Finnco, a subsidiary of a certification body, provided ISMS consultancy services to an organization. Considering this scenario, when can the certification body certify the organization?
A.
There is no time constraint in such a situation
B.
At no time, since it presents a conflict of interest
C.
If a minimum period of two years has passed since the last consulting activities
A certification body cannot certify an organization if it has provided consultancy services to that organization. This situation presents a conflict of interest, as the certification body is required to maintain impartiality and objectivity. The ISO/IEC 17021-1 standard, which sets out requirements for bodies providing audit and certification of management systems, specifies that providing both services to the same client is incompatible.
References: ISO/IEC 17021-1:2015 Conformity assessment — Requirements for bodies providing audit and certification of management systems
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit