A new fake certification body has popped up, this one being ICO Certi, suspected to be from Serbia but using a postal address from London to hide their origins.

ICO Certi certificate found in the wild (click to enlarge)

ICO Certi sells a “cloud-based” documentation template kit, but then goes one step further and includes a final certificate, thus certifying their own work. Their services include ISO 9001, ISO 14001, ISO 45001, and the information security standard ISO 27001, raising suspicion about what, exactly, they do with your data after they get it.

The London address for ICO Certi resolves to a “virtual office” address but we found traces of their operations in Serbia and India. (Confirmed; the company’s owner is Serbian, see update below.)

The company claims two accreditations. The first is by “IAACB”, which is a known fake accreditation body, but the “IAACB” claimed by ICO Certi appears to be a different one entirely, and one which doesn’t even exist.

The other accreditation is from the “International Accreditation Services for Certification,” or IASFC. This one is particularly interesting because it has a website that attempts to outright steal the logo and overall look of the actual accreditation body, IAS.

IASFC utilizes what appears to be a fake phone number, and the office address for NXenter, a web developer in New York’s “Koreatown.” Through a series of links, I eventually tracked the owner of NXEnter — and thus, maybe, IASFC and ICO Certi — to one Hamid Mahmood, who runs a self-promotional website called “Hamid the Pro.” Oh, and he insists he graduated from Harvard.

Meanwhile, the IASFC website claims to have a “register” detailing the “103 conformity assessment bodies” and that it has accredited in “180 countries,” but the webpage never actually presents any search function; in short, the register doesn’t exist. So you can’t verify that they’ve ever accredited anyone, nor is there any listing of staff or people working there.

Then there’s the web design, presumably by “Hamid the Pro.” Not only is the IASFC name similar to that of the actual accreditation body IAS, but the logo and web design are also nearly identical:

While I think a little schadenfreude is suitable here — the real IAS has built its empire on offering low-cost, bottom-of-the-barrel services, while using a name that is confusingly similar to the International Accreditation Forum (IAF), and is now being undersold by someone willing to go even lower — it still sucks. Someone from Serbia on LinkedIn wrote me and wanted me to file a complaint against the real IAS, because they were that confused between the two. It really is confusing, and only full-time accreditation nerds like me are likely to spot the difference.

So those shopping for cheap certifications from ICO Certi, fair warning: it appears to be an entirely fake operation bolstered by some mediocre websites, but without a single verifiable human being running any of it. Other than the Harvard grad website guy, of course.


UPDATE 14 March 2021: I received a curious, unsigned email from ICO Certi, trying to extort me. It offers me a partnership (“We can also cooperate with you. We selling all the world ISO Toolkits.”), but then threatens to sue me if I don’t agree. It’s a crime to threaten legal action against someone if they don’t accept your unsolicited demand for a partnership.

The email also claims that ICO Certi is owned by “Global Invest Holding LTD” in the UK, and again repeats its address, not knowing that we already exposed it as a “virtual office” postal services company. But with the company name now known, I was able to research official UK business records, which reveal that Global Invest Holding LTD is owned by Aleksandar Sibinovic, of Serbia.

If Sivinovic really wants to sue me, he may first have to come into the UK to file the paperwork, which will be convenient since he can simultaneously surrender himself to the police for attempted extortion and blackmail.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.

Advertisements

ISO 45001 Implementation