Add another entry on the side of the ledger for “How IAF Oversight Is Meaningless.”

My good friend and ITAR expert Mark Stevens posted on LinkedIn about how a client of his was told, by his ISO 9001 auditor, to intentionally alter customer drawings so they avoid ITAR control. Said Mark:

While providing a client with Empowered Official training, the EO asked me if the advice suggested by their ISO Registrar was a good idea…. The EO explained that during an ISO surveillance audit, the auditor suggested that they could aviod having to comply to the ITAR by misrepresenting the defense article’s technical data.

Mark explains that “misrepresentation or omission of facts is defined as a violation under Part 127.2,” which is a Federal offense.

Smug, poorly-trained auditors suggesting clients break the law are nothing new, of course. You may recall a few years ago the head of aerospace certifications at SAI Global suggested a client of mine go back and alter previous audit reports to close an improper nonconformity, because she was (I’m guessing) too scared to tell her auditor to fix his report and withdraw the bogus NCR. The client fired SAI instead.

Since the IAF and the associated accreditation bodies and certification bodies can’t do their jobs anymore, it’s up to end users to fire offending CBs on the spot for such activities. We already know that due to a lack of auditors, CBs can’t really punish the auditors they have left — no matter what they do — because they don’t have anyone to replace them with. So reporting bad behavior by an auditor to the CB home office is pointless now.

The only course of action is to invoke your contractual rights to cancel the contract at any time, and transfer to a less problematic CB.  That is super-simple, and often costs as much as a phone call.

But in case there’s someone out there who needs to hear it: no, don’t falsify ITAR data to get out of having to comply with US law. 

Neither the CB nor the auditor is going to pay for your criminal defense attorney.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 14001 Implementation