Meet a guy you’ve never heard of who is claiming to have invented the wheel, Glyn Hughes of Eryri Consulting Limited. Hughes is a Welsh ISO consultant with a background in health and safety, and for those of you waiting for Welsh jokes, well, they write themselves so I don’t really need to go there.

Hughes announced the launch of his management system software program ISOAIConsultant (I guess it’s one word?) which appears to be fairly run-of-the-mill attempt at using a lower-tier Gemini-powered AI chatbot to pump out a set of procedures using pre-baked templates.

Bell Meet End

Hughes has been pretty much a dick in his marketing, insisting that his program is so unique that everyone else is “scared” and “worried” about what a “global disruptor” it is.

Sometimes, people are not afraid of your product, because the product actually sucks, Taffy. This would be that.

You see, Hughes really doesn’t know what he’s talking about and the product reflects that. I’ll get that all that in a minute, but he mangled the name of ISO on his website (“International Standards Organization“), and repeatedly lied about the content of the upcoming ISO 9001:2026 standard, insisting the new version adds requirements related to AI and “digitalisation,” even thought that has been entirely debunked. He doesn’t care, though, and is leaning into the lie with all his body weight in order to sell his AI product.

Where Hughes really reveals his true scammer colors is in his repeated claim that he landed some deal with Perry Johnson Registrars and their UK branch, Perry Johnson Registrations UK. Hughes claims that PJR offers users of his software an “exclusive discount” on certification. Have a look:

Now, remember, this is the guy who is insisting he’s smarter than everyone else in the room and that anyone calling him out on his bullshit is “scared” of him. He apparently never read this clause in ISO 17021-1. It not only prohibits PJR from offering a “discount” to any specific consultancy’s clients, but forces them to take action to stop Hughes from saying so:

Now, just to make sure I wasn’t talking about of turn, I did what any level-headed guy would do, and called the CEO of PJR in the United States, Terry Boboije. He knew nothing of the deal with this guy, and confirmed they don’t offer these deals. I then wrote to the head of PJR UK, Tom Wheat, and he said he’d look into it. He never wrote back, but I found that the claims disappeared from Hughes’ website, so I guess we know how that ended.

Pantsed!

Oh, but Hughes’ AI dashboard still has a reference to PJR on it, which I assume he didn’t catch yet, but we can expect that to disappear in a few days, too.

So, either PJR never made this deal and Hughes was lying about it the whole time, or Hughes and Wheat (or someone) forgot to read ISO 17021-1 and bungled this thing. Once again, Oxebridge has to do the heavy lifting and fix this stuff.

By the way, if these deals are allowed now, and the IAF has just stopped enforcing ISO 17021-1, then I want them, too. Just wait for a CB to offer my clients a discount and see how fast ANAB and UKAS cry foul. There’s no way I am going to allow other consultants to get them if Oxebridge client can’t. If everyone wants to break the rules, that means I get to, too.

AI Slop For Those That Like That Kind of Thing

So is the software shit? Why, yes, it is.

Now, before he screams that I hacked his site or some other paranoid nonsense, he insisted that everyone, including his critics, take the thing for a free spin, so I did just that. Again: he invited critics to kick the tires on this thing, and I took him up on it. Take a look at this thread, for one, where he is begging with his critics to try the software.

There are problems.

First, even after selecting whether your company offers products or services, the template Quality Policy injects template text that insists you do both, ignoring your input. Likewise, after selecting t he standard you might want to apply, it offers up policies for all four standards supported by ISOAIConsultant (again) making your entries pointless.

Hughes’ defense, of course, will be that it’s your job to edit these things, but if AI can’t get that much right, it’s off to a bad start.

For Hughes’ approach on processes, it’s a primordial mess. the software prompts you to create a “process” for each clause of the given standard, and only one clause per process. You click a few buttons, hit “AI Generate,” and it then pumps out a procedure — not a process — so it’s clear Hughes doesn’t understand the difference.

At least it’s supposed to generate a procedure. I immediately got an error saying Gemini failed to parse the request.

