A whistleblower helper and I recently went through the database of complaints filed against ISO bodies and found quite a few that were grossly overdue for responses. Today, I sent out escalations and reminders to those involved, but it shows just how broken the IAF accreditation scheme is and how ISO bodies can ignore the rules while pumping out certificates all day long with no oversight.
Here are the issues I’ve reminded the parties of. They have obligations- in some cases, per EU law- to investigate. The dates are from when they were initially filed.
- April 2022: We filed a complaint detailing how EIK Consultancy and EIK Certificering shared the same management and were engaged in conflicts of interest. EIK responded back by just denying the matter outright as if their own websites and business filings didn’t exist. A year later, in March of 2023, after EIK did nothing, I escalated this to their accreditation body, RvA of The Netherlands. RvA said they would look into it, but then never provided any actual updates or proof they did. I’ve since found out that EIK shut down their consulting business, but the same people are now just working for other companies alongside their work at EIK Certificering. Today i reminded RvA they have to respond to this, and cannot let it drop, since EIK may simply be engaged in conflicts of interest but through their manager’s “other” companies. Also, RvA still needs to find out why they allowed EIK to do this in the first place.
- December 2022: We filed a complaint against John Senter and his CB, Husk Registrars, for colluding with his private consulting firm, SenterStone — also run by John Senter. Senter got snotty with me on LinkedIn, but that acted as proof of receipt of the complaint. He never formally replied at all, and the two companies continue to operate with Senter running both. This was escalated to their accreidattion body, IAS, in March of 2023. At that time, IAS promised to take action. They never did anything, and never followed up. So today they got a reminder, before this heads to the IAF regional body.
- May 2023: We filed a complaint against Control Union for issuing certificates for industries outside their listed scope of accreditation. This was a recurring problem with Control Union, whose Israel office seems to do this all the time. Control Union never replied nor acknowledged receipt. Now, in November of 2024, I’ve escalated this to RvA, who holds CU’s accreditation. Once again, though, RvA had previously helped cover up problems at Control Union, so I don’t expect they will suddenly start enforcing the rules now.
- October 2023: Complaint filed with the certification body URS that combined two whistleblower reports. The first was how URS had issued an unaccredited ISO 50001 certificate to a client in the Czech Republic despite that standard being part of URS’ accredited scope. (CBs cannot issue unaccredited certs listed on their scope of accreditation.) Then, URS issued multiple certificates in Russia, ignoring the IAF’s mandate not to do so. URS never responded to the complaint, so now — over a year later — I escalated it to their accreditation body, UKAS. URS immediately wrote and asked for details on the complaint, but I told them it’s too late. They don’t get to reply a year later and restart the clock just because they feel like it. We will see if UKAS does anything, but to date, UKAS has been unwilling to hold URS accountable.
Of 56 complaints filed on behalf of stakeholders since 2019, the IAF stepped in and took action on none of them.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world