Use Your ISO Certification Marks Correctly

Recently more and more nonconformities are being raised during external audit against the use of certification marks and logos.

Not because the clients who use them aren’t entitled to, but because of nuances in the certification body’s rules.

While management system standards don’t address the use of certification marks directly, the agreement with your certification body will include rules and licensing requirements; which in turn is governed by ISO 17030 General Requirements for Third-Party Marks of Conformity.

So what can you do to protect against this unnecessary non conformance?

You must be Certified by the Certification Body

This might seem obviously but for the avoidance of doubt, to use a certification mark you must be certified by that body.

This means being compliant with their ISO certification scheme by completing both stage 1 and stage 2 external audits initially, and surveillance audits there-after.

Even after a successful stage 2 audit, your organisation will only be “recommended for certification” until it has been confirmed by the certification body’s back office processes, who then issue the certificate.

So while you may talk about “working towards certification” or even having “completed the audits”, until you receive the certificate you should not use any certification marks on your website or paperwork.

If your certification lapses or is suspended, you should remove the marks immediately to avoid confusion.

Furthermore, the ISO logo is protected too, so making your own ‘ISO certified’ image that includes the ISO logo should not be done either.

Take a look at the rules around use of the ISO logo: ISO name and logo.

Why do Certification Bodies Raise NonConformities for use of Certification Marks?

The trust and integrity of certificates issued by these bodies underpins the entire industry.

Without it the value of these certificates, and associated marks, is lost and offers no assurance to stakeholders.

So it’s important that certification marks are used correctly.

As mentioned above, the use of certification marks is addressed by ISO 17030: General Requirements for Third-Party Marks of Conformity.

This standard puts a responsibility on certification bodies to not only enforce rules around the use of marks but also to seek out misuse, even among organisations that are not their clients.

So that’s why external auditors are obliged to check the use of these marks.

How to Avoid a NonConformance for Use of Certification Marks

Some of the rules issued by certification bodies can be confusing and even external auditors can struggle to apply them correctly.

They can also change often, particularly where there are requirements to hyperlink the mark on your website back to a particular page of the certification body’s website. These links can break and become a nuisance.

To avoid problems you should access the latest guidance on logo use from your certification body before an external audit. This is often available through their client portals or websites.

Review the current rules and check for compliance where you use them. You may find it beneficial to add this as an item in your management review meeting.

You should also check that any hyperlinks attached to the logos are still valid.

Don’t Be Discouraged from using Certification Marks!

By going through the rigorous ISO Certification process investing time and money on the project, you have earned the right to proudly display these marks, so don’t let the threat of a NonConformance discourage you.

If you have any queries, you should reach out to the certification body for clarification.

If that fails and you do get a nonconformance which you feel has been given unfairly, don’t be afraid to challenge it with the auditor at the time or through the certification body’s complaint process. However in most cases you may find it easy just to amend your use of the logo.

Assent’s ISO Consultants can help you manage this and any other aspect of your ISO Management Systems, such as providing Internal Audits.

Contact our team to find out how we can support you!

Update from ISO

In November 2021, ISO published a brochure on the misuse of third party marks of conformity. Access it below.

ISO – Misuse of Third Party Marks of Conformity [ External Link ]

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

You must be Certified by the Certification Body

Why do Certification Bodies Raise NonConformities for use of Certification Marks?

How to Avoid a NonConformance for Use of Certification Marks

Don’t Be Discouraged from using Certification Marks!

Update from ISO

Robert Clements