The Dutch accreditation body Raad voor Accreditatie stooped to new lows to defend its huge customer, Control Union, proving once again that the IAF accreditation scheme is nothing more than an international, Mafia-style protection racket. Rather than ensure ISO certificates are only issued to valid companies with conforming management systems, they are issued to anyone, and when complaints are filed later, the various IAF bodies run to their defense, shielding them from possible litigation.

In response to multiple complaints showing the Israeli office of Control Union had, over a period of at least four years, issued multiple ISO certificates outside of their official RvA scope of accreditation, the Dutch AB has closed the complaint citing “human error” on the part of a single Control Union employee. RvA had previously ignored the complaint for over a year, and never responded at all to a similar complaint we filed in 2020 on the same issue.

If seeing “human error” as an excuse for a nonconformity gets you upset, you’re not alone. The IAF’s nest of accreditation bodies, including ANAB and UKAS, have spent literally decades arguing against “human error” as a viable root cause for nonconformities. Instead, they say, human error can never be a root cause, since all human errors are caused by things such as stress, lack of training, lack of resources, etc. For twenty years or more, ISO 9001-certified companies have had to give complicated “Five Why” root cause analysis descriptions, even for minor problems such as typographical errors or a random uncontrolled document.

But, of course, when the rules are turned around to apply to them, suddenly “human error” is an entirely adequate root cause.

RvA Did Nothing, But Did It With Gravitas

In response to this latest complaint,┬áRvA claims they conducted a remote “desk review” of Control Union, rather than performing an on-site audit which would have required them to travel to Israel, and (thus) spend actual money on the issue. They then reported the following findings:

(1) Certificates issues without RvA logo, where the logo should have been used.

Based on a desk review it appeared that the certificates issues in Germany and Belgium were indeed issued without RvA-logo. It appeared it was a misunderstanding of a CUC employee. Correction and Corrective measurements have been taken. An extent analysis has been carried out by CUC, but no other infringements were identified.

(2) Certificates issued with RvA-logo, outside the accredited RvA-scope for CUC.

This was also a human error. Extent analysis has been carried out by CUC and no other infringements were identified as mentioned in your complaint.

Notice that RvA did not conduct any verification itself, they simply accepted Control Union’s own “extent analysis” without any question.

RvA also never said at all what happened to all the certificates that were issued to clients with — or without — proper logos. Were these certificates withdrawn? Were new audits conducted? It appears nothing was actually done at all.

In fact, one of the reported companies bearing an out-of-scope Control Union certificate — Gadot Biochemical Industries — still has the certificates on its website, bearing the RvA logo. Apparently, neither Control Union nor RvA did the work necessary to ensure that these certificates were either removed or updated.

And nothing on the Control Union website anywhere says they withdrew any certificates. At least I couldn’t find it — their website is a mess.

Long History of Violations

We first noticed the problem with Control Union’s Israel office back in 2020, and filed a complaint with RvA at that time. At the time, Control Union’s Israel office’s accreditation was suspended, but RvA ignored the complaint and lifted the suspension just a short time later. RvA never addressed the problem of out-of-scope certificates in 2020.

The issue re-emerged in Sri Lanka, where Control Union certificates issued under Sri Lanka Accreditation Board (SLAB) logo were also found to be out-of-scope. SLAB shut down that complaint without proper oversight.

And the problem then appeared again, in 2022, when even more out-of-scope certificates were issued by the Israel office, after its accreditation had been restored. We filed a complaint, and RvA ignored it — again — until I pressured them in late April of this year (2023) that I would be filing a complaint with the IAF regional body. EA, if they failed to process the complaint.

So finally, RvA took the matter seriously, but then conducted the worst possible complaint processing they could muster, as you can see.

Meanwhile Control Union has been banned from various programs in the EU and elsewhere, and is under investigations for scams and scandals in other industries.

The message is clear: Control Union simply pays accreditation bodies too much money to ever undergo serious, objective oversight by bodies like SLAB or RvA. They are simply “too big to fail,” and can print fake certificates all day long, without any consequence.

Now, the IAF regional body EA should step in to process a full investigation into Raad voor Accreditatie, but of course… they won’t either. What, the Mafia is going to investigate the Mafia?

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 45001 Implementation