The failings of the IAF accreditation scheme, led largely by the accreditation bodies ANAB (USA), UKAS (UK) and SCC (Canada), are becoming more and more visible, prompted by reporting by not only this website, but others hoping to call government attention to the risks the scheme poses to human life. While Oxebridge has been largely fixated on ISO 9001 violations and aerospace scandals involving AS9100 certified firms, a handful of others have been working the medical device angle.

I’m plugged into that network now, so will be adding some Oxebridge energy to the push for reform in that arena, too.

In the USA, the medical device scheme is managed by the Food and Drug Administration (FDA), which then issues “warning letters” to companies found in violation. These can eventually lead to criminal charges, so are not to be taken lightly. After being alerted to the CR Bard scandal which we reported on earlier today, I took some time to look over the FDA’s warning letter database, and the findings are just about as horrifying as you’d imagine. They also mirror nearly exactly the situations uncovered by the US Department of Defense, when they did similar audits of aerospace firms and found rampant quality system problems among so-called certified firms.

Within only an hour I found additional warning letters issued to ISO 13485 certified companies:

  • Telemed (Lithuania) was cited for adulterated medical devices and QMS violations, but held ISO 13485 certification by DQS Germany, accredited by SCC.
  • Diasol (San Fernando CA) was cited for adulterated medical devices and QMS violations, but held ISO 13485 certification by the self-accredited mill American Global Standards, which offers medical device certifications without conducting an actual on-site audit.
  • DRG Instruments (Germany) was cited for adulterated medical devices and QMS violations, but held ISO 13485 certification by TUV Rheinland, accredited by DAkkS.
  • Collagen Matrix (Oakland NJ) was cited for adulterated medical devices and QMS violations, but held ISO 13485 certification by BSI, accredited by SCC.
  • Ropack (Canada) was cited for adulterated medical devices and QMS violations, but held ISO 9001 certification by SGS, accredited by ANAB.

A host of other companies (not those listed above) cited by FDA claim various ISO certifications on their websites, but don’t link to their registrar or cert, so still need verification.

It’s bad enough that the firms had their ISO 13485 medical device manufacturing certs in place at the time of the violations, some of which are pretty horrible and put real lives at risk, but it’s nothing less than stunning that all of them have retained their certifications even after the FDA filed the reports. These are companies that are at risk of criminal violations of law if they don’t satisfy the FDA, and yet their registrars are totally OK with them continuing to boast an ISO certificate announcing their “quality system complies with ISO 13485.”

Read that last part again: the registrars and their accreditation bodies are totally fine with saying you comply with ISO 13485 even if you break the law. In, in the case of CR Bard, even if you kill your customers.

The Bard one is likely the tip of the iceberg, and as I begin to dig deeper I expect to find more dead patients, killed at the hands of ISO certified companies. Whereas in the past I provided some random reporting to the FDA on this, now it takes on a new and more serious need.

And in all but the AGS case, these are accredited registrars operating under rules overseen and policed by Accreditation Bodies that are members of the IAF. Because the IAF is registered in Delaware — a US tax haven state —  and that makes this a US problem. That means the FDA can invoke its authority over the IAF. It will take some wrangling, but it’s far easier than if the IAF had registered itself in Switzerland or Upper Volta.

Which means, if I were the IAF, I’d be very, very worried right now.

Expect more reporting on this front.

    About Christopher Paris

    Christopher Paris is the founder and VP Operations of Oxebridge. He has over 25 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.