The official worldwide registry for AS9100 certifications, called OASIS, is down. A message on the official IAQG OASIS website claims the system is undergoing “unplanned maintenance.”
A source reports that the system has been down for at least 48 hours so far.
Without OASIS, the entire AS9100 reporting structure freezes, as auditors cannot upload reports and clients cannot respond to audit nonconformities. The system had a similar outage a few years prior.
The OASIS problems highlight the weaknesses of relying on a single web-based portal to manage all activities related to an international certification scheme. Despite the prior outages, the IAQG and its publishing company owner SAE International have not laid out any public-facing plan on how it intends to prevent such outages, nor to ensure system continuity when an outage occurs.
Oxebridge has criticized the OASIS system for being fundamentally weak in relation to securing the highly confidential data the system holds. This data includes significant production and other nonconformities and weaknesses for every single AS9100, AS9110 or AS9120 certified company on the planet. SAE has not moved to update the system to more modern, secure technologies such as blockchain, and Oxebridge argues the IAQG site could be vulnerable to SQL injections or other covert access by bad actors seeking to exploit the data.
The OASIS data also includes outright defamation against certified companies, with inflammatory entries entered by disgruntled AS9100 certification body auditors. IAQG has done nothing to correct this practice, exposing it to libel lawsuits. In one entry, an auditor falsely accused an AS9100 certified company of “fraud,” without providing any evidence.
The system has also been rife with examples of certification bodies intentionally falsifying audit records in OASIS, or “disappearing” reports which could prove damning to the CBs. In one case, an auditor refused to perform an audit due to weather, but then entered a report from an entirely different client into OASIS to hide the abuse. IAQG has not implemented any methods to ensure audit reports accurately reflect activities that were actually performed.
Neither the IAQG nor the International Accreditation Forum has released any plan that allows companies to extend their certifications or related reporting deadline in the event of an OASIS failure. This means that during any such outage, each certified company’s “clock” continues to advance, putting a company at risk of de-certification for failing to respond to audit findings in time. No consideration is given to extending these dates when the fault lies with SAE or IAQG itself.
With the release of AS9100 Rev. D in 2016, IAQG doubled-down on demanding audit bodies input all their data into OASIS, a move that allows SAE and IAQG to have centralized access to the information. Oxebridge has written that this is likely a precursor to the day when IAQG will divorce from the ISO scheme, and become either its own certification body or accreditation body, taking the data with it.
SAE has not indicated when the current “unplanned maintenance” may be completed.