ISO has released its 31st annual “ISO Survey,” providing data on total certificates worldwide for ISO 9001, ISO 14001, and other standards. The latest report includes data as of 2021. With this report, ISO is claiming a reporting 18% growth in ISO 9001 certifications, but the data is highly flawed.
The short takeaway: two main factors led to increased numbers of ISO 9001 certificates, neither of which have to do with any actual growth of certifications. First, a huge influx of fake certificates flooding the market from China; second, “improved” reporting from UKAS due to its new CertCheck database, allegedly allowing UKAS to report improved data from more of its certification bodies (CBs).
Repeat: neither of those is an indication of the improved popularity of ISO 9001, but the usual suspects are gearing up to claim this anyway.
The ISO Survey was originally launched in 1990 as The Mobil Survey, published by Mobil Oil Co. ISO took over the reporting in 1996, and has published it ever since. Originally the surveys were labeled as “cycles,” a naming convention that ISO dropped, but which Oxebridge maintains for historical purposes. The 2021 data represents the 31st Cycle by that naming system, therefore.
Every year since 2002, Oxebridge has released a corresponding “ISO Survey Analysis” report which tries to look past ISO’s generic (and often misleading) press release blurbs, to see the real trends behind the data. While ISO has changed its reporting methods over the years — in 2018, for example, ISO stopped reporting prior years’ data entirely — Oxebridge has been carefully collecting the data since 1993, and then merges the data so that it remains consistent. That allows us to have more accurate trend reporting over the full period from 1993 to the present.
Two Data Tracks
There were two sources of the “surge” of new certificates: China — which I’ll talk about below — and UKAS. ISO is claiming that improved reporting by UKAS, largely due to its new CertCheck database, has inflated the data. The thinking is — and I’m not sure I buy it — that UKAS had this army of CBs in its stable that were refusing to report annual data… for decades. Only now that the UKAS CertCheck database is mandatory for their CBs do they have accurate data. Hmmm.
Unfortunately, the UKAS problem breaks the ISO Survey data even more than it was before. I’ve been collecting this data since 1993 and I’ve seen how ISO changes its reporting methods over time. Because I have all the historical data going back to the Mobil Survey, I have usually been able to manually “force-fit” ISO’s latest data into the older reporting methods, providing seamless trend charts over the decades.
A few years ago, ISO began fiddling between reporting “sites” vs. “certificates,” which complicated matters, but it was still workable. We just ignore “sites” which is a red herring.
The 2021 data, however, makes it much harder to reconcile in a way that provides seamless, decade-to-decade data. In fact, all charts from this point onward will show a sudden increase in 2021 that many will misinterpret as being a sudden growth in the popularity of ISO 9001. In reality, the “surge” was artificially created.
ISO was under a lot of pressure not to get too overcaffeinated in its announcements this year, and was forced to temper its usual breathless exhortations of ISO 9001’s “growth.” Instead, the accompanying editorial cover page for this year’s report is an uncharacteristically neutral affair, being sure not to make any patently false statements, and including a LOT of disclaimers about the accuracy of the data. (That likely won’t stop ISO fanboys and staffers, however.)
But I was able to get data on certificates issued by “consistent CBs” who had reliably reported over the past few years. By isolating the data from the “consistent CBs” vs the “inconsistent CBs“, I was able to create two data tracks: one that tracks closer to prior years’ data, and a new track that shows the sudden “spike” attributed to improved reporting by UKAS and others.
Is it a mess? Yes. But it’s the best we can do for now.
On a global scale, the data track which includes “inconsistent CBs” — those that (allegedly) never participated in the ISO Survey before — shows a whopping 17.95%. Remember, this was at the peak of the COVID-19 pandemic, so it defies all logic.
The chart below shows the two tracks: the blue line what the data should look like, if we relied on consistent CBs who reported reliably year-over-year. The red line at the end shows the spike from the alleged “improved” reporting.
However, we have to be honest: if the data was corrupted for decades because UKAS and the other ABs couldn’t get their CB clients in line, then maybe this new total is more reflective of reality. That’s what ISO and its toadies are sticking to, anyway, and they may have a point. The problem is that it means the entire history of data should be adjusted upward, too. It likely has little to no effect on the trend curves, though. ISO may have stopped reporting the historical data, but Oxebridge’s analysis does., and it makes these spikes and dips a little less critical.
