LRQA Responds to Official Complaint With Lawsuit Threat

Earlier this month, we reported a story entitled “LRQA Granted ISO 9001 Certificate to Company It Never Audited.” We followed this up with a formal complaint to LRQA on the matter. LRQA responded to Oxebridge by threatening a lawsuit on the grounds of libel.

Prior to the original article, Oxebridge was contacted by a customer of the company Hoerbiger Kompressortechnik, who revealed that a certificate bearing the LRQA logo (see right) had been submitted to his company, by Hoerbiger Hungary, in order to gain a contract. This representative — who, to date, has asked to remain anonymous — researched the certificate and found that the company was not, in fact, certified.

The customer provided us emails between himself and LRQA’s Central Europe Area Manager Bjoern Mueller which seemed to confirm the story that LRQA had issued the certificate.  On November 3, Mr. Mueller responded:

All LRQA certificates are issued in line with company procedures, which have been independently audited and accredited by  over 50 accreditation bodies around the world.  Also, our investigations into this incident are based on the processes that have been sanctioned by these accreditation bodies, in line with ISO 17021.

On September 3^rd, we responded to your initial concerns by confirming that the ISO 9001 certificate in question relative to Hoerbiger Hungary Kft was not a valid LRQA certificate.  In parallel, we had informed the headquarters of our client Hoerbiger of this situation. Following their own internal investigation, Hoerbiger requested that LRQA undertook an ISO 9001 assessment at Hoerbiger Hungary Kft to ensure this particular site’s compliance with international quality management system ISO 9001.  This process has been completed and their certificate is now valid along with the other Hoerbiger sites.

(ISO 17021:2011 is the international accreditation standard under which LRQA is accredited, and which provides the rules for conducting 3rd party conformity assessment to ISO 9001. Under that standard, audits are required before any ISO 9001 certificate can be issued. )

Based on that email, we assumed the following was true:

• LRQA did not conduct an internal investigation of its own, but instead off-loaded this back to the customer,
• The customer ascertained that their certificate was not valid, and they requested an audit to bring them into validity.
• LRQA conducted that audit, and the certificate was “now valid” per Mr. Mueller — indicating it had not been before.

From those points, we ran the story that LRQA had issued the certificate without proper auditing. At the same time, Oxebridge escalated the matter to LRQA, as an official complaint under ISO 17021, and requested corrective action.

On January 22nd, LRQA responded by sending anonymous email threatening legal action against Oxebridge for making “false and libellous statements.” The email came with an unsigned attachment, which gave a different account of events, confusing the matter further. According to the anonymous report:

In relation to the Hoerbiger Hungary Kft site, we can confirm that this location was originally part of LRQA Certificate number VNA0004741/A, …  until April 30, 2013, when, along with a number of other locations, Hoerbiger Hungary was not continued as part of the certification. Prior to April 30 2013, Hoerbiger Hungary was periodically audited throughout the certification period in line with our accredited assessment process.

In October 2013, following a successful audit, Hoerbiger Hungary, as a separate entity, received LRQA certificate number VNA6018699, which is only valid for the stated location. On-site visits in connection with this certificate were carried out on October 11, 2013 and October 31, 2013.

Therefore, Hoerbiger Hungary did not have an ISO 9001:2008 certificate from LRQA between May 1st and October 31st, 2013.

In response to the LRQA certificate that showed Hungary as having an active certification through until 2016, LRQA’s representative said, “we can confirm that this did not originate from LRQA.”

You can read the full LRQA response here. (PDF)

LRQA then demanded the reporting be pulled, and threatened a lawsuit:

As the evidence presented here clearly confirms, your allegations in relation to LRQA’s issuing of a certificate to Hoerbiger without undertaking an audit are entirely false. Based on this fact, we must insist that you remove all such false and libellous statements relating to LRQA from your website as soon as reasonably possible and by no later than the 27th of January 2014. Please note that in order to safeguard our reputation we reserve our rights to take any further legal action against you as we see fit without further notice should you not comply with this demand, or if you continue to defame us through any medium whatsoever. Please note that upon your immediate removal of all false and libellous statements as set out above, we shall consider this matter closed.

