Back in 2019, we filed a formal complaint against SIS Certifications in India after we uncovered evidence showing them performing ISO 9001 and other certification audits for clients who used their own people as consultants. Worse, we found evidence that their contracts included both certification and consulting, a violation of ISO 17021-1.

SIS largely ignored the complaint, dropping the matter entirely within just a few weeks, and telling us to leave them alone already. So the issue was escalated to their accreditation body, IAS. Unfortunately, IAS dropped it, too, and we never heard back.

Now, four years later, I found the old case and decided to write to IAS for an explanation. IAS representative Patrick McCullen claimed the matter pre-dated his position, so he had to investigate. A day later he wrote back and said the matter had been closed a while ago, “to the satisfaction of both IAS and APAC at that time.

As usual, IAS doesn’t quite understand how the complaint rules work. The complaint is not supposed to be closed to the satisfaction of the bodies themselves, but instead to the satisfaction of the complainant. And I wasn’t satisfied.

Ten Minutes Later

To be clear, in the Indian market, SIS is a well-known certificate mill, regardless of whether they hold IAS accreditation or not. Previously, they only held fake accreditation from a known accreditation mill called IOAS, and could not get accredited by any legitimate IAF member. Finally, IAS came on the scene and started issuing accreditations to anyone who could pay, and SIS — like so many other certificate mills from that region — found their “partner.”

But after McCullen’s reply, I took ten minutes to jump to Facebook and find a ton of new violations that we are supposed to believe IAS somehow — magically! — never uncovered.

Immediately I found the Facebook page for SIS Certifications in Peru. That page then showed a number of photos of an auditor from another company, Future Builders, out of Colombia. Based on the posts by SIS Certifications Peru and Future Builders, the latter is acting as the official set of auditors for SIS in Peru. And they issue certificates under the IAS accreditation logo.

Like this one:

And this one:

Why have I pixelated the auditor’s face? Because when I pointed out that he looks stunningly like Ray Battlesbee — right down to the green jacket with brown leather elbows — he threatened to “contact the authorities.” So I am protecting his delicate ego, while also protecting my readers from having to look at him.

But let’s keep following the accreditation trail. The official SIS website reports that SIS holds two accreditations: one from IAS, and one for the international scam mill, IOAS.

Meanwhile, the scope of accreditation issued to SIS by IAS only includes offices in India and six other countries, none of which are Peru or Colombia:


So were the certificates issued in South America done so under the other accreditation body, IOAS? No… look again at the photos above; the yellow circles show the IAS logo, not the IAOS logo:

This means Future Builders was issuing certificates in Colombia under the SIS Certifications Peru flag, invoking SIS’ accreditation by IAS.

Going further, I found that SIS Certifications in Peru has an entire website — sisperucertification.org — dedicated to its services, and it includes the IAF and IAS logos. (I’m not linking to it, because it’s throwing a security error.)

In checking records, I found that SIS was accredited by IAS for its Peru office, but that the Peru operation was stripped from the accreditation sometime in September of 2022. Future Builders (or any Colombian office) was never included in the scope, at all.

So were the photos old, and covered under the older IAS accreditation? Again, no. The Facebook post related to the first photo above said this was a recertification. Sure enough, if you look behind the two men, you can see the prior certifications issued by SIS/Future Builders (for ISO 9001, ISO 14001, and ISO 45001), meaning this scope violation has been in place for at least four years... the length of time it takes to reach a company’s recertification audit. (Recertification can only occur after one initial certification and two surveillance years have passed.)

In that time, IAS would have conducted a number of accreditation audits on SIS, but never seemed to uncover this “secret” that they publish right on their social media pages.

Click to enlarge

More Countries Involved

And this isn’t limited to Peru and Colombia. SIS operates in so many countries, the list on their website is massive. The image at right shows a reduced screenshot of the official SIS webpage’s list of operating countries, and it claims to offer certification in dozens of countries, including Spain, Myambar, Tunisia, USA, Denmark, and China … none of which are listed on the IAS scope of accreditation.

And, keep in mind, SIS claims accreditation for all of them. The website makes no explanation at all that its accreditation is limited to the six countries indicated on the IAS scope. (The fake accreditation from IOAS only includes India, so even that doesn’t cover their claims.)

Again, we are supposed to believe that IAS never bothered to look at SIS’ website when it granted them accreditation. Meanwhile, ISO 17011 — the standard IAS is supposed to adhere to — demands that IAS has a “legally enforceable agreement” to ensure that SIS “claim[s] accreditation only with respect to the scope for which it has been granted.”  If not, ISO 17011 requires IAS, “take suitable action to deal with incorrect or unauthorized claims of accreditation status, or misleading or unauthorized use of accreditation symbols and the accreditation body logo.

So it appears that once again, IAS has somehow missed entire sections of ISO 17011 while mass-printing carefully issuing its accreditation certificates.

The SIS problems don’t stop with inconsistencies between their actual operations and the IAS scope of accreditation. In addition, there’s the little problem of how the main SIS website claims it can turn around certificates in “less than an hour,” which would be impossible if they followed ISO 17021 rules requiring that audit reports be properly reviewed by a review committee before a formal certification decision is made, much less an actual cert printed.

Or the fact that the SIS website clearly states it auditors will help clients “maintain ISO compliance” in addition to certifying them, a clear nod at consulting.

