Risk management is now a concept embedded in ISO/IEC 17011:2017: Conformity assessment — Requirements for accreditation bodies accrediting conformity assessment bodies. The standard provides new requirements concerning a “risk-based approach” for the accreditation processes, as well as concerning “risks” with regard to the operation of all processes in general of an accreditation body. Considering that the requirements of ISO/IEC 17011:2017 and Regulation (EC) No 765/2008 are mandatory for National Accreditation Bodies (NABs), the main purpose of EA-2/19: List of risks for accreditation processes and operation of national accreditation bodies is to support NABs in their risk-based approach by providing lists of possible risks that they may consider.

According ISO/IEC 17011 clause 7.4.6, 7.9.3 and 7.10.1, the National Accreditation Body (NAB) is required to consider the risks related to the operation of a Conformity Assessment Body (CAB) when planning assessments, assessment programmes or scope extensions.

A risk-based approach supports the objective of an assessment to take an appropriate, representative sample. Such an assessment concentrates on issues that are important at the current situation (occurring in internal and external environments relevant to the CAB) that may influence ongoing fulfilment of accreditation requirements by the CAB. In particular competence, consistent operation and impartiality that impacts Conformity Assessment Activities (CAAs). NABs should consider the risks related to the CAB providing an invalid CAA, but also the impact of an invalid CAA on the CAB’s customers, stakeholders and public.

The use of a risk-based approach may influence the duration or frequency of assessments, choice of assessment technique and composition of the assessment team. The aim of a risk-based assessment is to optimize the value of the assessment and to provide justification for the duration or frequency of assessments, choosing the appropriate assessment technique and assessment team.

When performing a risk evaluation of a CAB, the NAB is taking an educated and informed decision on the risk profile of the CAB, the outcome of which may be that the NAB varies its assessment approach. As such the NAB should always consider the primary purposes of accreditation (those being that accreditation provides confidence that the CAB is producing valid outcomes to its conformity assessment activities, is competent and operates with independence and impartiality) and be aware of its responsibility to provide confidence in the CAB to the CABs wider stakeholder community. To this end the NAB should consider the impact of the CAB conducting an invalid CAA as part of its risk evaluation.

EA-2/19 includes a table, which provides examples of risks related to the operation of a CAB that a NAB may consider when evaluating the risk profile of the CAB.

There are also risks related to the management of a NAB. Accordingly, EA-2/19 includes also examples of risks regarding

  • the impartiality of a NAB and
  • NAB processes.

To read the full document: EA-2/19: List of risks for accreditation processes and operation of National Accreditation Bodies