Certification Rules | Verity Certification

Rule 1

No evidence, no certificate

A certificate must not be issued unless sufficient evidence has been reviewed against the stated standard, scope and certification criteria. Where evidence is missing, unclear or inconsistent, certification is delayed, limited, refused or made subject to corrective action.

Rule 2

Scope must be precise

The certificate scope must describe the activities, locations, services or functions actually reviewed. It must not imply coverage for activities, sites, regulated duties or technical approvals that were outside the assessment.

Rule 3

Status must be verifiable

Certificates must have a certificate number, issue date, expiry date, standard, scope and current status. Active, suspended, withdrawn, expired and replaced statuses must be capable of being shown clearly in the verification register.

Procurement-aware assurance

Rules written for clients, buyers and scrutiny

Many private certification schemes fail because they do not explain how decisions are made. Verity takes the opposite approach. These rules are written so that a client, customer, procurement officer, framework manager or internal compliance reviewer can understand what has been checked, what has not been checked and what the certificate can reasonably be used for.

Certification must be tied to defined evidence and a defined scope.
Certification must not be sold as a substitute for UKAS-accredited certification where the buyer clearly requires UKAS.
Major nonconformities must be closed or downgraded before certification is issued.
Certificate misuse, misleading claims or scope inflation can lead to suspension or withdrawal.
Verification records must allow buyers to check certificate status without relying only on a PDF copy.

Important limit

When these rules are not enough

Where a tender, framework, contract, regulator, insurer or customer explicitly requires UKAS-accredited or IAF-recognised accredited certification, a Verity private certificate should not be presented as a direct replacement unless the buyer has confirmed in writing that equivalent evidence is acceptable.

This is one of the most important safeguards in the scheme. Verity’s role is to provide honest private assurance, not to blur the line between accredited and non-accredited certification.

Read UKAS vs non-UKAS guidance

Certification lifecycle

Typical certification cycle

The cycle below is the normal route for a management-system certification review. It may be adjusted depending on organisation size, standard, complexity, risk level and the intended use of the certificate.

1

Application and requirement review

We confirm the organisation, intended standard, sites, activities, purpose of certification and whether the requirement appears suitable for a private non-UKAS route.

2

Scope and evidence planning

We define what is being assessed, identify evidence required and agree whether the review will include interviews, remote assessment, document sampling or other proportionate checks.

3

Document and system review

We review policies, procedures, responsibilities, risk controls, internal audit records, management review records, objectives, corrective actions and operational evidence.

4

Audit activity and findings

We record conformities, observations and nonconformities, and identify any corrective actions required before certification can be issued.

5

Decision and certificate issue

Certification is issued only where the evidence supports the decision. The certificate is recorded with defined status, scope and dates.

6

Surveillance and status control

Certificates remain subject to ongoing status control. Surveillance, review, suspension, withdrawal or recertification may apply depending on the scheme and certificate type.

Evidence rules

What evidence must normally support certification

Evidence requirements depend on the standard and the scope, but a credible management-system review should normally consider more than one policy document. Verity looks for evidence that the system exists, is understood, is being used and is being improved.

Documented scope and description of activities covered.
Relevant management-system policy or policies.
Defined roles, responsibilities and accountability.
Risk and opportunity controls relevant to the standard.
Objectives, monitoring and improvement evidence.
Competence, induction or training evidence where relevant.
Internal audit or self-check activity.
Management review or leadership review evidence.
Corrective actions, complaints, incidents or improvement records.
Operational samples showing that the system is applied in practice.

Evidence is assessed for quality, not just existence

A document existing in a folder is not, by itself, proof of an effective system. Reviewers may consider whether the evidence is current, relevant, controlled, understood, implemented and proportionate to the organisation’s size and risk.

Evidence may be marked as accepted, partially accepted, not accepted or requiring clarification. Where evidence is weak, the certificate scope may be limited or certification may be delayed.

Findings and decision control

How findings are classified

Findings must be clear enough for a client to act on and clear enough for a buyer to understand the seriousness of any issue. Verity uses finding categories to distinguish between evidence that supports certification, improvement points and gaps that prevent certification.

Accepted

Conformity

The requirement is met and supported by suitable evidence. The evidence is sufficiently relevant to the stated scope and standard.

Improvement

Observation

The system appears to be working, but improvement would strengthen clarity, consistency, control or buyer confidence.

Action needed

Minor nonconformity

A requirement is not fully met, but the issue does not by itself indicate a breakdown of the overall management system.

