the subsequent conformity assessment activities.
4.1.3 Normative documents can contain one or more set of provisions. These sets of provisions can be:
a) specified requirements for the object of conformity assessment;
b) specific methods and procedures for individual conformity assessment activity (e.g. test methods);
and
c) rules and methodology for conformity assessment (i.e. conformity assessment schemes including
requirements for organizations that undertake conformity assessment).

4.2 Principle 1: separation of specified requirements for the object of conformity

assessment, methods and procedures, and rules and methodology for conformity
assessment
4.2.1 Normative documents setting specified requirements for objects of conformity assessment should
not also contain the methodology (3.10) for demonstrating fulfilment of the specified requirements.
4.2.2 Normative documents setting specified requirements for objects of conformity assessment can
include methods and procedures for specific individual activities (e.g. a test) when necessary to provide
repeatable and reproducible results. In such a situation, the methods and procedures should be
separated from those requirements (e.g. in separate sections). (See 3.10 for the difference between a
method for an individual activity and a methodology.)
4.2.3 The methodology for a demonstration of fulfilment should be recorded in a separate document.
This separation is important since different users of the specified requirements for an object of
conformity assessment may adopt different methodologies for demonstrating fulfilment of those
specified requirements. A normative document setting specified requirements for objects of conformity
assessment should not restrict choices for the methodology for demonstrations of fulfilment.
4.2.4 In addition, the normative document setting specified requirements for objects of conformity
assessment will apply to the supplier of the object of conformity assessment. The methodology will apply
to conformity assessment bodies and potentially accreditation bodies performing a demonstration. With
the methodology in a separate document, clear contracts, agreements, and regulations etc. can invoke the
applicable document to the pertinent party and thus effectively mandate fulfilment of specified

© ISO #### – All rights reserved 9

ISO/IEC CD 17007

requirements by suppliers and adherence to the methodology by conformity assessment and potentially
accreditation bodies.
4.2.5 Examples of methodology that should not be in the same document as the specified requirements
for the object of conformity assessment and the methods and procedures for specific individual
activities include:
a) whether one or more activities will be performed as first-, second- or third-party activities (see
the neutrality principle in ISO/IEC Directives Part 2 Clause 33.1);
b) the location for the selection of samples of the object of conformity assessment;
c) the type of certificate, mark, letter, report, internet listing to be issued during attestation to
indicate a demonstration of fulfilment has been completed; and
d) the type of ongoing surveillance activities (if any) to be performed to assure the original
demonstration remains valid

4.2.6: The benefits for maintaining a separation between the sets of provisions include:

a) more rigorous consideration in specifying each set of provisions within their proper and
individual contexts;
b) easier reference to the separate sets of provisions for authorities such as regulators;
c) greater use of the normative document for parties that are not intending to use all the sets of
provisions, for example using only the set of provisions for the object of conformity assessment,
without intending to use the set of provisions related to rules and methodology for conformity
assessment;
d) greater use of the provisions where assessment methods and procedures can be used for
several specified objects, or one object can be subjected to multiple methods and procedures;
and
e) greater flexibility in the application and choice for the rules and methodology for conformity
assessment such as specifying the use of self-declared conformity (first-party activity)or
certification (third-party activity), with or without further specifications such as the need for a
conformity assessment body to be accredited or belong to a peer assessment group.

NOTE As background to Principle 1, ISO/IEC normative documents Including standards are voluntary.
Users of standards can require their use in a wide variety of situations (e.g. through regulations or
contracts). To enable the greatest flexibility in the specification and use of standards it is important to
separate different types of requirements which users can then select to suit their needs. If the standard
was written to encompass the requirements for the object of conformity assessment and also mixes in
the requirements for subsequent conformity assessment activities this then predetermines how the
standard may be applied, and it might not be relevant or practical for the standard users’ needs. In this
case the standard will not be used. Hence it is better to separate out the requirements for the object of
conformity assessment from the requirements for conformity assessment, and to allow the user the
flexibility to specify the combination of standards to best fulfil their needs. To be clear, this does not
prohibit standards writers from writing requirements for the object of conformity assessment on the one
hand, and the requirements for conformity assessment on the other, as long as they are separated and
can specified independently of one another (e.g., in a separate document, part of the standard, informative
annex, etc.). The benefits of this separation are listed in 4.2.6.

