As reported a while back, the AS9100 certification body SAI Global (formerly QMI) had its accreditation lifted for many months by ANAB. This was stunning, because the average length of an ANAB accreditation suspension is measured in days or even hours, and SAI’s went on for week after week.

We may never fully know what happened, but the official line is that SAI got burdened with too many audits and too few auditors. The auditor drain is affecting the entire industry, brought on by the “perfect storm” of problems including an aging (and retiring) auditor pool, and the disastrous rollout of Plexus’ mandatory AS9100 Rev D auditor training, which saw over half of the auditors fail their test, largely due to the test being… well, “complete shit” was how one auditor characterized it.

SAI, it’s said, lost so many auditors, it fell behind on servicing its current clients, even as its sales team pushed ahead to rope in new clients. The ANAB suspension forced SAI to stop taking new clients and catch up on overdue audits, which presumably happened. We may never know what exactly happened, but there’s more to it, apparently.

I just finished work at one SAI client who may well have been “patient zero” for SAI’s official woes. (To be fully honest, I am guessing; their problems coincided with the timing of SAI’s suspension, however.) This client had been audited previously by SAI, and had a handful of minor nonconformities, all of which were fully corrected and closed. In the following year’s audit, the auditor reviewed the prior NCRs — a standard activity — and confirmed they were satisfactory. He went on to then write only one new minor NCR. This was also subsequently closed.

Sounds good, except that the second audit was an AS9100 Rev D “upgrade” audit and so extra time was scheduled: four and a half days, to be exact. The client is located in the northeast, and the audit fell during a snowstorm. The auditor made it into town, and conducted the first day’s audit normally, writing the new minor NCR. Then he never showed up again. The remaining three and a half days of auditing were never conducted.

Mind you, the official report in OASIS says they were done, and the client was billed for four and a half days.  The client told me that the auditor said it was acceptable if he finish the audit “from the hotel.” Totally unaware of AS9101 or ISO 17021-1, the client didn’t know better; while they thought it was odd, they trusted SAI to know the rules. I’m sure they were happy to be rid of the auditor for the week, too.

Here’s where things get even weirder. Later, when scheduling its next audit (which will be the third), SAI reported that auditor had been terminated, and had scheduled a new auditor to take over the account. We have no idea if that termination was due to my client’s incident — maybe SAI found out about it? — or something else. But it did happen right around the time of ANAB’s suspension.

Which would all be fine, but going back into OASIS we now find the entire record of the first audit is gone. Erased, as if it never happened. The second audit — the one with the falsified audit days — is still present, but nothing prior to that. The handful of minor NCRs from that first audit are wiped from the system, along with any evidence that the company was initially certified. Now, OASIS only shows the client has suddenly having a surveillance / upgrade audit, but never an initial AS9100 certification audit, which should not be possible. It’s like having a baby without ever having been pregnant.

This is problematic for a few reasons. First, OASIS has been around a long time, so you’d think the IAQG would have their shit together by now. Alas.

Next, OASIS is supposed to provide an unbroken chain of evidence of everything that happens with an AS9100 company from the time it earns its first certification to the time at which it loses it (which is, hopefully, never.) That would include all CB transfers, for those clients who fire their registrars — the records are supposed to be contiguous.

The purpose of OASIS is also to provide the “supply chain” — meaning Lockheed and Boeing — a full dataset of all NCRs a company had throughout its history. It’s never been clear what Lockheed or Boeing intend to do with this data — if a company has a lot of NCRs over a 10 year period, will they be DQ’d? — but the data remains available to them.

The SAI fiasco shows us a few things. First, by pushing all audit reporting to an online system like OASIS, auditors can fake an audit entirely, and sit in a hotel room or (one presumes) their home dining room table, and pretend they did an audit. Since OASIS can’t tell where the data is coming from, it just assumes that the audit really happened on site. It’s not like ANAB checks these things, even though that’s its only real reason for existing. And if ANAB did check, they’d only look at OASIS anyway, and those records insisted the audit happened at the client’s site. How could they prove otherwise?

