Resource guide

Understanding Accreditation: SAAC, IAS, and Why Your Certifier's Certifier Matters

What accreditation means, how SAAC and IAS oversee certification bodies, and how to verify that an ISO certificate will be accepted.

Accreditation is the buyer-protection layer behind a certificate. It is what separates a recognised management-system certificate from paper that may fail tender or regulator checks.

Key takeaways

  • Certification bodies are audited by accreditation bodies for competence and impartiality.
  • SAAC or another recognised accreditation mark should be checked against the actual scope.
  • For regulated sectors, accreditation still needs to align with sector approval requirements.
One sails through a government tender's prequalification; the other is rejected and told its certificate "is not recognised".
The difference is usually one word buried in the small print: accreditation.

Certification vs accreditation: the chain of trust

Accreditation chain of trustWHO CHECKS THE CHECKERYourcompanyCertificationbodyAccreditationbodyIAF / sectorrecognitionBuyer orregulatorAcceptance depends on the accreditation mark, scope and sector approval matching the certificate.
REGISTER DIAGRAM / CHAIN OF TRUST

The system has three layers, and confusing them is expensive:

  1. Your company implements a management system (ISO 9001, ISO 22000, ISO 45001…).
  2. A certification body (CB) audits your system and issues the certificate. CBs must operate to ISO/IEC 17021-1, the international standard for bodies providing audit and certification of management systems, covering their impartiality, auditor competence, audit process and certification decisions.
  3. An accreditation body (AB) audits the certification body against ISO/IEC 17021-1 (operating itself under ISO/IEC 17011) and formally attests its competence. That attestation is accreditation.

So: you are certified; your certifier is accredited. Accreditation is literally an audit of the auditors: witnessed audits, office assessments, competence file reviews, and ongoing surveillance of the CB. When a certificate carries an accreditation mark, an independent national authority is standing behind the CB's competence and impartiality.

The international recognition layer: IAF

Accreditation bodies themselves join the International Accreditation Forum (IAF) and sign its Multilateral Recognition Arrangement (MLA). Signatories peer-evaluate each other, and the outcome is the principle "certified once, accepted everywhere": a certificate issued under one MLA signatory's accreditation is meant to be recognised under all of them (iaf.nu). You can verify accredited certificates internationally through IAF CertSearch (iafcertsearch.org).

SAAC: the Saudi national accreditation body

The Saudi Accreditation Center (SAAC) (saac.gov.sa) is the Kingdom's official national accreditation body. Its remit includes accrediting conformity assessment bodies (certification bodies under ISO/IEC 17021-1, testing and calibration laboratories under ISO/IEC 17025, inspection bodies under ISO/IEC 17020 and others) and representing Saudi Arabia in the international accreditation community.

Two facts matter for anyone buying certification in the Kingdom:

  • SAAC is an IAF MLA signatory. In January 2024, SAAC gained IAF MLA recognition covering management system certification (ISO/IEC 17021-1) with ISO 9001 within its recognised scope, meaning certificates issued under SAAC accreditation carry international recognition, not just domestic standing (iaf.nu).
  • SAAC publishes a directory of accredited bodies. You can check whether a certification body is genuinely SAAC-accredited, and for which schemes, on SAAC's accredited-CABs pages: a two-minute check that prevents most certificate-acceptance problems.

For Saudi government tenders, regulator files and local supply chains, SAAC accreditation is the most direct answer to "is this certificate recognised here?"

IAS: an international accreditation body

The International Accreditation Service (IAS) (iasonline.org) is a long-established US-based accreditation body and an IAF member, accrediting certification bodies, laboratories and inspection bodies worldwide. Many certification bodies operating in the Gulf hold IAS accreditation for management system certification.

Because both SAAC and IAS operate within the IAF framework, a certificate under either accreditation is internationally legitimate. Some certification bodies hold more than one accreditation; what matters to you is that at least one recognised accreditation covers the specific standard and scope on your certificate.

