Under current accreditation rules, the Accreditation Bodies (ABs) such as ANAB, UKAS, DAkkS or RvA have no responsibility to publicly list the reason they temporarily suspend, or permanently withdraw, a given certification body’s accreditation. They simply update the list of their CBs with a cryptic note that the CB was “suspended” or “withdrawn,” without giving any explanation, and then they bury the information in some obscure corner of their website. Unless you know to look for it, you won’t find it; unless, of course, you’re the unlucky client of one of these CBs, and wake up to find your certificate is either temporarily or permanently meaningless.
If you needed more evidence that the IAF-signatory ABs are beholden to no one other than the large registrars they accredit, well here it is. If the ABs were truly in the service of industry and the public, as they claim, they would offer transparency about the performance of CBs, including indicating a rationale for why a given CB’s clients suddenly find their certificate is worthless. As it stands now, there are no rules forcing ABs to make formal explanations, because the CBs and ABs write their own rules by way of their dominance on the ISO CASCO committee that writes ISO 17021 and ISO 17011.
Of course this really comes about because ANAB and their IAF pals are terrified of being sued by the CBs, like BSI or LRQA or SGS, because the CBs have better legal teams in place; it’s not uncommon for a given AB to have no permanent in-house legal counsel at all, in fact. The fear comes from the fact that if an AB announces the reason for a CB suspension or withdrawal, they face defamation and antitrust lawsuits from the CB named, and even if such lawsuits are frivolous or later thrown out of court, the particular AB is going to have to spend a lot of money on attorney’s fees before any conclusion is met.
Punish the Victim
This is all bass-ackwards, of course. The ABs exist only to enforce the rules and support the public by ensuring the trust and validity of CB-issued certificates; anything less means the entire system is one big money-sucking machine designed to put money into the pockets of the parties themselves, with “policing” not even being considered as a true responsibility. The fact that the ABs routinely kowtown to the CBs they are tasked with overseeing is an international disgrace, and the WTO should be citing the nations involved for gross violations of trade regulations, and savvy class action lawyers should be mounting massive, punitive class action suits.
For example, perhaps a CB is de-accredited for a minor offense, such as failing to pay the AB fees on time. Their clients have a right to know that their ISO 9001 or other certificates will be safely maintained as soon as the CB pays its bill, which can just be a month later. In such cases, clients might weather it out, and wait.
But now let’s say the CB is de-accredited for some more serious offense, like corruption or violations of ISO 17021-1. The clients of that CB have the right to know that it’s unlikely the problem will be resolved quickly, if at all, and that they should start shopping for a new registrar before their certificate expires.
In all cases, the ABs simply dodge responsibility and pass it down to the victim — the users of ISO 9001 — to let them flail around and suffer like flounders on a floormat. It’s not uncommon at all for clients to literally lose their certification because the three-year expiration date was breached while some idiot CB was resolving a problem with their AB; the CB and AB don’t care, but the client now has to undergo a pointless “start over” by applying for an entirely new ISO certification, from scratch. The ABs will break and bend the rules to suit their CB cronies, but will never give leniency to a victimized client by allowing an extension of the three-year expiration.
This point proves just who the ABs view as their real customers: not the public, who relies on ISO certifications to be valid and trustworthy, and not the certified client orgnaization, who pays for the entire mess. No, it’s their Certification Bodies, who pay the ABs and then hold them in constant fear through the threat of litigation or simply “accreditation body shopping.” If BSI doesn’t like how ANAB treats it, it simply moves back to UKAS (as it did recently.) If UKAS gets out of line, BSI can go back to ANAB or switch to RvA. It doesn’t matter to BSI, but it reduces the entire certification scheme to parody.
(My sources tell me BSI is considering abandoning all accreditation entirely, and hoping they can survive on their reputation alone. The ABs — stunningly — don’t see this coming, and it’s the inevitable result of continually rolling over in fear. The only thing holding BSI back from this move, I’m told, is certain relationships it has with the UK government, and the legal entanglements therein.)
The User’s Perspective
As reported recently, LRQA was slapped with a total suspension from Dutch AB Raad voor Accreditatie (RvA). We don’t know why, and neither RvA nor LRQA is talking, despite a promise from both organizations to get back to us on it. They don’t have to speak, and if any of them admitted the reason, the other party would quickly be calling lawyers. Heck, both of them are probably scrambling to see if there’s some legal action they can take against Oxebridge simply for reporting the news.
But what of LRQA’s clients? Should they be shopping around for a new CB? Should they wait? The only ones with a clock ticking are the clients, who have a three-year expiration data to obsess over. RvA and LRQA should be clearly communicating to them, and the public, as to the status. There’s ways of doing this without revealing any of LRQA’s proprietary data, too.
Recently in the US the registrar Bureau Veritas was suspended by ANAB; again, no reason was given, but only because a number of Oxebridge clients were impacted do we have a partial story: BV was doing something shady related to transfer of new clients who were coming from other registrars. BV is now forced to offer free re-audits to any clients caught under those conditions (recent transfers to BV), but BV isn’t compensating the clients for the time or expenses associated with hosting another redundant audit. One of my sources told me his expenses just to act as Management Rep for the audit (to escort the auditors) will cost the company over $10,000 because it requires international flights to multiple company locations; that doesn’t factor in the lost time and productivity of those tasked with schlepping the BV auditor around and feeding him donuts. Frustrated, the company is now likely going to dump BV entirely, and change registrars again.
The IAF-managed CB/AB scheme is hopelessly broken, corrupt and conflicted. It must be investigated — there’s some potential fraud there that may breach the law into criminal activity — and then shut down. The problem is that the only structure ready to step in and replace it is the ad hoc “certificate mill” industry, comprised of companies that just print certificates and send them by mail, often without any audits at all. That would be trading “professional corruption” for “amateur corruption,” and it’s not a healthy choice.
Instead, an independent oversight body must be formed to oversee the Accreditation Bodies, one that does not receive funding from the various parties audited except for the payment of audit-related expenses. The CASCO rules must be amended so that accreditation is contingent on adherence to them, and so that “accreditation body shopping” is made impossible: if you are de-listed by one AB, you cannot obtain accreditation by any other signatory, period. Contracts must be updated to ensure that no blowback litigation can be launched when revealing information about accreditations is done for the public interest. And those ABs who abandon accreditation as a result must be publicly shamed and have any contracts or allowances awarded by their national governments immediately cancelled.
Next, when a CB is suspended or withdrawn, a detailed rationale for the decision must be clearly and prominently published by the AB, so that both the CB’s clients and the public can make informed decisions on how to react. This would simultaneously encourage CBs to more carefully adhere to accreditation rules, since failure to do so would result in the public knowing about it.
And finally, for God’s sake, the WTO needs to sanction ISO for its refusal to adhere to its own rules regarding developing voluntary consensus standards, by allowing CB reps and consultants to dominate its committees, including those in CASCO who continually dilute the rules to benefit registrars.
Want more insight into the inner workings of the ISO certification scheme? Purchase Surviving ISO 9001:2015: What Went So Wrong with the World’s Foremost Quality Management Standard and How to Implement It Anyway.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
