Multiple ISO 9001 certification bodies worldwide have been found to have used a $720 “template kit” for their ISO 17021 accreditation systems sold by a company owned by a member of the Board of Directors for the accreditation body IAS. IAS itself accredited the bodies who used the kit, while at the same time the VP of IAS was granted the role of Chair of the International Accreditation Forum’s Task Force Against Fraudulent Behavior.
Global Manager Group operates out of Gujarat India and sells a number of ISO template kits for various standards, including ISO 9001, ISO 22000 and SA 8000. The kits average about $500 per the company’s online marketplace. In 2020, the company claimed to be celebrating its 25th year in business.
The GMG offerings include an ISO 17021 template kit designed to help companies fast-track their compliance for accreditation purposes. Typically, ISO certification bodies must obtain ISO 17021 accreditation in order to be internationally recognized, and to distinguish them from unaccredited “certificate mills.” CBs are then audited annually against ISO 17021 by their Accreditation Bodies, such as ANAB, UKAS or IAS.
An in-depth report submitted to Oxebridge as part of the international ISO Whistleblower Program found that CBs all over the globe had used GMG documentation in order to obtain their accreditation from multiple accreditation bodies. These include:
- African Certification & Testing, accredited by SANAS (South Africa)
- Alcumus ISOQAR, accredited by UKAS (UK)
- AQC Cert, accredited by IAS (India, United Arab Emirates)
- ASM Quality Certification, accredited by EIAC (United Arab Emirates)
- Automotive Manufacturers Equipment Compliance Agency (AMECA), accredited by A2LA
- B & R International Personnel Certification, accredited by IAS (Hong Kong)
- Certi-Trust, accredited by ILNAC (Luxembourg), UAF (USA), and COFRAC (France)
- Cosmocert, accredited by ESYD (Greece) – see update below*
- Demos Global Group, accredited by IAS (USA)
- Denan Sport Services, accredited by EIAC (United Arab Emirates)
- Global Business Bureau Certification, accredited by EIAC (United Arab Emirates)
- Global Sustainability Certification & Inspection Services, accredited by UAF (USA) and DAkkS (Germany)
- Intact System Certification, accredited by JAS-ANZ (India)
- International Compliance Group, accredited by EMA (USA, Mexico)
- ISONIKE Ltd., accredited by ESYD (Greece)
- IQS Ltd, accredited by EGAC (Egypt)
- JC Auditors, accredited by SANAS (South Africa)
- Libero Assurance, accredited by ESYD (Greece) and IAS (USA)
- LMS Registrar, accredited by EGAC (Egypt), EIAC (United Arab Emirates), IAS (India)
- Mirdif Security & Safety Consultants, accredited by EIAC (United Arab Emirates)
- OSS Mideast, accredited by IAS (USA), DAkkS (Germany) and EGAC (Egypt)
- Prime Group, accredited by EIAC (United Arab Emirates)
- QSI Certification, accredited by IAS (Bahrain)
- Safety Skill Training (SST) Worldwide, accredited by EIAC (United Arab Emirates)
- Staunchly Services, accredited by IAS (UK, India)
- SWISSCERT, accredited by EIAC (United Arab Emirates); also claims accreditation by NABCB (accreditation mill, India)
- W3Solutionz, accredited by IAS (USA)
The kits were found used by a number of unaccredited or self-accredited certificate mills, as well:
- Accreditation Management System (AMS) Certification, falsely claims accreditation by A2LA, BQS, and others (India)
- ARM Innovations, unaccredited certificate mill (India)
- Discovery Royal Sports, unaccredited certificate mill (United Arab Emirates)
- Euro Veritas / Euro Cert Registrars, claims accreditation by BAR-UK (accreditation mill, India)
- Hornbill Certification, claims accreditation by the official Malaysian standard body (Malaysia)
- Primary Trustworthy Digital Repository Authorisation Body (PTAB), claims accreditation by NABCB (accreditation mill, India)
- QCS Management System Certification, claims accreditation by IRQAO/ASCB (accreditation mill, United Arab Emirates)
- QRA Certification, claims accreditation by UKAF (accreditation mill, India)
- Quality Plus, claims accreditation by IRQAO/ASCB (accreditation mill, United Arab Emirates)
- WEBSCERT, claims accreditation by USAC (accreditation mill, US/India)
- Wood Certification, unaccredited certificate mill (India, Middle East)
The documentation used by the CBs is then nearly identical, often using the same document numbers provided in the original kit sold by GMG. Such documents include copy-and-paste versions of critical policies related to confidentiality, conflicts of interest and corporate quality policies.
