About CIRQ

Certification Institute for Research Quality

“As our clients are increasingly concerned about their quality and tightening up on compliance, ISO certification gives us an advantage…After investigating a number of ISO certification bodies, I chose CIRQ because of its reputation and global certification approach, which suits us perfectly.”
Dr. Jessica Santos
Global Compliance and Quality Director, Kantar Health

CIRQ (Certification Institute for Research Quality), a subsidiary of the Insights Association, was established in 2009 to provide audit and certification services to market research, insights and data analytics firms seeking certification to ISO 20252:2019 Market, opinion and social research, including insights and data analytics. CIRQ also offers audit and certification services for ISO 27001 Information technology – Security techniques – Information security management systems.

A 501(c)(6) non-profit entity, CIRQ complies with ISO the standards for requirements for certification bodies and is managed with oversight from an independent Board of Directors and an annual review by external authorities on ISO requirements.

CIRQ is accredited by the American National Standards Institute (ANSI) National Accreditation Board for the following:

  1. ISO/IEC 17065:2012 Standard for Conformity assessment Requirements for bodies certifying products, processes and services.
  2. ISO/IEC 17021:2015-1 Standard for Conformity assessment Requirements for bodies providing audit and certification of management systems

CIRQ complies with the following:

  1. Accreditation requirements for organisations providing certification services to ISO 20252: 2019 Market, opinion and social research including insights and data analytics within the territorial jurisdictions of Australia, UK and USA, 2020.

In addition, CIRQ is audited annually by an independent auditor to insure that CIRQ maintains conformance to the above in the conduct of its auditing and certification practices. CIRQ is independently operated and managed under the oversight of an Advisory Board Chairperson who reports to the Insights Association Board.

CIRQ staff and contractors are prohibited from engaging in any conduct, activity, practice, or act which conflicts with, or appears to conflict with, the interests of CIRQ, including any conduct which is directly or indirectly unethical, dishonest, disloyal, disruptive, competitive or damaging to CIRQ’s interests.







International Recognition

The International Organization for Standardization (ISO) is recognized worldwide as the authority on quality management. The ISO Research Standards are accepted and in some cases required globally. The ISO certification credential is understood to be a mark of quality around the world.

Global Management

Provides a tool for managing global offices, multiple project teams, and outsourced suppliers to a level of quality consistent with company protocol.

Risk Mitigation

A documented ISO quality system manages variables and delivers “proof” of adequate controls including data protection and security addressing US safe harbor, EU and other requirements and client concerns.

Increased Revenue

Studies have shown that ISO certified companies experience increased productivity and improved financial performance, compared to uncertified companies. This is due to less re-work, improved employee production and greater client satisfaction leading to repeat business, especially in industries partial to standardized processes and quality controls.

Increased Efficiency

Companies that go through the implementation of ISO 20252:2019 create a Research Process (Quality) Management System and have given a lot of thought to their processes and how to maximize quality and efficiency. Once certified, the processes are established and guidelines in place for anyone to follow easily, making training, transitions, and trouble-shooting easier.

Employee Morale and Training

Defined roles and responsibilities, accountability of management, established training systems and a clear picture of how their roles affect quality and the overall success of the company, all contribute to more satisfied and motivated staff and ease of training new recruits.

Supplier Relationships and Control

As more processes are outsourced for efficiency and to access data in global markets, supplier relationships and quality control are increasingly critical to producing accurate and actionable data. ISO quality certification requires a company to have procedures in place to ensure that a supplier understands the requirements of the ISO research standards as they relate to the work provided. There must be established agreements and methods for evaluating suppliers. Mutually beneficial supplier relationships are one of the key attractions to certification.


The ISO Research standards require documentation of all processes and any changes, errors and discrepancies. This ensures consistency throughout production and accountability of all staff. This also guarantees traceable records are available in case of errors or omissions or to repeat a study. This is also helpful if staff changes occur on a project.


