In yet another example of just how corrupt the ISO scheme has become, the Ethiopian Accreditation Service (EAS) has closed a complaint against the ISO certification body QCC without any action. Despite documentary evidence, EAS claimed the complaint was not substantiated.

To bring you back up to speed, the complaint was filed by both Oxebridge and a representative of an official accreditation body in Nepal. The allegations were that QCC issued an “overnight” ISO 27001 certification to the AI company, Thalamus. While Thalamus claims to be located in San Francisco, the ISO 27001 certificate listed the company’s HQ as an address belonging to an entirely different organization in Delaware. QCC did not even know what address they were alleging to have audited.

Upon filing the complaint with QCC, the head of that CB, Ram Kala Verma, had a meltdown. He initially called the complaint “stupid,” but was not about to stop there. Verma created a fake email that he claimed came from me, demanding that he pay me $ 1,000,000 to drop the complaint. Despite Verma putting my name on the fake email, it was sent from an Indian scam email address, not an actual Oxebridge address.

Verma kept going, apparently losing what little mind he has. He then created a number of photoshopped images using my photo, accusing me of being an extortionist. Next, he launched an entire website to publish the same claims and post my photos. That was later picked up by the Filipino drag queen Zyrus Allado Oyong of another certification mill, Bluestar Certification Management, who has been helping Verma in his defamation campaign. The two of them started spamming LinkedIn posts and DMs with the false claims.

BlueStar’s CEO Zyrus Allado Oyong dancing with his collection of Hello Kitty dolls.

Again, all of this is criminal. In both the Philippines and India, defamation is a criminal act, not simply civil. Both Verma and Oyong could face prison for this level of defamation.

The EAS, however, was unmoved. While admitting that Verma’s response was not entirely ethical, EAS CEO Bonsa Negera chose not to do anything about it.

EAS said they verified the audit of Thalamus, even though they only verified records provided to them by QCC itself. Anyone familiar with scammer CBs knows that they often create fake audit reports to pretend they showed up; the trick is as old as ISO itself. Instead, EAS should have spoken with Thalamus, but they did not.

EAS also dismissed the fact that the ISO 27001 certificate lists an address not even used by Thalamus. We still have no idea exactly where Thalamus operates out of. EAS did not care that QCC had no records of where they actually conducted their alleged audit.

And, so, once again, we have an IAF member accreditation body refusing to enforce ISO 17021-1 and giving a free pass to a certification body engaged in open criminal behavior. Thalamus, meanwhile, will continue to claim ISO 27001 conformity and might even get some government contracts. All of this is fraudulent, but the IAF cannot be bothered to make sure anyone sticks to the rules.

This comes as the Cyber AB did the exact same thing in response to a complaint filed within the CMMC scheme. In that case, the AB found the CB did not follow procedures on impartial complaints handling, but then did nothing about it. In that case, the CB accused me of criminal social engineering and called on the FBI to arrest me.

To date, nobody has retracted any of these false claims or issued an apology. I’m still on the fence whether to have Verma and Oyong arrested; it will cost me some money, and I’m not sure anyone — so far — even cares what these balloon-knots post anyway. It may not be worth the money, and all these guys are broke, so I’m not about to collect any damages from them.

This is what passes for an “impartial and objective” auditing scheme.

Advertisements
Traditional Tri-System