I’ve taken a hands-off approach towards other consultants for over a decade, even if they haven’t necessarily reciprocated (see Elsmar Cove for just one 17-year long example.) My thinking was that there is plenty of ISO 9001 related work to go around and there’s no need for fighting between consultants. I also didn’t want to stretch Oxebridge’s reform efforts too thin; tackling the standards bodies and certification scheme actors is plenty of work, without having to take on the consultants.
More and more, however, the consultants occupy the same space: they are also on the standards bodies (like TC 176) or simultaneously work for registrars. Worse, the consultants dominate these bodies, a fact that is especially true for the US TAG to TC 176, which is overrun with private consultants. It’s become impossible to keep them at arm’s length anymore, since pressing for reform within the scheme now inevitably pushes against the private consultants that corrupt the scheme.
And so I’ve finally had to file a complaint against another consulting firm: Core Business Solutions, operated by US TAG 176 member Scott Dawson. The complaint — which is relatively informal at this point — alleges that Dawson is misleading his potential customers by repeatedly claiming he can get clients “ISO 9001 certified” for “less than $5,000.” Dawson’s company is ISO 9001 certified itself, by registrar ABS-QE, so that adds a level of oversight other consultants — who aren’t certified — don’t have. The case also presents the ultimate convergence: Dawson is a consultant, a member of a standards development body, and a consumer (customer) of a registrar. Conflicts of interest abound.
Now consider this new (and weird) reality: the ISO 9001:2015 standard requires, as part of clause 8.2.2, that companies actually ensure they can do what they say in their marketing (emphasis added):
8.2.2 When determining the requirements for the products and services to be offered to customers, the organization shall ensure that:…. (b) the organization can meet the claims for the products and services it offers.
Actual blurb from Core Business Solutions website.
This creates problems for Dawson and Core Business Solutions. You see, Dawson claims that for less than $5,000 he can get your company “certified” to ISO 9001.” Since Core is not a registrar, and since Dawson doesn’t do consulting for free, this essentially means he is claiming that both his consulting and third-party registration will cost less than $5,000. It’s likely that Dawson ony means his services, and only when you use one of his template kits; but that’s not what the website says. It repeats, over and over, that the “$5,000” is for “certification.” Despite being alerted to this problem months ago, he’s just doubled down. A recent update to the website sees the claim being repeated, not corrected.
And remember: Dawson is on the US TAG to TC 176, that plucky group of consultants who wrote ISO 9001, conveniently making it so goddamn confusing, you have to hire people like Dawson to decipher it.
Let’s Do Some Math
Let’s see if there’s any possible truth in the claim, though. First, let’s assume that Dawson is giving away his consulting work for free; that’s a stretch, but it’s the only possible way his “$5,000 certification” claim could hold any truth.
Now understand that registrars’ fees are largely determined by a simple calculation: the average daily rate multiplied by the typical required audit man-days. The audit man-days are determined by an international rule published by the International Accreditation Forum, called IAF MD5. Those rules present the minimum number of audit days required for an ISO 9001 certification client based on employee count.
Knowing that the US average daily rate for registrars is about $1300 per day, this then means that — at most — a Core client could have no more than 5 employees, since the IAF MD5 minimum audit length for a 5-employee company is 2 days. Two days at $1300 per day = $2,600; but now add a typical $500 application fee and $500 ANAB accreditation fee, and you’re already up to $3,600. Now factor in auditor expenses for hotel, airfare, rental car, meals, etc. Assuming that figure still lands below $5,000 — which is unlikely — consider this: that would only be for the first year, and registrar contracts are three-year contracts. You cannot buy a single-year contract.
Thus we find that Dawson’s math is impossible even if his consulting services are free, and even if the company has the smallest employee count presented in IAF MD5.
It doesn’t really matter anyway, since Dawson doesn’t preface this by saying “it’s $5,000 only if we work for free, and only if you have less than 5 employees.” He’s saying this for everyone. Even the companies that have 5,000 employees, which would require 20 (twenty!) man-days of auditing, or about $26,000. In case you’re not keen on math, $26,000 is more than $5,000. According to Dawson’s marketing, even if you’re Lockheed or Boeing, he can get you “certified for less than $5,000.”