All processes from cost quotation or proposal to client deliverables are defined, outlined and documented, minimizing error. Change management is also documented, ensuring that efficiency is maximized.


Certification to the ISO standard(s) provides third party proof of your quality commitment. Your company will be differentiated in the marketplace with this unique and respected global credential. Link here to read more: Celebrate your certification




Gather Information
  • Visit the the Insights Association support pages for ISO 20252 and ISO 27001 for educational content and a general overview of the processes.
  • Visit the CIRQ website for the step-by-step certification process.
Purchase the Standard(s) from ANSI
  • ISO 20252:2019* International Standard for Market, Opinion and Social Research, including Insights and Web Analytics
  • ISO 27001:2013 International Standard for Information Security Management Systems

*this revises ISO 20252:2012 and ISO 26362:2009

Understand the Standard(s)

Read the standard(s) and using four colored highlighters, look for the following words and highlight them in different colors:

  • “shall” means you must do this – this is a requirement of the standard
  • “procedure” tells  you what documented procedures you need to have in place
  • “record” means you need to be able to show a record (i.e. evidence) of performing this task or function
  • “document” means the event, occurrence or process must be written down (i.e. documented).
  • Completing this task will help provide an understanding of the standard’s requirements
Establish Staff Support
  • Appoint a Quality Manager or Team (Note: Quality Manager is usually NOT a full time position)
  • Consider the best practice from the revised ISO 20252:2019, and identify an “Annex owner”, a person responsible for maintaining the procedures specific to Annexes identified in your Statement of Applicability
  • Garner top-level support (CEO)
Determine Statement of Applicability
  • A description of the total services you provide to a client
  • The geographic area of those services
  • Any exclusions that may apply

This Statement of Applicability will be included on the CIRQ Registry once the company achieves certification and will also be listed on the Certificate of Compliance.

Request Quote
  • Submit a “Request For Quote”.
  • A cost estimate will be generated from this information and provided to you along with a CIRQ Standard Certification Agreement 2021.
  • If you are ready to proceed, CIRQ will send you an Authorization to Proceed form to complete and return.
  • For ISO 27001 certification, please send email to juliana.wood@cirq.org to receive an application.
  • Client receives self-assessment from CIRQ
  • Client completes CIRQ self-assessment form indicating compliance with each applicable section of the ISO 20252:2019
  • CIRQ evaluates client self-assessment against the components of the standard and prepares a pre-assessment report that indicates the client’s readiness to be audited
  • For ISO 27001, upon approval of the application and estimated fees, a Stage 1 and Stage 2 audit will be scheduled.
Audit Plan

CIRQ and client communicate regarding the schedule of the initial onsite audit, sites to visit, fees, etc.

Onsite Audit

CIRQ auditor(s) conduct the onsite audit, beginning with the client headquarters and following with the agreed upon additional locations, if any

Audit Report

Results of the audit are documented by the Lead Auditor and a report is submitted to CIRQ and subsequently to the client

  • Audit report and final invoice are submitted to the client
  • Upon successful completion of the audit and final payment, the certificate of compliance is issued
Client Feedback

Formalized client interview is requested after each audit or client assessment event

1st Surveillance Audit

Planning of the 1st surveillance audit begins 3 months prior to the 1st surveillance and will be completed 12 months from the last audit

2nd Surveillance Audit

Planning of the 2nd surveillance audit begins 9 months following the 1st surveillance audit and will be completed 12 months from the last audit


Scheduling of the re-certification audit begins 9 months following the 2nd surveillance audit and will be completed 3 years from the first initial audit


Frequently Asked Questions about Certifying to ISO 20252:2019 and ISO 27001:2013

Is CIRQ an accredited certification body?2021-10-01T16:24:54+00:00

Yes, CIRQ holds two accreditations through the American National Standards Institute National Accreditation Board.

FOR CIRQ’s ISO 20252:2019 audit and certification program, ANAB has awarded certification to ISO/IEC 17065 Conformity assessment — Requirements for bodies certifying products, processes and services. CIRQ achieved this accreditation in 2019, and maintains this certification through annual ANAB assessments and witness audits. CIRQ will undergo a recertification in 2021.



