Accreditation, Certification, Audit: Who Does What?
Accreditation body, certification body, lead auditor, consultant: who plays which role in the certification system, and why advice and certification must stay separate.
In short
The certification system is a chain of trust with clearly defined roles. The accreditation body oversees and accredits certification bodies, and only an accredited certification body may issue the certificate. One core rule applies: whoever builds or advises on a system cannot also certify it, otherwise independence is lost.
Auf Deutsch lesen: deutsche Fassung
Plenty of terms circulate around certification: accreditation, certification, auditor, consultant. Confuse them, and you quickly buy the wrong thing. Yet the system follows a clear logic. It is a chain of trust with clearly defined roles.
The chain of trust, from top to bottom
- Accreditation body (in Germany, the DAkkS): oversees and accredits certification bodies. In effect, it certifies the certifiers.
- Certification body: carries out the external audits and issues the certificate. It is itself accredited against international requirements.
- Organization: has its management system audited and certified.
This chain is exactly why an accredited certificate carries weight. It does not stand on its own; it is part of a supervised system.
Who is allowed to do what?
- Internal auditor: audits their own organization (a requirement), but may not issue certificates.
- Consultant / implementer: helps build the management system.
- Lead auditor (external): leads audits, including on behalf of certification bodies, with the corresponding qualification and audit experience.
- Certification body: the only party that can issue the accredited certificate.
Why advice and certification are kept apart
One core rule applies: whoever builds or advises on a system cannot also certify it. Otherwise you would be reviewing your own work, and independence would be gone. That is why the division of tasks makes sense. An implementation partner brings you to maturity, and the accredited body confirms it independently.
This separation is not an obstacle but a safeguard for quality: preparation and judgment are deliberately placed in different hands.
System certification vs. person certification
Two things are often mixed up. System certification confirms that an organization has a functioning management system. Person certification confirms an individual's qualification, for example as a lead auditor. Both are useful, but they are different kinds of evidence with different purposes.
For AI management systems under ISO/IEC 42001, this landscape is still taking shape: accreditation and certification bodies are positioning themselves, and qualified auditors remain scarce. That is an advantage for everyone who starts early.
Frequently asked questions
Can my consultant also certify me?+
No. Advisory work and accredited certification must be kept separate, otherwise independence would be lost. The consultant prepares you; the accredited body certifies.
What is the DAkkS?+
The German national accreditation body. It accredits and oversees certification bodies, making sure that a certificate is reliable.
Author & expert review: Lars Zimmermann · ISO/IEC 42001 Senior Lead Auditor & ISO/IEC 27001 Lead Auditor (PECB)
Last updated: 26 May 2026. Researched and reviewed to the best of our knowledge; not a substitute for individual legal advice.
Sources & further reading
Questions about your own case?
In a free 15-minute intro call we assess where you stand on ISO 42001, ISO 27001 and the EU AI Act, honestly and without a sales pitch.