National Framework For PPE Conformity Assessment - Infra

National Framework for Personal
Protective Equipment Conformity

Assessment - Infrastructure
This page intentionally left blank.
National Framework for Personal
Protective Equipment Conformity
Assessment - Infrastructure
DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Disease Control and Prevention
National Institute for Occupational Safety and Health
This document is in the public domain and may be freely copied or reprinted.
Disclaimer
This Framework is intended exclusively as recommendations and to serve informational purposes, and
does not create any legal obligations or regulatory requirements.
Mention of any company or product does not constitute endorsement by the National Institute for
Occupational Safety and Health (NIOSH) or the National Institute of Standards and Technology (NIST). In
addition, citations to websites external to NIOSH or NIST do not constitute NIOSH or NIST endorsement
of the sponsoring organizations or their programs or products. Furthermore, NIOSH and NIST are not
responsible for the content of these websites. All web addresses referenced in this document were
accessible as of the publication date.
Ordering Information
To receive documents or other information about occupational safety and health topics,
contact NIOSH:
Telephone: 1–800–CDC–INFO (1–800–232–4636)

TTY: 1–888–232–6348
CDC INFO: www.cdc.gov/info
or visit the NIOSH website at www.cdc.gov/niosh.
For a monthly update on news at NIOSH, subscribe to NIOSH eNews by visiting

www.cdc.gov/niosh/eNews.
Suggested Citation
NIOSH [2017]. National framework for personal protective equipment conformity
assessment - infrastructure. By D’Alessandro M. Pittsburgh, PA: U.S. Department of Health
and Human Services, Centers for Disease Control and Prevention, National Institute for
Occupational Safety and Health, DHHS (NIOSH) Publication 2018–102.
Lisa Carnahan, U.S. Department of Commerce, National Institute of Standards and

Technology
Richard Metzler, Richard W. Metzler, Inc.
Joshua Scott, Colorado School of Public Health | CU Anschutz Medical Campus

Mountain & Plains ERC
DHHS (NIOSH) Publication No. 2018–102
November 2017
TABLE OF CONTENTS
Foreword ........................................................................................................................................... i
Acknowledgements...........................................................................................................................iii
List of Acronyms ...............................................................................................................................iv
1. Introduction ...................................................................................................................................1
1.1 Motivation for a National Framework ................................................................................................ 1
1.2 PPE CA Framework Utility ................................................................................................................... 2
2. Conformity Assessment Foundation ...............................................................................................3
2.1 Foundations for U.S. Federal Agencies................................................................................................ 4
2.2 Standards Used in Conformity Assessment ......................................................................................... 6
2.3 Current PPE Conformity Assessment Programs in the United States.................................................. 6
3. CA Framework and Recommendations for Implementation .............................................................6
3.1 Step 1: Identify Hazards and Risk to Workers ..................................................................................... 8
3.2 Step 2: Identify PPE Types Needed to Address Hazards ...................................................................... 9
3.3 Step 3: Identify and Select Standards That Address Hazards.............................................................. 9
3.4 Step 4: Define the CA Requirements and Activities in Consideration of Risks to Workers ................ 10
3.4.1 Leveraging Existing PPE CA Programs ........................................................................................ 10
3.4.2 Obtaining Stakeholder Input ...................................................................................................... 10
3.4.3 Understanding CA Program Owner Responsibilities ................................................................. 11
3.4.4 Analyzing the Risk of Injury and Illness Associated with Non-conformity ................................. 12
3.4.5 Independence and Rigor ............................................................................................................ 13
3.4.6 Beyond Risk ................................................................................................................................ 14
3.4.7 Connecting Levels of Risk and Appropriate CA Activities .......................................................... 14
3.4.8 Considerations for a First-Party Attestation .............................................................................. 16
3.4.9 Considerations for Third-Party Use and Attestation.................................................................. 17
3.4.10 Labels, Product Lists, and Other Documentation of Conformity ............................................. 18
3.4.11 Design Market Surveillance Strategies .................................................................................... 18
3.5 Step 5: Perform CA Activities............................................................................................................. 20
3.5.1 Conformity Assessment Improvement Activities....................................................................... 20
3.5.2 Surveillance Activities ................................................................................................................ 20
4. Conclusions ..................................................................................................................................21
5. References ................................................................................................................................. A-1
Conformity Assessment Activities............................................................................. A-4
Standards for Conformity Assessment Activities ....................................................... B-1
Sample Conformity Assessment Programs ................................................................ C-1
Framework Checklist ................................................................................................ D-1
Figures
Figure 1. The Quality Infrastructure .............................................................................. 3
Figure 2. PPE CA Framework ........................................................................................ 7
Figure 3. Analyzing risk for conformity assessment....................................................... 12
Figure 4. Relating Risk to Rigor & Independence .......................................................... 13
Figure 5. Post Market Surveillance Action [Adapted from PROSAFE:2009, Fig 26] ............. 19
Figure A-1. Functional Approach to Conformity Assessment ..........................................A-5
Tables
Table-1 Conformity Assessment Activities Based on Risk Category ................................. 16
Table B-1 ISO Standards and Conformity Assessment ..................................................B-1
Table B-2 ISO/IEC Conformity Assessment Standards ..................................................B-2
Table B-3 ISO/IEC 17067 Example Certification Programs ............................................B-4
Table C-1 Sample PPE Conformity Assessment Programs in the United States.................C-1
Table D-1 Checklist for Application of PPE Conformity Assessment Framework ............... D-1
FOREWORD
The goal of our efforts at the National Institute for Occupational Safety and Health (NIOSH)
is to provide national and world leadership to prevent workplace illnesses and injuries. We
accomplish this by conducting and supporting activities to protect workers from work-
related exposures to hazards. One core objective of this approach involves the development
and use of personal protective equipment (PPE).
Workers are more likely to appropriately use PPE when they are confident that the
equipment will provide the intended protections based on its conformance with appropriate
standards. The National Academies of Sciences, Engineering, and Medicine (the Academies)
indicates that “for the consumer or worker, conformity assessment provides confidence in
the claims made about the product by the manufacturer and may assist the consumer with
purchasing decisions in determining the fitness of a product for it its intended use.” [IOM,
2011, page 3] A comprehensive and tailor-made conformity assessment (CA) program is
the most effective way to manage risks of a non-conforming PPE and instill this confidence
in PPE users.
Following recommendations from the Academies, we have defined a Framework to assist in

developing, structuring, and managing PPE CA for American workplaces.
This Framework is the product of collaboration among the NIOSH representatives and a
broad cross-section of members of the PPE community. This group’s multi-year effort;
(1) identified and analyzed national and international conformity assessment programs and
requirements, (2) investigated injury and enforcement surveillance databases, (3)
researched and gathered PPE standards, and (4) developed a risk-based approach to
conformity assessment resulting in this Framework.
The Framework was informed by a comprehensive review of good practice criteria derived
from current CA programs and is based on national and international standards published by
the International Organization for Standardization and International Electrotechnical
Commission (ISO/IEC) (e.g., ISO/IEC 17065, 17025). These standards, which serve as the
basis for CA requirements in many programs worldwide, help U.S. suppliers meet
international requirements for evidence of conformity.
The recommendations in this document are intended to serve as foundational principles for
various types of conformity assessment programs for occupational PPE. They are not
requirements for how these programs must, or will, function. Conformity assessment
activities should be tailored to the needs of product users, suppliers, and regulatory
authorities. They should result in products that protect workers who rely on PPE; facilitate
trade, fair competition, and market access; be cost-effective; and provide assurance of
conformance.
We developed the Framework in a way that it can be appropriately tailored and broadly
applied to all PPE that protects from a variety of risks regardless of the hazard, type, or
environment. For example, the conformity assessment program for firefighter boots would
i
look different than the conformity assessment program for steel toe boots for construction
workers. The Framework describes the foundational principles of CA to enable program
owners and operators to define the level of independence and rigor based on risk to
workers.
The Framework defines a process that contains five steps that link the elements of the well-
developed public health hierarchy of controls with those of CA. The Framework is supported
by a checklist assisting prospective CA program owners to evaluate and then define an
approach specific to workplace needs. This document represents the first in a series of
documents supporting the National Framework for Conformity Assessment of PPE. NIOSH
will use this document series to publish additional documents related to the development,
implementation and use of conformity assessment programs for PPE.
To support the Framework and facilitate its use NIOSH will continue to:
1. Provide impartial research leadership to define and fill scientific gaps;
2. Lead the development and incorporation of scientific input into PPE standards;
3. Support a sustainable U.S. PPE CA infrastructure by providing national leadership;
4. Establish a PPE clearinghouse to support national occupational safety and health; and
5. Develop and publish additional documents to support implementation of the
framework.
ii
ACKNOWLEDGEMENTS
This report was prepared by the NIOSH, National Personal Protective Technology Laboratory
(NPPTL) to address the Institute of Medicine (IOM)1 and National Research Council (NRC)
recommendations regarding the need for national risk-based conformity assessment (CA)
activities for personal protective equipment (PPE). NIOSH is appreciative of the following
current and former NIOSH employees, and stakeholders who actively contributed to the
study of national and international CA programs and requirements, investigated injury and
enforcement surveillance databases, researched and gathered PPE standards in support of
the PPE CA Working Group (PCAWG) [NIOSH Docket 237-A]2, or provided information used
by NIOSH to formulate this national Framework.
 3M Company, Occupational Health  Occupational Safety and Health Administration

 Adso Enterprises, Inc.  Raytheon Company
 AFL-CIO, Department of Occupational  Richard W. Metzler, Inc.
Safety and Health  RTI International
 Association of Occupational Health  Safety Equipment Institute
Professionals in Healthcare  Scott Safety
 American Association for Laboratory  Syntech, International
Accreditation  CPWR - The Center for Construction Research
 American National Standards Institute and Training
 ASTM International  University of Maryland – School of Medicine
 DuPont Protective Technologies  University of Maryland – Eastern Shore
 Emergint Technologies, Inc.  University of Pittsburgh
 Gateway Safety  University of Wisconsin
 ICS Laboratories, Inc.  Underwriters Laboratories
 Institute of Medicine, Committee on  United States Coast Guard
Personal Protective Equipment  URS Corporation
 International Association of Fire Fighters  Current and former NIOSH employees
 International Safety Equipment Association Bryan Beamer
 International Personnel Protection, Inc. Roland Berry Ann
 J.P. Zeigler Co., LLC David Book
 JSJ and Associates Christopher Coffey
 Kimberly Clark Professional Judi Coyne
 Mine Safety and Health Administration Brent Doney
 National Institute of Standards and William Haskell
Technology Jackie Krah
 National Fire Protection Association William Newcomb
 National Safety Council, International & Charles Oke
Environmental Health and Safety Jay Parker
 JSJ and Associates John Perrotte
 Kimberly Clark Professional Lynn Rethi
 Mine Safety and Health Administration Teresa Seitz
 National Institute of Standards and Ronald Shaffer
Technology John Sporrer
 National Fire Protection Association Jonathan Szalajda
 National Safety Council, International &
Environmental Health and Safety
1On March 15, 2016 the Institute of Medicine was renamed the Health and Medicine Division (HMD) of the
National Academies of Sciences, Engineering, and Medicine (the Academies).
iii
LIST OF ACRONYMS
ACUS Administrative Conference of the U.S.

ANSI American National Standards Institute
CA Conformity Assessment
CASCO ISO Committee on Conformity Assessment
CFR Code of Federal Regulations
FIT Follow-up Inspection and Testing
IEC International Electrotechnical Commission
IOM Institute of Medicine now the Health and Medicine Division (HMD)
NFPA National Fire Protection Association
NIJ National Institute of Justice
NIJ CTP National Institute of Justice Compliance Testing Program
NIOSH National Institute for Occupational Safety and Health
NIST National Institute of Standards and Technology
NPPTL National Personal Protective Technology Laboratory
NRC National Research Council
NTTAA National Technology Transfer and Advancement Act
OMB Office of Management and Budget
OSHA Occupational Safety and Health Administration
PCAWG PPE Conformity Assessment Working Group
PPE Personal Protective Equipment
PPT Personal Protective Technologies
SDoC Supplier’s Declaration of Conformity
SDO Standards Development Organization
USCG United States Coast Guard
WTO World Trade Organization
iv
1. Introduction
Conformity assessment (CA) is the demonstration that a product meets specified
requirements. “Conformity assessment can verify that a particular product meets a given
level of quality or safety. It can provide explicit or implicit information about the product’s
characteristics, the consistency of those characteristics and/or the performance of the
product. Conformity assessment can also increase a buyer’s confidence in a product, furnish
useful information to a buyer, and help to substantiate advertising and labeling claims.
Information on conformance (or non-conformance) to a particular standard can provide an
efficient method of conveying information needed by regulators or buyers on the product’s
safety and suitability” [ANSI 2014a, page 3]. CA is the vital link between product
requirements and the products themselves. Although the Occupational Safety and Health
Administration (OSHA) and other agencies publish guidance for effective worker protection
using PPE, there is currently no single regulatory body, official guidance, or mandating
authority for the CA of all PPE. In the absence of national policy and guidance, NIOSH has
developed the Framework to provide a risk-based, evidence-driven PPE CA approach for
occupational use PPE.
1.1 Motivation for a National Framework

When PPE is used to protect the health and safety of workers, those workers must have
confidence that the product they are using conforms to applicable standards. A
comprehensive, tailored CA program is the most effective way to instill this confidence in
PPE users. Assurances that products provide the expected protection may be determined by
following a rigorous conformity assessment process using relevant technical standards and
metrics.
In 2008, the Institute of Medicine (IOM) and National Research Council (NRC) issued a
report on the NIOSH Personal Protective Technology (PPT) Program. In that report a
recommendation was made for the NIOSH to “Implement and Sustain a Comprehensive
National Personal Protective Technology Program.” Regarding overseeing PPT certification,
the National Program should also “collaborate with other relevant government agencies,
private sector organizations, and not-for-profit organizations to conduct an assessment of
the certification mechanisms needed to ensure the efficacy of all types of PPT” [IOM and
NRC, 2008, page 117].
A follow-up study published in 2011 by the IOM elaborated on the 2008 report by
recommending that NIOSH “Develop and Implement Risk-Based Conformity Assessment
Processes for Non-Respirator PPT” and NPPTL “should serve in a leadership role and
convene other relevant government agencies, certifying and accrediting organizations,
manufacturers, and end users to develop and implement a comprehensive , tiered risk –
based framework for the classification and conformity assessment of PPT products for
specific applications.” The IOM emphasized that “This framework should be based on the
degree of risk to the safety and health of the user and other factors affecting the feasibility
of implementing the proposed conformity assessment processes.” [IOM, 2011, page 9]. In
addition to health and safety risks, the framework is to take into account “[…] economic and
other pragmatic factors (e.g., cost of conformance, impediments to innovation, risk to
1
manufacturer’s reputation due to poor product quality and/or product failure)” [IOM, 2011,
page 7].
In response to these recommendations, NIOSH formed the PPE CA Working Group (PCAWG)
comprised of representatives from more than 30 public and private organizations. The group
developed a comprehensive evaluation of conformity assessment and subsequent work
products which are available in NIOSH Docket 237-A [NIOSH Docket 237-A] that served as
input to the development of this Framework.
The Framework is intended to help the PPE industry meet the need for “a consistent risk-
based approach to PPE CA” as highlighted in the IOM 2011 report. It supports CA programs
to effectively demonstrate and attest that a PPE product conforms to the performance,
quality, reliability, and other standards that are selected to meet health and safety needs
for reducing the wearer’s exposure to workplace hazards to acceptable levels.
1.2 PPE CA Framework Utility

The Framework is based on good practice criteria derived from international CA standards
and practices, current U.S. legal and regulatory requirements, and evidence from existing
CA activities in the United States and other industrialized economies. [NIOSH Docket 237-A]
The CA concepts on which the Framework is based are identified in Appendix A.
An approach for developing, structuring, and managing PPE CA in the U.S. is provided and
can be tailored and applied to all PPE that protects from a variety of occupational risks
regardless of the hazard, type, or environment. The Framework describes the foundational
principles of CA to enable CA program developers and operators to stratify the level of
independence and rigor based on likely risk to workers.
The Framework elements are not regulatory requirements for a CA program. The elements
may be used to improve existing programs, develop new programs, and provide information
to those interested in the concept of conformity assessment.
Both public agencies and private organizations operate PPE CA programs in the U.S. The
programs vary along a continuum of rigor in requirements and testing as well as
independence from the PPE supplier.
The Framework is intended to serve all organizations that are or may become owners of CA
programs. These foundational CA principles provide support for effectively demonstrating
that a PPE product conforms to selected standards. CA activities should be tailored to the
needs of product users, suppliers, and regulatory authorities. They should result in products
that protect workers who rely on PPE; facilitate trade, fair competition, and market access;
be cost-effective; and provide regulatory confidence.
The Framework draws upon federal policy and administrative guidance as well as current
national public and private CA programs. It aims to facilitate commerce by incorporating
existing CA infrastructure in the U.S. and recommending practices that link hazards to
protection requirements in PPE standards. In addition, it suggests appropriate CA activities
based upon the risk to workers associated with a non-conforming PPE.
2
Docket 237-A contains resources developed from the multi-year effort of the PCAWG which
led to the development of the Framework.
Personal protective technologies (PPT) such as instrumentation and sampling devices are
not included in the Framework for PPE; however, the Framework may be applied to address
conformity of PPT in the future.
2. Conformity Assessment Foundation

CA is defined as “demonstration that
specified requirements relating to a Societal Concerns
product, process, system, person, or Health, Safety, Environment, Economic well-being,
body are fulfilled.” [ISO/IEC 17000] The Fair trade, consumer protection, Governmental laws and regulations
standard also describes the
interrelationships of CA procedures. CA
procedures evaluate whether the
products, services, or systems produced
or operated have the required
characteristics and whether these
characteristics are consistent from Standardization
product to product, service to service, or
system to system. CA includes sampling
and testing, inspection, supplier’s
declaration, certification, and quality Metrology Conformity
and environmental system assessment Assessment
and registration. It also includes
accreditation of the competence of the
provider of those activities by a third
party and recognition of an accreditation Business Concerns
program's capability. CA processes and Trading, Quality, Profitability, Manufacturing, Distribution,
activities are described in Appendix A. Purchasing, Use, Specifications, Contracts
CA is one of the three interdependent Figure 1. The Quality Infrastructure

pillars of a quality infrastructure (see Figure 1). [ISO-UNIDO (2010:6)]
Together with metrology and standardization (i.e., the
development and use of technical standards), CA is an efficient means to achieve public
health and safety goals and to remove barriers to commerce and trade.
Consumers benefit from CA because it gives them a basis for selecting products and for
having confidence that their health and safety requirements are met. Conforming products
are directly related to health and safety requirements through standards used in the CA
processes. Suppliers and service providers benefit both by avoiding the costs of product
failures in the market and by obtaining access to internal and external markets.
The basic building block of CA is a program that relates to a particular group of products
with “sufficiently similar characteristics that the same set of rules and procedures can be
carried out under the same management for assessing conformity with the same set of
3
specified requirements” [ISO, 2010:47]. A program consists of rules, procedures, and
management requirements related to assessing conformity with a particular set of specified
requirements. In the international conformity assessment community the term CA scheme
is used rather than CA program. Per ISO/IEC 17000, the terms CA scheme and CA program
are synonymous.
Each CA program should have an owner. The program owner can be any type of
organization – public or private. Common types of organizations are government or
regulatory bodies, non-governmental organizations, trade or manufacturing associations,
product certification bodies or groups of certification bodies, and consumer organizations.
[ISO/IEC 17067:2013[E]].
Many types of organizations can perform CA activities including: (1) a first party, which is
generally the manufacturer or other supplier; (2) a second party, which is generally the
purchaser or user of the product; or (3) a third party, which is an independent entity that is
generally distinct from the first or second party and has no interest in transactions between
the first and second parties.
Terminology for CA processes is found in standard ISO/IEC 17000. Additional terminology

common to PPE CA can be found in NIOSH Docket 237-A.
2.1 Foundations for U.S. Federal Agencies

The Framework is informed in part by federal law, regulatory policy, and administrative
guidance. The National Technology Transfer and Advancement Act (NTTAA) (Public Law
104-113) requires all U.S. federal agencies to use voluntary consensus standards to the
extent possible [IOM, 2011:26-27]. The Office of Management and Budget (OMB) Circular
A-119, Revised, “Federal Participation in the Development and Use of Voluntary Consensus
Standards and in Conformity Assessment Activities” establishes policies on federal use and
development of voluntary consensus standards and on CA activities.
The Agreement on Technical Barriers to Trade (TBT), one of the agreements within the
World Trade Organization (WTO) and to which the U.S. is a signatory, prohibits the
signatories from having CA procedures that are more trade restrictive than necessary to
meet their legitimate regulatory objectives. To comply with these agreements WTO
members should
 ensure that the results of another member’s CA procedures based on equivalent

procedures are accepted, even when they differ from their own,
 follow strict transparency provisions to enable members to understand and have
an opportunity to influence another member’s proposed CA practices that could
affect international trade, and
 support global harmonization of CA procedures.
The NTTAA directs the U.S. National Institute of Standards and Technology (NIST) to
coordinate CA activities of federal, state, and local entities with private sector technical
standards activities and CA activities to eliminate any unnecessary duplication of CA
4
activities [NIST: 2012]. NIST has published guidance outlining federal agencies’
considerations for evaluating the efficiency and effectiveness of their CA activities. NIST
guidance is intended to help federal agencies improve the management and coordination of
their own CA activities in support of their regulatory, procurement, and other mission
objectives [NIST: 2012]. NIST makes specific recommendations to:
 provide a rationale for use of specified CA procedures and processes,

 use the results of other governmental agency and private sector organization CA
practices, programs, and activities,
 use relevant guides or standards for CA practices published by domestic and
international standardizing bodies to enhance the safety and efficacy of proposed
new CA requirements and measures,
 participate in efforts designed to be cost-effective and reduce industry burden:
– improve coordination among governmental and private sector CA activities,

– avoid unnecessary duplication and complexity in federal CA activities,
– harmonize federal requirements for quality and environmental management
systems for use in procurement and regulation,
– establish criteria for the development and implementation of governmental
recognition systems to meet government recognition requirements imposed
by other nations and regional groups in support of the efforts of the U.S.
government to facilitate international market access for U.S. products, and
– develop national infrastructures for coordinating and harmonizing U.S. CA
needs, practices, and requirements.
 encourage domestic and international recognition of U.S. CA results by

supporting the work of the U.S. government in international trade and related
negotiations with foreign countries and U.S. industry in pursuing agreements with
foreign national and international private sector organizations.
Recommendation 2012-7 of the Administrative Conference of the U.S. (ACUS) sets forth
guidance for federal agencies when deciding whether to develop a third-party program to
specifically assess regulatory compliance. ACUS makes these recommendations:
 consult governmental and nongovernmental resources relating to third-party CA;

 compare a third-party approach with direct governmental assessment of
compliance related to effectiveness, costs, efficiency and timeliness, and agency
capacity;
 evaluate whether sufficient incentives exist or can be created to attract the
participation of regulated entities in the third-party program;
 design its CA program to be proportional to the risks associated with regulatory
noncompliance;
 consider relying on existing CA standards, particularly international standards
that set forth requirements for CA and accreditation bodies; and consider that
existing standards can be supplemented with program specific rules;
5
 ensure that both the government and the public have appropriate access to
information about program operations to facilitate transparency and agency
oversight; and
 set forth how they intend to conduct oversight to ensure that a third-party
program is fulfilling its regulatory purpose [ACUS: 2012].
2.2 Standards Used in Conformity Assessment

Standards are critical within a CA process. Standards provide the basis for CA activities that,
in turn, are the basis for many buyer-seller transactions. Hence, standards used in CA
activities can have tremendous impact on companies and nations and even on the economic
fabric of the world market.
Standards can cover many aspects of the CA process. They can describe characteristics of
the product for which conformity is sought; the methodology (e.g., test, inspection, or other
methods) used to assess that conformity; or even the CA process itself (e.g., how a
certification program should be operated). With respect to the latter, foremost among these
are the CA standards published by the ISO/IEC. A list of these “CASCO Toolbox” standards
is provided in Appendix B and shown in Tables B-1 and B-2.
2.3 Current PPE Conformity Assessment Programs in the United

States
Both public and private sector organizations operate CA programs in the United States. A
sample of third-party CA program owners for PPE and the products they cover is listed in
Table C-1. These program owners include independent testing/inspection organizations,
organizations focused on an industrial group and/or its customers (e.g., National Fire
Protection Association [NFPA]), and government agencies implementing a regulatory
requirement for conformity. Other common program owners for PPE are second-party
industrial buyers or product users. The U.S. Army Program Executive Office (PEO), Soldier,
Project Manager, Soldier Protection & Individual Equipment organization operates a second-
party program to determine conformity to its PPE requirements for protective eyewear and
flame resistant combat glove products.
3. CA Framework and Recommendations for Implementation

The purpose of the National Framework for Personal Protective Equipment Conformity
Assessment is to establish a set of principles and provide recommendations for CA of PPE
products in the United States. This is accomplished by addressing risk of worker exposure to
a non-conforming product. The Framework helps advance the PPE industry with meeting the
need for “a consistent risk-based approach to PPE CA,” which was highlighted by the IOM in
its report Certifying Personal Protective Technologies: Improving Worker Safety [IOM,
2011]. The Framework is based on good practice criteria derived from international CA
standards and practices, current U.S. legal and regulatory requirements, and evidence from
existing CA activities in the United States and other advanced industrialized economies.
[NIOSH Docket 237-A]
6
The Framework can be appropriately tailored and universally applied to all PPE that protects
from a variety of risks regardless of the hazard, type, or environment. For example, the
conformity assessment program for firefighter boots would look different than the
conformity assessment program for steel toe boots for construction workers. The
Framework describes the foundational principles of CA to enable program owners and
operators to define the level of independence and rigor based on risk to workers.
Figure 2. PPE CA Framework
The first three steps in the Framework shown in Figure 2 are activities that provide input
into CA program decisions and are not necessarily performed by CA owner/operators:
1. Identify hazards and risk to workers;

2. Identify PPE types needed to address hazards; and
3. Identify and select standards that address hazards.
The last two steps are primary activities of CA and should be directly addressed with the
authority of the program owner and input from concepts one through three. Details for each
of these five steps are provided on the following pages.
4. Define the CA requirements and activities;

5. Perform CA activities.
In addition, it is important to assess the effectiveness of the CA program and conformance

of PPE to the requirements of the CA program. Section 7.11, Design Market Surveillance
Strategies, and Section 8, Perform CA Activities, provide information for effective evaluation
and surveillance activities.
A Framework Checklist (Table D-1 in Appendix D) has been developed for the PPE CA
process and represents a compilation of key concepts and considerations for developing and
7
operating CA programs. This checklist assists CA program owners who wish to (1) evaluate
the Framework for application to their particular circumstances and/or (2) strengthen an
existing CA program or (3) develop and implement a program if a decision is made to go
forward. As such, a PPE CA program is part of an overall risk management system that
NIOSH recommends for ensuring worker safety and health. The Framework may also serve
as a useful tool for stakeholders interested in assisting current or potential CA programs in
developing a CA program to address PPE conformity.
The questions identified in Table D-1 are intended to help program owners arrive at
decisions that ensure that programs are tailored according to the potential risk of a non-
conforming products and provide confidence with respect to product conformity to
standards. This checklist is meant to assist in the process of developing appropriate CA
programs, not the sole means of assuring adequacy. The checklist can be supplemented and
tailored to suit the specific organization or need. Along with relevant CA standards and
technical guidance, this document can be used to increase confidence that a PPE CA
program will perform according to desired outcomes.
The remaining sections provide a description of each of the five Framework steps and
specific considerations that aid program owners and operators as they design, develop and
operate conformity assessment programs.
3.1 Step 1: Identify Hazards and Risk to Workers

Hazards are widespread in work environments and include: sharp edges, falling objects,
flying sparks, chemicals, and noise, among many others. The U.S. Department of Labor
Occupational Safety and Health Administration (OSHA) and other regulatory agencies
require that employers protect their employees from workplace hazards that can cause
injury. In support of those requirements, OSHA publishes guidance for effective worker
protection using PPE that includes providing information for performing job hazard analysis
[OSHA, 2002].
Controlling a hazard at its source is the best way to protect employees. The most effective
control is eliminating the hazard and associated risk (e.g., by eliminating the chemical,
machine, task, or work process). If elimination is not practical or sufficient, hazards should
be minimized by substituting the hazard with a less hazardous source (e.g., use a less
hazardous chemical or use a less noisy machine). Isolating the hazard (e.g., establish
barriers to isolate the worker or isolate the hazard) reduces exposure to the hazard. If
engineering controls are not practical or do not reduce the hazard to an acceptable level,
the next level of control involves administrative controls including safe work practices —
that is, making changes in the way people work and promoting safe work practices via
education and training. For more information on the hierarchy of controls refer to
https://www.cdc.gov/niosh/topics/hierarchy.
When engineering controls and administrative controls (including work practices) are not
feasible, PPE is recommended. PPE includes clothing and equipment that act to minimize
exposure to workplace injuries and illnesses, which may result from contact with a variety of
8
workplace hazards [OSHA, 2003]. Examples of PPE include gloves, foot and eye protection,
protective hearing devices, hard hats, respirators, and full body suits.
Identify the physical and health hazards for which workers must use PPE for their
protection.
3.2 Step 2: Identify PPE Types Needed to Address Hazards

After the hazards have been identified, PPE types are selected to address the identified
hazards. The example below demonstrates the inclusion of the hazard and PPE type
addressed by the standard.
EXAMPLE: HAZARD INFORMATION IS INCORPORATED INTO STANDARDS
ASTM F1818-13, Standard Specification for Foot Protection for Chain Saw Users
identifies the HAZARDS from which conforming products are intended to protect by
stating that “the objective of this specification is to prescribe […] criteria for footwear
and foot protective devices, worn by chain saw operators, which are intended to reduce
foot injuries caused by contact with a running power chain saw.”
3.3 Step 3: Identify and Select Standards That Address Hazards

Standards connect identified hazards with measurable requirements that, when met, should
provide wearers with PPE that reduces the risk of the hazard. The CA program owner (or
program developer) should understand whether the requirements contained in the standard
are adequate to address the identified hazards. The example presented below demonstrates
how identified hazards can be linked to requirements through direct text in a standard
[ANSI/ISEA Z89.1, 2014].
EXAMPLE: HAZARD AND PROTECTION REQUIREMENTS ARE LINKED IN

STANDARDS
ANSI/ISEA Z89.1, “This standard establishes minimum performance requirements for

protective helmets that reduce the forces of impact and penetration and that may
provide protection from electric shock (not arc flash)." The hazard is described as
“Type II helmets are intended to reduce the force of impact resulting from a blow to
the top or sides of the head” [Section 4.1.2]. The related requirement states
“Helmets shall be tested in accordance with Section 10.2 and shall not transmit a
force to the test headform that exceeds 4450 N (1,000 lbf). Additionally, for each
preconditioning specified, the maximum transmitted force of individual test samples
shall be averaged. The averaged values shall not exceed 3780 N (850 lbf)” [Section
7.1.2].
To help employers, users of PPE, and others determine which PPE standards must be met by
their equipment, NIOSH in collaboration with key partners including the International Safety
9
Equipment Association, the Occupational Safety and Health Administration, the Mine Safety
and Health Administration, and other members of the PPE Conformity Assessment Working
Group developed the PPE-INFO database. The database serves as a compilation of federal
regulations and consensus standards for respirators and non-respiratory PPE. The standards
information was obtained from U.S. government agencies and consensus standards
organizations. It is a tool for standards developers, certification organizations,
manufacturers, purchasers, end users, safety and health professionals, and researchers.
The information in the database can be used to determine whether a product meets a
certain standard and if the performance requirements of that standard provide an
appropriate level of protection against expected hazards. This database is currently
available at https://wwwn.cdc.gov/ppeinfo.
3.4 Step 4: Define the CA Requirements and Activities in

Consideration of Risks to Workers
Selecting CA requirements is based on factors such as the risk of injury and illness
associated with non-conformity, degree of hazard, current conformity in the market,
regulatory requirements, cost, and other factors. Refer to Appendix A, Conformity
Assessment Processes and Activities for information on CA processes and activities.
3.4.1 Leveraging Existing PPE CA Programs

Leveraging existing conformity assessment programs should be the first consideration made
by a CA program owner. Existing PPE CA programs in the U.S. and internationally represent
a wide diversity of public and private sector approaches including declarations of
conformance from supplier (self-declarations) to independent third-party certification.
Current CA programs in the U.S. operated by public agencies or private sector organizations
are primarily for products that protect workers against medium to high hazards (e.g.,
respiratory protection, body armor, and personal flotation devices). Certification programs
for PPE are conducted by private sector bodies (e.g., Safety Equipment Institute,
Underwriters Laboratories); and federal agencies such as NIOSH (e.g., respiratory
protective devices), National Institute of Justice (NIJ) (e.g., body armor), United States
Coast Guard (USCG) (e.g., personal flotation devices), and the Food and Drug
Administration (FDA) (e.g., medical devices). Program owners should proceed with
designing a PPE CA program if existing CA programs are not suitable.
3.4.2 Obtaining Stakeholder Input

Whether the program is public, private, or a combination of both, the specific content of the
CA program should be agreed upon among the key stakeholders [ISO/IEC 17067, 2013[E]].
Relevant stakeholders of PPE programs are workers and their employers (PPE users),
governmental regulators, and the manufacturers, importers, distributors, and other
suppliers of the PPE. Other stakeholders include standards development organizations
(SDOs) and CA bodies (see Appendix A for additional information on CA bodies).
For the CA program owner, involving experts and stakeholders broadens the points of view
and policy options that can be considered in designing and implementing the program.
10
Input can also be obtained through a formal process or informally at conferences,
workshops, and public calls for feedback. Overall, gaining the support of stakeholders will
improve the quality of the program.
3.4.3 Understanding CA Program Owner Responsibilities

CA programs require an owner to design, manage, and monitor the program. The program
owner can be any type of organization – public or private. Common types of organizations
are government or regulatory bodies, non-governmental organizations, trade or
manufacturing associations, product certification bodies or groups of certification bodies,
suppliers, and consumer organizations [ISO/IEC 17067:2013]. The primary responsibilities
of (certification) program owners are defined in ISO/IEC 17067:2013. The program owner
should be a legal entity that, for example, has full responsibility for the objectives, content,
and integrity of the program; sets up the structure for managing and operating the
program; evaluates and manages risks/liabilities arising from the program; and has the
financial stability and resources required for it to fulfill its role in the operation of the
program.
Public sector programs require empowering legislation that grants the program owner the
necessary powers to perform its functions. Section 2.1 discusses guidance to U.S. federal
agencies and considerations in leveraging private sector activities. Regardless of program
ownership, suppliers remain responsible for the conformity of the products they place on the
market with relevant product requirements.
A program should be developed by persons competent in both technical and CA

requirements, and should cover these elements:
 scope (type of product, circumstance of use);

 product requirements;
 CA activities, methods, and procedures;
 requirements for CA bodies (e.g., impartiality, independence, competence,
accreditation, peer assessment);
 information supplied by supplier to support CA (e.g., technical file,
designs);
 statement of conformity (e.g., supplier’s declaration of conformity (SDoC),
certification);
 mark of conformity (e.g., a label);
 list of approved products;
 required documentation for approved products;
 surveillance (when appropriate) and enforcement procedures; and
 corrective actions.
These elements are defined in ISO/IEC 17067:2013. Information on all requirements and
procedures for obtaining CA should be publicly available [ACUS: 2012; ANSI: 2014b].
11
3.4.4 Analyzing the Risk of Injury and Illness Associated with Non-
conformity
Analysis methods to determine the risk of non-conformity in a
market vary depending on the product type, its use, and Step 1: Document PPE type,
available data. Figure 3 shows a nine step risk analysis intended use & required
process that can be used to align the CA requirements with the
standard
associated risk. [NIOSH Docket 237-A]
This risk analysis process is a powerful tool in collecting Step 2: Identify user
information in a systematic, logical way. As such, the process populations & usage scenarios
outlined in Figure 3 can help
 identify significant gaps between CA activities and Step 3: Identify failure modes
risk that the PPE would fail to meet performance & performance requirements
standards, addressed by standard
 identify when the risk of non-conformance is
eclipsed by the risk of an inadequate performance
standard, Step 4: Identify several typical
 provide a straightforward process that can facilitate & illustrative hazards for PPE
thoughtful group discussion and decision making,
 justify decisions to make changes in CA activities,
 provide a basis of consistency in analysis between Step 5: Identify risk of
various PPE types. injury/illness while using PPE
that meets performance
standard
Furthermore, this consistent analysis can aid prioritization of
research activities and help align performance standards with
appropriate conformity assessment activities. Limitations exist Step 6: Identify risk of
in fully benefiting from this process. These include the need to injury/illness while using non-
generate a great deal of data and the qualitative and subjective compliant PPE
nature of the process. Moreover, risk assessment is not the
only basis for defining an optimal CA program nor should it be
Step 7: Verify relative efficacy
the sole basis for justifying a change in the activities of an
of performance standard vs.
existing program.
the potential contribution of
CA activities
Step 8: Identify current CA

activities
Step 9: Document & follow

through
Figure 3. Analyzing risk for

conformity assessment
12
3.4.5 Independence and Rigor
CA activities range along a continuum of independence and rigor. Generally, as the seriousness of
the hazard rises, CA activities should become more extensive [(i.e., rigorous)] [ISO, 2013a]. The
greater the perceived risk, the more program owner oversight and conformity independence are
needed in a CA program [Gillerman, 2004]. When the risks associated with a non-conforming PPE
are low, first-party testing or inspection with a supplier’s declaration can generally be considered
adequate. When the risk is higher, testing by a third-party laboratory (with accreditation as a
consideration) may be appropriate. For PPE designed to protect against the most serious hazards,
certification by an accredited third party may be needed along with an accredited quality
management system and a rigorous program of market surveillance.
Figure 4 illustrates examples of a continuum of independence and rigor with four hypothetical CA
programs. With each increase in risk level, the independence and rigor of CA should increase,
which in turn increases the resources needed to carry out the required CA activities. ISO/IEC
17067:2013[E] provides seven example CA systems that can be combined as needed to create a
similarly wide spectrum of programs when the decision has been made to require third-party
certification 3
Figure 4. Relating Risk to Rigor & Independence
Hazard and risk assessment using available data is the recommended approach for determining
effective CA activities in managing worker exposures and defining the CA program. In the absence
3
see Appendix C for complete information
13
of data, as is the case with many PPE types, experts and other stakeholders must collaborate to
determine the set of effective CA program requirements.
3.4.6 Beyond Risk

CA programs should be designed with a clear understanding of the assumptions that underlie the
need for the program in addition to risk-based considerations. CA requirements should provide
sufficient benefit in the form of needed assurance of “competence, consistency, and impartiality” to
justify the cost and effort [ISO, 2012b]. A CA program owner should, therefore, balance the level
of desired robustness of the program with cost and other factors. CA programs should be efficient,
effective, and sustainable. A program that is too rigorous may prove too burdensome for suppliers;
a program that is not rigorous enough may not provide the needed level of confidence in the PPE
products.
In addition to the risks associated with non-conformity, design decisions for CA programs should
consider the following factors:
 practical means of evaluating the characteristics of interest,

 scale and type of production,
 effectiveness of marketplace mechanisms to remove non-conforming products from the
market,
 effectiveness of existing CA activities for a particular product or industry in preventing
non-conforming products from reaching the market,
 effectiveness of penalties for placing non-conforming regulated products in the market,
and
 effectiveness of systems to recall non-conforming regulated products from the market
[Gillerman, 2004].
To facilitate trade and commerce, and not create a barrier to trade, the CA requirements should
also be consistent with international CA standards for the desired activity 4.
In some contexts, more than one program design could balance these various objectives for a
given product category because some program elements help mitigate the potential loss of
confidence due to less rigor and independence in other elements. For example, a robust market
surveillance program backed up by effective enforcement mechanisms, corrective actions, and
penalties for non-conformance can help achieve the needed balance for some programs that rely
on a supplier’s declaration of conformity.
3.4.7 Connecting Levels of Risk and Appropriate CA Activities

Consensus standards are available and others are being developed to provide guidance on
connecting level of risk and risk management with appropriate CA activities for consideration by
program owners. For example, ANSI/ISEA 125-2014 lists the following general assumptions in
determining an appropriate PPE and CA category:
 Risks and hazards are contemplated based on reasonably expected outcomes, not
imaginable best- or worst-case scenarios. Data should be used if available.
 The seriousness of an injury is evaluated on an objective basis and includes
consideration of where the injury fits in the entire spectrum of workplace injuries. Highly
4
See Table 1 for more information
14
individualized and subjective outlooks regarding potential injury or illness should be
avoided in establishing a PPE category.
 The user is wearing and using the PPE properly. Scenarios related to user misuse such
as wearing spectacles down on the nose or tying high visibility apparel around the waist,
should not be considered.
 The PPE was properly selected for the hazard and is appropriate for the reasonably
expected outcomes and events within the environment.
 The PPE is maintained and inspected according to the manufacturer’s instructions.
 The PPE-related “cause” of an injury is limited solely to incidents in which
o the PPE does not perform as specified because of a non-conformance in the PPE
that is not detectable to the user, or
o the magnitude of the hazard or event does not exceed the performance ability of
the PPE per the performance standard.
American National Standard for Conformity Assessment of Safety and Personal Protective
Equipment [ANSI/ISEA 125-2014] defines three categories for PPE relative to risk.
“Level 1 can be used effectively where injury to the user is likely to be superficial and require only
standard first aid or routine medical attention on a one-time basis”. [ANSI/ISEA 125-2014]
“Level 2 PPE is intended to protect against dangers that may cause grave and irreversible injury or
illness and for which the user is unlikely to be able to spot a defective condition in time to avoid
injury or illness. Use of Level 2 PPE requires professional judgment and assistance in selection, use,
and training. This level may include PPE to protect against mechanical and acoustic hazards.”
[ANSI/ISEA 125-2014]
“Level 3 PPE is intended to protect against mortal danger or against dangers that may cause grave
and irreversible injury or illness and for which the user is unlikely to be able to spot a defective
condition in time to avoid such mortal or grave injury or illness.” [ANSI/ISEA 125-2014]
Table 1, extracted from ANSI/ISEA 125-2014, illustrates how specific CA activities could be
combined to create CA programs at differing levels of robustness in activities and independence.
Level 1 involves the least rigor and independence (relative to the other levels) and results in an
SDoC. It could be considered most appropriate for CA of products designed to protect the user
against gradual or unexceptional hazards.
Level 3 is the most rigorous and independent of these examples. Like Level 2, it requires testing by
an accredited testing laboratory (level 2 does not have a third-party requirement). Level 3 requires
certification by an accredited certification body. Further, the accreditation body must be a
signatory, in good standing, to an appropriate international mutual recognition arrangement
operating under relevant scope of CA activities (e.g., testing, certification, etc.).
Each level requires a quality management system that includes the manufacturing processes in its
scope, with Levels 2 and 3 requiring registration of these systems.
15
Table-1 Conformity Assessment Activities Based on Risk Category
CA Activity Level 1 Level 2 Level 3

Quality management Scope includes Supplier of OEM must As determined by the
system manufacturer of be registered to ISO third-party certification
specified product. 9001. Scope includes organization. Must
Must include initial manufacturer of provide initial and
and ongoing specified product. ongoing assurance of
assurance of Must provide initial conformity
conformity and ongoing
assurance of
conformity
Test facility criteria As determined by the In-house or As directed by the
supplier independent third certification
party, as determined organization: ISO/IEC
by the supplier; 17025 accreditation
ISO/IEC 17025 required
accreditation required
Retesting determined Supplier Supplier Third-party certification
by whom? organization
Test interval At least every five At least every five (5) As determined by the
(5) years years certification
organization, at least
every five (5) years
Corrective and Supplier to establish Supplier to establish Supplier to establish and
preventative action and maintain written and maintain written maintain written
program program program
Product recalls/safety Supplier to establish Supplier to establish Supplier to establish and
alerts and maintain written and maintain written maintain written
program program program
Record keeping Record retention Record retention Record retention policy
policy policy
Declaration of Supplier Supplier Third-party certification
conformity organization issues
certificate and supplier
applies certification
mark to product
3.4.8 Considerations for a First-Party Attestation

When a supplier declaration of conformity (SDoC) is used for attestation, suppliers should consider
using the requirements of ISO/IEC 17050:2004. Per the ISO standard, SDoCs should:
 be based on results of an appropriate type of CA activity (e.g., testing, measurement,

auditing, inspection, or examination) carried out by one or more first, second, or third
parties;
 be based on relevant international standards, guides, and other normative documents,
where applicable; and
 be signed by someone other than the person reviewing the CA results.
Suppliers should consider the following elements in the SDoC:
16
 a unique identification number;
 the name and contact information of the supplier;
 a description of the product and production process;
 the statement of conformity;
 the technical performance standards, the date, and place at which the SDoC was issued as
well as other pertinent information.
If other parties were involved with the CA (e.g., a third-party testing laboratory), the name and
contact information for those bodies should also be included on the SDoC along with relevant CA
reports. The supplier should also have procedures in place to ensure the continued conformity of
the product and to reevaluate the validity of the SDoC when significant changes are made to the
product’s design, when the supplier’s ownership or management changes, and when information is
received indicating the product is no longer conforming to the requirements (e.g., recall
notification).
3.4.9 Considerations for Third-Party Use and Attestation

When third-party involvement is required for CA activities, CA program owners should employ
third-party bodies that are independent of the person or organization that provides the PPE and
impartial so that the results of their work can be objective. Program owners should consider the
use of accredited third parties when an independent assessment of management system and
technical competence requirements exists. Accreditation should be based on the ISO Committee on
Conformity Assessment (CASCO) standards and guidelines. Third parties can be government
laboratories or private sector organizations.
Program owners using certification bodies should consider the requirements specified in ISO/IEC
17065:2012 for certification bodies. These include:
 impartiality;
 the use of specific product standards;
 a quality management system;
 specified conditions and procedures for granting, maintaining, and extending certification,
and for suspending or withdrawing certification;
 procedures for assessing the effects of significant changes in product design or specification,
or in the ownership or administration of the product’s supplier;
 periodic internal audits and management reviews;
 documentation and recordkeeping;
 confidentiality measures;
 competent personnel;
 appeals procedures; and,
 a documented surveillance procedure.
When accreditation is required, accreditation bodies should demonstrate that they are independent,
unbiased, and competent by fulfilling the requirements specified by ISO/IEC 17011:2004. Further,
program owners should consider a requirement that accreditation bodies be signatories, in good
standing, to an appropriate international mutual recognition agreement operating under relevant
scope of CA activities (e.g., testing, certification, etc.), and be subjected to peer reviews.
17
Many U.S. CA program owners have requirements for third-party certification bodies such as NFPA,
NIJ, USCG and the Federal Aviation Administration. The box below provides a specific example of
ISO CASCO standards used in augmenting standard requirements.
EXAMPLE: PROGRAMS CAN USE ISO CASCO STANDARDS FOR BASE REQUIREMENTS
AND AUGMENT THEM FOR THE PPE INDUSTRY
The National Fire Protection Association (NFPA) does not certify or otherwise attest to the
conformance of products to its standards. Rather products are certified as conformant by
third-party certification bodies based in part on test results performed by first- or third-party
testing laboratories and successful implementation of a quality management system for
product production. How can the NFPA and purchasers have confidence in these certifications?
The NFPA relies on the ISO CASCO standards as requirements for certifiers, testing
laboratories, and quality management registrars. Further the NFPA requires these
organizations be accredited as meeting the requirements of these standards; and that the
accreditors are also conformant to ISO CASCO standards. The NFPA augments the ISO CASCO
requirements with a detailed set of PPE-related requirements for activities such as test method
use, surveillance, and retesting; product labeling; complaints; and non-conformity
identification.
3.4.10 Labels, Product Lists, and Other Documentation of Conformity

Products that meet all the applicable requirements should be accompanied by a statement of
conformity such as an SDoC or a third-party certificate of conformity.
Certification program owners should establish and maintain lists of certified products to help
consumers identify PPE that is conformant to specified standards. In those standards where
hazards are linked to measurable protection requirements, users can have more confidence that
conformant products provide adequate protection. The listing activity should follow CASCO
standards. ISO/IEC 17065:2012 requires certification listings to include information about the
specific product or type of product certified, the qualification standard that the product is judged to
meet, and the date of certification (and if applicable, its expiration).
Suppliers should also consider, where applicable, identifying the standards and requirements that
the product fulfills, based on conformity, in the user instructions, to enable users to easily know the
level of protection provided.
3.4.11 Design Market Surveillance Strategies
PPE products are designed to protect the user against hazards; thus, market surveillance programs
should consider an analysis of the seriousness of the hazard. A consideration should be made to
follow CASCO’s best practice guidelines [ISO, 2012a] for market surveillance.
Market surveillance includes both pre-market and post-market surveillance. Pre-market

surveillance involves gathering evidence of conformity at the point of production or in the supply
chain. Management system records as part of the manufacturing process can contribute to this
18
evidence. Post-market surveillance involves gathering evidence of conformity in the marketplace
and/or at the place of use.
A risk assessment process is one tool that can be used to help define market surveillance
requirements. Input into the risk process can be drawn from sources (as appropriate) such as
accident reports and statistics; reports from workers or worker organizations; reports from
manufacturers, suppliers, importers, or retailers; consumer alert systems; reports to and from
federal agencies; the media; and data from previous market surveillance activities.
These reports from PPE users and others associated with a product non-conformance should be
carefully considered and properly verified. Not all complaints will be about safety problems or
health and safety-related non-conformities. A method to assess various reports should be
established to determine relevant complaints and reports.
Figure 5 summarizes the steps of post-market surveillance. The program owner should consider
the following:
 Which businesses are examined and at what rate or timeframe?

 Which products should be sampled?
 How many samples should be selected and to which tests should the samples be subjected?
 Should the products be tested physically or should the investigation be limited to
documentary checks? Should testing be first, second, or third party?
 Should the products be sampled at the point of distribution or by the manufacturers,
suppliers, and importers?
 Which documents should be requested from the supplier and checked? [Adapted from
PROSAFE: 2009]
Figure 5. Post Market Surveillance Action

[Adapted from PROSAFE:2009, Fig 26]
The figure above provides an example of how surveillance is used as a feedback mechanism.
19
3.5 Step 5: Perform CA Activities
EXAMPLE: SURVEILLANCE REQUIREMENTS CAN OFFER MANUFACTURERS

FLEXIBILITY FOR COMPLIANCE
The National Institute of Justice Compliance Testing Program (NIJ CTP) administers a
program to test commercially available body armor for compliance with standards to
determine whether the vests will perform as expected. Satisfactory participation in the
Follow-up Inspection and Testing (FIT) Program is required for continued attestation by
the program. The FIT program requires the destructive testing and inspection of model
samples as well as an inspection site visit to each manufacturing location – typically at
least once every 10 months. If the product model is manufactured under an NIJ CTP-
approved body armor quality management system (BA-QMS), the frequency of
inspection for that model/location may be reduced to once every 20 months.
A CA program is successful if it provides confidence in claims of conformance; serves as a

communication tool between buyers and sellers; and adapts to changes in standards, risk,
technology, and the market. A CA program implements processes and activities in the most
effective and efficient manner while seeking to impact the areas above.
3.5.1 Conformity Assessment Improvement Activities

CA programs are periodically reviewed from both effectiveness and cost/benefit perspectives to
help maintain the desired level of confidence at the most efficient cost. Accreditation requirements
are used as a tool to continuously improve the activities of accredited CA bodies (e.g., testing
laboratories, inspection bodies, and certification bodies). CA program metrics can include the
number of organizations with products tested and attestations made, the status of the product list
maintained by the program (additions, suspensions, and removals), the number of product
complaints, etc. Other CA program indicators include: use and market recognition by purchasers;
ability to react to updated standards and new versions of standards; and ability to react to new
product technology and test methods. Such indicators allow CA programs to identify and make
necessary adjustments to improve the program’s efficiency and effectiveness.
3.5.2 Surveillance Activities

Surveillance procedures are undertaken to ensure continued product conformity and integrity of
the CA mark and program. PPE products are designed to protect the user against hazards; thus,
program owners should select surveillance procedures based on factors such as the seriousness of
the hazard, risk of non-conformance, and level of confidence desired in the program. Reactive
surveillance actions may be sufficient for low-risk scenarios. For higher risk scenarios, more
proactive surveillance activities can include periodic testing of sample products or the periodic
assessment of management system requirements for the manufacturing processes. Surveillance
procedures can also involve responding to validated reports of non-conforming products [ISO,
2012a].
20
4. Conclusions
MSHA, OSHA, and other regulatory agencies require that employers protect their employees from
workplace hazards that can cause injury. Mitigating the risks to worker health and safety at the
source is the best way to protect employees. However, when engineering controls and
administrative controls are not feasible or do not provide sufficient protection, PPE is needed.
Although OSHA publishes guidance for effective worker protection using PPE, there is currently no
single regulatory body, official guidance, or mandating authority for conformity assessment of all
PPE in the United States. In the absence of national policy, this Framework provides a risk-based,
evidence-driven approach on how to tailor conformity assessment activities.
The Framework is intended to serve as foundational principles for various types of conformity
assessment programs for occupational PPE. They are not requirements for how these programs
must, or will, function. Conformity assessment activities should be tailored to the needs of product
users, suppliers, and regulatory authorities. They should result in products that protect workers
who rely on PPE; facilitate trade, fair competition, and market access; be cost-effective; and
provide assurance of conformance.
21
5. References
ACUS [2012]. Administrative Conference Recommendation. Agency Use of Third-Party Programs to
Assess Regulatory Compliance. Washington, DC: Administrative Conference of the U.S. Adopted
December 6, 2012. http://www.acus.gov/recommendation/agency-use-third-party-programs-
assess-regulatory-compliance
ANSI [2014a]. U.S. Conformity Assessment System: Key Organizations. Washington, DC: American
National Standards Institute
http://www.standardsportal.org/usa_en/conformity_assessment/key_organizations.aspx
ANSI [2014b]. National Conformity Assessment Principles for the U.S. Washington, DC: American
National Standards Institute.
http://www.standardsportal.org/usa_en/conformity_assessment/conformity_assessment.aspx
ANSI [2010]. United States Standards Strategy. Washington, DC: American National Standards
Institute. http://www.ansi.org/standards_activities/nss/usss.aspx?menuid=3
ANSI/ISEA [2014]. ANSI/ISEA Z89.1-2014 Industrial Head Protection. Washington, DC: American
National Standards Institute. https://safetyequipment.org/standard/ansiisea-z89-1-2014/
ANSI/ISEA [2014]. 125-2014 Conformity Assessment of Safety and Personal Protective Equipment.
Washington, DC: American National Standards Institute.
https://safetyequipment.org/isea-standards/conformity-assessment/
ASTM F1818–13 Standard Specification for Foot Protection for Chain Saw Users. West
Conshohocken, PA: American Society for Testing and Materials.
http://www.astm.org/Standards/F1818.htm
ASTM F2669-12 Standard Performance Specification for Protective Clothing Worn by Operators
Applying Pesticides. West Conshohocken, PA: American Society for Testing and Materials.
http://www.astm.org/Standards/F2669.htm
Breitenberg MA [1997]. The ABC’s of the U.S. Conformity Assessment System. NISTIR
6014. Gaithersburg, MD: National Institute of Standards and Technology.
http://gsi.nist.gov/global/docs/pubs/NISTIR_6014.pdf
Carnahan [2013]. “US Conformity Assessment Capabilities and Infrastructure”. Presented at NIOSH
Personal Protective Equipment Conformity Assessment Public Meeting, September 17, 2013.
Bloodborne Pathogens. 29 CFR 1910.1030. [2010].

http://www.gpo.gov/fdsys/pkg/CFR-2010-title29-vol6/pdf/CFR-2010-title29-vol6-sec1910-
1030.pdf
European Cooperation for Accreditation (EA) [2014].

http://www.european-accreditation.org/home
EPA (2014). Occupational Pesticide Handler Exposure Data. United States Environmental Protection
Agency.
http://www.epa.gov/opp00001/science/handler-exposure-data.html
A-1
Gillerman, G [2004]. Making the Confidence Connection: Conformity Assessment System Design.
Standardization News. American Society for Testing and Materials.
http://www.astm.org/SNEWS/DECEMBER_2004/gillerman_dec04.html
IAAC (2014). InterAmerican Accreditation Cooperation. http://www.iaac.org.mx/English/Intro.php
IOM [2008]. The Personal Protective Technology Program at NIOSH. Institute of Medicine and
National Research Council. Washington, DC: The National Academies Press.
http://www.nap.edu/catalog.php?record_id=12203
IOM [2011]. Certifying Personal Protective Technologies: Improving Worker Safety. Institute of
Medicine. Washington, DC: National Academies Press.
http://www.nap.edu/catalog/12962/certifying-personal-protective-technologies-improving-worker-
safety
ISO/IEC 17000:2004 Conformity assessment – Vocabulary and general principles.

https://www.iso.org/standard/29316.html
ISO/IEC 17067:2013[E] Conformity Assessment — Fundamentals of product certification and

guidelines for product certification schemes. Geneva, Switzerland: International Organization for
Standardization.
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=55087
ISO [2012a]. Principles and Practices in Product Regulation and Market Surveillance. Geneva,
Switzerland: International Organization for Standardization.
http://www.iso.org/iso/home/store/publications_and_e-
products/publication_item.htm?pid=PUB100321
ISO [2012b]. Contextual changes in product certification since ISO/IEC Guide 65 publication.
Geneva, Switzerland: International Organization for Standardization.
http://www.iso.org/iso/2012_casco_explanation_revision_from_guide_65.pdf
ISO [2013a]. Resources for Conformity Assessment. The CASCO Toolbox. Geneva, Switzerland:
International Organization for Standardization. http://www.iso.org/iso/home/about/conformity-
assessment/conformity-assessment_resources.htm
ISO [2013b] Standards Catalogue. ISO/CASCO - Committee on Conformity Assessment. Geneva,

Switzerland: International Organization for Standardization.
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_tc_browse.htm?commid=54998&publis
hed=on&includesc=true
ISO/IEC 17065:2012. Conformity assessment—Requirements for bodies certifying products,

processes and services. Geneva, Switzerland: International Organization for Standardization.
http://www.iso.org/iso/catalogue_detail?csnumber=46568
ISO-UNIDO [2010]. Building Trust, the Conformity Assessment Toolbox. Geneva, Switzerland:
International Organization for Standardization. http://www.iso.org/iso/casco_building-trust.pdf
Main, B [2004]. Risk Assessment: Basics and Benchmarks. Ann Arbor, MI. ISBN: 0-9741248-0-8.
NIOSH Docket 237-A Docket 237-A – www.cdc.gov/niosh/docket/archive/docket237A.html
A-2
NIJ [2013] National Institute of Justice Conformance Testing Program Ballistic Agreement. Rev. 14
June 2013. OMB Number 1121-0321.
http://www.reginfo.gov/public/do/DownloadDocument?objectID=36104001
NIST [2012]. NIST Guidance on Federal Conformity Assessment Activities (15 C.F.R. Part 287).
Presented at the Public Workshop.
http://www.nist.gov/director/sco/ca-workshop-2012.cfm
NTTAA, National Technology Transfer and Advancement Act. [1996]. Public Law 104-113.
http://www.gpo.gov/fdsys/pkg/PLAW-104publ113/pdf/PLAW-104publ113.pdf
Office of the United States Trade Representative, https://ustr.gov/trade-agreements/wto-multilateral-

affairs/wto-issues/technical-barriers-trade, accessed 10/12/2017
OMB [1998]. Federal Participation in the Development and Use of Voluntary Consensus Standards
and in Conformity Assessment Activities. Circular A-119. Washington, DC: Office of Management
and Budget. http://www.whitehouse.gov/omb/circulars_a119
OMB [2003]. Regulatory Analysis. Circular A-4. Washington, DC: Office of Management and
Budget. http://www.whitehouse.gov/omb/circulars_a004_a-4/
OSHA [2002]. Job Hazard Analysis, OSHA 3071. Washington, DC: U.S. Department of Labor,
Occupational Safety and Health Administration. https://www.osha.gov/Publications/osha3071.pdf
OSHA [2003]. Personal Protective Equipment, OSHA 3151-12R. Washington, DC: U.S. Department
of Labor, Occupational Safety and Health Administration.
https://www.osha.gov/Publications/osha3151.pdf
PROSAFE [2009]. Best Practice Techniques in Market Surveillance. Brussels, Belgium: PROSAFE.
http://www.prosafe.org/index.php?option=com_content&view=article&id=15&Itemid=254
Rodriguez, JA [2013]. “PPE User’s (Industry) Perspective on Why PPE Conformity Assessment
Standards Form a Part of an Overall Protective Strategy”. Raytheon Technical Services Company
LLC, presented at American Industrial Hygiene Association Conference and Exposition 2013,
Montreal, Canada.
SafeWork SA [2014]. How to Manage Work Health and Safety Risks.

http://www.safework.sa.gov.au/show_page.jsp?id=113695
Safe Work Australia [2011]. How to Manage Work Health and Safety Risks Code of Practice.
http://www.safeworkaustralia.gov.au/sites/swa/about/publications/pages/manage-whs-risks-cop
The White House [2011]. Presidential Documents: Executive Order 13563 – Improving Regulation
and Regulatory Review. Executive Order. Federal Register 76(14)3821 (2011).
http://www.reginfo.gov/public/jsp/Utilities/EO_13563.pdf
WTO TBT. Agreement on Technical Barriers to Trade. World Trade Organization.

https://www.wto.org/english/docs_e/legal_e/17-tbt.pdf
Unger P and Dougherty R [2012]. “The International Laboratory Accreditation Cooperation

(ILAC) & the International Accreditation Forum (IAF).” Presented at the NIST Conformity
A-3
Assessment Workshop on April 11, 2012.
https://www.nist.gov/sites/default/files/documents/director/sco/5_2-and-3-Joint_IAF_ILAC.pdf
CONFORMITY ASSESSMENT ACTIVITIES
Conformity Assessment Activities
Selecting information about the product involve (1) identifying the product requirements and
referenced standard(s) or other document(s) to which conformity is to be assessed, and (2)
selecting examples of the product to be assessed using statistical sampling techniques, if
applicable.
Gathering evidence of conformity (also referred to as “Determination”) includes one or

more of the following: testing to determine specified characteristics of the product; inspection of
physical features of the product (e.g., visual examination of a physical item, measurement or
testing of physical items, examination of design drawings or other specification documents); and
auditing of supplier’s quality system and records relating to the product.
Reviewing the evidence and making a decision about conformity involves assessing the
suitability, adequacy, and effectiveness of the selection and determination activities, and the result
of those activities, and then deciding whether the product conforms based on the evidence
gathered.
Attesting to conformity includes the Supplier’s Declaration of Conformity (SDoC), third-party

certificate of conformity, and marks of conformity.
Conducting market surveillance includes both proactive and reactive actions. These elements
include both pre-market surveillance (gathering evidence of conformity at the point of production
or in the supply chain to the marketplace) and post-market surveillance (gathering evidence of
conformity in the marketplace and/or at the place of use).
Taking enforcement and corrective actions include official warnings, customer alerts, sales
bans, sales suspensions, product withdrawals and recalls, and fines.
Using mechanisms to ensure that all service providers are competent, includes
accreditation, auditing, and peer evaluation.
Program owners determine how each of these activities is to be conducted. The interrelationship of
these activities is illustrated in Figure A-1.
A-4
Figure A-1. Functional Approach to Conformity Assessment
Organizations developing a CA program should fully understand the benefits and costs associated
with the implementation and use of these activities. Below are commonly used CA activities5:
 Testing is defined in ISO/IEC 17000 as the "determination of one or more characteristics of

an object of conformity assessment, according to a procedure," also known as a test method.
The objects of testing are generally selected using some form of sampling procedure or
process. Testing can be performed by laboratories differing widely in size, legal status,
purpose, range of testing services offered, and technical competence. Testing can be
performed by first, second, or third parties. ISO/IEC 17025:2005 “specifies the general
requirements for the competence to carry out tests and/or calibrations, including sampling. It
covers testing and calibration performed using standards methods, non-standards methods,
and laboratory-developed methods.”
 Inspection is defined in ISO/IEC 17000 as "examination of a product design, product,

process, or installation and determination of its conformity with specific requirements, or on
the basis of professional judgment, with requirements." Inspection can be performed by first,
second, or third parties. Generally, inspection systems demonstrate conformity of only the
actual products inspected or a lot from which the inspected samples are drawn. ISO/IEC 17020
specifies requirements for the competence of bodies performing inspection and for the
impartiality and consistency of their inspection activities.
 A Supplier’s Declaration of Conformity (SDoC), sometimes called a Manufacturer's

Declaration of Conformity or even (incorrectly) self-certification, is a first-party assessment in
which a supplier or manufacturer provides written assurance of conformity. ISO/IEC 17050
Parts 1 and 2 define requirements for suppliers and manufacturers to meet when they make
formal claims that products, services, systems, processes, or materials conform to relevant
standards, regulations, or other specifications.
5
See Appendix B for references to the standards used in this section.
A-5
 Certification is the process of providing assurance that a product conforms to a standard or
specification or that a person is competent to perform a certain task. A third party (i.e., the
certification body), independent of the manufacturer attests to the conformity of the product.
ISO/IEC 17065 specifies requirements for organizations serving as certification bodies.
 A Management System establishes a framework of processes and procedures against which

an organization can evaluate its performance in a particular area of interest (quality,
environmental management, occupational safety and health, etc.). It involves the use of such
techniques as written procedures and records, adequately trained staff and sufficient
resources, internal audits, and management reviews. While the assessment of an
organization's conformance to a particular management system standard can be carried out by
a first or second party, management system registration (also known as certification) is a
process in which an independent, third-party registrar evaluates and verifies that the
organization has met the requirements of a specific management system standard. The
registrar will then issue some type of written attestation of the conformance, such as a
certificate of registration. ISO/IEC 17021 contains requirements for third-party bodies that
operate a registration/certification program for the audit and certification of management
systems.
 Accreditation is defined in ISO/IEC 17000 as a "third-party attestation related to a

conformity assessment body conveying formal demonstration of its competence to carry out
specific conformity assessment tasks." ISO/IEC 17011 specifies the requirements for
organizations operating as an accreditation body accrediting CA bodies (e.g., testing
laboratories, inspection bodies, certification bodies, and management system registrars).
Accreditation bodies can be signatories, in good standing, to an appropriate international
multilateral agreement operating under a relevant scope of CA activities (e.g. testing,
certification, etc.) and be subjected to peer reviews.
 Mutual Recognition - The United States benefits from recognition of CA organizations through
numerous international and regional arrangements. These arrangements reduce CA costs as
well as build confidence among industry stakeholders that products produced abroad meet the
U.S. standards for quality, safety, and health. The United States participates in different CA
approaches regarding mutual recognition arrangements as well as international CA programs.
Table B-1 presents the mutual recognition arrangements relied on by U.S. conformity
assessment programs. These mutual recognition arrangements help give U.S. conformity
assessment program owners confidence in the conformity assessment bodies used outside the
United States. These arrangements cover the conformity assessment activities of testing,
certification, management systems and inspection.
A-6
STANDARDS FOR CONFORMITY ASSESSMENT ACTIVITIES
ISO/IEC’s CA standards serve as the basis for CA requirements in many programs in the U.S. and
elsewhere. The standards have been adopted and commonly used by federal agencies, foreign
countries and regions, private regulators (e.g., in the food, telecommunications, and automotive
industries), and accreditation schemes.
Table B-1 ISO Standards and Conformity Assessment
Testing Certification Management Systems Inspection
Mutual Recognition Multilateral Multilateral Mutual Recognition

Agreement Recognition Recognition Agreement
(ILAC, APLAC, EA, Agreement Agreement (ILAC, APLAC, EA,
IAAC)* (IAF, IAAC, PAC, EA)* (IAF, IAAC, PAC)* IAAC)*
accreditation bodies accreditation bodies accreditation bodies accreditation bodies

(ISO/IEC 17011) (ISO/IEC 17011) (ISO/IEC 17011) (ISO/IEC 17011)
accredited testing and

product certification management system
calibration inspection bodies
bodies certification bodies
laboratories (ISO/IEC 17020)
(ISO/IEC 17065) (ISO/IEC 17021)
(ISO/IEC 17025)
companies or
samples products and services products
organizations
(Test methods and (appropriate product or (appropriate product
(ISO 9000, ISO 14000,
sampling methods) service standards) standards)
or equivalent)
* APLAC - Asia Pacific Laboratory Accreditation Cooperation

* IAAC – Inter American Accreditation Cooperation
* IAF – International Accreditation Forum
* ILAC – International Laboratory Accreditation Cooperation
* EA – European Co-operation for Accreditation
* PAC – Pacific Accreditation Cooperation
B-1
Table B-2 ISO/IEC Conformity Assessment Standards
Topic Standard Title
Impartiality ISO/PAS Conformity assessment — Impartiality — Principles and

17001:2005 requirements
Code of good practice ISO/IEC Conformity assessment — Code of good practice

Guide
60:2004
Accreditation bodies ISO/IEC Conformity assessment — General requirements for accreditation
17011:2004 bodies accrediting conformity assessment bodies
Inspection bodies ISO/IEC Conformity assessment — Requirements for the operation of

17020:2012 various types of bodies performing inspection
Audit and certification ISO/IEC Conformity assessment — Requirements for bodies providing
bodies 17021: 2011 audit and certification of management systems
Audit and certification ISO/IEC TS Conformity assessment — Requirements for bodies providing
bodies 17021- audit and certification of management systems — Part 3:
3:2013 Competence requirements for auditing and certification of quality
management systems
Testing and calibration ISO/IEC General requirements for the competence of testing and
laboratories 17025:2005 calibration laboratories
Peer assessment ISO/IEC Conformity assessment — General requirements for peer

17040:2005 assessment of conformity assessment bodies and accreditation
bodies
Proficiency testing ISO/IEC Conformity assessment — General requirements for proficiency
17043:2010 testing
Certification bodies ISO/IEC Conformity assessment — Requirements for bodies certifying

17065: 2012 products, processes and services
Certification bodies ISO/IEC Conformity assessment — General requirements for bodies

17024: 2012 operating certification of persons
Conformity assessment systems

Third-party body ISO/IEC Conformity assessment — Guidance on a third-party certification
certification Guide 28: system for products
2004
Product certification ISO/IEC Conformity assessment — Fundamentals of product certification
17067:2013 and guidelines for product certification schemes
Conformity assessment procedures

Vocabulary ISO/IEC Conformity assessment — Vocabulary and general principles
17000:2004
Management systems ISO/PAS Conformity assessment — Use of management systems —
17005:2008 principles and requirements
Management systems ISO/IEC Conformity assessment — Guidance on the use of an

Guide 53: organization’s quality management system in product
2005 certification
B-2
Topic Standard Title
Audit reports ISO/IEC TS Conformity assessment — Requirements and recommendations

17022:2012 for content of a third-party audit report on management systems
Indications of ISO/IEC Methods of indicating conformity with standards for third-party
conformity Guide certification systems
23:1982
Marks of conformity ISO/IEC Conformity assessment — General requirements for third-party
17030:2003 marks of conformity
Declaration of ISO/IEC Conformity assessment — Supplier’s declaration of conformity —
conformity 17050- Part 1: General requirements
1:2004
Supporting ISO/IEC Conformity assessment — Supplier’s declaration of conformity —
documentation 17050- Part 2: Supporting documentation
2:2004
Mutual recognition of ISO/IEC Arrangements for the recognition and acceptance of conformity
results Guide assessment results
68:2002
Information disclosure ISO/PAS Conformity assessment — Disclosure of information — principles
17004:2005 and requirements
Complaints and appeals ISO/PAS Conformity assessment — Complaints and appeals — principles
17003:2004 and requirements
Enforcement
Corrective actions ISO Guidelines for corrective action to be taken by a certification body
Guide in the event of misuse of its mark of conformity
27:1983
Conformity assessment standards
Conformity assessment ISO/IEC Conformity assessment — Guidance for drafting normative
standards 17007:2009 documents suitable for use for conformity assessment
Source: ISO (2013b)
B-3
Table B-3 ISO/IEC 17067 Example Certification Programs
Conformity assessment functions and activities a within Type of product certification

product certification schemes schemes b
1a 1b 2 3 4 5 6 Nc,d
I Selection, including planning and preparation activities,
specification of requirements, e.g., normative documents, and X X X X X X X X
sampling, as applicable
II Determination of characteristics, as applicable, by:

a) Testing
b) Inspection
X X X X X X X X
c) Design appraisal
d) Assessment of services or processes
e) Other determination activities, e.g. verification
III Review, includes examining the evidence of conformity

obtained during the determination stage to establish whether X X X X X X X X
the specified requirements have been met
IV Decision on certification includes granting, maintaining

extending, reducing, suspending, and withdrawing X X X X X X X X
certification
V Attestation and licensing includes; ,
a) Issuing a certificate of conformity or other statement of

X X X X X X X X
conformity (attesting)
b) Granting the right to use certificates or other

X X X X X X X
statements of conformity
c) Issuing a certificate of conformity for a batch or

X
products
d) Granting the right to use marks of conformity

(licensing) is based on surveillance (IV) or certification X X X X X X
of batch
VI Surveillance, as applicable by:
a) Testing or inspection of samples from the open market X X X
b) Testing or inspection of samples from the factory X X X
c) Assessment of the production, the delivery of the

X X X X
service, or the operation of the process
d) Management system audits combined with random tests

X X
or inspections
a. Where applicable, the activities can be coupled with initial audit and surveillance audit of the applicant’s management
system (an example is given in ISO/IEC Guide 53) or initial assessment of the production process. The order in which
the assessments are performed may vary and will be defined within the scheme
b. An often used and well-tried model for a product certification scheme is describes in ISO/IEC guide 28; it is a product
certification scheme corresponding to scheme type V
c. A product certification scheme includes at least the activities I, II, III, IV and V
d. The symbol N has been added to show an undefined number of possible other schemes, which can be based on
different activities.
B-4
SAMPLE CONFORMITY ASSESSMENT PROGRAMS
Table C-1 Sample PPE Conformity Assessment Programs in the United States
Product Category CA Program Owner(s)
Arc flash protective clothing National Fire Protection Association

http://www.nfpa.org/
Ballistic body armor National Institute of Justice

https://www.nij.gov/topics/technology/body-
armor/pages/welcome.aspx
Eye and face protection Safety Equipment Institute, http://www.seinet.org/

Underwriters Laboratories, http://www.ul.com/aboutul/
Canadian Standards Association (CSA) Group
https://www.ccohs.ca/legislation/csa.html
Life safety ropes National Fire Protection Association

http://www.nfpa.org/
Head protection, hard hats Safety Equipment Institute, http://www.seinet.org/

Underwriters Laboratories, http://www.ul.com/aboutul/
Canadian Standards Association (CSA) Group,
https://www.ccohs.ca/legislation/csa.html
Snell Memorial Foundation, http://www.smf.org/
Healthcare worker gowns, gloves, surgical masks, U.S. Food and Drug Administration
and other medical devices https://www.fda.gov/
High visibility safety apparel and headwear U.S. Department of Transportation

https://www.transportation.gov/
Personal flotation devices U.S. Coast Guard

https://www.uscg.mil/hq/cg5/cg5214/pfd-lights.asp
Protective footwear Safety Equipment Institute, Canadian Standards

Association (CSA) Group
http://www.seinet.org/
Fire and emergency services protective clothing National Fire Protection Association
and equipment http://www.nfpa.org/
Respirators National Institute for Occupational Safety and Health

https://www.cdc.gov/niosh/npptl/default.html
Mining equipment and instrumentation Mine Safety and Health Administration

https://www.msha.gov/about/program-
areas/technical-support/approval-and-certification-
center
This list represents a sample of programs and should not be considered exhaustive.
C-1
FRAMEWORK CHECKLIST
This Framework Checklist for CA program owners elaborates on the risk management system
model introduced in Figure 1. The first three concepts of the checklist are activities that provide
input into CA program decisions and are not necessarily performed by CA owner/operators. The
last two concepts are primary activities of CA and should be directly addressed with the authority
of the program owner and input from concepts one through three. The questions are intended to
help program owners arrive at decisions that help ensure programs are tailored according to the
potential risk of a non-conforming products and provide confidence with respect to product
conformity to standards. This checklist is meant to assist in the process of developing appropriate
CA programs, not the sole means of assuring adequacy. Along with relevant CA standards and
technical guidance, this document can help increase confidence that a PPE CA program will perform
according to desired outcomes.
Table D-1 Checklist for Application of PPE Conformity Assessment Framework
Steps Component Checklist Questions

