The International Accreditation Forum (IAF) promised its new CertSearch database would provide a means of verifying accredited ISO certificates, but is already filled with incorrect and outdated data, despite having only launched a few months ago.
According to research done by the independent research firm ISO Benchmark, the IAF CertSearch website reports many certificates that are no longer valid, as well as the listings of Certification Bodies (CBs) who are no longer accredited. The data also lists certifications for standards that do not even exist.
For example, ISO Benchmark found that IAF CertSearch currently has entries for bodies certified by TCS International Certification Services of Turkey, and reports that TCS is accredited by JAS-ANZ. TCS, however, is not listed by JAS-ANZ as ever having been accredited.
CertSearch also lists entries for the certification bodies ITQA Co. (Korea), IQCS Certifications (India), InterConformity GmbH (Germany) and Innovative Quality Certifications and others, all of which were not accredited by JAS-ANZ as reproted by CertSearch.
In the case of IQCS, the JAS-ANZ website has an alert indicating that their accreditation was withdrawn in November 2019 due to a failure to close major nonconformities.
Similarly, CertSearch continues to list the Australian body CertMark as being accredited, while the JAS-ANZ website reports its certification was amended in October of 2019.
The CertSearch entry for the registrar AJA Registrars indicates the CB is accredited by the Dutch body Raad vor Accreditatie. The AJA website instead claims it is accredited by ANAB, but ANAB’s website shows AJA as having been suspended for ISO 50001, and then has no listing at all for AJA when searching under accredited bodies for ISO 9001.
CertSearch lists AUS-QUAL of Australia, but JAS-ANZ reports they only hold accreditation for product certifications.
This means the IAF CertSearch database information is lagging by at least 3-4 months. The primary function of the IAF website was that users across the world “can validate an organizations certification(s) confidently knowing, the certification is valid, the Certification Body is accredited and the Accreditation Body is a current IAF MLA Signatory member all in one process.” With so much of the site’s data being out-of-date and erroneous, only months after launch, the IAF’s goals appear to be out of reach.
The filtered search feature of the IAF site also allows users to search for certificates for standards which don’t even exist, such as “ISO 9001:2018” and “FSSC 2200:2018.”
The search options appear to be taken from data entered by the participating bodies, and so include whatever specific wording or typographical errors were entered by the body. As a result, to search for ISO 9001 bodies, one has to make eight separate searches using the specific terms “ISO 9001,” “ISO 9001 (QMS), “ISO 9001:2015 QMS”, “ISO 9001:2008”, “ISO 9001 + ISO 3834”, “ISO 9001:2008/2015,” “ISO 9001:2015,” and “ISO 9001:2018.”
The data problems come after the IAF accidentally launched the site with incomplete data in June of 2019, forcing the IAF to shut the site down completely after Oxebridge’s reporting. The site came back up a few months ago for an official “live” launch, but was found to have been housing incomplete or erroneous data from the start.
It appears the IAF is relying on Accreditation Bodies to update their own data, and then does not ensure this is actually done. Because many of the problems are related to CBs either currently or previously under accreditation by JAS-ANZ, this suggests that JAS-ANZ is not updating their data, and thus making the IAF CertSearch site wholly unreliable.
Oxebridge founder Christopher Paris pitched the idea of a global database in 2003 and 2004, to meetings before representatives of IAF, ISO, TC 176 and the IAAR. Attendees included former IAF President Randy Dougherty and programmer Jerry Norris, who dismissed the idea at the time, but then went on to create the IAF CertSearch program, taking credit for it afterward.
Oxebridge has called on the IAF to make participation in a database a mandatory requirement for accreditation, thus ensuring the completeness and accuracy of the database. Dougherty instead caved to the wishes of the bodies, and made participation “voluntary.” The IAF’s inability to enforce its participating bodies to update their data in real time is a likely extension of this “hands off” approach.
So long as false positives or false negatives are possible in search results, Oxebridge argues, the IAF’s goal of providing an accurate means of verifying certificate data cannot be achieved.
Accreditation bodies and certification bodies have resisted a mandatory database, claiming that competing bodies would use the data to “poach” clients. Oxebridge argues that such bodies should improve their services in order to retain clients, so they cannot be poached to begin with.
Oxebridge has also criticized Norris and the IAF for failing to use a blockchain backbone for its database, reducing the data’s security and validity.
[Disclosure: ISO Benchmark is an unpaid advertiser on the Oxebridge site. Oxebridge does not receive any compensation from the company.]