10 © ISO #### – All rights reserved

 WG64

4.3 Principle 2: neutrality towards parties performing conformity assessment activities

Normative documents that contain specified requirements for objects of conformity assessment should
be written so that demonstrating conformity of the objects to the specified requirements can be either a
first, second or third-party activity:
— activity performed by a manufacturer or supplier of the object, or the object itself (e.g. specified
requirements for an organization or a person), (first party activity);

— activity performed by a user or purchaser of the object or a person or organization with a user
interest (second party activity);

— activity performed by a person or organization independent of the supplier and with no user
interest (third party activity).

NOTE 1 Users of the normative documents that contain specified requirements for objects of conformity
assessment (including scheme owners) can choose first, second or third-party activities. Examples of this
include:
— regulators specifying the use of the first-party supplier's declarations of conformity (SDoC) (first
party activity);

— purchasing organizations performing tests in their own laboratories for purchased goods (second
party activity);

— regulators requiring product certification (third-party activity) before a product enters the
market;

— purchasing organizations requiring certification of the supplier's quality management system as

a prerequisite to supply goods or services (third-party activity).

NOTE 2 In applying the neutrality principle, the user of the normative document can choose to rely on
first, or second, or third party conformity assessment. This choice can be based on a risk-based approach
with regard to the potential result of non-conforming objects and their intended use.

4.4 Principle 3: functional approach to conformity assessment

4.4.1 Rules and methodology for conformity assessment should be based on the “functional approach to
conformity assessment”, consisting of the following functions:
a) selection (confirmation of the object of conformity assessment, specified requirements, planning,
preparation, sampling);

b) determination (development of complete information regarding fulfilment of the specified

requirements by the object of conformity assessment or its sample);

c) review (consideration of the suitability, adequacy, and effectiveness of selection and

determination activities and the results of these activities);

d) decision (conclusion based on the results of review that fulfilment of specified requirements has
or has not been demonstrated);

e) attestation (issue of a statement, based on a decision, that fulfilment of specified requirements

has been demonstrated); and

f) surveillance (if needed, systematic iteration of conformity assessment activities).

© ISO #### – All rights reserved 11

ISO/IEC CD 17007

4.4.2 These conformity assessment functions are described more fully in ISO/IEC 17000:2020, Annex A.
See ISO/IEC 17067 for further guidance on conformity assessment schemes.

4.5 Principle 4: comparability of conformity assessment results

4.5.1 The specified requirements for objects of conformity assessment should be stated in a clear and
unambiguous manner by including needed details so that results of conformity assessment activities will
be comparable and reproducible.
NOTE For example, if different parties (i.e. people, bodies or organizations) are applying the specified
requirements to produce the object of conformity assessment, the resultant objects should all be
comparable with respect to fulfilment of the requirements specified.
4.5.2 The methods and procedures in normative documents should be specified in a clear and
unambiguous manner by including needed details so that results of conformity assessment activities will
be comparable and reproducible.
NOTE For example, if the same methods and procedures are used by different parties, the results of the
conformity assessment should be comparable and reproducible.
4.5.3 The rules and methodology for demonstrating fulfilment of specified requirements should be stated
in as much detail as necessary so that different demonstrations following the methodology will be
comparable with respect to assurance that specified requirements are fulfilled.

4.6 Principle 5: good practice in conformity assessment

4.6.1 Normative documents related to conformity assessment should consider Documents and Guides as
a source of good practices in conformity assessment.
4.6.2 The persons or organizations who perform activities in a demonstration in accordance with a
methodology are conformity assessment bodies and accreditation bodies. The competence, consistency
and impartiality of these bodies impacts the assurance provided by the demonstrations in which they
participate.
4.6.3 . ISO and IEC have developed the ISO/IEC 17000 series of documents that set specified
requirements for the competence, consistency and impartiality of conformity assessment bodies and
accreditation bodies. These standards form the core of the “CASCO Toolbox” which is a common way to
refer to all the documents produced by ISO CASCO. Using these documents fosters international
compatibility and may avoid technical barriers to trade. Annex A lists all the documents that constitute
the CASCO Toolbox
4.6.4 A methodology can reference the applicable standards in the CASCO Toolbox and it can provide
rules and procedures for how the bodies demonstrate fulfilment of the requirements in the applicable
standards (e.g., self-assessment, peer assessment, or accreditation).

