The International Accreditation Forum (IAF) has cleared the UK Accreditation Service (UKAS) of all the allegations made against it by Oxebridge in a high-profile complaint filed in January. The Oxebridge complaint specifically alleged UKAS was in breach of its obligations under ISO 17011, as well as UK law, by failing to enforce accreditation rules on two of UKAS’ certification bodies, LRQA and BSI.

The complaint resulted after UKAS ruled in favor of the two CBs in two separate complaints. The first complaint alleged that BSI was in violation of ISO 17021 prohibitions by certifying BSI clients who purchase its Entropy® software and associated manuals. ISO 17021 prohibits CBs from certifying any company where it provided documents or specific solutions related to the QMS.

The second complaint was filed after Lloyds Register QA issued an accredited ISO 9001 certificate to a company that had been discovered to have submitted a fraudulent, counterfeit ISO 9001 certificate in order to illegally gain access to a lucrative oil contract. Rather than report the company or sue for trademark violation, LRQA instead awarded the company a valid certificate, enabling them to gain access to the contract. The resulting certificate was dated the same day as the audit was alleged to have occurred, a technical impossibility.

After UKAS failed to cite either BSI or LRQA for violations, Oxebridge filed a complaint against UKAS with the IAF, which oversees accreditation bodies. The IAF delegated the investigation to the European Accreditation Co-operation (EA).

UKAS is subject to ISO 17011, requiring it to enforce accreditation rules on its certification bodies. The role is further enforced under EU regulation EC Nr. 765/2008.

EA did not provide any details of its investigation, instead using all but a few sentences of its 7-page final report to  summarize the events that led to the complaint, and repeat UKAS’s previous assertions of innocence. In fact the EA appears to have relied on the explanations provided previously by UKAS, without seeking any additional evidence of its own.

 

The full EA response can be downloaded here.

The final ruling read:

The investigations and actions taken by UKAS indicate that the complaints raised by OQRI have been appropriately addressed. There is also no evidence that UKAS has violated Regulation (EC) No 765/2008, ISO/IEC 17011, ISO/IEC 17021 and/or EA’s and IAF’ requirements. The complaints raised against UKAS have been found as not substantiated.

EA did not provide any other details, nor did it explain how UKAS could have allowed LRQA to ignore an international criminal act by its client, nor how BSI’s Entropy® software could be ignored as a threat to impartiality and a form of consulting. In both cases. EA merely allowed UKAS’ own rulings to stand. Some of Oxebridge’s allegations were ignored in their entirety by EA, and not addressed in the ruling.

Throughout the process, all the parties failed to address evidence provided by Oxebridge, such as BSI Entropy® documents, the counterfeit ISO 9001 certificate, and the email server ban placed on Oxebridge by LRQA.

The final report was signed by Andreas Steinhorst, former Managing Director of the Deutsche Akkreditierungsstelle GmbH (DAkkS), the German national accreditation body. It is assumed that Dr. Steinhorst conducted the investigation.

Oxebridge VP Operations Christopher Paris, who filed the complaint, issued the following statement:

The EA/IAF investigation was improperly conducted, and did not obtain any objective evidence on its own, and simply parroted the explanations issued by UKAS. As a result it cannot be viewed by any reasonable person as a thorough, proper investigation. The ruling, while not unexpected, now gives clear evidence that the IAF is complicit in the ugly, and potentially illegal, practices being carried out by ISO 9001 certification bodies and their accreditation body overseers.

Previously, the IAF ruled that CB auditors may have their clients fill out audit reports for them, despite accreditation rules and governing contracts requiring the CBs to complete their own reports. Oxebridge had provided evidence that this practice, common under the AS9100 scheme, allows clients to provide false audit report information, and obtain certification by merely having CB auditors sign off on the forged information.

The case now moves to European courts for a possible criminal investigation and antitrust action.