On the second attempt it worked, and threw up a big old disclaimer saying “AI-generated content may contain errors, omissions, or inaccuracies that require human review.” The resulting procedure was lacking, though, since it included a process flow chart that the AI didn’t populate at all. There’s no guidance on how to edit it, either, since it’s not clickable. There is a painful interface to edit the text of each map icon, but requires you to know “Mermaid syntax,” which is not something any normal user would know about.

I noticed that the map only gets populated if you close the procedure and re-open it, so that’s not great. Worse, the map content is based on the template procedure text, so if you want to edit anything, you will have to do it in two places: the text and the map (using the weird Mermaid coding interface.) Not ideal.

The procedure text generator force-injects staff titles like “Quality Manager,” “Operations Manager,” “Compliance Officer,” and “Team Administrator,” even if you don’t use those titles in your company. More editing!

Then, Gemini goes nuts on the level of detail, writing a procedure that requires steps wholly not required by ISO 9001 at all, like PESTLE, SWOT, a Context Issues Register, and more. The only bit of customization I saw was insertion of your company’s scope of work, which you enter at the beginning. Companies using these procedures without heavy manual rewriting will be in for a world of hurt.

Then, the procedure (which, again, he calls a “process“) inserts record retention requirements without asking you anything about them. It looks like some of these defaulted to either 5 years or 7, and it’s not at all clear why. Another said, “as per regulation + 3 years” without explaining where that requirement came from.

Again, Hughes will defend this by saying you have to manually edit it. Here’s the problem, though: each document produces this list and their not connected. So you have to edit record duration in every single procedure, rather than in one place. And, remember, he wants you to write 28 of these, one for each major ISO 9001 clause (at the x.x level).

In truth, you will spend more time editing the AI slop than if you just created the thing from scratch; I say that while invoking my First Amendment, Constitutionally-protected opinion, of course. Masochists may love this stuff.

There’s a KPI generator that (in my trial anyway) spit out six generic “objectives” and then about a dozen “KPIs” none of which were connected to actual processes, so screw that whole process approach. Hughes really does not understand the basics but, in his defense, neither do the authors of ISO 9001, so this might be a moot point. Makes a shitty QMS, though. The software seemed to want to assign KPIs by ISO 9001 clause, which is a weird interpretation I hadn’t seen before.

Other random notes:

  • Hughes claims it has supplier controls, but all I could find is management of supplier surveys. This is not a full ERP system.
  • His corrective action module only includes filing of nonconformities and OFIs, no preventive action module. Hughes doesn’t know what he doesn’t know. You’re also able to enter NCRs without filling in all the fields, like root cause, which will leave a lot of records corrupted from the start. I wonder if his AI audit tool catches that?
  • Includes a “Legal Register” which Gemini populated and the results were … lacking. It also (weirdly) included ISO 9001 as a “legal” requirement, which it is not.

Frankly, I gave up at that point because I saw enough.

Data Security? Who Knows?

There are some creepy elements, as well. The software wants you to enter a full list of your clients with their contact info. It’s not clear why you need to enter this, but it hands Hughes all your customer’s contact info, so that should end well.

If you want to find out what he’s doing with the data, tough luck. This ISO 27001 expert doesn’t know how to get a PDF link to work on his website, so if you click the “Information Security Policy” on the site footer, it’s a dead link. I think it’s because the genius titled the PDF with a host of additional punctuation marks; filenaming documents is goshdarn hard.

Hughes mentions the EU AI Act not at all, so presumably he does not comply with it.

The cost of the thing is between $67 to $167 a month, depending on how many ISO standards you want it to cover and how much support you want. He then has a Global Consultant network if you want human-in-the-loop support, but it’s just a register of consultants who pay him £50 a year. There’s no requirement that they are actually trained on ISOAIConsultant, so I am not sure how they will offer any consulting or support for a program they don’t know how to use.

So, yeah, I’m very scared of him. How do you say “sarcastic eyeroll” in Welsh?

 

Advertisements

Free ISO 9001 Template Kit