5 Guidance for the development of normative documents stating specified

requirements for objects of conformity assessment
5.1 General
5.1.1 Objects of conformity assessment can be products, processes , services, systems, installations,
projects, data, designs, materials, claims, persons, bodies, or organisations (including their management
systems), or any combination thereof. Some examples are provided in 5.2.5.

5.1.2 Objects of conformity assessment should be clearly and uniquely described in normative
documents for objects to prevent incorrect application.

12 © ISO #### – All rights reserved

 WG64

5.2 Drafting specified requirements

5.2.1 Specified requirements relating to the characteristics of the object of conformity assessment should
be stated in the clauses that form the normative parts of the document.

5.2.2 Specified requirements should be stated in such a way that they are clear, direct and precise and
will result in accurate and uniform interpretation, so that parties making use of the normative document
are able to derive from the contents of the normative document a common understanding of its meaning
and intent. In particular:

a) terms such as “adequate”, “adversely affected”, “sufficiently strong” and “extreme conditions” are
subjective and should be avoided;

b) qualitative nouns and adjectives that could be taken as absolute, e.g. “waterproof”, “unbreakable”,
“flat”, and “safe”, should not be used unless defined;

c) qualitative nouns and adjectives that describe a measurable property, e.g. “high”, “strong”,
“transparent”, and “accurate”, should not be used unless defined; and

d) the term “unless otherwise specified” should not be used, except when the “other specification”
is clearly identified in the requirements.

5.2.3 Specified requirements for objects of conformity assessment should focus only on the description,
criteria or performance characteristics of the object.
5.2.4 Normative documents can specify methods and procedures for individual conformity assessment
activities (e.g. test) determining that the specified requirements have been met. They should be expressed
in such a way that they can be carried out as first, second or third party conformity assessment activity.
It should be left to the users of the normative document to decide what conformity assessment activity
will be utilized, which body will carry out the conformity assessment, and under what conditions.

5.2.5 Specified requirements should be stated in performance based terms which clearly specify the
result or outcome that is to be achieved. This can include specifying acceptance values or tolerances. This
allows the user to innovate and improve technology and avoid maintaining a specific design or
characteristic when better alternatives may be developed and used. Examples of results or outcomes for
a variety of objects of conformity assessment include:
a) specified requirements for construction products in terms of their measurable performance
characteristics such as the ability to withstand specified loads or impact forces, fire resistance,
weather tightness, thermal resistance, rather than specifying particular construction systems, such
as the use of tongue and groove flooring or external panelling;
b) specified requirements around hazards that may be associated with the use of selected products (e.g.
entrapment, punctures or cuts, strangulation, thermal exposure (heat burn or intense cold freezing),
toxicity thresholds for chemicals such as lead, flammability, exposure to carcinogens) rather than
providing prescriptive design criteria;
c) specified safety and efficiency features in electrical products standards to protect the user from
harmful events (e.g. electric shock) or suboptimal energy efficiency outcomes, rather than
prescriptive design requirements that might favour an existing product model over alternatives that
achieve the same or better outcome;
d) specified requirements for environmental, social or economic outcomes such as in sustainability
standards in a way that focuses on reduction in adverse impact indicators or achieving real outcomes,
rather than requirements that focus on quantitative resource inputs which may or may not achieve
the desired outcome;
e) specified requirements for service levels to be achieved, rather than prescribing a certain number of
personnel or input resources that are required;

© ISO #### – All rights reserved 13

ISO/IEC CD 17007

f) specified requirements for competence of people based on the required knowledge they need to have,
and the skills they need to be able to demonstrate to use that knowledge effectively, rather than
requiring specific qualifications or years of experience which may or may not mean the individual is
actually competent; and
g) specified requirements for information technology applications, including artificial intelligence, by
describing the acceptable outcomes for certain use case scenarios, rather than prescriptive
requirements that try to impose prohibitions or boundaries on user groups or intended user
purposes.