(Concepts)
 Have employees been involved in the hazard analysis process?
 Has the accident history been reviewed?
 Has a preliminary job review been conducted?
 Has an occupational hazard assessment process been used to identify risks to

workers?
Step 1:  List jobs with hazards that present unacceptable risks
Identify  Break down the jobs into steps or tasks to identify hazards at each step
hazards and
 Do hazards remain after workplace measures (engineering and administrative
define risk to controls) have been implemented in attempt to eliminate, reduce, or control
workers hazards to protect workers?
 Assess what can go wrong
 Identify potential consequences
 Determine how hazards can arise
 Identify factors contributing to the hazard
 Determine the likelihood of the hazard occurring
Refer to OSHA 3071 (2002) for more information
 Has PPE been selected to address identified hazards that did not yield to
administrative or engineering controls?
Step 2:  Has a training program been established to train employees on the use of PPE?
 What PPE is necessary?
Identify PPE  When is PPE necessary?
types needed  How PPE will be inspected for wear or damage?
to address  How does one properly put on and take off PPE?
hazards  What are the limitations of PPE?
 How does one properly care for and store PPE?
D-1
 Is a program in place to assess employee understanding of PPE training?
 Is a program in place to enforce proper PPE use?
 Is a program in place to provide employees any required medical examinations?
 Is the selected PPE suitable to address the hazards in the setting where it will be
used?
 Identify how and when to evaluate the PPE Program
Refer to https://www.osha.gov/dte/library/ppe_assessment/ppe_assessment.html for
more information
Step 3:
Identify and  Have PPE standards been identified and selected that are appropriate to address
select the hazards and that link hazards to protection requirements?
standards  Do the standards evaluate product performance and product integrity?
which  Standard test methods
address  Evaluated by qualified test laboratory
hazards and
 Are human factors addressed in the product standards?
link to
 Standard test methods
protection
 Evaluated by qualified test laboratory
requirements
Understanding current CA programs
 Has an analysis of existing CA systems been conducted?

 If a CA process exists, what CA processes and activities could be improved to
enhance worker protection?
 Selecting information about the product
 Gathering evidence of conformity
- Testing
Step 4: - Inspection
 Reviewing evidence and making a decision about conformity
Define the  Attesting to conformity
CA - SDoC or third-party declaration of conformity
requirements - Certification
 Evaluating the management system
and activities
 Use mechanisms to ensure service providers are competent
in - Accreditation
consideration - Auditing
of risks to - Peer evaluation
workers  Legislative/regulatory requirements
 Mutual recognition
Considerations when creating a new CA process (scheme)
 Have the stakeholders interested in the CA process been involved in the decision
to create a CA process?
 Has stakeholder input been obtained to define the CA process?
 Have all CA elements been considered in defining the CA process?
D-2
Incorporating factors such as the risk of injury and illness associated with non-
conformity
 Have worksite hazards and risk to workers of non-conforming PPE been

considered in selecting CA activities?
 Have other factors been considered in selecting the appropriate level of rigor
and independence of CA activities?
Applying CA standards to identify the level of risk
 Have operational procedures been established for the selection, design and
implementation of CA program requirements? This includes:
 Selecting information about the product
- Identifying the specific and/or general requirements for products
such as standard(s) or other document(s) to which conformity is
to be assessed
- Selecting examples of the product to be assessed using
statistical sampling techniques, if applicable.
 Gathering evidence of conformity
- Testing to determine specified characteristics of the product
[e.g. ISO 17025]
- Inspection of physical features of the product (e.g., visual
examination of a physical item, measurement or testing of
physical items, examination of design drawings or other
specification documents) [e.g. ISO 17020]
- Auditing of supplier’s quality system and records relating to the
product. [e.g. ISO 9001]
 Reviewing the evidence and making a decision about conformity

 Review result of CA activities
 Deciding whether the product conforms based on the evidence
gathered.
Refer to ISO/IEC 17000
Selecting the appropriate level of rigor and independence of CA activities
 Have worksite hazards and risk to workers of non-conforming PPE been

considered in selecting CA activities?
 Have other factors been considered in selecting the appropriate level of rigor
and independence of CA activities?
 Attesting to conformity
D-3
- Supplier’s Declaration of Conformity (SDoC) [e.g. ISO 17050]or
third-party certificate of conformity [e.g. ISO 17065]
 Using mechanisms to ensure that all service providers are competent
[e.g., ISO 17011]
- accreditation, auditing, peer evaluation
Labels, product lists, and other documentation of conformity
 Attesting to conformity
- Marks of conformity
 Establishing a management system
Design market surveillance strategies
 Defining market surveillance activities
 Reactive surveillance
 Proactive surveillance
 Taking enforcement and corrective actions
 Official warnings, customer alerts, sales bans, sales suspensions, product

withdrawals and recalls, fines, and incarceration.
 Has consideration been given to market surveillance activities to provide

ongoing confidence in the CA program?
 Does the program require periodic testing and sampling of products?
 Does the program require periodic auditing?
 Are mechanisms in place to respond to user, supplier and manufacturer

complaints of non-conformant PPE?
 Are there adequate reporting mechanisms for non-conformant PPE?
 Are there adequate mechanisms for the removal of non-conformant PPE from
the market?
 Are there adequate mechanisms for the notification to users and suppliers of
non-conforming PPE?
 Are there enforcement mechanisms for ensuring conformance?
 Are mechanisms in place to evaluate the effectiveness and cost to benefit ratio
of the CA program?
D-4
 Do the requirements and activities of the CA system provide confidence in claims
of conformance; serve as a communication tool between buyers and sellers, and
monitor changes to the system (standards, risk, technology and the market)?
 Does the CA program have the capacity to modify system activities in the event of
new technology, new data, new testing procedures, and new risk information?
 Does the CA program have the capacity to be proactive and reactive to additions,
suspension, and removals of PPE products?
 Do market surveillance activities provide ongoing confidence in the CA program?

 Does the program require periodic testing and sampling of products?
Step 5:  Does the program require periodic auditing?

 Are mechanisms in place to respond to user, supplier, and
Perform CA manufacturer complaints of non-conforming PPE?
activities  Are there adequate reporting mechanisms for non-conformant PPE?
 Are there adequate mechanisms for the removal of non-conformant
PPE from the market?
 Are there adequate mechanisms for the notification to users and
suppliers of non-conforming PPE?
 Are there enforcement mechanisms for ensuring conformance?
 Are mechanisms in place to evaluate the effectiveness and cost to benefit ratio
of the CA program?
Refer to ISO/IEC 17000
D-5
Delivering on the Nation’s promise: Safety and health
at work for all people through research and
prevention
To receive NIOSH documents or more information

about occupational safety and health topics, contact
NIOSH:
1–800–CDC–INFO (1–800–232–4636) TTY: 1–888–232–6348
CDC-INFO: www.cdc.gov/info
or visit the NIOSH website at http://

www.cdc.gov/niosh.
For a monthly update on news at NIOSH,
subscribe to NIOSH eNews by visiting
www.cdc.gov/niosh/eNews.
DHHS (NIOSH) Publication No. 2018-102
D-1

National Framework For PPE Conformity Assessment - Infra

Uploaded by

Copyright:

Available Formats

National Framework For PPE Conformity Assessment - Infra

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

National Framework For PPE Conformity Assessment - Infra

Uploaded by

Copyright:

Available Formats

National Framework for Personal

Protective Equipment Conformity

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Telephone: 1–800–CDC–INFO (1–800–232–4636)

or visit the NIOSH website at www.cdc.gov/niosh.

For a monthly update on news at NIOSH, subscribe to NIOSH eNews by visiting

Lisa Carnahan, U.S. Department of Commerce, National Institute of Standards and

Richard Metzler, Richard W. Metzler, Inc.

Joshua Scott, Colorado School of Public Health | CU Anschutz Medical Campus

DHHS (NIOSH) Publication No. 2018–102

Following recommendations from the Academies, we have defined a Framework to assist in

 3M Company, Occupational Health  Occupational Safety and Health Administration

ACUS Administrative Conference of the U.S.

1.1 Motivation for a National Framework

1.2 PPE CA Framework Utility

2. Conformity Assessment Foundation

CA is one of the three interdependent Figure 1. The Quality Infrastructure

Terminology for CA processes is found in standard ISO/IEC 17000. Additional terminology

2.1 Foundations for U.S. Federal Agencies

 ensure that the results of another member’s CA procedures based on equivalent

 provide a rationale for use of specified CA procedures and processes,

– improve coordination among governmental and private sector CA activities,

 encourage domestic and international recognition of U.S. CA results by

 consult governmental and nongovernmental resources relating to third-party CA;

2.2 Standards Used in Conformity Assessment

2.3 Current PPE Conformity Assessment Programs in the United

3. CA Framework and Recommendations for Implementation

Figure 2. PPE CA Framework

1. Identify hazards and risk to workers;

4. Define the CA requirements and activities;

In addition, it is important to assess the effectiveness of the CA program and conformance

3.1 Step 1: Identify Hazards and Risk to Workers

3.2 Step 2: Identify PPE Types Needed to Address Hazards

EXAMPLE: HAZARD INFORMATION IS INCORPORATED INTO STANDARDS

3.3 Step 3: Identify and Select Standards That Address Hazards

EXAMPLE: HAZARD AND PROTECTION REQUIREMENTS ARE LINKED IN

ANSI/ISEA Z89.1, “This standard establishes minimum performance requirements for

3.4 Step 4: Define the CA Requirements and Activities in

3.4.1 Leveraging Existing PPE CA Programs

3.4.2 Obtaining Stakeholder Input

3.4.3 Understanding CA Program Owner Responsibilities

A program should be developed by persons competent in both technical and CA

 scope (type of product, circumstance of use);

Step 8: Identify current CA

Step 9: Document & follow

Figure 3. Analyzing risk for

Figure 4. Relating Risk to Rigor & Independence

3.4.6 Beyond Risk

 practical means of evaluating the characteristics of interest,

3.4.7 Connecting Levels of Risk and Appropriate CA Activities

CA Activity Level 1 Level 2 Level 3

3.4.8 Considerations for a First-Party Attestation

 be based on results of an appropriate type of CA activity (e.g., testing, measurement,

Suppliers should consider the following elements in the SDoC:

3.4.9 Considerations for Third-Party Use and Attestation

3.4.10 Labels, Product Lists, and Other Documentation of Conformity

3.4.11 Design Market Surveillance Strategies

Market surveillance includes both pre-market and post-market surveillance. Pre-market

 Which businesses are examined and at what rate or timeframe?