Certification Bodies (CB)
Last updated
Last updated
The minimum data requirements for the CertSearch database are detailed in IAF MD28:2023 IAF Mandatory Document for the Upload and Maintenance of Data on IAF Database, for example they include include:
The certified entity name
Certified entity full address
Address of all additional certified sites
The certificate entity ID number (where CB can provide this)
The certificate ID number
The certificate issue date and expiry date
The certification status (Active, suspended or withdrawn)
The certification standard or scheme name,
Associated scope of certification granted to Certified Entity by Certification Body IAF sector or other industry sectors
Accreditation Body Name and Acronym
Important Note: Personal information is not required for IAF CertSearch and is restricted from being uploaded into IAF CertSearch, i.e., there are no contact names, email addresses or telephone details requested. The only overlap of personal information is where a sole proprietor shares their name with the certified entity.
It is possible to see the level of information which is made displayed on IAF CertSearch by searching for a business on www.iafcertsearch.org
There are several mandatory digital databases in existence (e.g. IAQG, FSSC, IATF) which are in many cases operated by Scheme Owners and Accreditation Bodies. This reflects the growing need for digital information on certification in key industrial sectors. However, there is a major gap in the marketplace for verification of generic management systems certification, for example in quality, environment, health and safety and cyber-security.
The DMC appreciates that CBs are required to upload into multiple databases. Therefore, it will strive to work with Scheme Owners and Accreditation Bodies other digital database providers so that appropriate certification information can be integrated with the IAF Database , reducing the need for duplicate uploading. The DMC will ensure that appropriate governance and data protection measures are implemented for such interfaces. The databases has already integrated with many existing databases to create upload efficiency since 2018.
Data will be uploaded by the CB, or where a national AB maintains their own database, the data may be uploaded by the AB under arrangement with the CB.
There are multiple uploading options,manual and automated processes.
For more information please refer to
IAF MD28:2023 IAF Mandatory Document for the Upload and Maintenance of Data on IAF Database
A video on the upload options can be accessed .
here
Upload Options include :
Manual single entry
Manual file upload – xml and excel
Automated FTP – xml and excel (periodic every 24 hours)
Automated API
The upload process includes a data management protocol, where CBs can use either Field Mapping or Data Mapping, in cases where their fields or data is different to what is included in the database, so the CB system does not need to be adjusted.
There is also a dynamic error handling process for CBs which identifies and provides solutions for any issues. This is supported by a competent technical service provider who provides support to any CB in need of technical assistance.
There are currently hundreds of CBs uploading data all with different systems. There are currently > 1450 CBs participating, which use the upload processes described above. This process works effectively for CBs who have varying operating systems whether small, medium or large CBs.
The following diagram shows the upload options:
CBs bear their own cost for any internal programming required to their own database to establish any direct interface. IAF will provide free technical support to assist any CB participating in IAF CertSearch
The minimum upload frequency is once a month. For more detailed information refer to the mandatory document.
IAF MD28:2023 IAF Mandatory Document for the Upload and Maintenance of Data on IAF Database
Those CBs with automatic upload processes i.e. API and FTP will naturally meet the requirements.
NOTE: If there is no change to the certificate data within a month no upload is necessary. However, the CB is still required to login and click ‘update all’ to indicate no change.
Yes, CBs who participate and are in compliance with the upload requirements will demonstrate conformance to information request requirements detailed in ISO/IEC 17021-1 clause 8.1.2 (b) and (c).
CBs should obtain such permissions and approvals from its Certified Entities as may be necessary to allow the CB to submit Certified Entity Data to the IAF Database. However, most CBs will already have clauses in their customer contracts allowing them to share data to their AB or other third parties for the purpose of certificate verification. The only data that is uploaded is the certification data that is owned by the CB. No personal data is requested for upload into the database, only information relating to which organisations the CB has certified.
IAF Database LLC is the owner of the database and the controller of the information and is contractually obliged to ensure that the data is held and managed securely as is their exclusive technical partner Quality Trade. These obligations are detailed in the CB Data Management Agreement and AB terms of use.
IAF Database LLC and its service provider will maintain Cyber Liability Insurance Errors and Omissions/Professional Liability Insurance to cover any such incidents.
If, for any valid reason (e.g. national regulatory or governmental requirements) an AB or CB is prohibited from meeting these requirements, the AB or CB will need to provide an appropriate justification to either IAF DMC for ABs or in the case of CBs to their AB(s). .
For further information on Justifications for exclusion refer to IAF MD28:2023 IAF Mandatory Document for the Upload and Maintenance of Data on IAF Database.
All certified entity data is the property of the CB. ABs and CBs can only access the information they have uploaded. Personnel in IAF will not have access to the data, but the DMC and QT may produce anonymised analytical reports in order to understand the overall utilization and functioning of the database for example to identify data entry errors or to determine the number of participating CBs. No CB can access the data of another CB. An AB cannot access the data of a CB unless it has been responsible for uploading the data or received permissions from the CB. IAF representatives and Regional ABs will not have access to the raw data, however will have access to anonymised analytics.
An AB can’t access the certification entity data of a CB unless it has been responsible for uploading the data or received permission from the CB. ABs that have uploaded the data to the IAF database should put in place confidentiality requirements to ensure that inappropriate personnel cannot access the database.
A CB can upload certificate information in any language. However to verify the certificate the public user will need to search for the company name in the language that was uploaded by the CB or the certificate number. The CB can also upload other names i.e. “English Name” and “Trading Name” and the users can type these names to find and verify the company’s certificate information also.
IAF CertSearch uses translation technology where the user can select their language of choice. The translation tool will translate all text across the site including certification information to the nominated language. This greatly helps the CBs and ABs navigate the site and upload the information and also helps the verifiers use the site in their required language to verify certifications. However as above the Company Name is not translated and the user will need to locate the certificate by searching for the exact company name or certificate number that the CB has uploaded or the English or Trading Name if the CB has uploaded these fields.