Accreditation of certification bodies under Article 43 GDPR
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of GDPR
Section 7.8 Directory of certified products
In addition to item 7.8 of ISO/IEC 17065/2012, the certification body should be required to keep the information on certified products, processes and services available internally and publicly available. The certification body will provide to the public an executive summary of the evaluation report. The aim of this executive summary is to help with transparency around what has been certified and how it was assessed. It will explain such things as:
(a) the scope of the certification and a meaningful description of the object of certification (ToE),
(b) the respective certification criteria (including version or functional status),
(c) the evaluation methods and tests conducted and
(d) the result(s).