It’s early yet, but in response to two major complaints levied against them separately, the ISO 9001 certification bodies QRS and BSI have both refused — again, so far — to follow their own procedures and acknowledge the complaints. By doing so, they effectively cut off the complaints process before it begins, since once a complaint is acknowledged, the registrars have to launch an investigation. By never acknowledging receipt, the registrars appear to believe they can ignore the issue entirely.

In the case of QRS (Quality Registrar Systems), we filed a complaint which you can read about here. QRS has so far not acknowledged the complaint, despite two requests to do so. They received it, though, since about 6 hours after we sent it, the ATIS website had been updated to remove some material referencing QRS. That means that QRS was having background discussions with ATIS, even as they were ignoring the Oxebridge filing.

In response, their accreditation body EIAC of the United Arab Emirates did their own investigation and suspended QRS’ accreditation. They stand to lose accreditation permanently if they don’t address the issue by November 2020.

Meanwhile, In Britain

The BSI complaint is far more serious. Whistleblowers revealed that the world’s largest registrar had established — for its American operations, at least — nonconformity quotas, demanding that auditors for ISO 9001 and AS9100 write at least “1 NCN per audit day.”  The BSI emails then show senior BSI Americas executives — as high as the VP level — openly talking about the metric as being a “scientific” method to measure the company’s financial health.

If that sounds heinous, it is. Accreditation rules codified in ISO 17021-1 demand that nonconformities only be written when objective evidence proves a nonconformity exists. That standard then prohibits the registrar from allowing “threats to impartiality” to taint its audit decisions — including nonconformities. It then goes on to specifically identify “financial pressures” as one such threat.

The evidence is very, very damning. There’s no clear way that BSI snakes out of this, at least not that I can see.

I first sent the report to BSI’s CEO Howard Kerr in the UK, along with their legal counsel Grainne Brankin. Kerr responded, but by writing to Brankin, saying, “Let’s pick up on Monday,” and merely copied me on the email. The email was not specifically addressed to me, so it’s not clear if he copied me by accident or was trying to keep me updated. But either way, the Kerr email proves BSI received the report.

I then followed up with a formal complaint, submitted to Kerr, Brankin and others within BSI, in accordance with their published complaints handling procedure. That procedure requires BSI to confirm the complaint “within two working days,” which came and went. A follow-up email from me, asking for formal acknowledgment, has also gone unanswered. Their procedure then gives BSI 20 days to provide a formal response, but they can likely argue the clock hasn’t started yet, since they still haven’t acknowledged ever getting it.

But Kerr’s email — whether sent to me by accident or not — proves they got it. I suppose BSI could argue some legalese that the “report” sent to Kerr wasn’t an “official complaint,” but BSI’s procedures don’t require any official formatting or template for complaints; they have to act on them no matter how they are submitted.

Some within BSI are suggesting that the American execs are apoplectic, having their emails published, and are working with Brankin to figure out a way to sue Oxebridge, and/or uncover the whistleblowers in their ranks. That may come to pass, but it won’t stop the fact that BSI is required to follow its published procedures, under law. A lawsuit will only worsen things. Let’s hope the BSI adults in the UK are more sensible than their American reps.

Abnormal is the New Normal

The refusal to acknowledge complaints – despite accreditation rules demanding it — is a relatively new tactic being used by ISO scheme actors. Facing a potential criminal investigation for bribery in a scandal involving its accredited registrar Quality Austria, the official Austrian accreditation body AA has refused to acknowledge receipt of a complaint put before it. When escalated to the next-higher authority, the IAF’s regional body the European Co-operation for Accreditation (EA) did likewise, with its executive Andreas Steinhorst cutting off communication on the issue entirely.

The IAF and its secretary Elva Nilsen then followed step themselves, by refusing to acknowledge receipt of the final escalation to it on the Quality Austria cover-up. They now sit in open violation of their published procedures, which are enshrined in the IAF Bylaws and official tax filings, submitted under penalty of perjury. Uh-oh.

The dirty trick isn’t isolated to the IAF’s gang, either. In the aerospace field, the IAQG’s Registration Management Committee has refused to process a complaint against auditor certification body Probitas, after its executive ruled it was fine for AS9100 auditors to lie about their professional qualifications, provided they did so after they were certified by Probitas. That ruling is stunning, as it allows auditors to literally claim to be “Directors” of massive aerospace companies when, in fact, they are unemployed (such was the case of the auditor that prompted the complaint.) The IAQG’s RMC has just refused to even acknowledge receipt of the complaint, since that would trigger their published procedures on complaints handling, too.

The Oxebridge database of scandals alone includes over 90 investigations of IAF controlled bodies dating back to 2010, and in every single case, the IAF never took any action, nor raise a single internal investigation. These include scandals that caused the deaths of over 1700 people (so far) at the hands of companies holding certificates bearing the IAF logo. Adding the allegations of criminal bribery in the Quality Austria case, and now the “ticket quota” scandal of BSI, and the IAF is looking at a very uncomfortable future.

The end result has been, of course, total anarchy. Registrars and their auditors have been given the green light to do whatever they want, and CB executives can commit crimes, engage in financial conflicts of interest, and all sorts of other overt violations of accreditation rules, knowing that Nilsen and the IAF will silently support them.

Until, of course, the day when they don’t. If that last part sounds cryptic, just know that at some point in the future a new Oxebridge article will link back to this very paragraph, making it very clear what I was telegraphing back in May of 2020.

UPDATE 18 May 2020: BSI has responded to the complaint by shutting it down without explanation, and without addressing the evidence. It appears to have back-dated its response, but was still not acknowledged within the required two-day window, per BSI’s own published procedures.

UPDATE 2 September 2020: QRS has formally responded to the complaint and Oxebridge accepted their response. They have severed relationship with ATIS and claim to have taken corrective action to prevent such conflicts in the future.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


Traditional Tri-System