5.2.6 Specified requirements should be divided into distinct, consistent and easily identifiable sections,
in order to permit their incorporation by reference in codes, regulations and other standards, or
automated (“smart”) applications. This structure permits selected clauses to be identified separately in a
code or regulation when only part of the normative document is referenced.

5.2.7 If a set of specified requirements incorporates requirements stated in another document, the
incorporation should be done by specific reference and clearly indicate the referenced version, usually
by the date (year) of publication. If the version of the referenced document is not specified, the
conventional understanding is that the latest version of the document applies, including all amendments
and revisions. The use of the term “latest issue” in conjunction with an undated reference should be
avoided. If the referenced document is not dated, it is possible that the format and content of the
referenced requirements could change over time. The consequences of changes to the referenced
requirements should be considered.

5.2.8 Specified requirements may contain more than one category, type, class or grade within the same
normative document, or in separate documents, if necessary. Where multiple types, classes, grades, etc.
are permitted, the document should specify how these are to be identified to the user.

5.2.9 All measurement values should be expressed in SI units (International System of Units).

5.2.10 Specified requirements established by purchasers should follow the principles and practices of
this Document. This is notably the case for government purchasers and other organizations that may be
subject to international trade agreements.

6 Guidance for the development of normative documents stating specific

methods and procedures for individual conformity assessment activity
6.1 Normative documents can address various aspects of methods and procedures for specific conformity
assessment activities (e.g. sampling, auditing, design review, evaluation, examination, inspection, testing,
validation and verification);
6.2 Methods and procedures for specific conformity assessment activities should clearly describe how
the activity is to be performed, e.g.:

a) the choice and preparation of samples. sampling methods should be based, whenever possible,
on statistical methods provided in documents, e.g. ISO 10725 and ISO 11648-1;

b) the needed equipment, e.g. measuring instruments, software, measurement standards,

reference materials, reference data, reagents, consumables or auxiliary apparatus);

c) facilities and environmental conditions;

d) the observations, information, results or data to be recorded;

14 © ISO #### – All rights reserved

 WG64

e) Analysing, processing or reporting the observations, information, results or data that has been
recorded; and

f) (if relevant) what is acceptable in terms of uncertainty of measurement, accuracy, reproducibility

and repeatability.

6.3 Methods and procedures for specific conformity assessment activities should focus on the specified
requirements for the object of conformity assessment and should avoid stating requirements not directly
related to the object's performance.

6.4 Methods and procedures for specific conformity assessment activities should be selected bearing in
mind their effectiveness, economy and practical application, e.g. non-destructive test methods should be
chosen whenever they provide the same level of confidence as destructive test methods.

6.5 The normative document should specify the sequence of methods and procedures for specific
conformity assessment activities, when the sequence can influence the results.

6.6 If necessary, alternative methods and procedures for specific conformity assessment activities should
be included in the normative document. The equivalence or any advantage or disadvantage when
compared with the primary method or procedure should be explained. If equivalent methods or
procedures are provided, the normative document should specify which one will be used in case of
dispute.

6.7 If different methods and procedures for specific conformity assessment activities are permitted from
those that are specified, the normative document should require documented correlation of the results
among the methods or procedures.

6.8 Methods and procedures for specific conformity assessment activities should follow the metrological
principles concerning validation, measurement traceability and estimation of measurement uncertainty.

NOTE Specific provisions in this respect are provided in ISO/IEC 17025, ISO/IEC Guide 99 and
ISO/IEC Guide 98-3.

7 Guidance for the development of normative documents stating rules and

methodology for conformity assessment
7.1 General
7.1.1 Normative documents that state rules and methodology for conformity assessment should be
separated from the normative documents stating the specified requirements for the object of conformity
assessment (see Clause 5) and normative documents stating the methods and procedures for specific
individual conformity assessment activities (see Clause 6).
7.1.2 Rules and methodology for conformity assessment contribute to all functions of the functional
approach (see ISO/IEC 17000:2020, Annex A). Examples for rules and methodology contributing to the
review, decision and attestation functions are
− acceptance criteria;
− rules for decision (ISO/IEC 17000:2020, 7.2); and
− requirements for third-party activities, such as certification or accreditation.