Blocking issue

Major nonconformity

A significant gap, absence of control, repeated failure or unsupported claim that prevents certification until adequately addressed.

Decision rule: Major nonconformities must normally be closed before certification is issued. Minor nonconformities may require corrective action, an action plan, evidence of closure or surveillance follow-up depending on risk and severity.

Certification decision

Who makes the decision?

Certification should be based on the reviewed evidence and the scheme rules, not on sales pressure. The person or function making the certification decision must consider the audit evidence, findings, scope, limitations and any corrective actions before issue.

Where appropriate, a decision may be reviewed separately from the person who carried out the main assessment. This helps protect the process from becoming a simple “review and sell” exercise.

Decision outcomes

Possible certification outcomes

Certification issued: evidence supports the stated scope and standard.
Certification issued with observations: evidence supports certification, with improvement points recorded.
Certification delayed: further clarification or corrective action is required.
Certification refused: evidence does not support the claim or scope.
Scope reduced: certification is limited to the activities that were properly evidenced.
Reassessment required: the organisation’s evidence or risk profile requires further review.

Scope control

Rules for certificate scope wording

Scope wording is one of the most important parts of a certificate. It tells buyers what the certificate actually covers. A broad, vague or inflated scope can mislead customers, especially in procurement.

The scope must match the activities reviewed.
The scope must identify relevant locations or operating model where needed.
The scope must not imply statutory, regulatory or technical approval unless expressly assessed and permitted.
The scope must avoid vague claims such as “all services” unless this is properly evidenced.
Exclusions, limitations or special conditions should be recorded where they affect interpretation.

Example of stronger scope wording

Weak: “Business services.”

Better: “Quality management system covering document handling, customer communication, order processing and administrative support services delivered from the organisation’s main office.”

Clear wording helps prevent overclaiming and allows a buyer to understand whether the certificate is relevant to the contract being procured.

Certificate status

Status categories used in the verification register

A certificate should not simply exist as a static PDF. Its current status should be capable of being checked. Verity uses status categories so buyers can understand whether a certificate is active, restricted, no longer valid or replaced.

Current

Active

The certificate is currently valid, within date and recorded as active against the stated organisation, standard and scope.

Restricted

Suspended

The certificate is temporarily not in good standing. Suspension may follow unresolved concerns, misuse, missed surveillance or serious evidence issues.

Ended

Withdrawn

The certificate has been formally withdrawn and must no longer be used as evidence of current certification.

Timed out

Expired

The certificate has passed its expiry date and has not been renewed or recertified.

Updated

Replaced

A newer certificate has replaced the previous version, usually because of recertification, corrected scope or updated details.

Under review

Pending clarification

The certificate record or supporting evidence is being reviewed, and users should seek confirmation before relying on it.

Suspension and withdrawal

When certification can be suspended or withdrawn

Verity may suspend or withdraw certification where continued use of the certificate could mislead buyers or where the certified organisation no longer appears to meet the requirements of the stated scope.

Suspension or withdrawal is not a cosmetic action. It is a control designed to protect the credibility of the scheme and the interests of buyers relying on certificate information.

Trigger examples

Common reasons for status change

Major nonconformity identified after issue.
Misleading claims about UKAS, accreditation or government approval.
Certificate used outside its stated scope.
Failure to complete required surveillance or review activity.
Refusal to provide evidence requested under the scheme rules.
Material change to ownership, activities, sites or operating model.
Evidence that the management system is no longer operating effectively.
Non-payment where the scheme terms allow suspension after fair notice.

Certificate-use rules

How clients may and may not use certificates

Certified organisations may use their certificate and verification entry to demonstrate private certification within the stated scope. They must not use the certificate in a way that exaggerates its status or misleads customers.

Use must match the certified organisation, standard, scope and validity dates.
Certificates must not be altered, edited or used after suspension, withdrawal or expiry.
Marketing claims must not imply UKAS accreditation, IAF recognition or government endorsement.
The certificate must not be used for products, services, sites or activities outside the certified scope.
Where a buyer asks for accredited certification, the client must not present Verity certification as accredited.

View certificate-use rules

Acceptable wording example

“Our quality management system has been privately reviewed and certified by Verity Certification against ISO 9001:2015 requirements for the stated scope. Verity Certification is not UKAS-accredited.”

Unacceptable wording example

“We are UKAS ISO certified” or “our certificate is equivalent to UKAS certification” where this has not been confirmed by the buyer.

