The IAF is about to have a few very bad days.
If you recall, the FBI arrested AINet CEO Deepak Jain, who is now indicted on criminal charges related to fake server certificates he used to get a lucrative contract with the SEC. (Yes, he is alleged to have made false claims to the Federal agency that investigates false claims.) I then investigated and found out that AiNET’s various ISO certificates — including one for ISO 22237, which is for AINet’s servers — were also fake.
Now, a fully accredited Egyptian certification body named OSS Middle East Certifications has magically produced three valid ISO certifications just 48 hours after I revealed to the parties that the fake certs would likely result in more charges against Jain and AiNET.
Here’s what now appears in IAF CertSearch, but which didn’t just a few days ago:
Here’s the timeline:
- October 17th:
- I uncover press releases and other materials published by AiNET claiming they hold multiple ISO certificates. (Here, here, here, for starters.)
- I search IAF Certsearch, and no certificates for AiNET appear, suggesting the certs held by AiNET may be fake.
- I write to AiNET and ask for copies of their ISO 9001, 14001, 27001, and 22237 certificates. AiNET representative Neha Jamil writes back to point me to a website run by a certification body “Inspection Board” to verify their certificates. Jamil does not provide any actual PDFs of the certs.
- I verify that Inspection Board is not accredited by anyone and is a fake Egyptian certificate mill.
- October 18th:
- I speak to Inspection Board’s President, Mohamed Ellethey, who admits IB is not accredited. To explain how IB in Egypt performed audits of AiNET in Maryland USA, Ellethey first claims he did virtual audits. When told that ISO 22237 requires on-site audits, he changes his story and says the audits were done on-site by a “subcontractor.” When asked to name the subcontractor, he refuses and cuts off communication.
- October 19:
- Ellethey wipes his LinkedIn profile, removes all mention of Inspection Board, removes his photo, and even changes his last name. He blocks me on LinkedIn.
- October 20th:
- IAF Certsearch suddenly is populated with three certificates issued to AiNET by OSS Middle East of Egypt. These claim to be fully-accredited by EGAC, the Egyptian accreditation body known for widespread corruption and false practices. The certificates are for ISO 9001, 14001, and 27001.
Now, there are only two ways that AiNET could have obtained accredited ISO certificates from OSS only 48 hours the parties confirmed the only certs issued to AiNET were unaccredited and issued by Inspection Board:
- OSS performed a magical audit of AiNET in Maryland — from Egypt! — against three standards, did all their audit review and certification conformity checks, issued certificates and uploaded them to IAF CertSearch in only 48 hours. This is impossible.
- OSS took the fake certificates issued by Inspection Board and put the OSS and EGAC logos on them, turning them into “accredited” certificates without any audits at all. They may have then created fake audit reports behind the scenes, should EGAC start asking questions.
So, the only explanation for the sudden appearance of accredited certificates on CertSearch is either magic or fraud. You pick.
Here is where things get dicey for IAF. Whereas prior to my communications with the parties on October 17 and 18, the IAF might have claimed — truthfully — that they had no idea about any of this. So, too, could EGAC and the IAF regional body ARAC. For sure they didn’t know anything.
But because Ellethey apparently called a buddy of his over at OSS Middle East, and OSS decided to help cover up Jain’s alleged crimes, now they all know. Beause I filed a complaint immediately upon finding out about the new certs in CertSearch. So they are all informed, and can’t pretend to be ignorant anymore.
There are two possible criminal acts here, one past and one future. If Jain and AiNET mentioned their fake Inspection Board ISO certificates in their bid proposal to the SEC (the contract that Jain was arrested over), then this adds more charges to Jain under the False Claims Act and other laws.
The future crime is this: if AiNET now uses the equally-fake certificates issued by OSS when bidding on new contracts, then it means new crimes will have been committed, and more people — like Neha Jamil — can get arrested, too. (Except Jamil is probably safe, since she’s apparently in Pakistan.)
So the efforts by OSS were clumsy and ham-handed and actually made things worse, not better, for everyone.
Because of my formal complaint, the IAF is obligated — under US law — to take action to prevent the OSS fraud from spreading. The IAF exists to ensure the validity and trust of ISO certifications, and if certs are being produced overnight to try and cover up a crime, the IAF is entirely within its rights to step in and stop it. But the IAF likely won’t, and instead will cite “procedures” which say complaints must first by OSS (in Egypt), then EGAC (in Egypt), then the IAF regional body ARAC (in Morocco) before it can take any action.
That may be in IAF’s procedures, but it doesn’t mean IAF is crippled against taking pre-emptive action to prevent a crime from happening, especially since that’s literally what they allegedly formed themselves to do. When it comes to an alleged crime, any company can — and has a legal obligation to — do things that sit outside its procedures. There is nothing stopping the IAF from taking appropriate action to ensure that its brand and reputation are maintained, and certainly to protect its officers from being hauled away to jail for being complicit.
The FBI won’t go after Ellethey or the people in Egypt at OSS. They won’t go after Hussein Fawzy, the corrupt head of EGAC, or the people running ARAC in Morocco. They will go after the US company that is supposed to ensure that these certificates are real and valid before uploading them to the database that they run. And that means Victor Gandy. The FBI headquarters is within driving distance from IAF chief Victor Gandy’s home in Virginia. They can arrest him and be back for lunch.
So, now, Gandy is in hot water. Because he already acknowledged receipt of my complaint, and is fully aware of the past alleged crimes by AiNET, and the possible future ones. He knows there is no way OSS produced these certificates in 48 hours under valid means.
But Gandy also thinks he’s above the law. He has refused to comply with US law before, while quoting “procedures,” so this should be interesting to watch.
The irony is that the solution is so simple. The IAF needs to merely remove the OSS certificates issued by AiNET from CertSearch. They control the website, so they can do this in minutes. Then, they can — silently and behind the scenes — communicate to OSS, EGAC and ARAC that they want the AINet certs pulled for being tied to an ongoing criminal action within the US justice system. They don’t need to explain anything to anyone. They are the top of the pyramid, for heaven’s sake.
What does the IAF think is going to happen? That the Egyptians are going to sue them in US courts? Of course not. These people are not going to step foot in the US and risk getting arrested themselves. Why do you think Ellethey wiped his LinkedIn profile?
The IAF can start working to ensure the trust and validity of accredited ISO certifications, or they can continue doing what they do now: the opposite.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world