The IAF has trotted out a new tactic in its never-ending quest to abdicate its responsibilities in ensuring the validity and trust of worldwide ISO certifications. Now it is invoking a made-up policy that demands a complainant identify themselves or have the complaint thrown out entirely.
In a massive complaint filed by an anonymous whistleblower from India, it was alleged that a single entity operating under multiple company names is simultaneously engaged in a huge swath of violations of ISO 17021 accreditation rules, all while holding both official IAF-matrixed accreditations, as well as at least one entirely fictional one.
The complaint alleges that a network of companies operated under the names Otabu and Grone are actually all the same organization, run out of the same address in Uttam Negar, India. The companies involved are Otabu Certification Pvt. Ltd., Otabu Global Services Pvt. Ltd., Grone Services Pvt. Ltd., along with the consulting firms Daksh Quality Certification, and Shiv Shakti Services Consultancy Company.
The network of Otabu companies is extraordinarily complex, and seems to include both medical testing laboratories and ISO certification bodies, some of which do not appear to be real. One of the Otabu companies is accredited by the US accreditation body IAF, and another is accredited by the Egyptian body EGAC. Grone is accredited by the IAF member UAF.
Another Otabu company claims accreditation by the “Scotland Accreditation Forum,” a fake accreditation body which claims to be operating out of the UK, but is actually run through India. That role runs counter to UK law, which dictates that the UK can only have one accreditation body, UKAS. Therefore, the claims made by SAF are essentially illegal in the country.
But once again, reporting a possible crime doesn’t raise even a blink from the IAF.
The complaint further detailed allegations that at least one auditor of this network was auditing under multiple names, in an apparent attempt to perform multiple fake audits in a day without being noticed. The complaint then claimed another auditor had produced multiple audits reports in a single day. The complaint provided names of the auditors accused.
If You Can Dodge A Wrench, You Can Dodge a Ball
In its response, the IAF focused on obtaining the identity of the complainant, rather than concerning itself with the details of the complaint, first writing:
IAF does not usually answer questions without proper identification of the requester, please identify yourself in the future.
When the whistleblower indicated he would give his information, but requested that his identity not be revealed, the IAF flat out refused, ignoring the risks placed on the complainant.
No. IAF does not take action on information without a identified source and evidence. All parties are given the opportunity to respond to issues and know their source.
The Uttam Negar region of India was ranked one of the most dangerous regions of New Delhi, where rape, molestation and murder are rampant. The IAF cannot know if the complainant is hiding their identity out of fear of physical harm, where paying a bruiser to beat up an enemy is cheap and common. They should not take the risk of assuming Uttam Negar is as safe as, say, Ottawa.
But never mind that. The IAF official procedure on complaints — called IAF PR1, and available here — makes no such rule. In fact, neither ISO 17011 or ISO 17021 include a rule demanding a CB or AB must “know the source” of a complaint. The anonymous IAF rep made it up.
Note I said “anonymous IAF rep,” since the IAF made the claim in an unsigned email. IAF has scrubbed all references to any individuals from its website, and stopped signing emails personally years ago. Now all emails are merely sent through generic email addresses such as “iaf@iaf.nu” or “secretary@iaf.nu” and are replied without signature lines or names. So they demand you identify yourself, but then work hard to keep their identities secret. Ahem.
NABCB BS ASAP
The IAF then — for totally baffling reasons that smack of racism — then tossed the issue over to the Indian accreditation body NABCB. Now, the accreditation bodies involved in the complaint were (as I said) IAS, UAF and EGAC — but the anonymous IAF official probably saw “India” and so handed off to NABCB, clearly not understanding how the network of Accreditation Bodies works, and because “brown people” or something.
Whereas NABCB used to aggressively pursue complaints of fake certifications under its prior CEO Anil Jauhri, it’s new CEO, Rajesh Maheshwari, decided that being a dick is the way to move the company forward. NABCB first demanded that the whistleblower identify themselves, refusing to even comment on the complaint itself:
Please identify yourself and your organization with complete contact details while sending mails to NABCB. As a policy, NABCB shall not provide response to anonymous / fake mails.
He just outright accused the whistleblower of using a “fake” email address, something he has no way of knowing is true. Ironically, the Gmail address used was not fake, but admittedly didn’t have a name in the address itself. If that’s the metric that NABCB is using to determine what is or is not a “fake” email, then they may want to look at Maheshwari’s email address, which is “ceo.nabcb@qcin.org.”
Rajesh Maheshwari, CEO of NABCB (Source: LinkedIn)
So the whistleblower approached Oxebridge, out of desperation. I then raised the issue with both IAF and NABCB immediately, being sure to identify myself so they could stop this nonsense and get on with the complaint. They just found new reasons to avoid the problem.
The IAF fell silent (no surprise there), but NABCB’s Maheshwari was not having any of this. Instead, he continued to ignore the complaint, and instead made a host of new — and increasingly misleading — claims.
First, Maheshwari claimed that as a government entity, NABCB was subject to an official government memo prohibiting them from responding to anonymous complaints (emphasis by NABCB):
Further NABCB, a constituent Board of QCI, is the national accreditation body of India established by the Government of India under the Ministry of Commerce & Industry. I am also attaching here with an Office Memorandum issued by DoPT, Govt. of India for your information and reference stating that “no action is to be taken on anonymous complaints, irrespective of the nature of the allegations and that such complaints need to be simply filed.” Being an organization under Government of India, we are bound to comply with above and the order attached.
Sure enough, Maheshwari attached the official memo, but there was only one problem: he intentionally left out a word in order to alter the meaning of the memo. Here it is, with the actual sentence highlighted (by me):
Notice the difference. Where Maheshwari claimed the memo said “no action is to be taken,” that actual memo reads, “no action is required to be taken.” That changes the entire meaning of the sentence. So NABCB still has the right to process the complaint if it chooses. Maheshwari is just choosing not to.
