Meet IQA Certification, an Indian certification body that purports to be from the UK and (of course) does all it can to hide the actual people who run it.

As with most certificate mills, they offer certification to nearly every standard imaginable. These include ISO 9001 and 14001, of course, but also medical device manufacturing under ISO 13485 and even Halal food certification.

Among their list of offerings is ISO 27001, the information security management system standard, which raises the question as to just why its CEO was caught publicly begging for free copies of the ISO 27001 standard on LinkedIn:

You’d think that a CB was not only an expert on a given standard they were selling certifications for, but maybe had actually purchased the actual standard. You’d be wrong.

The email address in that post gives away the CEO. He is Achal Gupta, and the company is actually located in Uttar Pradesh India, not the “UK” as suggested by the company’s website.

Speaking of IQA’s website, before I wrote this I tried to access the site, and was greeted with this warning:

So a company purporting to be qualified to certify other companies in cybersecurity has not even updated its website to include SSL security.

Meanwhile, Achal Gupta’s LinkedIn profile also lists his only “interest” as the Indian company Global Certification Consultancy. That company, whose LinkedIn page includes two fake profiles, sells both consulting and certification services, openly acting as a certificate mill. That company also sells a $300 template kit that appears to be stolen from Global Manager Group, since their “demo” sample document didn’t even bother to take out GMG’s name. Unless they’re reselling the GMG stuff?

(GMG, you may recall, is a template kit outfit also out of India, but which is led by a Board member of International Accreditation Service, a fully recognized US-based accreditation body. They have refused to address the conflict of interest of having their own Board member selling template kits to CBs that they later audit and accredit. Some Indians just can’t stop ripping off other Indians.)

So, here’s a pro tip when selecting a certification body: if the CEO of the CB is caught trying to commit theft in public, maybe don’t hire them.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 14001 Implementation