ISO 20000-1 Certification Transfer: How to Switch Certification Bodies

Why Organisations Switch Certification Bodies

Switching certification bodies is more common than many organisations realise. There are several legitimate reasons why an organisation may choose to transfer its ISO 20000-1 certification:

Service quality concerns

The most common driver is dissatisfaction with the current CB's service quality. This may manifest as auditors who lack ITSM domain expertise, inflexible scheduling, slow report delivery, poor communication, or a transactional relationship with no value-added insights. Organisations increasingly expect their CB to bring industry knowledge and constructive feedback, not just compliance checking.

Auditor competence

ISO 20000-1 is a specialised standard that requires auditors with genuine IT service management experience. If your auditors lack understanding of ITSM processes, tools, and industry context, the audit experience is poor and the findings may be irrelevant or misdirected. Switching to a CB with specialist ITSM auditors can significantly improve audit quality.

Cost considerations

Audit fees vary between certification bodies. While cost should never be the sole reason for switching — a cheaper audit from a less competent CB is false economy — competitive pricing combined with better service is a valid reason. Some CBs also offer multi-standard discounts if you hold multiple certifications (e.g., ISO 20000-1 and ISO 27001) with the same body.

Geographic coverage

If your organisation has expanded geographically, you may need a CB with broader international coverage to efficiently audit multiple locations without excessive travel surcharges. A globally accredited CB with local auditors can reduce both costs and logistical complexity.

Multi-standard consolidation

Organisations that hold multiple ISO certifications (ISO 20000-1, ISO 27001, ISO 9001, ISO 22301) with different CBs often benefit from consolidating all certifications with a single body. This enables integrated audits, reduces total audit days, and simplifies the governance of certification activities.

Accreditation body or CB changes

In some cases, a CB may lose its accreditation, cease trading, or withdraw from a particular certification scheme. In these circumstances, transfer to a new CB is mandatory rather than optional.

IAF MD 2 Transfer Requirements

The International Accreditation Forum (IAF) governs how certifications are transferred between accredited certification bodies through IAF MD 2 — Transfer of Accredited Certification of Management Systems. This mandatory document establishes the requirements that both the departing and receiving CBs must follow.

Prerequisites for transfer

IAF MD 2 specifies conditions that must be met for a transfer to proceed. The receiving CB must verify:

• Valid certification: The existing certificate must be currently valid — not expired, suspended, or withdrawn
• Accredited certification: The current certification must have been issued by a CB accredited for ISO 20000-1 by an IAF MLA (Multilateral Recognition Arrangement) signatory
• No unresolved major nonconformities: There must be no outstanding major nonconformities from previous audits that remain unresolved
• No ongoing complaints or enforcement: There must be no pending enforcement actions, complaints, or legal proceedings related to the certification
• Certification scope clarity: The scope of certification must be clearly defined and understood by the receiving CB

What the departing CB must provide

The organisation should request or obtain from the current CB:

• Copy of the current certificate (including scope and validity dates)
• Most recent audit reports (last certification, surveillance, and any special audits)
• Status of any outstanding nonconformities or corrective actions
• Confirmation that no enforcement actions are in progress
• Contact details for verification (the receiving CB may contact the departing CB directly)

The Transfer Audit Process

The transfer audit is the core step in the certification transfer. Here is how the process works from start to finish.

Step 1: Initial inquiry and application

Contact the new CB and express your intent to transfer your ISO 20000-1 certification. Provide your current certificate, scope details, and reason for transfer. The CB will assess whether they can accept the transfer based on their accreditation scope, auditor availability, and IAF MD 2 requirements.

Step 2: Application review

The receiving CB reviews your application, verifies the validity of your current certification, and checks that all IAF MD 2 prerequisites are met. They may contact your current CB to verify certification status and obtain audit history. This review typically takes 1-2 weeks.

Step 3: Document review

The new CB reviews the previous audit reports, paying particular attention to the scope, any nonconformities raised, the status of corrective actions, and any areas of concern. They also review your current SMS documentation to assess readiness for the transfer audit. This typically takes 2-3 weeks.

Step 4: Transfer audit

The receiving CB conducts a transfer audit at your premises. The audit is typically conducted at the next scheduled surveillance or recertification point in your certification cycle. The transfer audit includes all the elements of a normal surveillance or recertification audit, plus additional transfer-specific checks:

• Verification of the scope against actual service delivery
• Confirmation that previously raised nonconformities have been effectively closed
• Assessment of any areas of concern identified during the application review
• Verification that the SMS is functioning effectively and producing results
• Interviews with key personnel to confirm SMS understanding and commitment

Step 5: Audit reporting and decision

The audit team submits their report and recommendation. The CB's independent certification decision-maker reviews the report and, if satisfied, approves the transfer. This decision process typically takes 1-2 weeks.

Step 6: New certificate issuance

Upon successful transfer, the receiving CB issues a new certificate. The certification cycle dates from the original certification are preserved — you don't start a new three-year cycle. The new certificate reflects the original certification date, the latest recertification date, and the new CB's details.

Transfer Timeline

A well-managed transfer typically follows this timeline:

Total estimated timeline: 6-12 weeks. We recommend initiating the transfer at least 3-4 months before your next surveillance or recertification is due to ensure adequate time for scheduling and any unexpected delays.

