EN 
NL 
DE 
With or without accreditation?
It may sound a bit strange, but: anyone can do their own ISO27001, NEN7510 and ISO9001 audits and even issue actual certificates. However, the question is: should you want to? Because how do you know whether your certificate will have the right value and meet the desired quality? DigiTrust is an officially recognised certification body and has the necessary accreditation from the Dutch Accreditation Council (RvA).
What about accreditation?
As described above, any organisation can issue an ISO certificate. Sometimes even by organisations with an interesting and trustworthy international name. The moment a self-proclaimed "certifying organisation" issues a certificate without being accredited to do so, it effectively means that no other non-partisan organisationhas been assessed whether this organisation operates in accordance with the formal rules applicable to it.
Think about how the audit is conducted, does the auditor have the right knowledge, are the number of audit hours correct, and more. The rules for this can be found, for example, in ISO17021, ISO27006 and NCS7510. These standards contain requirements for accredited certification bodies. Whether a certifying organisation also meets these is assessed annually in the Netherlands by the Dutch Accreditation Council (RvA). This assessment ensures quality assurance, which inspires confidence.
Accreditation and certification
The RvA calls it the 'Chain of Trust' on its own website. In this case, the certifying organisation has not been assessed by an Accreditation Body and so they issue certificates without any quality assurance underneath. This seems a futility, but the 'Chain of Trust' is actually very important for companies and their buyers. After all, that trust is the basis of the ISO certificate. An accreditation body assesses whether certifying organisations do comply with all set requirements from, for example, ISO17021, ISO27006 and NCS7510. If all processes and evidence are in order, then the certifying organisation receives accreditation. A certifying organisation cannot be certified itself. We sometimes get this question, but this is impossible.
Accredited certifying organisations, in turn, therefore assess organisations 'in the market'. If their management system conforms to the set standard requirements, an organisation can obtain a management system certificate under accreditation. The certificate then also bears the logo of the relevant accreditation body (RvA, UKAS, DAkks, etc).
Chain of trust through Accreditation
- At the top is the IAF, they ensure that accreditation organisations (AB= Accreditation Body) are assessed.
- The AB then assesses the Certifying Bodies (CB=Certification bodies).
- The certifying organisations ultimately assess companies in the market.
- With this certificate under accreditation, buyers and ultimately consumers can trust that the certificate also has the right value.
Check your certificate
In doubt as to whether the ISO certificate issued by your certifying organisation was issued under accreditation? You can easily check for yourself on the website of the relevant Accreditation Body (AB) whether this is the case.
On the RvA website, you can look up all certifying bodies and assess which standards they have accreditation for. You can do this via: https://www.rva.nl/alle-geaccrediteerden
On the IAF website, you can also look up all Accreditation bodies worldwide: https://iaf.nu/en/accreditation-bodies/
By checking this, you can be sure that the certifying body does meet the applicable quality requirements. And you can actually value your certification.
DigiTrust accreditation
DigiTrust has the accreditation through the Dutch Accreditation Council (RvA) with the unique number C 618. In June 2024, DigiTrust achieved re-accreditation again for the next 4 years, which we are obviously proud of.
You can look up the certificate at the RvA via this link; https://www.rva.nl/alle-geaccrediteerden/
Questions about ISO27001, NEN7510 or ISO9001?
Do you have any other questions about our accreditation, or would you like more information about certification for your organisation? If so, please contact us at sales@digitrust.nl
