Professional Testing, Inc.
Providing High Quality Examination Programs

From the Item Bank

The Professional Testing Blog


First, Second and Third Party: What Does it Mean in Certification of Persons?

September 28, 2016  | By  | 4 Comments

ISO/IEC 17024 Conformity Assessment – General requirements for bodies operating certification of persons is a standard designed to be used by Certification Bodies to ensure they are following best practices in the development and operation of their certification programs.  Accreditation Bodies (such as the American National Standards Institute [ANSI], Standards Council of Canada [SCC], United Kingdom Accreditation Services [UKAS] and so forth) accredit Certification Bodies as meeting the standard.

In ISO-speak, the word “certification” means:

third party attestation related to products, processes, systems or persons
Note 2: Certification is applicable to all objects of conformity assessment except for conformity assessment bodies themselves, to which accreditation is applicable.
(ISO/IEC 17000, clause 5.5).

So what does third party mean exactly and how does it differ from first party and second party?  ISO/IEC 17000 Conformity Assessment – Vocabulary and general principles defines first party as a “conformity assessment activity that is performed by the person or organization that provides the object” (clause 2.2).  That means in the case of ISO/IEC 17024, if a certification body were to self-assess that they meet ISO/IEC 17204, that would be considered a first party assessment.  This cannot be called accreditation because like “certification”, accreditation must be performed by a third party.  Since the certification body is assessing itself, this is not third party and therefore cannot be accreditation.

We can also think about this in the certification of persons.  First party would be a person self-declaring themselves competent.  Obviously none of us would place too much stock in a person’s self-declaration of competence so it would seem to reason that we probably shouldn’t place too much confidence in any certification body that self-declares they conform to ISO/IEC 17024.

You might ask yourself why would it even be allowed that an organization could self-declare as meeting an ISO standard?  This is because ISO itself has something called the “neutrality principle” and this principle states that ISO is agnostic when it comes to third party certification or accreditation.  Because there are expenses and other considerations associated with third party certification or accreditation, ISO wanted its standards to be available for use at any level, even if the only level the organization could meet was to “strive” to meet the standard and to assess themselves against the standard.  So ISO would not ever state that a certification body has to be accredited by a third party against ISO/IEC 17024.  However, we know that many certification bodies for persons do not understand many of the concepts in the standard so their “self-assessment” against ISO/IEC 17024 might have as much meaning as a professional’s self-attestation of his or her own competence.

Second party is defined in ISO/IEC 17000 as a “conformity assessment activity that is performed by a person or organization that has a user interest in the object” (clause 2.3).  That means in the case of ISO/IEC 17024, the certification body has, for example, hired a consultant to conduct an internal audit of the organization against ISO/IEC 17024 or has hired an expert to conduct a gap analysis of the organization against the standard.  We can see where in this case, there may be a bit more objectivity than in a first party assessment, but because there is a relationship between the certification body and the party conducting the assessment, there is the potential for a conflict of interest.  If we think about second party when it comes to the certified person, instead of the professional self-declaring competence (as in first party), second party would be where the person attesting to the competence of the person has a relationship to the person.  For example, being the trainer/instructor of the person or the employer of the person would constitute such a relationship.  A trainer/instructor or employer of a person can certainly attest to the competence of a person but because of the relationship between the two parties, again, it is possible that the assessment of the person might be compromised by biases or lack of objectivity.  Therefore, we do not award “certification” to a person based on second party assessments.  That means that an assessment of a person’s knowledge and skills conducted by a trainer/instructor or an employer is not acceptable for certification purposes.

And herein lies one of the reasons that many training and educational institutions offering “certificate” programs and calling themselves certification programs are wrong.  They cannot be a “certification” program offering certification of persons unless they are third party (see definition of certification).  Does that mean that a training or educational can’t offer certification?  No.  It does mean that the institution would need to create a separation between the training/education side and the certification side in order to show that the certification side is independent (and third party) from the candidate.  This would require a clear separation of staffing, finances, office space, etc. to ensure that the second party does not influence the third party.

ISO/IEC 17000 defines third party as a “conformity assessment activity that is performed by a person or body that is independent of the person or organization that provides the object, and of the user interests in that object” (clause 2.4).  For ISO/IEC 17024, a third party assessment of the certification body against the standard would mean an assessment by an independent person or body.  In this case because it is the conformity assessment body (certification body) themselves being assessed (see previous note to definition of “certification”), it would be an accreditation body that is providing the assessment against the standard and we would call this “accreditation.”

We can also think about third party when it comes to the certification of persons.  Remember, first party is the person self-attesting that he or she is competent.  Second party is someone related to the person (trainer/instructor/employer) declaring that the person is competent. Third party would require an entirely independent party to declare the person competent. And this is exactly what certification body is supposed to be.  A certification body for persons is an independent, third party that attests that a person meets the competency requirements of a scheme.  They have no interest in the outcome of the certification assessment process, nor do they have any type of relationship with the person being assessed.

So the next time you hear that certification of persons is required to be third party, you can understand that this is to protect the objectivity of the certification process and to ensure the validity of the certification process.


Image Attribution: This file is licensed under the Creative Commons Attribution 3.0 Unported license.

Tags: , , ,

Categorized in:


  • Goutam Mishra says:

    Please clarify briefly first party , second party and third party

  • Cynthia Woodley says:

    First party is the person self-attesting that he or she is competent. Second party is someone related to the person (trainer/instructor/employer) declaring that the person is competent. Third party would require an entirely independent party to declare the person competent.

  • Mike J says:

    Under 17024:2012 – Section 9.8 Appeals Against Decision on Examination, are testing organizations using CBT tests required to allow the ability to formally appeal/ dispute the results of a CBT exam score?

Leave a Reply

Your email address will not be published. Required fields are marked *