What the New CB Will Assess

During the transfer audit, the receiving CB will focus on several areas beyond a normal surveillance audit:

Certification legitimacy

The CB verifies that your certification is genuine and current. They check the certificate against the departing CB's records and confirm the scope, locations, and validity dates. They also verify that the departing CB holds appropriate accreditation.

Previous nonconformity closure

Any nonconformities raised by the previous CB must be effectively closed. The receiving CB will review the evidence of closure, not just accept claims. If nonconformities remain open, this is a red flag that may delay or prevent the transfer.

SMS effectiveness

The new CB assesses whether your SMS is genuinely functioning — not just documented. They look for evidence of operational processes producing results: incident records, change records, service reports, management review minutes, internal audit results, and improvement activities.

Scope accuracy

The auditor verifies that the scope described on your certificate accurately reflects your actual service delivery. If services have changed, expanded, or contracted since the last audit, the scope may need adjustment.

Management commitment

The CB assesses whether top management remains committed to the SMS. This is particularly important during transfers, as a change of CB can sometimes indicate declining management interest in certification. The auditor will want to see active leadership engagement.

Documentation to Prepare

To ensure a smooth transfer, prepare the following documentation in advance:

From your current CB

• Current certificate — full copy showing scope, locations, validity dates, and accreditation mark
• Most recent audit reports — last certification/recertification audit and most recent surveillance audit(s)
• Nonconformity closure evidence — documented evidence of corrective actions for all previously raised nonconformities
• Audit schedule — the planned audit schedule showing when surveillance and recertification audits are due

From your organisation

• SMS scope statement — current scope of the service management system
• Service management policy — current version with approval evidence
• Service catalogue — current catalogue of services within the SMS scope
• Service management plan — current overarching plan for the SMS
• Internal audit reports — most recent internal audit results
• Management review minutes — most recent management review records
• Improvement register — evidence of continual improvement activities
• Organisation details — legal entity, locations, number of employees in scope, and any changes since the last audit

Risks and Mitigation

Understanding potential risks allows you to manage them proactively.

Risk: Certification gap

Scenario: If the transfer takes longer than expected and your current certificate expires before the new one is issued, there could be a gap where you are not certified.

Mitigation: Start the transfer process early — at least 3-4 months before your next audit is due. Maintain communication with both CBs and track progress actively. In some cases, the current CB can extend the audit date to allow time for transfer.

Risk: Unresolved nonconformities

Scenario: The new CB discovers that nonconformities from the previous CB were not genuinely resolved, or finds new major nonconformities during the transfer audit.

Mitigation: Before initiating the transfer, verify that all previous nonconformities are genuinely closed with documented evidence. Conduct a thorough internal audit to identify and address any issues before the transfer audit.

Risk: Scope disputes

Scenario: The new CB interprets your scope differently from the departing CB, potentially requiring scope changes that affect your certificate.

Mitigation: Discuss scope in detail during the application stage. Ensure the new CB fully understands your services, locations, and organisational boundaries before scheduling the transfer audit.

Risk: Current CB non-cooperation

Scenario: Your current CB is uncooperative — delaying release of audit reports, refusing to verify certification status, or otherwise obstructing the transfer.

Mitigation: You have the right to your audit reports and certification information. Document all requests and responses. Inform the receiving CB of any difficulties. In extreme cases, the accreditation body can intervene. The new CB may accept alternative evidence if the current CB is genuinely uncooperative.

Risk: Loss of certification history

Scenario: Important records from the previous audit cycle are not properly transferred, creating gaps in the certification history.

Mitigation: Maintain your own copies of all audit reports, certificates, corrective action records, and correspondence with your CB. Don't rely solely on the departing CB to maintain your records.

Making the Transition Smooth

Based on our experience supporting organisations through certification transfers, here are practical tips for a successful transition:

Start early

The most important success factor is starting the process with ample time. Rushing a transfer creates unnecessary risk and stress. Begin the process at least 3-4 months before your next scheduled audit.

Conduct an internal audit first

Before engaging the new CB, conduct a thorough internal audit of your SMS. Address any findings before the transfer audit. This ensures you present a well-functioning SMS to the new auditors and reduces the risk of unexpected findings.

Prepare your team

Brief your team that a new CB will be conducting the audit. New auditors may ask different questions or focus on different areas than your previous auditors. Ensure staff understand the SMS processes they're involved in and can explain their roles clearly.

Maintain open communication

Keep communication channels open with both the departing and receiving CBs. Respond promptly to information requests. Flag any concerns or complications early rather than letting them escalate.

Don't let the SMS slip

During the transition period, it's tempting to focus on the administrative process and neglect the actual SMS. Continue operating your service management system normally — maintain records, conduct reviews, and address incidents and changes as usual. The best preparation for any audit is a well-functioning SMS.

Use the transfer as an opportunity

A change of CB is an opportunity to get fresh perspectives on your SMS. New auditors bring different experiences and insights. Welcome their observations and use them to improve your service management system.

Transferring certification bodies should be a positive step for your organisation — whether driven by the desire for better service, specialist expertise, cost optimisation, or strategic consolidation. When managed properly, the transfer process is straightforward and the transition seamless. The key is preparation, timing, and maintaining a genuinely effective SMS throughout.

Frequently Asked Questions