Now let’s see what the year-over-year growth looks like. In this case, I added a graphic explanation for the 2021 data, showing where it would be (in yellow) if we only used the “consistent CB” data.
Either way, we still see a fairly heavy uptick from the prior year. So where did that come from?
Yes, of course… China.
For the latest report, China claims to have added 102,095 new certificates in 2021, for a total of 426,716.
If the world total sits at 1,081,345, then China accounts for 40% of the entire planet’s ISO 9001 certificates. Or, if you examine their 2021 growth of 102,095 certificates, China added nearly one-quarter of their 29-year history total number of certificates in just one year.
That’s absurd on its face.
Everyone knows the numbers coming out of China are fake, and that the official national AB of that country, CNAS, is part of the problem. CNAS reports directly to the Chinese government and the Chinese Communist Party (CCP), and is a crucial actor in the party’s “Made in China 2025” ten-year plan. Then, in 2018, China went further and announced its “China Standards 2035” plan, which aims to supplant ISO entirely.
The goal of the Made in China 2025 plan is to improve China’s overall manufacturing quality and to break into high-tech industries, such as semiconductors, where quality certifications are the norm. Because China cannot fast-track actual quality assurance improvements, the country instead relies on a far easier method to claim excellence: it makes shit up.
In fact, if we look at the overall data for China, we see things start getting wobbly in 2015… the same exact year the CCP mandated the Made in China 2025 plan.
If ISO were honest, it would trend China separately, and remove it from the international data entirely. But ISO will never, ever do anything to upset China. In fact, ISO’s decisions to align with Russia on its invasion of Ukraine are driven mainly by the fact that China has sided with Russia on the matter. If ISO were to toss Russia out of committees, it risks upsetting China.
(ISO once again corrected its listing of nations to be palatable to the Chinese home office, renaming “Taipei” as “Taiwan, Province of China.”)
Meanwhile, the IAF has not even attempted to enforce ISO 17011 on CNAS or China, allowing it to print ISO certificates as fast as they can refill the inkjet cartridges. China has faced zero repercussions for falsifying its data, so why would it stop?
This next chart shows a comparison of what things might look like if we separate China’s numbers from the rest. The upper (red) line represents the current ISO Survey totals, including those of China. The lower (blue) line shows what the numbers would be if China was excluded from the totals:
That huge, padded space in the middle represents the effect of China’s fake certificates on the world, as well as provides damning evidence of just why ISO is terrified to do anything against their largest customer.
It is an unhappy reality that ISO has allowed itself to become an arm of the CCP’s propaganda machine, just to sell standards. Of course, the irony is that the bulk of Chinese companies probably never buy an actual copy of ISO 9001 anyway, as unlicensed PDFs just flow like water in China.
Looking closer to home, we find that the USA numbers are also strange.
This next chart shows the US totals since 1993, and the blue line reflects the addition of over 4,000 certificates in 2021. The red extension shows where the trend should be, without the “inconsistent CB” spike — roughly flatlined.
In fact, the US sits as the fourth highest-growing ISO 9001 user nation, and yet the US accreditation bodies have not made any dramatic improvements to their reporting as UKAS claims it has. So is this spike real?
It’s likely a mixed bag. While ISO claims the US numbers are “due to the participation of certification bodies that did not take part in the previous Survey,” there may be another factor: the rapid growth of the “US” accreditation body IAS, which is ostensibly an Indian body with some expats working from a US address.
That AB welcomes dubious CBs who fail to get accredited — or lose accreditation — from other bodies, since IAS oversight is so lax. This, in turn, allows Indian and Middle Eastern certificate mills to get legitimized under a US accreditation logo, pushing their questionable certificate totals into the US numbers. It’s become common for Indian CBs who were tossed out by JAS-ANZ or NABCB to run to IAS, only to get their accreditation restored shortly after.
This next chart shows the trend since the 2000 version of ISO 9001, which is still seen as the best version ever released of that standard. Even with the inflated numbers, the trend is still bleak:
Comparing the US to its north American neighbors, Canada and Mexico, we see this:
Zooming in on those Canada numbers, we do see it’s been a mess. This is important, too, because SCC — the official AB for Canada — holds important roles in ISO committees, including those for ISO 9001. Canada has always been a key player in this area, but the data suggests is has been largely incompetent in getting any real data of out its CBs.
