Following up from our report the other day that the new ISO 19011 standard removed a long-standing requirement that demanded auditors “observe and comply with any applicable legal requirements,” — essentially giving CB auditors a “wink-wink, say no more” nod to break the laws of their clients — a LinkedIn reader pointed out another huge change that I missed entirely. While ISO 19011 was being updated to dilute legal liability for auditors, the ISO/CASCO team quietly stripped out a requirement that ISO 19011 be followed at all.

Prior editions of ISO 17021 — the accreditation rules developed by CASCO (ISO’s Conformity Assessment Committee) — included ISO 19011 as a normative reference, and then made at least ten separate references to the requirements of 19011. In short, CB auditors were forced to comply with ISO 19011. However, CASCO recently rewrote the rules, releasing the new set as ISO 17021-1 (dash one), and ISO 19011 no longer appears as a normative reference. It’s now mentioned only twice, both in non-binding “notes,” and in one of those it only suggests ISO 19011 be used for internal audits, as opposed to both internal and external.

You may recall that same rewrite of 17021 also did away with the requirement that CBs maintain public-facing registries of their clients, a convenient arrangement that makes it impossible to track of a certificate is valid or not, while allowing CBs to hide the fact that they certified, say, Takata or Kobe Steel.

What’s consistent between all of these changes is that they collectively point in one direction: loosening rules on CB auditors to allow them to do as much bad as they like, while remaining in compliance with the official rules. Yes, if a CB auditor breaks the law you can have him arrested or sue him in civil court; but you can’t also claim he violated the official rules since those rules are nearly entirely evaporating.

Given the increasing evidence of CB malpractice and complicity in what appear to be daily revelations of scandals, product recalls, and deadly product defects, you’d think the IAF and CASCO would want to do the opposite, and rein in the bad acting auditors. But instead, they are doggedly pursuing a track that gives a green light to registrars and their auditors to issue ISO 9001 and related quality certificates without any control whatsoever.

To anyone with a moral compass the least bit calibrated, this appears odd. But when you understand that the IAF and ISO have overseen one of the most corrupt, conflicted scams ever created — one that literally affects every industry in every country on the planet — it makes sense. Until the IAF and ISO are hauled in front of courts and regulators, they fully intend on pursuing this path.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.