Meet GQA UK, a certificate mill operating out of Gainsborough, United Kingdom. They have all the usual trademarks of a standard ISO certificate mill — they perform consulting alongside certification, hold no legitimate IAF-matrixed accreditation, and hide the names of their employees and management — so there’s not much new there.

Where GQA goes further, however, is to offer a bizarre “subscription” to their fake certificates via software it claims is built on an artificial intelligence (AI) engine.

From their website:

As part of a world first we are looking to integrate ISO aligned Quality and Environmental Management Systems with GQA ISO Flow and Go. This is based on our AI/EI engine, boldly evolving a best of breed approach to continuing improvement.

This would be perfect for companies with lapsed ISO certificates, early stage or mature management systems. We get you back on track and, utilising our machine learning, together we can combine online audit and certification with continuing improvement.

The real innovators, The UKs aspiring SME’s, have loved our remote process from day one. They essentially get a 7-day cost-effective way to ISO re-certification. They like the suggested improvements that they can deliver at their own pace, but still have that peace of mind badge and credible reports to give to suppliers and stakeholders.

The issue came to light when someone named “Harry” — no last name or verifiable credentials — posted spam on the LinkedIn ISO 9001 Group announcing the program. That resulted in some folks, myself included, calling out “Harry” for promoting a scam. He wasn’t budging, though, and dug in using an even-more-bizarre defense strategy of just denying what appeared in his own post and on GQA’s own website. In trying to muddy the waters and confuse people into buying his £500 / month service, Harry insisted that GQA wasn’t actually selling certificates:

Except that is exactly what he was selling. His post linked to the GQA website, which makes this very, very clear:

I dug into UK business registry listings and found the company was set up by two individuals: Neil Gentleman-Hobbs (a web marketing guy) and Scott Naisbett.

Naisbett runs another company called ISO Systems UK, a consultancy that then lists itself as an “Approved Consultant” for — you guessed it —GQA UK. So he’s certifying his own work.

“Harry” — clearly a fake name being used by one of the two men — admitted he was posting “on behalf of Neil and Scott”, and then rushed to defend them. We’re not supposed to realize that “Harry” is very likely a sockpuppet account being used by one (or both) of the two:

The rest of “Harry’s” posts were more of the same, throwing in lots of technobabble and official name-drops to hide the fact that they are essentially selling fraud-as-a-service (“FAAS?”), and asking folks to subscribe to a something where auditors certify their own work without any accreditation or adherence to ISO 17021.

Going even further into madness, “Harry” straightfaced claimed they intend to “licence the tech via ISO” (which makes no sense) and are pursuing BSI and LRQA as partners. Right, sure you are.

Then “Harry” just tossed me a bribe, in front of everyone:

I warned him that if he starts to issue AS9100 or ISO 13485 certs, I’d pursue legal action since his “certificates” could be handed out to companies that literally kill people.

As with all certificate mills, the common thread is narcissistic delusion. My guess is that this is a feature, not a bug, and used to cover over the fact that their business model could never stand up to third-party scrutiny, which accreditation definitely is. So while they are terrified of having UKAS or ANAB look over their work, they compensate by cosplaying as business experts with big deals “6 months to a year” away, to make themselves sound important and legitimate.

The other thing about “AI” is that no one can really verify if you’re using it or not. So maybe GQA UK’s tech has some AI built into it, but maybe it doesn’t. The website doesn’t explain just how AI is doing anything in their product, and simply uses the term as a marketing buzzword. My spidey-sense is telling me that there’s no AI at all, and it’s more snake oil.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 14001 Implementation