Oxebridge wrote back to the anonymous sender, using the email provided (“enquiries@LRQA.com”) and asked for a clarification on the two apparently contradictory accounts of Mr. Mueller and the anonymous sender. We also demanded a signed copy, as courts will not recognize a deadline issued by an anonymous email sender.

Without an answer, we escalated the problem to Jim Harrison, of LRQA’s Legal Department, and demanded a signed copy of the request be sent. On January 24th we received a signed copy from LRQA EMEA Business Manager Denis Ives. Mr. Ives provided no explanation for the disparities between his account and that of Mr. Mueller, and instead reinforced the lawsuit threat. As of this publication date (January 27th) Mr. Ives has still not provided an answer.

The “valid” certificate issued by LRQA after the exposure is shown at right, and dated October 31, 2013. Oxebridge has confirmed that the fake certificate was created by “photoshopping” the dates and signature portion of a valid certificate over the body of a previously expired one.

While Oxebridge wants to make it completely clear that it no longer appears that LRQA issued a certificate for a company it did not audit, and has thus issued this corrected article, clear problems remain in place and have gone unanswered by LRQA.

For one, the dates appear to show that the error sat unnoticed by LRQA — and unreported by Hoerbiger — for five months. Worsening matters, the Hungarian Hoerbiger office was intentionally attempting to gain access to at least one major contract by knowingly submitting the false certificate during a bidding process; at no time did anyone in the Hoerbiger Hungary office volunteer to undergo an ISO 9001 audit until the issue was reported by the customer.Then there is LRQA’s response. When responding to the original complaint by Hoerbiger’s customer, it is not clear if a formal internal corrective action was filed, per ISO 17021 rules, since no evidence was provided. If such a corrective action was taken, the result appears not to have addressed the root cause, which is how the counterfeit certificate was released into the supply chain. Furthermore, the email from Mr. Mueller indicates that LRQA shifted the responsibility for investigation to its client, Hoerbiger, rather than conducting one itself. ISO 17021 clause 9.8.2 requires that, “upon receipt of a complaint, the certification body shall confirm whether the complaint relates to certification activities that it is responsible for and, if so, shall deal with it.” It does not allow the Certification Body to delegate the investigation to the client.

The Ives version of events lacks any mention of the customer complaint, indicating that a new audit was just conducted in October, apparently not driven by any complaints whatsoever. Whether this is true, or whether Mr. Ives just left that part out of his explanation, is not clear.

What is very clear, however, is that rather than provide a rational explanation that clarified the two accounts (of Mueller and Ives), and allow Oxebridge the time to correct its reporting, LRQA jumped immediately to the threat of a lawsuit, apparently without even advising Mr. Harrison’s Legal team at LRQA. This sends a chilling message that LRQA will threaten to sue complainants rather than abide by the spirit of ISO 17021, which says:

4.7 Responsiveness to complaints

Parties that rely on certification expect to have complaints investigated and, if these are found to be valid, should have confidence that the complaints will be appropriately addressed and that a reasonable effort will be made to resolve the complaints. Effective responsiveness to complaints is an important means of protection for the certification body, its clients and other users of certification against errors, omissions or unreasonable behaviour. Confidence in certification activities is safeguarded when complaints are processed appropriately.

The question now becomes one of the counterfeit certificate. Per ISO 17021, part of every CB audit includes a mandatory review of proper usage of the registrar’s logo and accreditation mark. Since we know LRQA had been informed of the counterfeit certificate as early as August 2013, how did it conduct a registration audit in October of 2013 and not raise issues with the fake certificate being sent out as part of a bid request?

Oxebridge is formulating a new complaint based on this question, and will escalate to UKAS if a suitable answer is not forthcoming.