The UK National Accreditation Service (UKAS) has denied claims made (opens in new tab) by security firm InfoSaas that the Covid-19 pandemic threatens to push thousands of hard-earned ISO certifications beyond their expiry date.
According to Computer Weekly (opens in new tab), UKAS said that, while thousands of ISO data protection and compliance certifications may expire, provisions have been put in place to “ensure continuity”.
UKAS claims to have published a new policy on accreditation and conformity assessment during the pandemic, Technical Policy Statement (TPS) 73, reflecting the International Accreditation Forum (IAF) advice on the issue of certificates.
“Given the unprecedented nature of the coronavirus outbreak, and the uncertainty over the potential impact this will have on the imposed time restrictions relating to travel and social contact, it is anticipated that six months may not provide sufficient opportunities for certification bodies to conclude recertification audits," reads Clause 4.6 of the new guidance.
“As a consequence, UKAS policy for this outbreak is that the decision on recertification must be made within three months of the lifting of restrictions (e.g. travel) that were preventing the on-site audit taking place. However, if this timeframe exceeds 12 months, then the certificate should be withdrawn, and a new initial audit will be required.”
InfoSaaS is not wholly satisfied with the response, however, which does not account for the possibility the pandemic might extend beyond the 12-month deadline.