IAF ID 17:2025 is the International Accreditation Forum’s (IAF) new Informative Document, which provides a framework for managing the risks associated with counterfeit certificates. Released on August 6, 2025, it aims to harmonise risk policies across IAF members, offering accreditation bodies (ABs) and conformity assessment bodies (CABs) a systematic approach to identify, assess, mitigate, and monitor counterfeit certificates, thereby protecting trust and safety in conformity assessment. This document offers guidance—not mandatory requirements—to help harmonise how IAF members address risks associated with counterfeit certification documents (IAF).
Why does IAF ID 17:2025 matter?
Counterfeit certificates—such as those issued without a real audit, expired ones re‑presented as valid, inflated scopes, or fake accreditation claims—pose serious threats to trust in conformity assessment processes (IAF).
The document introduces a structured, ISO 31000-based risk management framework that’s tailored for:
- Accreditation Bodies (ABs)
- Certification Bodies (CBs)
- Validation and Verification Bodies (VVBs) (IAF)
IAF ID 17 summarises a systematic risk management approach tailored to the needs of accreditation bodies, certification bodies, and validation and verification bodies. This process involves identifying, assessing, mitigating, and monitoring risks associated with counterfeit certificates through the implementation of policies, procedures, and controls.
IAF members are expected to adopt the principles outlined in the document to enhance their risk management capabilities and contribute to the overall integrity and reliability of conformity assessment processes worldwide.
The document can be accessed here.
The Cost of Counterfeiting
Numerous counterfeit ISO 13485 certificates were detected on masks, test kits, and PPE products released during the COVID-19 pandemic. Without verification, the health of millions of people would have been at risk. Today, counterfeiting is a major threat not only in healthcare but also in critical sectors such as aviation, automotive, energy, and finance. Following official calls from organisations such as SpaceX, Airbus and the US Department of Energy, CertSearch has now been made mandatory on a global scale.
IAF ID 17:2025, based on the ISO 31000 risk management framework, covers methods such as counterfeit logos and web verification manipulation; financial losses and impacts on public trust; and measures such as CertSearch, blockchain verification and sanctions. By 2025, the use of counterfeit documents will be virtually impossible thanks to IAF CertSearch. The new risk policy will mark a historic turning point for transparency in the certification chain, trust in the supply chain, and fair competition in global trade.
Key Highlights and Practical Takeaways
Here’s the practical advice I would give to suppliers and stakeholders considering ISO certification, as well as those who need to check the certifications of organisations they want to serve:
1. For Suppliers Considering ISO Certification
If you are a supplier seeking ISO certification (e.g., ISO 9001, ISO 42001, ISO 27001):
- Choose an Accredited Certification Body (CB)
- Ensure the CB is accredited by a recognised Accreditation Body (AB) that is a signatory to the IAF Multilateral Recognition Arrangement (MLA).
- This ensures your certificate will be internationally accepted and trusted across markets.
- Verify Before You Sign
- Check the CB’s name and accreditation status on the AB’s official website.
- Request the CB’s accreditation certificate and verify it directly.
- Avoid “Fast-Track” or “No Audit” Promises
- Genuine ISO certification always requires a documented audit.
- Offers such as “ISO in 72 hours, no audit” are red flags for counterfeit or non-accredited certifications.
- Think Long-Term Credibility
- A valid ISO certificate strengthens market access, supplier approval, and trust with stakeholders.
- A counterfeit certificate can damage your reputation and exclude you from tenders.
2. For Stakeholders (Customers, Partners, Buyers) Checking Certifications
When assessing the ISO certification of an organisation you plan to work with:
Apply the “Triad” Method (IAF ID 17:2025)
- Check the CB’s registry; confirm certificate number, organisation name, scope, and validity.
- Confirm CB accreditation; verify that the CB is accredited by an AB that is part of the IAF MLA.
- Cross-check with IAF CertSearch (https://www.iafcertsearch.org/).
Look for Key Certificate Details
- Validity period (issue and expiry dates).
- Accredited CB name and accreditation logo.
- Scope of certification (does it cover what they actually do?).
- Correct company name, address, and registration number.
Watch Out for Red Flags
- CB or AB names you cannot find on official registries.
- Certificates with no accreditation marks or unfamiliar logos.
- Broken links or “fake” validation websites.
Ask for Transparency
- A legitimate organisation will happily share its certificate details and validation path.
- If they resist or provide incomplete information, treat this as a warning.
3. Practical Tips for Both Sides
- Educate Teams: Procurement and quality staff should be trained to recognise authentic vs. counterfeit certificates.
- Document Verification: Always keep evidence (screenshots, registry links, AB confirmation) in supplier or partner files.
- Build Trust Networks: Prefer suppliers certified by CBs you recognise and who have a proven track record.
- Continuous Monitoring: Certificates expire — don’t just check once, revalidate regularly.
4. Why This Matters
- Counterfeit certificates undermine trust and can introduce risk into your supply chain.
- By following IAF ID 17:2025 guidance, both suppliers and stakeholders can protect themselves from fraud and strengthen their credibility within the global ISO system.
CFECERT is an independent auditing organisation providing services in IT-based standards accredited by UKAS and IAS (ISO 27001, ISO 27701, ISO 20000-1, ISO 22301, ISO 9001, ISO 27017, ISO 27108, ISO 29115, etc).
You can contact us at sales@cfecert.co.uk for information about our services and accreditations.