Every year, we report on a few key European nations to gauge how things are going on the continent where ISO 9001 was born; these are Italy, Germany, France, and ISO’s home country of Switzerland. The chart below uses the new, spiked data, but it hardly matters. Even with the spiked data, we see things are generally grim for Europe.
Even ISO 9001’s darling, Italy, has slowed to some extent on their prior obsession with ISO 9001. But they still sit at the number 2 slot for highest number of certificates per nation, trailing only behind China itself.
In prior Oxebridge analyses, we also looked at Belarus, but almost for comic effect. That nation consistently competed with major European nations in ISO 9001 growth, hinting at some questionable numbers. But they’ve since flatlined, so I removed them from our analysis.
The home of BSI and UKAS reveals the most noticeable spike after that of China, again caused by the UKAS misreporting in prior years. While a lot of folks in Britain are getting excited about these numbers, only by looking at the trend since 1993 can you see that it’s still nowhere near the level it was back in 2000.
Paul Simpson, the head of TC 176 SC — the committee responsible for authoring the ISO 9001 standard — is from the UK. He has repeatedly dismissed the ISO Survey data as unimportant when it shows interest in ISO 9001 is declining. How much would you like to bet that Simpson falls back in love with data now that these numbers show a spike?
So what of India, which many believe to be the source of a flood of fake certificates? India may be one of the top producers of wholly-unaccredited certs, yes, but those numbers are not polluting the ISO 9001 data, thankfully.
This chart shows India’s year-to-year growth, and we can see that while there was a spike in 2021, it’s still nothing overdramatic.
Reading this year’s Oxebridge analysis, it does come off a bit anti-India. I want to clarify something: neither I nor Oxebridge is India-phobic. In fact, Oxebridge owes its existence to Indian-owned companies who were the first to hire me when I launched my consulting company.
And the data here shows, as I said, that India has tighter control over its data than many other countries, and it far surpasses the United States in this.
The problem we have is that a few powerful Indian executives, living in the US, have built an empire by abusing other Indians. From their perches in the US, they have set up a global machine whereby they use underpaid Indian auditors and staffers — working at nearly slave wages — and then sell fake or conflicted ISO 9001 certificates to other Indians, who operate companies around the world. One Indian friend of mine told me, “never underestimate the ability of an Indian to exploit his neighbor,” and this seems to be the case.
The Indian AB, NABCB, for example, has rejected calls to shrug off the neocolonialism of the IAF regional body APAC, and form its own equivalent in the Indian subcontinent. They are happy to be led by a white guy in Australia if that means they continue making money. Again, Indians harming Indians.
For the first time I’ve opted to highlight Japan. While behind the scenes, Japan has been a powerful force in the development of ISO 9001 — they’re partially responsible for the “risk-based thinking” fiasco — Japan had never shown any problems with its data, and was tracking in line with the world… in general. The 2021 spike in Japan, however, raises some suspicions.
Could Japan be facing a problem with fake certs infecting their data? Have they just been lax in their prior reporting? Frankly, it’s too early to tell. But a pattern of troubling concerns with multiple Japanese CBs, and a corrupt national AB, doesn’t give me hope that they are playing fair.
Middle Eastern Bellwethers
The next three Middle Eastern countries are largely thought to be hubs for not just fake ISO 9001 certificates, but fully-accredited certificates that are nevertheless issued in complete violation of ISO accreditation rules. The United Arab Emirates (UAE), Saudi Arabia, and Qatar have all proven to be hotspots for the proliferation of “conflicted” ISO 9001 certificates; these are certificates issued by consulting companies, who certify their own work because they have a corrupt deal with an accredited CB. As a result, these certs are fake, but bear legitimate accreditation logos. I’d guess the spikes we see here are the result of Quality Austria and other European CBs aggressively pushing into the region, while allowing their Middle Eastern offices to print certificates without any control whatsoever.
The picture is Russia is not as bleak as we’d expect, although the chart does have two hilarious data points for 2009 and 2010.
Those two spikes can be ignored entirely, and were when they came out in those years. Someone was playing fast and loose with the numbers, and ISO — as usual — can’t be bothered to vet the data. Even with the latest spiked data, we see Russia flatlined in 2021.
Russia is so screwed up, they can’t even counterfeit ISO 9001 certificates properly!