For CIRQ’s ISO/IEC 27001:2013 audit and certification program, ANAB has awarded certification to ISO/IEC 17021-1:2015 Conformity assessment —
Requirements for bodies providing audit and certification of management systems. CIRQ achieved this accreditation in 2021, previously partnering with PECB, N.A., for its Information Security Management Systems certification program. CIRQ maintains this certification through annual ANAB assessments and witness audits. CIRQ will undergo a recertification in 2026.


How does CIRQ ensure impartiality of its personnel, audits and certifications?2021-05-05T15:37:29+00:00

CIRQ is committed to impartiality in the audit and certification services it provides. This Quality Policy outlines that CIRQ understands the importance of impartiality in carrying out its management system certification activities, manages conflict of interest, and ensures the objectivity of its management system certification activities.

CIRQ’s Board of Directors, personnel, external auditors and technical advisors are committed to ensure that all Management System Certification activities are undertaken in an impartial and unbiased manner.

CIRQ has established an Impartiality Committee, comprised of representatives from the market research and insights community, to undertake annual evaluations of areas of potential and unforeseen risk.

CIRQ is currently accredited to both ISO/IEC 17021-1:2015 and ISO 17065:2012 by the ANSI National Accreditation Board (ANAB) and complies with all requirements of these two framework standards for certification bodies to ensures impartiality for all its personnel related to all certification activities.

CIRQ has established processes to identify, analyze, evaluate, treat, monitor, and document risks related to conflict of interests arising from provision of certification including any conflicts arising from its relationships on an ongoing basis. In case of threats to impartiality, CIRQ documents and demonstrates elimination or minimization of such threats and documents residual risk. In cases of residual risk, each instance is then reviewed to determine if it is within the level of acceptable risk. The demonstration covers all potential threats that are identified whether they arise from within the certification body or from activities of other persons, bodies or organizations. Whenever a relationship poses an unacceptable threat to impartiality then certification will not be provided.

To ensure above CIRQ has established an impartiality committee of interested parties that include clients, representatives of industry associations, and customer organizations.

To demonstrate effective implementation of this Impartiality policy:

  • CIRQ will not certify another certification body for its Research and/or Information Security Management System.
  • CIRQ will not provide Management Consultancy services for realization, continuity and sustenance of certification.
  • CIRQ will not conduct internal audits of its certified clients.
  • CIRQ will not provide its services either marketed or offered as linked with organization providing management consultancy.
  • CIRQ will not outsource audits to any management system consultancy organization nor allow any auditor, who was responsible for providing management system consultancy towards the client to be involved in audits.
  • CIRQ will not state or imply that certification would be simpler, easier, faster or less expensive.
  • CIRQ will take action to respond to any threats to its impartiality arising from the actions of other persons, bodies or organization.

CIRQ personnel, or committees, who could influence certification activities will not allow any commercial, financial or other pressures to compromise impartiality are required to sign and submit a No Conflict Statement. CIRQ personnel will not accept assignments in which they may have (1) a vested interest in the assigned client, (2) been employed by the client in some capacity within the past three years, currently, or will agree to be employed by the client in some capacity in the next year (3) provided consulting services to the client within the past two years or will provide consulting to the client in the next year, or (4) provided specific and tailored training services to the client within the past two years.

CIRQ requires the revealing and recording of any situation of conflict of interest from its personnel prior to or during the course of an assignment. If  a situation in which CIRQ personnel believe the impartiality of the audit can be/has been compromised, they will notify the CIRQ Managing Director immediately.

How is CIRQ performing audits in the midst of CO-VID19?2020-05-06T18:50:57+00:00

Due to the current global health crisis caused by CO-VID19, CIRQ has instituted a Remote Audit strategy that began in April 2020 and will likely continue to through the end of the year. This strategy is meant to ease any stress or burden on both the client and CIRQ personnel by practicing social distancing measures and adhering to state, federal, and country level restrictions on travel and in-person gatherings.

