We’re seeing a spate of complaints related to dramatically low-priced quotes for ISO 9001 certifications, affecting many nations but with a concentration in India and Dubai. The registrars involved have a handy explanation at the ready: neither ISO 17021-1 nor IAF rules dictate what a certification body should charge, therefore you should just shut up about it already.
The problem with low-ball bids is twofold. First, there’s the question of whether or not the CB is quoting the appropriate number of days for audits. Since pricing is directly based on audit days, a low price can point to a CB “cheating” and offering a shorter audit, in violation of both 17021 and IAF MD5, the latter of which dictates minimum audit duration.
Second, low-ball bids can point to the hiring of untrained or incompetent auditors. Certainly, competent auditors with suitable experience will not work for slave wages, which is the kind of pricing we’re seeing in this latest rash of complaints.
Sources in the region tell me that India pays poverty-level day rates for its auditors, caring little for their competence or training. The situation is Dubai is reportedly directly related, in that the low-ball bids are coming from Dubai-based CBs utilizing Indian auditors. I have no way to confirm that, so take it with a grain of salt. I’ve seen impossibly cheap audits in the US, too.
What we do know is the numbers simply don’t add up. In one incident, the registrar Business Quality Certification (BQC) charged a Dubai-based client 2,500 € for the initial certification of a 50-employee company, and then the same exact price for the 2nd and 3rd year surveillance audits. Recall that an initial certification audit is comprised of two separate “Stages” and that the subsequent surveillance audits are typically 1/3 the duration of the initial. Therefore, it’s not clear how BQC is charging the exact same low rate for all three audits, despite requirements that they differ dramatically in duration. On top of that, BQC said the miraculously low price included all travel and related expenses and the proposal was for a simultaneous triple certification for ISO 9001, ISO 14001 and ISO 45001.
Indignant to the point of incredulity, BQC rep Alexia Lianou wrote, in response to the official complaint, “It is neither necessary nor obligatory to extend to the analysis of the procedure followed by BQC so as to calculate the final cost.” She then demanded that in the future any such concerns be submitted “in private,” presumably so the accreditation body doesn’t know. Now the complaint has been escalated to their accreditation body, ESYD.
Similar complaints were responded to with the general excuse being “IAF does not mandate pay for auditors,” meaning that a CB can quote a stunningly low amount and still, somehow, claim the minimum audit days are hidden in that price. It’s unbelievable, but it’s also correct: neither IAF nor ISO accreditation rules dictate minimum pay for auditors. But, as I said, it’s unbelievable.
Rules Don’t Apply Before They Do, But They Do, Or Not…
Another stunning excuse, trotted out by two CBs also working in Dubai, is that no violations of ISO 17021 can occur at the quoting stage since at that moment in time there is no contract, and therefore ISO 17021 does not yet apply. This is absolutely bonkers, since so much of ISO 17021 and IAF MD5 are about ensuring proper audit planning, which includes the audit day calculations and providing that information to the client beforehand.
Logic and facts hasn’t stopped them, though. In response to a complaint about a low-ball bid, registrar AQC Middle East FZE’s agent Vartika Rastogi responded:
Nothing is finalised neither the formal AQC application is received in AQC Application format and nor the quotation is accepted by the client. No agreement has signed with client company therefore no certification activity is started. So no stakeholder can claim that we are not following the due process of certification activities and not following the MD 5 or ISO 17021-1.
Well, actually, no: a stakeholder did claim you are not following the accreditation rules, since a stakeholder — me — filed an official complaint on the matter. It’s always fun when a CB lectures you on how you don’t have a right to complain.
Registrar ACS W3 Solutionz’s representative Shahid Mushtaq responded with the exact same canned answer, but with a bit more indignation in his voice:
We did not issue the certificate to the client, you should raise a complaint once the client has such a certificate issued by us under ias accreditation there should be a formal complaint on that.
Mushtaq, sounding like BQC’s Lianou, similarly demanded these things be handled behind closed doors:
You should have asked me first for such issues and then you can raise such complaints.
So now the US-based accreditation body IAS is forced to deal with the complaints against ACS W3 Solutionz and AQC Middle East FZE, as they have both been escalated. IAS is already processing a complaint against another regional CB, Resource Inspections Canada Incorporated (RICI) which is operated by the owner of an ISO consulting firm called MAAZ Inspection and Testing Services. So it’s plate is full.
Despite these incidents seemingly focused on Middle Eastern CBs utilizing (reportedly) Indian auditors and — in the case of IAS — an Indian-owned Accreditation Body, the problem isn’t isolated to that region. The US and UK both suffer from aggressive CB sales reps who “underbid” audit days in order to win a contract, knowing that even if their Accreditation Body or the IAF notice, nothing is likely to happen. In the case of these “Western” certification bodies, they are often so large that the Accreditation Bodies won’t take action because doing so would cost the AB a tremendous amount of lost revenue.
As a result, we may actually see some action on these smaller Dubai certification bodies, since their Accreditation Bodies wouldn’t lose much if they threw them to the curb. But the accreditation body IAS has a lot to lose anyway: their business plan appears to be to accredited Indian and Middle Eastern CBs in bulk, advertising their US address in order to do so. If word got out that they were actually enforcing the rules, their CBs might flee the ship.
I’ll post updates on these complaints as information comes in.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.