What, ANAB’s going to start doing witness audits where they don’t literally fall asleep while on the job? Please.

Next, it shows that minor hiccups can result in the loss of entire years of data for a given company. This can cause all sorts of headaches, such as being unable to prove to a potential customer that you did, in fact, hold certification for many years, rather than having obtained it only recently. You also can’t prove to potential customers that, say, you never had any major nonconformities.

CB transfers also become problematic. If you fire your registrar, the new CB is supposed to verify OASIS entries from the last audit. They can’t do that if the last CB wiped the records. Without that information, the new CB will likely tell the client they can’t be transferred at all, meaning the client will have to ether stick with their incompetent CB, or surrender their entre AS9100 certifcation.

As you can see, the over-reliance on OASIS is troublesome. And remember this: these problems are self-induced, due to poor coding, a clumsy interface, and terrible tech support. If hackers ever got this information — which includes a history of nonconformities and product failings for a huge chunk of the aerospace industry — imagine the disaster.

Nearly all of this could be avoided. OASIS appears to be a poorly built database built on aging SQL, and supported by a tiny staff of tech support dudes who are slow to respond to problems. If I’m right about SQL, that makes it vulnerable to SQL injections if they haven’t really done a good hardening, which I am betting they haven’t.

I’d love to check if, in fact, SQL is running behind the scenes, but I can’t because the entire IAQG website is down, right now, even as I write this article. That means OASIS is down for everyone.

Site check for as of March 2, 2019, 10:30 PM EST.

The falsification of audit days is such a problem, it’s practically a time-honored tradition at this point. I once witnessed a six-week audit in which the auditors (two of them) consistently either left early every Friday or didn’t show up at all. They explained to the client that they were meeting the hour requirements by “working from the hotel,” but the official audit reports consistently indicated they were on-site for a full 8 hours every Friday. By the time the six-week audit was over, I estimated at least 8 full days of auditing (64 hours) was never conducted. The client was billed for all of it though.

In a more recent example, a registrar audited a 300-person Boeing supplier, and the Lead Auditor opened the meeting by announcing “I have a hard stop at 9 AM on Friday, so have to be out of here by then.” To meet that deadline, he never audited clauses 4, 5 or 6 of the AS9100 — at all — but falsified the records to say he had. His review of the management review meeting records consisted of glancing at the binder which had the printed minutes in them, and then glancing back to his computer. He never even opened the binder, but his report in OASIS says he did a full audit of the management review activities. I was snickering at how Boeing’s pet project — AS9100 and OASIS — was biting them in the ass by allowing CBs to rubber-stamp aerospace QMS certificates so auditors can rush back to their dingy little trailer homes.

ANAB could address this simply by checking travel and expense reports vs audit days; they’d notice that auditors could not possibly have audited a full Friday if their plane was wheels up at 11 AM. This is not hard stuff. Hey, it’s supposed to be aerospace, right?

It’s not that IAQG doesn’t know about this, either. I reported multiple instances of auditors having their clients fill out AS9100 audit reports for them, and then uploading the information as if the CB had done it. This resulted in audit reports (and especially PEARs) that featured glowing, self-written praise which was later passed off as “objective, independent audit results” by an accredited aerospace registrar. Baloney.

IAQG and ANAB both responded that the practice of allowing clients to fill out their own audit reports was just fine, thank you, and the CB only had to “verify the information.” That’s ludicrous, of course, and it proves how little anyone needs the ANAB/IAQG arrangement to begin with. If a doctor can offload the surgery to his own patient, then at some point the patient is going to start asking why he’s paying for the doctor’s new Mercedes Benz.

Remember, too, these guys are auditing companies that make airplanes that you fly in, and rockets that can crash into your house.

So SAI’s not alone. These problems have cropped up with NSF-ISR, TUV, NQA and others. So long as auditors know they can type stuff into an online system with no one verifying the data, they will do bad things. And so long as CB checks clear, ANAB’s not particularly worried about it either.

IAQG needs to get its shit together. This stuff either matters or it doesn’t. If it doesn’t matter, than what are we paying for?



About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.