Because, Procedures!!
Next, Maheshwari quotes a NABCB procedure which demands that complaints come from an identified source. Sure enough, the procedure BCB 203 does include this requirement:
The complaint must be made in writing to the CEO / Director with complete details of the complainant (name, address, organization etc.) and description of the complaint with supporting information / documents as relevant and necessary.
There are multiple problems with this statement, which the IAF has apparently seen fit to ignore since at least 2017, when the procedure was last updated. First, the procedure clearly applies to NABCB, and not to people in the general public who are not subject to it. A CB or AB procedure cannot impose rules on people who don’t work for the CB or AB. And in reporting potential crimes, an official body cannot refuse to investigate it because the report comes in anonymously. They run the risk of being accused of complicity later.
Next, the procedure does not align with ISO 17011, which demands the AB have a procedure for processing complaints and does not say the AB can specify rules on who gets to submit one or not, much less dependent on identity or qualifications of the complainant.
Next, that same standard — ISO 17011 — requires the AB adopt postures that foster “openness,” a key accreditation principle. Shutting down complaints for “procedures” flies in the face of that principle. For example, ABs couldn’t write a procedure that allowed them to kill people, and expect that to hold up in court. (But I wouldn’t put it past them to try.)
Next, the NABCB procedure violates the World Trade Organization regulations known as “TBT” (Technical Barriers to Trade) which demands “openness” as a key principle for both standards development and conformity assessment activities. You can read that here, if you’re really wonky about it.
So the IAF should have shut down this procedure years ago, but (as usual) didn’t, giving NABCB the improper belief that their procedure was adequate. It’s not, and would likely not hold up in court if challenged.
(I’ve already written to the office of the Ministry of Commerce & Industry to alert them of NABCB’s dangerous position.)
But Maheshwari, full of piss and vinegar, didn’t stop there. While making his main point about how he wouldn’t accept a complaint from an anonymous source, he then railed against getting one from an actual identified source: Oxebridge. For us, he demanded “credentials.”
NABCB would also like to know the credentials of your organization “Oxebridge Quality Resources International LLC”. Please let us know if you are recognized by the Government(s) / Regulator(s) or the international bodies like IAF, ISO etc., and do provide us necessary documentation in support of credentials of your organization.
To which it took all effort on my part not to write back and tell Maheshwari to go fuck himself. Instead, I will — as I said — take it up with his Ministry.
Now keep in mind, not even NACBC’s own bullshit procedure requires that the complainant provide “credentials” in order for the complaint to be processed, much less prove they are some government or ISO official. So he’s off the rails by a huge margin at this point.
This Is IAF’s Job, No One Else’s
Anyway, it’s all moot. The IAF should never have handed it over to NABCB. This is a matter for the IAF itself. I wrote to them enforcing this point:
Because this new complaint involves suspect accreditations issued by three IAF member ABs (IAS, UAF and EGAC), and may well involve NABCB, UKAS, JAS-ANZ and others, the complaint cannot be submitted to the ABs, and must be handled by the IAF which oversees all three of them. Otherwise, separate complaints have to be filed, creating a mass of redundancy. If your “procedures” don’t allow for this contingency, you can update your procedures. But a failure by a network of this many ABs falls on the IAF, not the individual ABs.
So while the NABCB had a valid reason to dodge the complaint — it’s literally not their problem — they instead chose to dig in and take a hostile posture, reducing them further into an international joke (a point I made to Maheshwari in my response.) So, whatever.
In the meantime, as usual, we can expect no action at all by the IAF. They will not investigate, and the problem will continue to worsen.
And there’s evidence this is already true. I went back and checked, and I had reported the problem with Grone and their usage of accreditation logos back in June of 2018. That complaint centered on the company E-startupindia, which was claiming certification by Grone while offering “pre-paid” ISO 9001 auditing packages, that ignored mandatory IAF audit day rules. I wrote at that time:
The timidity of IAF and the accreditation bodies to utilize legal action against infringers only emboldens them. I urge you to take appropriate action. India does have courts, after all.
For some reason, Steve Keeling of JAS-ANZ (Australia) chimed in and said he’d investigate. He never did, making the pile of issues Keeling has tossed under his desk even bigger. Another example of how the IAF parties are utterly rudderless, and have no idea who is supposed to oversee what. Now here we are in 2020, and the problem has only worsened, just as I predicted.
For the umpteenth time, this is all frustrating, but useful evidence. The file against the IAF grows larger by the week, proving over and over that it has wholly abdicated its responsibilities in ensuring the trust of accredited certifications. This will go far in helping future enforcement actions against them.
If I were Elva Nilsen, I’d be following Randy Dougherty’s lead, and retiring… fast.
In the meantime, Oxebridge has hired its own private detective in the Uttam Negar region to investigate the complaint. We will find out who, exactly, is operating out of that single office, and just how many shell companies they have.
Related Stories:
- IAF Regional Body Refuses to Process Bribery Complaint AGainst Austrian CB and AB
- IAF Clears International Accreditation Service, Potentially Legitimizing Illegal Bait-and-Switch
- IAF Ruling Allows CB to Threaten Clients Who Hire Consultants They Don’t Like
- IAF Claims Any Competing Body’s Accreditations Are “Fake”
- IAF Silently Dropped Complaint Filed Against BSI and UKAS
- IAF Scrapped User Data From Survey, Called It “Inappropriate”
- Japan Accreditation Board, IAF Refuse to Explain Japanese Data Falsification Scandals
- IAF Remains Unscathed in Kobe Steel Certification Scandal
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
