As reported previously (here, here, here, and here, for starters), the IAF has been caught allowing its member Accreditation Bodies (ABs) to “rubber-stamp” accreditations. The practice involves an IAF member AB accrediting a single office of a certification body (CB), but then allowing them to list “locations” in countries all over the planet on the scope of accreditation. Whether those locations actually represent functioning offices with actual staff, or merely post office boxes, isn’t verified.

The end result? A cheap CB pays only for the AB audit of a single office but can claim to offer services all over the world, using offices — and auditors — who were never subjected to AB verification.

In prior decades, the IAF had rules in place to ensure that CB locations were only listed on the scope of accreditation when the AB had actually validated their activities and confirmed conformity with ISO 17021. Under its “Mandatory Document 12”, the IAF required that, at least, the AB would audit a sample of the foreign locations, and then have a documented plan on how it intended to audit all of the locations over a given period of time. That was already a little wobbly, as it allowed some locations to be listed on the scope before ever being audited by the AB; but at least they knew that, at some point, they were going to be audited.

Then a few things happened. Those rules, codified in IAF MD12, became diluted when some of the surrounding standards and documents were updated, but MD12 was not. For example, MD12 relied on references to a joint IAF/ILAC document called “A5.” That document was withdrawn in 2017, but MD12 was never updated.

Likewise, MD12 relies on terms found in the 2004 version of ISO 17011. That standard was updated in 2017, but — again — MD12 was not updated to suit.

As a result, MD12, along with another key IAF document, MD23, are technically obsolete since they reference obsolete documents in their text. But IAF is — intentionally, it appears — treating the MDs as “current,” going so far as to update MD12 just a few months ago, but leaving in the obsolete references.

To date, the IAF has promised me at least three times they were going to raise the issue formally, but have refused to actually do so. That in itself shows the IAF is refusing to obey its own procedures for processing formal complaints.

As a result, the ABs don’t really have a functioning set of rules against rubber-stamping now. Even if they wanted to, they literally can’t comply with MD12 or MD23, since they refer to things that no longer exist. So the ABs can do whatever they want.

Ironically, the accreditation body International Accreditation Service (IAS) has leaned heavily into the practice of rubber-stamping. One senior IAS executive, Mohan Sabaratnam, was on the IAF’s “Task Force on Fraudulent Behavior,”  which was supposed to help the IAF fight against fraudulent practices, but now seems to have been more inclined to help IAF members learn fraudulent behaviors. It would be funny if this didn’t mean that deadly products end up being released to market with IAF-branded “assurances” of quality.

IAF Won’t Take Action

The IAF has refused to take action on a formal complaint against IAS and Sabaratnam, after it was discovered that IAS is accrediting companies that buy a “template kit” sold by one of IAS’ own Board members. Devang Jhaveri is also the head of Global Manager Group, a company that sells documentation kits for certification bodies seeking accreditation to ISO 17021. The IAF acknowledged receipt of the complaint in 2021, and then promptly dropped it.

As a result, it really, really looks like IAS has become an “accreditation mill,” not only rubber-stamping accreditation for offices it never actually assessed, but also for customers of its own Board of Directors.

But IAS isn’t alone. We uncovered evidence of the practice being done by ABs all over the world, including the Standards Council of Canada (SCC), Akkreditierung Austria, Slovak National Accreditation Service (SNAS), Korean Accreditation Board (KAB), Emirates International Accreditation Centre (EIAC), and Raad voor Accreditatie (RvA) of the Netherlands. You can see it’s not limited to the Indian-run ABs, as some racisty types might expect, but represents ABs on nearly every continent.

The Fix

So how to fix this? The solution is simple, but the IAF and its members are not going to like it, because it means holding them to the same rules they they impose on everyone else.

MD12 must be updated immediately to require that any CB office listed on the scope of accreditation be assessed by the AB beforehand. No offices can be listed that have not undergone an ISO 17021-1 assessment by their AB.

This is, after all, how it works for ISO 9001 certified companies. You cannot list a location on your ISO 9001 certificate unless it has undergone an assessment by the CB. So why are the rules different for CBs themselves?

If a CB then wants to add a location, they can either do so at the next recurring AB audit, or request a “special audit” by the AB to add them to the scope. Again– exactly how it works for ISO 9001 certified companies.

As a benefit, this would put more money into the pockets of the ABs, the IAF, and its regional bodies. Right now, accrediting a single office, and then rubber-stamping any post office box the CB can think of, is robbing the scheme of money. But the IAF’s hold on its members is so fragile right now, it would rather lose money than face wholesale defection and, thus, complete ruin.

A simple application of the rules that currently apply to ISO-certified companies would even the playing field, boost AB revenue, and eliminate the practice of IAF-sanctioned rubber-stamping entirely.

Until then, the IAF and its members cannot be trusted, and the entire certification scheme is one giant, universal “certificate mill” scam. That has to be fixed.

Advertisements

Free ISO 9001 Template Kit