Additional documentation is required to justify a remote audit for both ISO 20252:2019 and ISO 27001:2013, and CIRQ’s Managing Director will work with each client to determine feasibility of a virtual audit format while maintaining the integrity, confidence, and impartiality of the audit environment.

Where do I purchase the standards?2020-05-06T18:46:49+00:00

Access the link(s) below to purchase a copy of the standard(s) from the American National Standards Institute.

Market, opinion and social research, including insights and data analytics — Vocabulary and service requirements

Information technology — Security techniques — Information security management systems — Requirements

What does Statement of Applicability mean?2019-05-14T18:00:00+00:00

The Statement of Applicability (ISO 20252:2019, Clause 4.1.1) replaces the old scope of certification from ISO 20252:2012 and ISO 26362:2009. The Statement of Applicability, or SoA, is the attestation of the service (or product) capabilities provided by your company to the client and reflects the services to which you will be audited against. As ISO 20252:2019 is considered product or industry standard, a company cannot exclude part of the services they provide simply because they do not wish to certify the quality controls of that part of their business. For instance, a company cannot exclude the data collection processes if they provide those processes as part of their client services. Equally, a company must declare the geographies of their services but in this instance can exclude some geographic locations.

The SoA must include:

  • A description of the total services you provide to a client
  • The geographic area of those services
  • The Annexes in which your organization provides services
  • Any exclusions that may apply

Scope Statement

You need to write a Statement of Applicability that reflects the certification you are applying for.

  • Decide what is included, and what is excluded, from the scope of your system. To do this you will need to review Clause 4 – Core Requirements and each of the six (6) Annexes of the standard and balance this with the activities of the organization that are identified in the standard. This will give you the overall scope. You then need to draft the SoA, which will be reviewed annually before each audit.
  • 80% of normal research activities must be addressed in the scope statement.
  • One off projects for clients that are outside the normal business activities do not need to be included in the scope.
  • Other business services such as strategic or business planning undertaken by the company do not fit into the scope of work.

The SoA cannot be a marketing statement. It must be factual. You cannot use words like ‘best’ ‘most advanced’ or “value added to the client” unless it can be proven and therefore becomes part of your audit.


XYZ Company (legal entity name) is a market and social research organization (insert brief description of organization).

XYZ Company delivers research services to (insert client/industry profiles) throughout (insert general geographical locations).

XYZ Company has elected to include (state research services covered) to be attested to ISO 20252 in accordance with Annexes A, B, C, D, E and F (as appropriate). XYZ Company has elected to exclude (state research services not covered) from attestation.

Details of XYZ Company attested Annexes are described* as follows:

Annex A Sampling including access panels

Annex B Fieldwork
Annex C Physical Observation
Annex D Digital Observation
Annex E Self Completion
Annex F Digital management and processing

*For each Annex, insert a descriptive statement of services provided, including any relevant technical specifications.

Do we have to include all of our services in the ISO 20252:2019 Statement of Applicability?2021-05-05T15:34:01+00:00

The ISO 20252:2019 Statement of Applicability (Clause 4.1.1) replaces the old Scope Statement from ISO 20252:2012/ISO 26362:2009. Basically the answer is YES; however, consider an 80/20% rule. If 80% of your business consists of certain services provided to your client groups, then this is the general scope of your business. Within the revised ISO 20252, subcontracted services are considered within each Annex and are included in the Statement of Applicability. The 20% of your business remaining may include specific project related work for a particular client or clients that are not your normal market research standard operating methodology. These jobs can be left out of the scope of works as long as they do not grow to represent more than approximately 20% of your business. Additionally, some market research companies provide other services such as strategic planning that do not have a direct market research function. This work does not fit within the bounds of ISO 20252:2019 and therefore should not be included in the scope of work.

