Section 5: Adoption of standards and risk assessments

This section states the steps that need to be taken to incorporate the standard into a policy or regulation.

Assistance from standards and conformance infrastructure

Departmental policy officers should liaise with standards and conformance bodies early in the adoption process. Each organisation can assist policy officers to ensure that the standards and conformance frameworks being applied are contributing effectively to the intended policy and regulatory objectives. The website of each organisation can be found at Annex A or alternatively the Trade Facilitation team can be contacted for further information at

Choosing policy or regulatory framework

For a standard or risk assessment to be effective in policy or program, it needs to be adopted within a policy or regulatory framework. The selection of the most appropriate policy or framework needs to be supported by the associated RIS for the proposal.

Frameworks that can be used include:

  • referencing a standard or risk assessment in an Act of Parliament or a regulatory instrument which would make its use mandatory;
  • referencing a standard or risk assessment within an Act of Parliament or regulatory instrument as a ‘means of compliance’, which does not prevent the use of an alternative method providing that it meets the specific criteria;
  • using a standard or risk assessment in contracts that outline conditions with suppliers;
  • using the technical information within a standard or risk assessment and incorporating this into guidance material.

In selecting the appropriate framework, policy officers need to make a determination as to whether the chosen standard or risk assessment should be mandatory or voluntary. Standards and risk assessments are voluntary documents and only become mandatory when contained in legislation or regulation.

Referencing of standards

It is important that policy officers correctly reference the chosen standard or risk assessment. The referencing of a standard or risk assessment is crucial as this is the main means of identification for stakeholders. There are three different aspects to consider when referencing a standard to support a policy or program. Policy officers should work through each aspect detailed in the following figure to ensure proper referencing.

Policy officers can also gain more information on how to reference a standard correctly in Annex F of this guide.

Figure 3 - Referencing considerations for standards and risk assessments

Is the standard properly identified?

The chosen standard should be properly referenced in all supporting materials in a prominent position so that it can be easily identified by stakeholders.

Will the standard be dated or undated?

Departmental policy officers need to consider whether the chosen standard will be ‘dated’ or ‘undated’. If a standard is ‘dated’, it refers to a particular version of that standard, which may need to be monitored to ensure it does not lose its currency. If a standard is ‘undated’, it refers to the latest version of the standard, therefore it may be subject to change over time.

Will the standard be adopted fully or partially?

Policy officers should consider their intended policy or program outcome and ask whether it would be best met by using the standard as a whole or only specific parts. Policy officers should consider the ramifications of not adopting the standard as a whole, as it may impact the technical integrity and understanding of a standard.

Assessing compliance with a standard

A risk assessment or conformity assessment involves a set of processes that shows that a product, service or system meets the requirements of a standard. The main forms of conformity assessment activities are testing, certification and inspection. Policy officers need to consider if and how stakeholders will demonstrate their performance towards the chosen standard. The ability to monitor compliance will have important implications for the success of policy and program outcomes.

The type of conformity assessment that should be used will depend on the outcome required, the level of risk associated with products and service quality and the views of stakeholders. There are two different forms of certification: ‘product certification’ or ‘system certification’. As implied, product certification refers to conforming that a specific product complies with the relevant standard or risk assessment and is fit for purpose. System certification, confirms that specific management activities within an organisation comply with the relevant standard or risk assessment.

The desired policy or regulatory outcome will determine which form of certification is appropriate if required.

Not all outcomes will require testing, inspection or certification. In circumstances where there is a relatively low risk to quality, safety and security, a presumption of conformity or a supplier’s self-declaration can be used. Policy officers need to give consideration to how, or in what form, will conformance be required, monitored and collected. Further thought should be given to the consequences that will be applied if conformance has failed to be met.

Guidance materials

For the chosen standard or risk assessment to be effective and achieve the desired outcome, its content and requirements need to be fully understood by stakeholders. To ensure that the technical content of the chosen standard is fully understood, policy officers should explore the extent to which additional guidance materials need to be provided.

Share this Page