Bienvenidos a Colombia, Idiotas

In reporting the SIS Peru scandal, I wrote to both SIS Peru and Future Builders, filing a formal complaint. I demanded they explain how they are issuing certificates under the IAS logo if their scope of accreditation with IAS doesn’t include Peru or Colombia. Things — as always — quickly went sideways.

Now, I copied IAS and ONAC on that email, along with the usual overseers of IAF, APAC, and IAAC. (If you’re losing the plot due to abbreviations, don’t sweat it.) That’s a generally good practice to observe, to keep the accreditation bodies in the loop, and to let the CB know you’re serious.

Colombia is no saint. The accreditation body there, ONAC, is already the subject of a three-year investigation by Oxebridge that alleges some pretty serious violations and a direct risk to public health. The Colombian government, however, doesn’t much give a shit, making the investigation much harder than it should be. Worse, it doesn’t seem to matter how much evidence we gather, the government is not going to touch ONAC, and they know that. If you want to get anything done in a Latin American bureaucracy, tienes que “romper la mano.”

Predictably, ONAC immediately replied with a complete misunderstanding of how complaints work within the ISO certification scheme. They acknowledged receipt, assigned it a file number (in the typical style of Colombian bureaucracy), and then demanded I provide evidence “within three business days” or they will consider the matter dropped.

I wrote them and explained that, no, I’m not going to do that because that is not how complaints work. I cited ISO 17021, ISO 17011, and IAF rules back at them, reminding them that the complaint has to be handled first by the CB — in this case, SIS/Future Builders — before any AB can get involved.

Did ONAC simply fire off their shot too early? Unlikely, because I know how shady ONAC is. I suspect, instead, that ONAC was attempting to shut the complaint down before it’s even been answered by SIS, by invoking some “rule” about having to hand them evidence “within three business days,” That rule doesn’t exist anywhere in any ISO or IAF publication, and they just made it up.

Or, it was a trap. If I had responded to their “three-day threat,” I would have filed the complaint with ONAC, and they would have thrown it out immediately on the grounds that I hadn’t filed it with the CB first. But I’m not stupid.

Instead, I told ONAC that I am keeping them informed as a courtesy, and in the hope that they may want to uphold the trust of the ISO certification scheme, and the dignity of their own reputation, and consider an investigation on their side. But we still need to give SIS/Future Builders time to answer.

ONAC then shut up, as they should.

Future Builders Responds

When it became clear that Future Builders / SIS Peru was ignoring the complaint, I messaged their managing director directly on LinkedIn. He responded back and revealed a few interesting points.

First, he denied all responsibility and said the blame rests with SIS in India, and told me I needed to take it up with them.

Then, he provided the expired IAS accreditation certificate which showed Peru was listed on the scope.

I pointed reminded him that the certificate was expired, and showed him how his photos proved SIS/Future Builders was still issuing certs with the IAS logo long after Peru was removed from the scope. I also told him that Future Builders was never on the scope at all. So he turned the tables to ask me how accreditation works. He seemed to think that he can issue certs with the IAS logo, since ONAC and IAS are both IAF members, so the logos are interchangeable. Or something… it wasn’t clear where he was going.

So I dropped the conversation with him, since it was going nowhere.

Then, I got an email from someone else at Future Builders, but with the same tone. They ignored the IAS logo problem entirely, and just reiterated how they are ONAC accredited, and threw ONAC under the bus.

Then they did the exact thing that every CB does, they tried to put me off the trail by blaming someone else:

Si usted elige hacer un mejor trabajo en el mercado, le recomendamos que usted se focalice en las actividades que están bajo la planeación de organismos de certificación que han sido suspendidos por IAS principalmente en India. Para su información, estos organismos están planeando mudarse a otros AB y realizar las mismas actividades.

[If you wish to do some good job in the market, we would recommend you to focus on the activities that are being now planned by the certification bodies who have been suspended by IAS majorly in india. For your information, they are now planning to move to other AB and carry out the same activities.]

I wrote them back and said, no, I can focus on problems in the ISO scheme within Colombia and India at the same time.

Back to India

So now the matter goes back to India. I sent a formal complaint to SIS India about the matter to an address that I had used previously for its Managing Director, Arunendra Dvivedi. Surprise: it bounced as Dvivedi apparently has me blocked because of the 2019 complaint. Another ISO 17021 violation.

What assholes.

So I re-sent the complaint to the general address listed on the SIS website. Then I noticed that Future Builders had done a very dumb thing: in their email to me, they copied one Prabhat Mishra from SIS. So I found him on LinkedIn and sent him the complaint through direct message. This time, I got a formal acknowledgment, via email. So the process begins again.

We all know how this ends. SIS will do nothing, and provide no proof while citing “confidentiality.” I will then escalate the matter to IAS, who will do the usual thing of making excuses and stalling. Then it will go to APAC where Graeme Drake will help protect his BFF Mohan Sabaratnam at IAS, by either ignoring it entirely or dragging out email exchanges for a year or more in order to allow SIS to keep operating.

Thanks to the partnership between IAS and APAC, the flood of fake certificates coming from fully-accredited ISO CBs is in full swing, and the entire scheme is pointless now.

And, of course, Elva Nilsen at the IAF will continue to get copied on everything and do what she does best: delete the emails without reading them. Because she’s just in this for the $500,000 per year paycheck.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.

Advertisements

ISO 45001 Implementation