Can the ISO 20252:2019 Statement of Applicability change?2021-05-05T15:32:34+00:00

As a requirement of ISO 20252:2019, certification clients will be drafting and submitting their Statement of Applicability annually before the scheduled date of the Initial, Surveillance or Re-Certification Audit for review by the assigned CIRQ Auditor. The services that an organization provides can and often does change. When it does, CIRQ must be notified via email and CIRQ shall validate the revised SoA during the following years’ audit. The scope may change when:

  • A company merges with another company
  • New offices are opened (or existing offices closed)
  • New services are provided
  • The business expands overseas
  • Additional expertise is acquired within the business

Note: CIRQ must be informed in writing (email is accepted) if you wish to change the SoA or if the structure of your organization changes. This may impact your audit process and the audit program may need to be adjusted. It is always in the best interest of a company to keep their SoA current and to keep it as full a statement as possible. Therefore, always inform CIRQ as soon as you believe the SoA of your certification could or should change.

If a company operates in several countries, can they be certified in just one country?2019-01-15T20:04:52+00:00

Yes, as long as they cover all of the core processes covered by the scope of business within that country. For instance, if the only data collection function you have is in China, you will need to include China in the scope of services. If you have data collection functions in the US, then you could geographically leave out China in your scope statement.

What is the CIRQ Self-Assessment tool for ISO 20252:2019 and how is it used?2021-05-05T15:32:05+00:00

The ISO 20252:2019 Client Self-Assessment is a unique tool provided by CIRQ to help you do a GAP analysis of your compliance to the standard(s). You simply indicate briefly how your company complies with each clause listed. Your responses will eventually be evaluated by an auditor resulting in a score indicating your company’s readiness to go to the onsite audit. Note: If the scope of your system does not include some section of the audit tool, simply write “Not Applicable”. However, do not write “Not Applicable” simply because you are not following a process that meets the ISO Standard.

How do I start the Client Self-Assessment ISO 20252:2019 workbook?2021-05-05T15:31:12+00:00

Before qualifying to go to audit, companies undertaking ISO 20252:2019 implementation will be required to complete the Client Self-Assessment workbook. There are cases where this step *may* be waived, and CIRQ’s Managing Director will make that determination with the client lead/Quality Manager.

To get started, take a systematic approach to the document:

  • Go through the standard and read it before opening the self-assessment tool
  • Highlight the following words in varying colors (for reference) in the copy of your ISO Standard: “shall”, “procedure or “document”, “record”, “training” or “competence”
  • These words will indicate actions you need to take to comply with the standard. For example, anytime there is a “shall” this is a requirement of the standard.
  • The Self-Assessment tool mirrors the ISO Standard. Now, refer back to the marked-up ISO Standard for Clause 4 – Core Requirements and each applicable Annex, as stated in your organization’s Statement of Applicability, to explain what is needed in that section.
  • Complete Clause 4 – Core Requirements first and then follow with a draft Statement of Applicability (4.1.1). Identify what you have in relation to the requirements from Clause 4 and applicable Annexes and type responses into the space/box available. Self-assessment comments can be and should be brief.
  • It is suggested to assign an “Annex owner” to each Annex that is stated in the SoA to disseminate the appropriate sections to the relevant department and request them to complete the information.

Lastly the Quality Manager should review and fine tune the responses and complete Clause 4 – Core Requirements, as this is mandatory for all certification clients.

What is the difference between processes, procedures, documents and records?2019-01-15T20:06:39+00:00

RECORD is either a document or data that cannot be changed, it represents a finite point, and it is permanent and historical. e.g. a training record, a completed questionnaire, a completed and closed off contract, a completed project, a paid invoice, etc.

PROCESSES, PROCEDURES and DOCUMENTS are information that is changing and/or changeable while remaining under a control mechanism that allows for traceability; e.g. A documented process or procedure can be changed and updated as necessary but should have a form of document control such as date or revision status that shows the changes that have occurred. A contract is a live document until the contract is completed. While the contract is ongoing it can be amended as long as the amendments are traceable. Once it is completed and signed it becomes a Record. A blank template is a document and is in effect the master. Once it has information in it, it becomes a document until such time as the form (or template) is completed and then it becomes a record.