Sector approvals: the SFDA example

Accreditation is not the only gate. Regulators can add their own approval layer for regulated sectors. The clearest Saudi example: the Saudi Food and Drug Authority (SFDA) approves certification bodies for food-sector certification activities. A food factory whose HACCP or ISO 22000 certificate must support SFDA licensing or product registration should confirm the CB holds the relevant SFDA approval in addition to accreditation (sfda.gov.sa). The same logic applies in other regulated fields where authorities publish lists of accepted bodies.

Why unaccredited certificates keep getting sold, and rejected

Nothing physically stops a company from printing "ISO 9001 certificate" on nice paper. Unaccredited "certification" is cheaper and faster precisely because nobody audits the issuer: no witnessed audits, no competence requirements, no impartiality rules, no oversight of audit duration. The consequences surface later:

  • Tender rejection. Prequalification teams increasingly verify accreditation marks and check registries.
  • Regulator rejection. A certificate from a non-approved, non-accredited issuer will not carry an SFDA file.
  • Customer audits anyway. Sophisticated customers who distrust the certificate simply audit you themselves, and the cost saving evaporates.
  • Paying twice. The common ending: re-certifying with an accredited body under time pressure.

Warning signs of a certificate mill: guaranteed certification, "audit" done in a day or entirely by email for a complex site, price quoted without asking your headcount or processes, no accreditation mark (or a mark from an "accreditor" that is not an IAF member), and no published complaints or appeals process.

How to verify any certificate in five minutes

  1. Read the certificate. Identify the CB and the accreditation mark(s). Check the scope wording and the sites listed: a certificate covering a head office does not cover a factory that is not named.
  2. Check the accreditor is real. Is it SAAC, IAS or another IAF MLA signatory? (iaf.nu lists signatories.)
  3. Check the CB's accreditation scope. On the AB's registry (e.g. SAAC's accredited-bodies directory), confirm the CB is accredited for that standard. Accredited for ISO 9001 does not mean accredited for ISO 22000.
  4. Verify the certificate itself. Through the CB's own verification channel and, where enrolled, IAF CertSearch.
  5. For regulated sectors, confirm the CB's regulator approval (e.g. SFDA for food).

The bottom line

A management system certificate is a claim; accreditation is what makes the claim checkable. Before you invest a year implementing a system, spend five minutes confirming that the body certifying it is accredited, by SAAC, IAS or another IAF-recognised accreditor, for the exact standard you need. It is the cheapest due diligence you will ever do.


QSI Cert is a SAAC-accredited, SFDA-approved certification body based in Riyadh and Al Khobar.

FAQ

Common questions from this guide.

Nothing physically stops a company from printing "ISO 9001 certificate" on nice paper. Unaccredited "certification" is cheaper and faster precisely because nobody audits the issuer: no witnessed audits, no competence requirements, no impartiality rules, no oversight of audit duration. The consequences surface later: Tender rejection. Prequalification teams increasingly verify accreditation marks and check registries. Regulator rejection. A certificate from a non-approved, non-accredited issuer will not carry an SFDA file. Customer audits anyway. Sophisticated customers who distrust the certificate simply audit you themselves, and the cost saving evaporates. Paying twice. The common ending: re-certifying with an accredited body under time pressure. Warning signs of a certificate mill: guaranteed certification, "audit" done in a day or entirely by email for a complex site, price quoted without asking your headcount or processes, no accreditation mark (or a mark from an "accreditor" that is not an IAF member), and no published complaints or appeals process.

Read the certificate. Identify the CB and the accreditation mark(s). Check the scope wording and the sites listed: a certificate covering a head office does not cover a factory that is not named. Check the accreditor is real. Is it SAAC, IAS or another IAF MLA signatory? (iaf.nu lists signatories.) Check the CB's accreditation scope. On the AB's registry (e.g. SAAC's accredited-bodies directory), confirm the CB is accredited for that standard. Accredited for ISO 9001 does not mean accredited for ISO 22000. Verify the certificate itself. Through the CB's own verification channel and, where enrolled, IAF CertSearch. For regulated sectors, confirm the CB's regulator approval (e.g. SFDA for food).

WHATSAPPMessage an auditor