7.2 Conformity assessment schemes

7.2.1 The rules and methodology for conformity assessment are part of a conformity assessment scheme
(see 3.9).

© ISO #### – All rights reserved 15

ISO/IEC CD 17007

7.2.2 ISO/IEC 17067 provides guidance for conformity assessment schemes.

7.2.3 Conformity assessment schemes can be specified for example, and not limited to, by:
a) one inclusive normative document;
b) a series of standards, including the applicable standard from the CASCO toolbox (see 4.6.3 and
Annex A);
c) specified requirements for the object of conformity assessment according to legal regulations,
methods and procedures provided in technical specifications, and rules and methodology set by
organisations of accreditation bodies.
7.2.4 Drafting normative documents suitable for use for conformity assessment, should take into account
existing normative documents stating specified requirements for objects of conformity assessment,
normative documents stating methods and procedures for specific individual conformity assessment
activities, and normative documents stating rules and methodology for performing conformity
assessment activities.
7.2.5 As a result it can be sufficient to complete a conformity assessment scheme by drafting only those
provisions that have been identified as missing.

16 © ISO #### – All rights reserved

 WG64

Annex A
The CASCO toolbox
(informative)

A.1 General

A.1.1 ISO and IEC have developed a range of deliverables in the field of conformity assessment, known as
the CASCO toolbox, that are adopted worldwide into conformity assessment schemes and systems. These
deliverables incorporate good conformity assessment practices established by international consensus.
The conformity assessment bodies specified by the CASCO toolbox are the following:
— Testing laboratories according to ISO/IEC 17025 provide a determination of the characteristics of a
test item or sample (the object of conformity assessment) according to a procedure.
— Inspection bodies according to ISO/IEC 17020 provide an examination of an item (the object of
conformity assessment) and determination of its conformity with detailed requirements or – on the
basis of professional judgement – with general requirements.
— Validation bodies according to ISO/IEC 17029 provide a confirmation of plausibility of information
declared as claim (the object of conformity assessment) regarding an intended future use.
— Verification bodies according to ISO/IEC 17029 provide a confirmation of truthfulness of information
declared as claim (the object of conformity assessment) regarding the correct statement.
— Certification bodies provide an independent (third-party) attestation of conformity. Requirements
for certification bodies are specified by ISO/IEC 17021-1 (for management systems as objects of
conformity assessment), ISO/IEC 17065 (for products, processes, services as objects of conformity
assessment), ISO/IEC 17024 (for persons as objects of conformity assessment).

A.1.2 In some cases, normative documents (e.g. regulations) might require an independent attestation of
the competence, impartiality, and consistent operation of conformity assessment bodies participating in
a conformity assessment scheme. This might include the requirement that the bodies carrying out the
conformity assessment be assessed themselves for their ability to carry out the nominated conformity
assessment activities. Such forms of recognition can be obtained through accreditation by an
accreditation body and/or acceptance in a peer assessment grouping, or through being involved in
proficiency testing, or they can have some other form of recognition from an industry or government
body. Examples of documents and guides that deal with these forms of recognition include ISO/IEC 17011
(accreditation), ISO/IEC 17040 (peer assessment) and ISO/IEC 17043 (proficiency testing).

Table A.1 lists the documents that constitute the conformity assessment toolbox.
Table 1 — Table 1 — The conformity assessment toolbox
Subject Document Title
Vocabulary, principles ISO/IEC 17000:2020 Conformity assessment — Vocabulary and general principles
and common elements of
conformity assessment
Code of good practice for ISO/IEC 17060:2022 Conformity assessment — Code of good practice
conformity assessment
Drafting normative ISO/IEC 17007:2009 Conformity assessment — Guidance for drafting normative
documents for use in documents suitable for use for conformity assessment
conformity assessment
Testing/calibration ISO/IEC 17025:2017 General requirements for the competence of testing and
calibration laboratories

