The IAF has begun a branding push for its planned universal database of ISO certifications, announcing it will be named “IAF CertSearch.” The announcement was made to the certification body (CB) community a month ago, with more details coming out from subsequent meetings with industry representatives.

Along with that branding has been a request by IAF to ensure that any press releases discussing the new database emphasize the word “voluntary.” At least one CB, The Registrar Company, followed through on that request, publishing an article that emphasized the word “voluntary” twice. A similar publication by the Slovak National Accreditation Service mentions the voluntary aspect, as well.

IAF is boasting that it has high levels of commitment from accredited CB’s, claiming it will host at least 700,000 certificates upon launch. While the number appears high, it represents only a fraction of the world’s ISO 9001, 14001, 45001, 27001 and other certs that will be included. There are over 1,058,000 certificates for ISO 9001, meaning if all the certs in the CertSearch database were solely for ISO 9001, it would still leave out at least 1/3 of the world’s certificates. The actual numbers of ISO 9001 certificates listed will be much smaller, making the database ineffective: if a user tries to verify a certificate but CertSearch reports no results, it will not be clear if the certificate is fake or if the CB merely did not enter the data.

A source in attendance at the recent IAF/ILAC meeting, in which the IAF presented the latest information on the CertSearch project, told Oxebridge that IAF does not expect full participation from its accredited CBs, and that they are emphasizing the supply chain to use the word “voluntary” in related press releases out of a fear the IAF will be sued in US courts by registrars. The IAF has resisted calls to make participation in the database a mandatory part of accreditation, because of pushback from certification bodies. The source said that IAF is worried about a class action suit whereby the CBs “band together” to sue IAF collectively under the US Hobbs Act, which prohibits interference of interstate commerce.

The IAF registered a special company to manage the database, as an LLC in the state of Delaware.  Registering in Delaware has tax advantages, but also offers unique legal protections for company officers unlike any other state in the USA.

CBs have resisted decades of attempts to create a universal database of ISO certifications, going so far as to manipulate ISO/CASCO (ISO Conformity Assessment Committee) to strip previous rules in ISO 17021 which had required CBs to maintain public registries of their clients. CBs claimed that such registries were being used by competitors to “poach” their clients; BSI was a leading proponent of the move to delete this language. Ironically, the move made the term “registrar” — often used in reference to CBs — moot, since they no longer maintain actual registers.

The IAF oversees the Accreditation Bodies (ABs) which then oversee the CBs, but because each level pays the tier above it, the CBs at the bottom ultimately control the scheme. CBs can abandon the accreditation scheme at any time, denying the IAF and its member ABs their revenue stream, if they feel overburdened by restrictions.

Without 100% coverage, the IAF CertSearch database is unlikely to succeed, according to Oxebridge founder Christopher Paris. “IAF is making the same mistake made by a dozen or more other companies since the late 1990s,” he said. “If CBs are not forced to participate, they won’t. IAF is spending hundreds of thousands of dollars on a project that is doomed to fail. Those costs eventually get borne by certified companies and end users, with no meaningful result.”

Mr. Paris has also criticized IAF for not utilizing blockchain technology, whcih would have provided transparency and integrity for the eventual database. Instead, the technology used appears to be a simple web-based SQL database, likely to be prone to hacking and data loss, giving CBs further reasons to resist participation.

The IAF has restricted its communication about the project o largely internal organizations or “friendly” bodies such as the accreditation bodies, ILAC, and ISO itself. As a result, critics and end users have had no input into the project.

The lack of a universal database of ISO certifications has made it difficult to research the role of ISO 9001 and other CBs in scandals and product recalls, since the CBs can easily hide or delete such records without any public awareness. This has also led to unprecedented growth by ISO “certificate mills” who issue wholly unaccredited certificates; without a way to distinguish accredited vs. non-accredited certifiates, the CBs have ironically helped embolden and grow their main competition.

One such certificate mill, QAS International, issues certificates after consulting provided by its sister organization. IMSM. Often the same IMSM consultant acts as the QAS auditor. QAS issued an ISO 9001 certificate to a Leicester-based company found to be a front for an illegal heroin smuggling ring. QAS is then supported by the British Quality Foundation which counts as its patron HRH Princess Anne, daughter to the Queen of England. Because of the IAF’s poor brand management and lax accreditation enforcement, organizations like QAS are able to thrive despite granting certificates to companies such as the drug ring in Leicester.