The Asian Watchlist
Five Asian countries — Thailand, Malaysia, Indonesia, Singapore, and Vietnam — are on a lot of watchlists as publishers of a troubling number of fake certificates, so this year we began tracking them separately. Take a look:
Many in the region know that these countries (and, to a lesser extent, Cambodia) have begun pouring unaccredited, certificate mill certs into the marketplace. But until 2021, nothing unusual showed up in the actual numbers, suggesting the ABs in those countries had done a good job keeping the certificate mills out of their ranks, and the fake certs off the charts.
The 2021 numbers are troubling, however. UKAS has some footprint in those countries, but not enough to suggest that the 2021 spikes we see are due to UKAS’ reporting improvements. Instead, it does appear that the formal ABs in those countries are getting sloppy. In fairness, however, ISO 9001 is growing fast in that region, and many of the certs are probably legitimate.
One other factor: an insider reported that the Malaysian CBs inflate their numbers by issuing separate certificates to departments within a single company. I’m told the Malaysian AB has no clue as to what it’s doing, so a CB can issue multiple ISO 9001 certificates for one facility, after only one audit. Once again, the IAF is useless in policing this.
Korea (the one not run by Kim Jong-Un) is also being watched closely, largely due to overt corruption on the part of that nation’s accreditation body, KAB.
The KAB logo is plastered over certs all over India and the Middle East, as well as many of the fake certs coming out of its Asian neighbor countries. KAB is apparently following the IAS model, by offering low-cost, low-oversight accreditation to anyone who wants it. They are also terrible to deal with when reporting complaints.
So I wanted to see if that was translating into any irregularities in their ISO 9001 totals:
The answer? Not so much. Their 2021 spike is likely due to a proliferation of “conflicted” certificates — certainly, they were not affected by UKAS data — but it’s still not to any level that would raise eyebrows. My gut tells me they have fewer and fewer legitimate certificates, and the fake ones are just leveling the data, but it’s only a guess.
Korea is a country to watch, however, as their corruption scandals grow in this area.
Below is an analysis of the sectors reported to be using ISO 9001 certifications. Take what you can from this, which includes the spiked data for 2021, but understand that it’s highly unreliable. The data is based on CBs’ ability to properly categorize their ISO 9001 certified clients using IAF codes, something they routinely suck at.
In analyzing the past three years of sector data from the US alone, we see a few interesting trends:
First, the fastest growing sector for ISO 9001 in the USA is information technology (IT), which appears to have replaced manufacturing. This tracks somewhat with Oxebridge’s experience, since our clients are now about evenly split between manufacturing and IT, whereas ten years ago the number of IT clients was less than 10%. I’d argue much of this is driven by US FEderal government mandates, which often require companies to have ISO 9001 just as a condition to bid on a Federal contract.
But the second data point likely overshadows the first. This is the fantastic growth of “sector unknown” certificates. Whereas in 2019 less than 3,500 certificates were tossed into this bucket, which has skyrocketed to over 12,000. What this means is the US accreditation bodies — and here we point to ANAB and IAS primarily — have nearly stopped all enforcement of accurate “Scoping” of ISO 9001 certificates.
(For sure, the bulk of that category is metal fabrication, since machine shops are still the number 1 user of ISO 9001 in the US, no matter what the data says.)
CBs working under ABs are supposed to accurately assign IAF codes to each certificate. This used to be a very serious requirement that was strictly enforced, back when ANAB was known as RAB. In the last few years, however, ANAB has grown lax and no longer polices this. CBs not only misassign an IAF code to clients, but sometimes they don’t assign one at all. This should be caught by ANAB within — I’m not kidding — about ten seconds of review, but ANAB gave up caring after Randy Dougherty left.
The matter is worse, I’m guessing, because of the lax attitude of IAS. That body is competing against ANAB — and winning — by offering low-cost accreditation for ISO 9001 CBs, and a more relaxed oversight. It appears (to me) that if your check clears, you get your IAS accreditation. (We recently found a CB that was accredited by IAS and only had two clients, both of which were owned by the CB itself… and somehow IAS never noticed.) So the data coming out of IAS is likely at least partially, if not primarily, responsible for this shift to “sector unknown” certificates.
But, seriously, we can’t discount the growing incompetence of ANAB. It could also be that IAS has its act together, and ANAB has gotten much, much worse.
You also have a minor trend of foreign (non-US) ABs working within the US market. NABCB (India), SCC (Canada), INMETRO (Brazil) and others all have US certification bodies working under their foreign accreditation logo. These bodies are also notoriously lax in requiring accurate scoping.
But this shows that none of the ABs — whether ANAB or IAS or some international hangers-on — can manage to get their CBs to report the data accurately. Nor do they seem to care.
