UKAS has stated that it is “satisfied” with its use of Zoom web conferencing software, apparently ignoring the growing global outrage over the programs security breaches and controversies.
- Did UKAS conduct a risk assessment to determine that Zoom was a viable tool for remote auditing and exchange of potentially confidential industrial trade information, or did it merely select Zoom without any forethought at all?
- Will UKAS be revoking its use of Zoom, and issue a widespread statement clearing reversing this endorsement?
- If UKAS customers become legally liable for the leakage of data due to UKAS’ endorsement of Zoom, will UKAS reimburse such companies for losses and legal expenses?
In its response, UKAS Process Improvement and Feedback Manager Jackie Burton ignored the questions put to her, and instead doubled down:
We appreciate your concern about UKAS’ cyber security arrangements. I can reassure you that this is a subject that UKAS takes extremely seriously and keeps under constant review, taking advice from our retained security experts. UKAS utilises a number of platforms and applications in the course of its work and we are satisfied with the security of these products and the arrangements we have in place.
As Oxebridge wrote previously, the use of Zoom exposes UKAS clients and users to legal risks including security breaches, violations of export laws, and possible crimes. None of the platforms endorsed by UKAS, including Zoom, comply with ITAR or EAR regulations for US use, potentially exposing users to felony violations of US export law.
UKAS enjoys a unique status as the United Kingdom’s sole accreditation body, as enshrined by that country’s laws. Oxebridge argues this emboldens UKAS to act irresponsibly, since it is immune from nearly all oversight and penalties.
UKAS previously worked with the certification body LRQA to help cover up criminal contract fraud by Hoerbiger Hungary. That company used a forged “counterfeit” LRQA/UKAS ISO 9001 certificate to illegally gain access to bidding rights for a lucrative INA Oil contract. Rather than reporting the crime or suing for trademark infringement, LRQA and UKAS instead colluded to provide Hoerbiger a legitimate certificate, after the crime had been committed. No arrests were ever made. The decision was then upheld by the IAF regional body, EA.