How long does a company have to follow the standard prior to audit?2019-01-15T20:07:04+00:00

At least the core processes should be proven and available for audit prior to undertaking a certification audit. An auditor requires evidence; a documented process that has not been fully enacted cannot be audited and therefore, you would not be ready for certification. However, a process that is only just recently changed but 80% of the process history remains would be considered sufficient to continue to audit. All core processes, such as proposal, report, body of the job, i.e., data collection, coding, analysis, must have a minimum of 3 months history with several projects having worked through the system from proposal to reporting for a system to be ready for audit.

How do I know if my company is ready for the audit?2019-01-15T20:07:29+00:00

First your quality system must be completely documented and have been in place for at least 3 months so that you have RECORDS or EVIDENCE to demonstrate your compliance with the ISO standard to which you wish to be certified. At least some of these RECORDS or EVIDENCE must be available for closed projects. Then when you have completed all sections of the self-assessment form you should submit it to CIRQ for a pre-assessment evaluation and report conducted by a CIRQ auditor. Before you submit the self-assessment, go through it and ensure you have or are creating RECORDS or EVIDENCE for every statement you have made in the assessment. This is your true indication of whether you are ready for a certification audit. A CIRQ auditor will conduct a pre-assessment review against your self-assessment and inform you if it is determined that you are not ready for an audit.

What is key to a successful audit in addition to conforming to the standard?2019-01-15T20:07:55+00:00

Simple compliance to the Standard against your scope of certification is the answer. However, try this Top 10 Key Success Factor checklist as a good indicator of success:

  1. What evidence do you have of top management support of the quality system? Have they been involved; do they understand the system and do they ‘walk the talk’ of the system? On the day of audit, a meeting with the CEO or executive management is essential as part of an audit process.
  2. Is the quality system readily accessible to those who need it?
  3. Have all areas of the business that need to use the quality system been part of its development and have they been appropriately trained in the use of the system from their perspective?
  4. Are records easily traceable? Have all the record requirements of the ISO Standard been addressed?
  5. Have legal and regulatory matters been appropriately addressed in the quality system, and relevant staff trained and aware of their obligations?
  6. Have all the applicable ‘shalls’ in the ISO Standard been addressed?
  7. Have all the ‘procedures’ and ‘documents’ identified as required in the ISO Standard been addressed?
  8. How is the integrity of any software or computer system managed considering the level of risk management required to sustain the quality system and integrity of the service delivery to the clients?
  9. Are responsibilities and authorities clearly delegated throughout the company such that the quality of client service delivery will never be compromised by inexperienced project personnel or lack of cross checking the project work of junior or less experienced staff? What evidence is there?
  10. Is the system audited, reviewed or periodically checked internally to ensure it is working as expected and that it meets the needs of the company? What evidence is there?
How much will the audit cost?2021-10-01T15:52:44+00:00

Depending upon which of the two standards a company may be pursuing for audit and certification, please refer to the following documents. Both documents, when completed, will provide CIRQ the data necessary to provide a reliable cost estimate for an initial ISO 20252 or ISO 27001 audit.

Return the completed forms to Juliana Wood, CIRQ’s Managing Director.

From the time I submit my application, when will I be able to schedule the company’s audit?2019-01-15T20:27:39+00:00

That really depends on the scope of your certification, how prepared you are for the audit and how you progress the documentation throughout the certification journey. We have seen companies be audit ready in 6 months.

Can I pick my auditor?2019-01-15T20:28:07+00:00

There is no objection to you choosing your own auditor amongst the certified CIRQ auditors, however, there are rules relating to auditors’ access to companies where there may be a conflict of interest and also auditor availability and experience. Generally, Auditors are assigned based on experience and availability factors, location, costs, and conflict of interest, etc. If you would like to discuss this matter, please contact CIRQ and your query will be directed to the Managing Director for response.