Again, for the ABs, if the check clears, then you can do whatever you want.
Winners and Losers
The top ten nations with the most certificates as of 2021 break down as follows:
- China – 426,716 certificates
- Italy – 92,664 certificates
- Germany – 49,298 certificates
- Japan – 40,834 certificates
- United Kingdom – 39,682 certificates
- India – 36,505 certificates
- Spain – 31,318 certificates
- USA – 25,561 certificates
- France – 21,918 certificates
- Brazil – 16,268 certificates
This list is the same as its been for a few years now, with only minor changes in pole position.
Growth rates by nation are not very useful to measure, since tiny countries like Lao or Nepal saw huge rates after adding only a handful of certs. Lao, for example, added only 51 certs, but that represented a 638% growth rate since they only had 8 certificates reported in the prior year.
But looking at total certs added in 2021, the top countries for raw growth are as follows:
- China – added 102,095 certificates in 2021
- United Kingdom – added 13,687 certificates in 2021
- Japan – added 8,547 certificates in 2021
- USA – added 4,642 certificates in 2021
- India – added 4,269 certificates in 2021
- Thailand – added 3,471 certificates in 2021
- Korea (Republic of) – added 3,461 certificates in 2021
- Malaysia – added 2,357 certificates in 2021
- Viet Nam – added 2,077 certificates in 2021
- Romania – added 2,051 certificates in 2021
The top ten losers — representing the countries that lost the most certificates — are as follows:
- Brazil – lost 1,235 certificates
- Norway – lost 1,003 certificates
- Portugal – lost 512 certificates
- Turkey – lost 284 certificates
- Sri Lanka – lost 216certificates
- Switzerland – lost 200 certificates
- Cuba – lost 198 certificates
- Ireland – lost 166 certificates
- Argentina – lost 163 certificates
- Philippines – lost 91 certificates
Note that even though they lost the most certificates in 2021, Brazil still had enough to make the top ten list of highest certs.
The data presents a mixed bag. For ISO, their constant fiddling with data reporting methods — grossly inconsistent over a 5-year period, never mind going back to 1993 — is frustrating. The fact that ISO partners with the IAF whenever it wants, but then magically can’t get accurate reporting from CBs for decades, reveals just how lazy and incompetent ISO is. Their business model is to make other people do work, then publish the results and take credit. It’s pathetic.
But thanks to Oxebridge’s ability to collate the data going back to the 1990s, we can see trends that (a) ISO doesn’t report, and (b) overcome many of the occasional dips and flaws in ISO’s data. Ultimately, it may not matter what happened specifically in 2021, since we can look at that overall trend chart going back to 1993. That’s useful, at least.
What we still don’t have is an honest picture of the world’s acceptance of ISO 9001. However, as I’ve argued for a decade or more now, the “over 1 million certificates” claim made by ISO has been dishonest in itself. First, “1 million” is a tiny fraction of the potential global user base for ISO 9001. And, second, it’s been nearly flatlined for a long, long time. There are only so many years you can brag about “one million” before someone asks, “why haven’t you hit TWO million yet?”
But imagine if the IAF and ISO partnered to make CertSearch a mandatory part of accreditation (not IAF membership) and then IAF agreed to provide that data to ISO for free, in order to continue publishing the annual ISO Survey. Overnight, the data would be far more accurate.
Is This the Last ISO Survey?
Keep in mind, it is very likely this may be ISO’s last Survey report entirely. With the IAF making participation in its own CertSearch database semi-mandatory, and with IAF’s intent to sell the data for analysis, I can see ISO abandoning the ISO Survey. ISO has always been largely beholden to the CBs and ABs, and those parties may finally be able to hide their data, by shoving it behind an exorbitant IAF paywall. No one will be able to afford to access it and generate the kind of data we currently get, for free, from ISO.
As bad as the ISO Survey data is, it’s still better than the nothing we will likely get because of the IAF’s greed and corruption.
Here are a few of the prior Oxebridge analyses of previous ISO Surveys:
- Oxebridge Analysis of ISO Survey 2018: Facing 20% Loss of ISO 9001 Certs Worldwide, ISO Dismantles Data Trending
- Oxebridge Analysis of ISO Survey 2019: Bleeding is Slowing, But Patient is on Life Support
- Oxebridge Analysis of ISO Survey 2020. China to the Rescue
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.