IAF Mandatory Document on the Use of Information and Communication Technology (ICT) applies today

Today (4 July 2019), the International Accreditation Forum (IAF) revised version of their Mandatory Document, MD 4:2018 on the Use of Information and Communication Technology (ICT) for Auditing/Assessment Purposes comes into application.

As described in an earlier post: Use of Information and Communication Technology (ICT) for Certification Auditing/Assessment Purposes, the scope of this document is for the auditing/assessment of management systems, persons and product. It is applicable to, both conformity assessment bodies (Certification Bodies) and National Accreditation Bodies.

The use of ICT is not mandatory and may be used for other types of conformity assessment activities, but if used as part of the audit/assessment methodology, it is mandatory to conform to this document.

This revision keeps pace with the development in the use of remote auditing tools, which can be used for the delivery of a cost-effective and efficient auditing and certification service. It is a tool that I have used extensively for clients that already have a mature management system and have the infrastructure for enabling remote audits. These remote audits can save time and the cost of expensive international flights for audits from the United Kingdom to India or China.

The revised version introduces some significant changes in that it, now, applies to the assessment activities of the National Accreditation Bodies as well as audit activities of Certification Bodies (CBs).

The Mandatory Document provides for a risk based approach to the use of ICT and is intended to achieve consistent application in auditing/assessment, using information and communication technology as part of the methodology. The document states that “The use of ICT is not mandatory, but if used as part of the audit/assessment methodology, it is mandatory to conform to this document”.

It should be noted, in the accompanying UKAS Technical Bulletin (29 June 2018), that the Mandatory Document has immediate implementation based on its Application Date (4 July 2018), meaning that Certification Bodies must be following this for all cases where ICT is used as part of the certification activity.

Therefore, at each accredited CB’s next scheduled Head-Office Assessment, the Assessment Team will review plans for implementation into the CB’s systems and procedures.

A copy of the revised IAF MD4:2018 can be freely downloaded here with a copy of the previous IAF MD4:2008 available here together with a copy of the UKAS Technical Bulletin here


  1. If you are an accredited Certification Body or hold accredited certification, you should obtain a copy of the IAF MD4:2018.
  2. Review the IAF MD4:2018 for the changes between the revised 2018 version and that from the 2008 version & the impact on your organisation.
  3. Consider how the Mandatory Document affects your delivery of certification auditing or, as an organisation holding accredited certification, whether you would benefit from a remote audit.
Share this article on Social Media:

Leave a Reply