The usage of a template kit on its own is not a violation of ISO 17021, although it is often viewed as a poor way to implement any standard. However, the GMG products may go beyond mere impropriety and result in violations of the very standards that GMG alleges to be an expert on.
IAS Board Member Implicated
According to official press releases, GMG was founded by Devang Jhaveri in 1996, who is still listed as the company’s Director. Mr. Jhevari also sits on the Board of Directors for IAS, a US-based accreditation body and IAF member. This suggests that the IAS has been accrediting multiple CBs who had previously purchased their system documentation from one of their own Directors.
An analysis of annual tax filings within the United States shows Mr. Jhevari being granted the role of Director in 2016, although his relationship with IAS dates back many years earlier.
IAS is already under multiple investigations by Oxebridge, and has been the recipient of multiple complaints alleging conflicts of interest and violations of accreditation rules. The bulk of complaints allege that IAS-accredited bodies ignore the rules put forth in ISO 17021, and offer simultaneous consulting or ignore mandatory audit days in order to provide below-cost certification services.
IAS has repeatedly claimed no wrongdoing in response to Oxebridge complaints, and has done so by taking extreme interpretations of the ISO 17021 rules. One such interpretation is that the ISO 17021 rules do not apply until after an ISO 9001 certificate has been issued. That position essentially negates the entirety of the ISO 17021 standard, which defines accreditation body requirements to be met in order to issue certificates.
IAS has grown rapidly by offering cheap accreditation audits, many of which are seen as dubious. IAS utilizes low-paid Indian auditors to verify compliance, and then charges lower accreditation fees than traditional ABs such as ANAB or UKAS. IAS primarily serves the Indian and Middle Eastern markets, but does so from a US physical address in Brea California. According to its tax filings, clients in East Asia account for the majority of its annual earnings.
Accreditation bodies such as IAS are held accountable to yet another standard, ISO 17011. That standard includes two clauses restricting them from engaging in consulting, however the two clauses appear to contradict each other due to poor wording. The first clause specifically prohibits an AB “and any part of the same legal entity” from providing consulting.
“Consulting” is defined in the standard as including “preparing or producing manuals or procedures” for a CB, which would include GMG’s template kits.
The next clause, however, goes on to define restrictions in the case where “the accreditation body is linked to a body offering consultancy.” The standard is not clear on what “linked to” means, and as a result appears to contradict the prior clause. In the second clause, consulting by a “linked” body is allowed, provided certain conditions are met, including different management. Because Mr. Jhevari is a member of management for both IAS and GMG, IAS would still be in violation of the clause regardless.
Oxebridge expects IAS to hinge its position on this “separate company” defense, without regard for the facts of Mr. Jhevari’s dual roles having been publicly touted by IAS.
GMG Ethics and Credibility Under Dispute
The scandal would not be the first for Global Manager Group.
Mr. Jhaveri also launched the Punyam Academy which offers ISO related training. Despite offering courses in accreditation and ISO 17021, that organization instead purchased a “certificate mill” accreditation from Royal Stancert BV, which itself claims accreditation by by the Global Euro Accreditation Centre. The GEAC is not an official IAF member accreditation body, making it an “accreditation mill,” and meaning the Punyam Academy certificate is not compliant with ISO 17021. Royal Stancert has been identified as having produced fraudulent certificates in the past.
News reports published on the GMG website reveal a nest of conflicts of interest. One story reported that GMG successfully completed a “technology transfer consultancy [at] International Laboratory Services for [its] calibration laboratory.” These services were reported to have included “establishment, development of the laboratory, training of staff, … documentation of system and all forms and calibration reports.” The same press release indicates the laboratory was then accredited by IAS.
A 2011 news report shows Mr. Jhaveri posing with Raj Nathan, the CEO of IAS, during an ISO 17025 certification ceremony for the Jiddah refinery of Saudi Aramco.
While these incidents apparently occurred prior to Mr. Jhaveri taking on the Board role at IAS, that position may have been a reward for the clients he submitted to IAS. Furthermore, there is no evidence that IAS has recused itself from overseeing or auditing the bodies that used Mr. Jhaveri’s procedures.
Unlike the rule which allows individual auditors to assess prior consulting clients if a 2-year gap has occurred, no such time allowance exists for ABs when performing consulting.