Can I have the same auditor?2019-01-15T20:28:30+00:00

It is CIRQ’s policy to try and maintain the same audit team with a client for a period of at least 3 years until re-certification is due and then, where practical, a new audit team is appointed. From time to time this may not be possible and in these circumstances, you will be informed of changes in advance and the reasons for those changes.

What are the criteria for an auditor selection?2019-01-15T20:28:57+00:00

We have a list of criteria for auditors when scheduling audits that address:

  • Research experience and match to the client’s services
  • Completion of formal auditor training based on ISO 19011
  • Contractual commitment to CIRQ according CIRQ procedures
  • Geographical proximity
  • No conflict of interest with the company
How do I dispute or appeal the findings? / What if I have a complaint?2021-10-01T16:34:05+00:00

This rarely occurs but when it does the matter is addressed according to a documented process. As a CIRQ client, the Complaint & Appeal Process is outlined in the CIRQ Standard Certification Agreement. For a description of the Complaint/Dispute/Appeal process, please access the link for the FS 2001 Complaint Appeal Dispute form. Once completed, please submit to juliana.wood@cirq.org. You can also access the CIRQ Quality Manual 2021 which details this process.

Can we certify to 9001 with our ISO 20252 system?2019-01-15T20:30:50+00:00

No. CIRQ is not accredited to certify to this standard. Our systems are not set up and we have not gone through the due diligence required to certify to this standard nor will we in the future.

What Audit facilities are necessary on the day of audit?2019-01-15T20:31:13+00:00

On the day of audit, an auditor will need to have sufficient resources to get their job done with as little disruption to the company as possible but also in an efficient and effective manner:

  • Please review the audit schedule and plan as much as possible to have relevant staff available. Where a person cannot be available please nominate a second person where practical. If staff representatives are not available on the day of audit this sometimes extends an audit length as the scope of the audit must be covered in order for the audit to be completed.
  • If there is a spare office or desk, it would be useful to provide this working space to the auditor.
  • If your system has electronically held records and processes are managed electronically, the auditor will need to have access to your electronic systems therefore access, including passwords as necessary, may need to be organized.
  • Please ensure auditors are made aware of the personal facilities such as restrooms and administrative facilities such as photocopier, internet access, etc.
What are the guidelines for use of certification mark [CIRQ Logo] and how does it relate to the scope of certification?2021-10-01T15:51:14+00:00

There are strict regulatory controls around the terms of use of the Certification Mark [CIRQ Logo] once a company is certified to an ISO Standard. Please access the link for the CIRQ Standard Certification Agreement 2021 which provides full details about these requirements. Briefly, the rules are as follows:

  • Certification approval to use the Logo is limited to the scope of audit validated by CIRQ – that is, only those services and sites certified can show any claim through the use of the Logo regarding ISO certification status. This means that divisions, parents, subsidiaries, sister companies and other affiliated companies are not permitted to use the CIRQ Certification Mark [CIRQ Logo] unless they have individually received certification by CIRQ to one or both of the Standards.
  • Certification and subsequent permission to use the CIRQ certification Logo does NOT mean that companies who are NOT members of the Insights Association can use the Insights Association Logo. Insights Association membership and associated rules of use of the Insights Association Logo are quite separate from that of CIRQ and the CIRQ Logo.
  • The CIRQ name and Certification Mark may not be used in any way to suggest product approval, as they apply only to a certification of the certified company’s systems.
  • The use of the CIRQ Certification Mark is subject to annual review based on the successful result of the initial certification, subsequent annual surveillance audits, and a re-certification audit.
  • CIRQ reserves the right to suspend or withdraw a company’s certification if the rules of use are violated in any way.
If a company is merged/acquired, etc., does the certification still stand?2021-05-05T15:52:11+00:00

