As reported the other day, UKAS issued a bizarre “technical bulletin” allowing its accredited registrars to offer unaccredited certificates, even though that arrangement is a violation of ISO 17021, the accreditation rules. Even stranger, an email sent by UKAS rep Jackie Burton just outright acknowledged its position was in violation, but pressed on anyway. See below (emphasis added):

We have as you may be aware also stated that based on our understanding of the IAF Resolution on unaccredited certificates, advised that no unaccredited certificates to ISO 45001 may be issued.  However, following detailed consideration of the views of various stakeholders and discussions at recent forums and events it has been agreed that UKAS accredited bodies may issue unaccredited certificates to ISO 45001.

I had written to UKAS on the matter, but Ms. Burton was out of the office for a week or so, so I jumped right over to the IAF and wrote to Elva Nilsen, the (lucratively compensated subcontracted) Secretary. Here’s the full email I received back:

Dear Mr. Paris:

IAF has initiated an investigation on the claim you have made. This has commenced with providing UKAS a request to respond to the claim. If we have any concern we will refer this complaint the the EA Regional Body for further investigation.

While ignoring an IAF resolution is a cause for concern the issuing of a certificate shortly after publication is not a concern in itself. ISO standards are available as FDIS (Final Draft international Standard for typically 6 to 12 months before publication.


Again, that’s the entire thing. There are two important things to note, other than the fact that IAF claims to have launched “an investigation,” as it calls it.

First, notice how there’s no signature. Just “regards” without so much as a punctuation mark. While I addressed the email to Nilsen — she’s the user on record of the IAF secretary email address — she didn’t sign it. This telegraphs “plausible deniability” later, should things go sideways. Since no one signed the email, there’s no accountability. This same tactic is used regularly by other organizations in the ISO scheme, where they send emails under a generic email address, without a signature line, so you have no idea who wrote it. That — in their minds, anyway — keeps them from taking personal responsibility for whatever is in the email.

Next, notice how IAF’s default position is one of defending UKAS by misquoting the problem. The IAF is supposed to be the final arbiter of the actions of its member Accreditation Bodies, but this reveals that it is really just in place to offer “cover” for when the AB’s engage in bad behavior. In the email, Nilsen — let’s just assume it was her writing this, after all — defaults to “while ignoring an IAF resolution is a cause for concern the issuing of a certificate shortly after publication is not a concern in itself.

In any other organization, the proper response would be “thank you for your concern, we will certainly look into this and investigate immediately.” That response is equally generic, without assigning any blame, and also without snarkily giving a big, fat middle finger to the complainant. But Nilsen’s reply sets up UKAS’ defense even before UKAS gets the complaint; she starts to write their response for them.

Also notice how Nilsen rewrites the original concern by saying the it’s fine to issue a certificate “shortly” after publication. The case at hand showed BSI issuing a “letter of conformity” only minutes after publication. The logic here is a bit of a stretch, given that IAF’s one job is to ensure the trust and validity of certifications, not the speed at which they can be printed.

And … seriously? Accredited CBs can just issue unaccredited “letters of conformity” now? What, exactly, is stopping Oxebridge then? I can type unaccredited letters, too. Until now, the only thing stopping me from issuing certs is because (a) I have a shred of moral decency and (b) I’m not evil. Maybe I need to rethink that.

Also, the problem is the issuance of unaccredited certificates by an accredited registrar, which Nilsen ignores entirely. As shown, UKAS’ Technical Bulletin, and the Burton email, overtly violate IAF’s own Resolution 2015-14. If the IAF intended to allow its members to violate the Resolution at will, then it should never have issued it. Unless, as I suspect, these IAF resolutions are just window dressing to help the various AB’s, like UKAS, gain access to their governments by giving the illusion of being objectively overseen by an international third party. And, of course, to ensure the IAF continues to exist in order to funnel 50% of its annual revenue to one, single human being: Elva Nilsen.

On that last note, you would think at least one MP or Congressman, in at least one country on the planet, might take note that the world’s entire accreditation scheme appears to have been set up solely to pay Ms. Nilsen.

So we can now await the IAF “investigation” which will be handed over to the EA accreditation folks, the same ones who ruled last time that it was totally fine for LRQA and UKAS to gave a valid ISO 9001 certificate to a company that had previously used the UKAS and LRQA logos on a forged, photoshopped ISO certificate in order to illegally gain access to a lucrative INA Oil contract.  The IAF probably should have reported the entire thing to law enforcement, but they did the opposite and rewarded the criminals, so we shouldn’t expect much of a different response from this latest UKAS problem, since it pales in comparison.

The problem, however, is that now that Nilsen is proven to be so inextricably linked to IAF’s finances, decision-making process and overall management, that any legal problems the IAF may encounter become hers, and nearly hers alone. That’s not a position I would want. As I once told the ANAB/IAF’s Randy Dougherty, when you’ve got your hands in everything, you need to worry when they start dusting for prints.



ISO 45001 Implementation