Finally, realize that Scott Dawson is not doing anything for free. His template kits cost $5,000, and then his implementation programs scale upwards from there, depending on the level of service you want. But none of his programs include certification because, simply, Core Business Solutions is not a registrar. He can’t offer certification, so his costs cannot include it.
Thus his claim is factually impossible, and thus grossly misleading.
Time to Work Your Abs
Because Core is registered by ABS-QE, I dropped an informal complaint over to VP Dominic Townsend at their Houston office. My complaint specifically called out the “less than $5,000” claim, and pointed Townsend to the clause 8.2.2 requirement of ISO 9001. I asked how ABS-QE could have certified a company making obviously misleading marketing claims, to which Townsend replied:
We are in receipt of your note below, and based on our review of Core Solutions Programs offered; they have established a program that is designed to meet the 4 month timeframe that is claimed. In addition, we do not get involved in the commercial terms of Core Solutions and its customers as this is outside of our scope of work.
Now I never mentioned anything about “four months” at all, and you will note that Townsend utterly ignored the point I was making, about the “$5,000” price claim. It’s a convenient dodge, and now I am pressuring ABS-QE for a proper response. But no one expects a registrar to actually cite a nonconformity against a sitting member of the US TAG to TC 176. They’re all in this together, after all.
Townsend’s reply came remarkably quickly: I sent the email on December 8th at 3:53 PM, and Townsend replied the same day at 4:08 PM, which looks like only 15 minutes, but there may have been an hour of time zone to factor in. (I was literally in Houston when I sent it and two blocks from the ABS-QE office, so even that’s a stretch.) That’s a stunningly fast reply that indicates Townsend gave the issue exactly zero thoughtful consideration. I replied back that I hadn’t mentioned anything about months, and was talking dollars, and now it’s been days of silence from ABS-QE on the matter. That tells you something.
The loser in this scheme is, of course, the public. Once again we see that ISO 9001 certification means next to nothing, if registrars are willing to overlook all sorts of bad behavior that bring disrepute on the validity of the standard and upon their own services. Certification was intended to defeat fraud, by ensuring companies couldn’t make wild claims about their quality systems, since they were audited by objective and trusted third parties. Those assurances continue to appear today on the websites of accreditation bodies like ANAB and the IAF; they insist their role is to ensure trust in the certificate. In the real world, however, they issue certs to whomever will pay, and then bend over backwards to defend clients who engage in unethical or even illegal behavior. LRQA helped a company cover up a potential criminal conspiracy involving the illegal use of forged documents to gain access to an oil contract; BSI suddenly can’t find the records of it having certified the BP Oil office that managed the Deepwater Horizon rig; all the registrars can’t seem to find any records of having certified the Takata airbag manufacturers, despite public press releases advertising the certificates years ago.
It also points to the fact that the so-called “authors” of ISO 9001 are, themselves, a joke. They routinely violate their own rules and standards, while cashing in on a duped public that trusts their often ludicrous self-promoting marketing claims. Supported by a dutiful “quality press” that disallows thoughtful, skeptical debate on the subject, the public only sees one side of this pyramid scheme, and things continue to erode year after year.
What makes this incident so stomach-churning is the incredible confluence in play here: a US TAG 176 member — who contributed to the writing of ISO 9001:2015 — runs a consulting company that sells ISO 9001 services, and in the process markets his services by using mathematically-impossible claims. He thus violates ISO 9001, the very standard he claims to have written. Then he then has his consulting company certified to ISO 9001 by a registrar, who — when the violation is reported — ignores the problem. The registrar, meanwhile, is accredited by ANAB which is a chief contributor to ISO/CASCO, which writes the rules for auditing and accreditation. It’s a godawful mess, and it rains disrepute down on all their houses.
In short, no one is following the rules, and yet they are all making a ton of money telling everyone else to follow them. Got it?
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