© ISO #### – All rights reserved 17

ISO/IEC CD 17007

ISO/IEC 17043:2023 Conformity assessment — General requirements for proficiency

testing
Reference material ISO 17034:2016 General requirements for the competence of reference material
producers
Inspection ISO/IEC 17020:2011 Conformity assessment —Requirements for the operation of
various types of bodies performing inspection
Supplier's Declaration of ISO/IEC 17050-1:2004 Conformity assessment — Supplier's declaration of conformity —
Conformity (SDoC) Part 1: General requirements
ISO/IEC 17050-2:2004 Conformity assessment — Supplier's declaration of conformity —
Part 2: Supporting documentation
Product, process and ISO/IEC TR 17026:2015 Conformity assessment — Example of a certification scheme for
service certification tangible products
ISO/IEC TR 17028:2017 Conformity assessment — Guidelines and examples of a
certification scheme for services
ISO/IEC TR 17032:2019 Conformity assessment — Guidelines and examples of a scheme
for the certification of processes
ISO/IEC 17065:2012 Conformity assessment — Requirements for bodies certifying
products, processes and services
ISO/IEC 17067:2013 Conformity assessment — Fundamentals of product certification
and guidelines for product certification schemes
Management system ISO/IEC 17021-1:2015 Conformity assessment — Requirements for bodies providing
certification and related Parts audit and certification of management systems — Part 1:
Requirements
Certification of persons ISO/IEC 17024:2012 Conformity assessment — General requirements for bodies
operating certification of persons
Marks of conformity ISO/TS 17033:2019 Ethical claims and supporting information — Principles and
ethical claims requirements
ISO/IEC 17030:2021 Conformity assessment — General requirements for third-party
marks of conformity
Accreditation ISO/IEC 17011:2017 Conformity assessment — General requirements for accreditation
bodies accrediting conformity assessment bodies
Mutual Recognition ISO/IEC Guide 68:2002 Arrangements for the recognition and acceptance of conformity
Arrangements (MRAs) assessment results
Peer assessment ISO/IEC 17040:2005 Conformity assessment — General requirements for peer
assessment of conformity assessment bodies and accreditation
bodies

18 © ISO #### – All rights reserved

 WG64

Bibliography
[1] ISO 5725-1, Accuracy (trueness and precision) of measurement methods and results — Part 1:
General principles and definitions

[2] ISO 9001, Quality management systems — Requirements

[3] ISO 10725, Acceptance sampling plans and procedures for the inspection of bulk materials

[4] ISO 11648-1, Statistical aspects of sampling from bulk materials — Part 1: General principles

[5] ISO 14001, Environmental management systems — Requirements with guidance for use

[6] ISO 14065, Greenhouse gases — Requirements for greenhouse gas validation and verification bodies
for use in accreditation or other forms of recognition

[7] ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting
conformity assessment bodies

[8] ISO/IEC 17020 Conformity assessment Requirements for the operation of various types of bodies
performing inspection

[9] ISO/IEC 17021-1 Conformity assessment Requirements for bodies providing audit and certification of
management systems Part 1: Requirements

[10] ISO/IEC 17024 Conformity assessment General requirements for bodies operating certification of
persons

[11] ISO/IEC 17025 General requirements for the competence of testing and calibration laboratories

[12] ISO/IEC 17030 Conformity assessment General requirements for third-party marks of conformity

[13] ISO/IEC 17040 Conformity assessment — General requirements for peer assessment of conformity
assessment bodies and accreditation bodies

[14] ISO/IEC 17043 Conformity assessment General requirements for the competence of proficiency testing
providers

[15] ISO/IEC 17050 (all parts), Conformity assessment — Supplier's declaration of conformity

[16] ISO/IEC 17060 Conformity assessment Code of good practice

[17] ISO 19011 Guidelines for auditing management systems

[18] ISO/IEC Guide 68:2002, Arrangements for the recognition and acceptance of conformity assessment
results

[19] ISO/IEC Guide 98-3, Uncertainty of measurement — Part 3: Guide to the expression of uncertainty in
measurement (GUM:1995)

[20] ISO/IEC Guide 99, International vocabulary of metrology — Basic and general concepts and
associated terms (VIM)

[21] WTO Agreement on Technical Barriers to Trade, Annex 3, Code of Good Practice for the Preparation,
Adoption and Application of Standards

© ISO #### – All rights reserved 19