Tangled Web of Self-Dealing
The IAS is a signatory member of the International Accreditation Forum, which oversees the world’s ISO accreditation scheme as its topmost body. The IAF has repeatedly refused to take action against the IAS.
Instead, the IAF has rewarded IAS for its growth. Recently, the IAF granted the role of chair of its “Task Force on Fraudulent Behavior” to Mohan Sabaratnam, the VP of Global Accreditation & Quality for IAS, and the architect of the extreme interpretations. Mr. Sabaratnam has repeatedly refused to recuse himself from processing complaints even when he was personally named in them.
Mr. Sabaratnam’s co-convenor of the IAF Task Force is Nigel Croft, the architect of ISO 9001’s “risk-based thinking” who simultaneously heads up the ISO 9001 Brand Integrity Group. That group was established by ISO to look into problems affecting the trust of ISO 9001 certificates but has remained isolated from users. The Brand Integrity Group has instead focused on interfacing with CBs and ABs, while ignoring the corruption within the accreditation scheme. The group is comprised largely of private consultants and accreditation representatives who, themselves, are accused of using their positions for personal gain.
Because of the intersection between the IAF, IAS, the IAF’s Task Force on Fraudulent Behavior, and the ISO 9001 Brand Integrity Group, the scandal represents another black eye for the integrity of ISO 9001 certifications worldwide. As ISO 9001 usage declines, ISO and the IAF have remained dogged in their refusal to take action to improve CB and AB behavior. The IAF’s User Advisory Committee, led by Sheronda Jeffries, was not formed to take advice from ISO 9001 users as the name suggests, but instead to provide unified marketing spin as a means of “informing” users. Jeffries has repeatedly refused to engage with Oxebridge on common-sense initiatives to fix the ISO 9001 scheme. Jeffries is largely thought to be angling for a position as VP of the accreditation body ANAB, where she also acts as a Board member.
Formal Complaint Likely To Be Blocked by IAF Procedures
It is not clear how the IAF would respond to any complaints filed with it in this case, nor even who it would be filed with.
The IAF relies on six “Regional Accreditation Groups” to carry out oversight activities based on geographical regions. Increasingly, the IAF and its regional bodies have refused to take action even when reports of potential criminal acts by the bodies under their authority were reported. In the case of the GMG scandal, all six of the Regional Accreditation Groups are involved, so a complaint could not be filed with merely one of them.
Traditionally, IAF Secretary Elva Nilsen has used “IAF procedures” as a means of ignoring complaints. These procedures require a complainant to file a complaint first with the affected CB, then file an increasing number of appeals and escalations through the hierarchy: to the affected AB, then the IAF Regional Accreditation Group, and finally to the IAF. A single issue can require the filing of six or seven individual filings before it ever reaches the IAF itself, taking years. Despite having released dozens of complaints over a 15 year period, Oxebridge has never had one reach the IAF level.
In the case of the GMG scandal, the IAF would have to process the complaint without any prior filings, since multiple CBs, ABs and each of the IAF Regional Accreditation Groups would be involved. In order to follow IAF procedures, however, Oxebridge estimates it would require the filing of over 200 complaints and appeals, and would likely take a decade or more to reach the IAF, during which IAS could continue to operate normally.
Oxebridge argues the IAF structure is impossibly flawed since each level of the pyramid pays the body above it, without any independent or objective oversight.
UPDATE 11 November 2020: Oxebridge has performed additional research and added more than a dozen other affected CBs, the article has been updated to include these new listings. At the same time, the IAF has ignored two separate emails sent to it asking for official feedback on how to process a complaint related to the scandal.
UPDATE 12 January 2021: The certification body Cosmocert wrote to object to their inclusion in the list, denying they used the template kit. The claim by Oxebridge was based on a comparison of their Quality Policy, which was copied-and-pasted from the document “PY_01_Quality Policy” provided in the GMG template kit. A review of the Cosmocert website found that as of December 2020, the Quality Policy was still that derived from the kit, but shortly thereafter it was updated to a new, unique version. Cosmocert, however, falsely claimed that “our company has never used this template kit that you mentioning on your webpage.” Oxebridge thus believes that Cosmocert intentionally altered the Quality Policy document after December 2020 in order to make this claim, unaware that (a) Oxebridge had already screen-captured the document in October 2020, when the article was written, and (b) Google caches still show the original document in its template kit form.
Cosmocert did point out that it is not accredited by EGAC (from Egypt), and Oxebridge corrected the listing above to reflect its actual accreditation, being issued by EYSD of Greece.