Buyer and procurement review

What procurement teams can ask us to confirm

Procurement people are entitled to scrutinise private certification. Verity is designed to make that scrutiny easier, not harder. Subject to confidentiality and appropriate permissions, we can help buyers understand the basis and limits of a certificate.

Basic verification

Certificate number
Certified organisation
Standard and scope
Issue and expiry dates
Current status

Evidence confirmation

Whether an assessment record exists
Whether an evidence index exists
Whether findings were recorded
Whether major findings were closed before issue
Whether surveillance is required

Controlled disclosure

Audit-summary confirmation
Scope clarification
Status clarification
Certificate-use concerns
Suspension or withdrawal confirmation

Confidentiality rule: Detailed audit records, internal documents and commercially sensitive evidence are not published openly. They may be shared only where the certified organisation gives permission, where disclosure is contractually appropriate, or where the law requires it.

Surveillance and recertification

Ongoing review after issue

A certificate should not imply that nothing changes for three years. Organisations change, staff change, records change and operating risks change. Surveillance or periodic review helps confirm that the management system remains relevant and active.

Surveillance may be annual, risk-based or tied to contract requirements.
Higher-risk scopes may require more frequent evidence review.
Material changes may require reassessment before the certificate continues.
Recertification must take place before expiry if the organisation wants continuous coverage.
Failure to complete required review activity can affect certificate status.

Material changes that should be reported

Change of legal entity or trading name.
Change of ownership or senior management.
New sites or closure of assessed sites.
Major change to services or operating model.
Serious customer complaints, incidents or regulatory issues.
Loss of key licences, approvals or insurances relevant to scope.
Significant data, safety, environmental or quality incidents.

Impartiality

Conflicts of interest and independence

A certification decision must not be compromised by consultancy, sales pressure, personal interest or commercial dependency. Where Verity identifies a conflict that could affect impartiality, it must be recorded and managed.

Verity must not claim independent certification where it has effectively designed the same management system in a way that compromises objective review.

View impartiality policy

Conflict controls

Examples of controls

Conflict-of-interest checks before assessment.
Clear separation between general guidance and certification decision-making.
Disclosure of any prior advisory relationship where relevant.
Independent or separate decision review where risk requires it.
Refusal of work where impartiality cannot be protected.

Complaints, appeals and corrections

How concerns are handled

A credible scheme needs a route for concerns. Clients, buyers and interested parties may raise issues about certificate status, misleading claims, scope accuracy, process fairness or the handling of findings.

Complaints

Complaints may relate to certificate misuse, service conduct, misleading claims, register information, delays or the way a matter has been handled.

Appeals

A certified or applicant organisation may appeal certain decisions, including refusal, suspension, withdrawal or disputed findings, subject to the applicable rules.

Corrections

Where a certificate, register entry or published record contains an error, Verity may correct, replace, annotate or withdraw the affected record.

View complaints and appeals process

Record keeping

Records retained by the scheme

Verity keeps records to support certificate decisions, status control and buyer verification. Records are handled with appropriate care because they may include confidential commercial, operational or personal data.

Application and scope records.
Requirement and suitability review notes.
Evidence index and document review notes.
Audit findings and corrective-action records.
Certification decision record.
Certificate issue, replacement, suspension and withdrawal records.
Verification register information.
Complaints, appeals and certificate-use concerns.

Data protection and confidentiality

Records are used for certification, verification, governance and dispute-handling purposes. Verity should not publish confidential audit records openly. Public verification is limited to certificate information suitable for buyer confirmation.

Where a client asks Verity to share evidence with a buyer, the disclosure should be controlled, proportionate and limited to what is relevant to the request.

Plain-English safeguards

What Verity certification does and does not claim

What it can support

Independent private review against stated management-system requirements.
Supplier assurance where non-UKAS evidence is acceptable.
Evidence for tenders that allow “or equivalent” or proportionate alternatives.
Customer confidence where a buyer wants evidence of organised controls.
Internal improvement, governance and management-system discipline.

What it must not be used to claim

UKAS-accredited certification.
IAF-recognised accredited certification.
Government approval or official endorsement.
Automatic acceptance in all tenders.
Certification of activities outside the stated scope.
Regulatory approval unless this is separately and expressly confirmed by the relevant authority.

For buyers and clients

Need to check whether a certificate can be relied on?

Send the certificate number, organisation name and the requirement you are checking against. We can confirm status and, where authorised, explain the scope, evidence basis and limits of the certificate.

Check a certificate Email verification team

Clear scheme rules for evidence-led private certification.