Yes, it will if CIRQ is notified either prior to or at the time the change occurs. CIRQ will request that you submit a management plan, detailing who is now responsible for the quality system, how the scope of certification will change and how the new structure will absorb the quality system sufficiently to maintain certification standards. Refer to the Core Requirements of ISO 20252:2019. Submit to CIRQ the plan for merging the two company’s quality systems so that your company and CIRQ can prepare for an interim audit (if necessary) or for the next surveillance audit [depending on timeframes]. The Plan should be submitted early within the timeframe of change and allow a 6-month transition period prior to the next CIRQ audit in order to confirm compliance. The earlier the notification to CIRQ, the more lead time CIRQ can provide you for any changes necessary in your overall audit schedule. Within 6 months of the change having occurred CIRQ will need to audit the change management functions and random processes to ensure certification continues.

What if I am not satisfied with the audit or any other process I have experienced?2020-09-21T17:57:41+00:00

The formal process is to lodge a complaint with CIRQ in writing – email is acceptable. Download and complete the FS 2001 Complaint Appeal Dispute form, and when complete, submit to juliana.wood@cirq.org. This complaint will be reviewed and the complaints process followed, as outlined in the CIRQ Quality Manual.

What are the Terms and Conditions for the Audit and Certification Process?2021-10-01T15:49:56+00:00

Please access the CIRQ Standard Certification Agreement 2021 to view the Terms and Conditions for the Audit and Certification Process.

What happens if the standard is updated or changed?2019-05-14T17:05:26+00:00

As of early 2019, ISO 20252 and ISO 26362 merged into the updated ISO 20252:2019. The revised standard includes requirements and removes duplication between the two market research standards into one streamlined and re-structured version. Client communications and transitions are currently in progress, and if you have questions specific to your certifcation, please reach out to juliana.wood@cirq.org.

CIRQ shall give due notice to all certified clients of changes in the standard, as well as any changes CIRQ intends to make in its requirements for certification as a result. The client has up to 18 months to make the advised changes in order to maintain certification.



“ISO greatly improved our processes. Going through project records, there’s a clear demarcation in detail and quality between those before and after ISO certification. Having that extra nuance has been super helpful!”
Jeffrey Hiban, Operations Manager at Reason Research
“We are committed to providing our clients with the highest level of information security and privacy, so we are incredibly pleased to be one of just a few market research companies that have been recognized by this global standard. Our clients can rest assured that their information is in the safe and secure hands of our expert teams.”
Allen R. DeCotiis, Ph.D., Chairman and CEO of Phoenix MI
“While we already operated to many of the standard’s requirements, securing the ISO 27001 certification assures our clients that the work we produce is being executed with rigorous quality processes and security controls in place, demonstrating our commitment to information security.”
Scott Spry, Chief Operating Officer of Phoenix MI
“We embarked on this certification process to ensure we had in place the requisite safeguards to protect our data and our client’s information. While we have always made information security a priority, in applying the ISO 27001 standards we have found tangible benefits in formalizing our data protection processes and the less tangible value of a company culture infused with an even greater level of caution and awareness.”
Wayne Marks, President, Hansa|GCR
“We are very proud of our ISO 27001 certification as it reflects Acuant’s mission of creating trusted transactions by showing our dedication to data privacy and protection of personally identifiable information (PII). As a customer-centric company, we look to establish trust and transparency with our partners and view this certification as part of that ongoing commitment.”
Yossi Zekri, President and CEO, Acuant
“M3 Global Research hears very positive reviews on the quality of work performed and it is attributed being ISO certified as the company and all teams follow best practices from ISO 26362 standard.”
Angelina Yatsenko, Quality Manager



    Call Juliana Wood at 202-370-6318 for more information about CIRQ.

    CIRQ is a non-profit entity formed to provide audit and certification services globally to research firms in order to assess their compliance with ISO 20252:2019 and ISO/IEC 27001:2013 and make a determination regarding certification.

    For More Information Contact: 

    Juliana Wood
    Director of Certifications / CIRQ

    Go to Top