What is the difference between conformance and certification when a vendor claims to meet a records standard?
When a vendor says its product “meets” a records standard, it is worth asking precisely what that claim means. The words conformance and certification describe two very different levels of assurance, and confusing them is a common source of misunderstanding.
Conformance
Conformance means that a product, process, or system satisfies the requirements set out in a standard. A conformance claim can be made by anyone, including the organization or vendor making it. In practice, vendors often perform a self-assessment, map their features against a standard’s requirements, and then state that the product conforms.
A self-declared conformance claim may be entirely accurate. The key point is that, on its own, it carries no independent verification. The party asserting conformance is also the party judging it.
Certification
Certification is a formal attestation by an independent third party that a product or system meets a defined standard. It typically involves:
- An accredited or recognized assessment body, not the vendor itself.
- A documented evaluation against published criteria.
- A certificate, registration, or listing that can be checked.
- Periodic re-assessment to keep the certification current.
Because an outside party performs the evaluation, certification generally offers stronger assurance than a self-declaration. Note that not every standard has an associated certification scheme; many records standards describe good practice without any formal program to certify against them.
Why the distinction matters
For records and information governance professionals, the difference affects how much weight a claim should carry during procurement or audit. Useful questions include:
- Is the claim self-declared conformance, or third-party certification?
- Exactly which standard, and which version or parts, are covered?
- What scope was assessed — the whole product, or only certain features?
- Who issued any certificate, and can it be independently verified?
- When was it assessed, and is it still in effect?
A standard such as ISO 15489 establishes principles for managing records, while standards like ISO 16175 set functional requirements for records in digital environments. A product may align with such requirements through self-assessed conformance, formal certification, or partial coverage of specific clauses. Knowing which one applies lets you evaluate the claim accurately rather than taking the word “compliant” at face value.
For related guidance, see the compliance and standards topic hub.
Sources & further reading
Authoritative government and non-profit references.
How to cite this page
APA
RM University Editorial. (2026). What is the difference between conformance and certification when a vendor claims to meet a records standard?. Records Management University. https://www.recordsmgmt.org/questions/difference-between-conformance-and-certification-for-records-software/
MLA
RM University Editorial. "What is the difference between conformance and certification when a vendor claims to meet a records standard?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/difference-between-conformance-and-certification-for-records-software/.
Related questions
- Can a commercial off-the-shelf system meet the NARA Universal ERM Requirements without being DoD 5015.2 certified?
- Can a company be fined or sanctioned for not following ISO 15489 in a lawsuit?
- Can a US company store its records on servers in another country, and what cross-border data rules apply?
- Can following ISO 15489 actually help us pass an audit or hold up in court?
- Can I just adopt ISO 15489 word-for-word as our records policy, or does it not work that way?