As I wrote earlier, the certification body Bureau Veritas has been marketing itself as being ISO 9001 certified for years, and slathering said mark on every page of its website, even for services that were not included in the scope of certification. This has apparently been going on since the 1990’s, so we can assume that ANAB has no problem with it, even though it literally violates the accreditation rules.

One of the hard-coded requirements of every ISO 9001 certification audit, whether a surveillance audit or three-year recertification audit, is that CB auditors must verify the usage of the ISO 9001 mark and marketing statements, to ensure the certified company is not misleading people about its scope of certification. By allowing Bureau Veritas to imply ISO 9001 certification on website pages for services not covered under the scope, ANAB just handed the entire industry a fantastic way to cheat the system, and save hundreds of thousands of dollars, if not more.

Understand that the cost of ISO 9001 audits is largely determined by the length of the audits, since registrars charge about $1200 – 1350 per day for a given audit. The length of audits is then calculated by the number of employees a company has, with additional consideration given if a company has multiple sites. So a 3-person company with one site would be required to undergo a 1.5-day initial certification audit, and then face a half-day surveillance audit annually thereafter; a company with 1,000 employees, however, would face a 13-day initial audit, and then surveillance audits of at least 4-5 days each. A three-year cost for the small company would be about $5,000, while the larger company would be faced with spending close to $30,000. Extrapolate this out over a decade, and you see astronomical savings.

Thanks to ANAB and the whole Bureau Veritas fiasco, now giant companies can obtain ISO 9001 certification for the price of the small ones. Under this trick, a giant mega-corporation can simply find a tiny 1- or 2-man office and get that certified to ISO 9001, and yield the cost savings that tiny companies get. Afterwards, it can slather the words “ISO 9001:2015 Certified” on its entire global website, without any disclaimers at all, including putting the language on marketing materials for divisions, operations, addresses or services that are not in the scope at all.

The only requirement is that you must include a link to the actual ISO 9001 certificate with its scope, allowing your website visitors to check what is in-scope, and what is out-of-scope. You can even bury that certificate somewhere and make it difficult to find, ensuring no one ever checks.

If this sounds shady, well, ANAB has already established a precedent that allows you to get away with it. Bureau Veritas has plastered their entire website with the “ISO 9001 certified” mark, even for services that are not included in the scope and even for services where ISO 9001 is prohibited, such as their own ISO 9001 management system certification services. Because ANAB has never enforced the rules on Bureau Veritas, they are now wholly toothless to enforce the rule on anyone else.

And Europe can pull this trick, too, since Bureau Veritas’ new certification is accredited by the German body DAkkS, who also has no problem with this.

Best yet, your customers probably won’t even care. Most buyers flow down ISO 9001 certification without knowing what it is, and without understanding things like “scope” anyway. They just want to check the box, and want you to have an accredited certificate (vs. that of a certificate mill.) Pulling this trick will satisfy them, too, if they’re also asleep at the switch.

Eventually, your CB auditor will notice the problem (as I said) they are tasked to verify this at every audit, but they will be entirely powerless. If they write a nonconformity on this, you can appeal and have it thrown out, citing ANAB’s established precedence in allowing Bureau Veritas to run roughshod on the rule. (Extra points if your ISO 9001 CB is, literally, Bureau Veritas!)

If the CB balks, you can escalate your appeal to ANAB, they won’t be able to do squat. They will be forced to tell your CB to stand down and delete the nonconformity. If ANAB does anything else, well, then they’ve exposed their hand: they are allowing their customers (the CBs) to get away with a violation that they are then arbitrarily enforcing on everyone else. That’s a violation of ANAB’s rules, under ISO 17011. Plus, you’d now have grounds for a class-action lawsuit on behalf of every company ever certified by an ANAB-accredited CB, as well as a convincing case that ANAB’s self-conflicted interpretation of the rules amount to fraud and tortious interference in interstate trade. ANAB will not want to go to court, since their lopsided and unfair interpretation of the rules will expose the industry’s unspoken corruption, so you’ll still win in an early settlement deal.

So, if you’re a massive company with tens of thousands of employees spread out over locations on seven continents, don’t worry. Now you can only spend the money to certify the 25 square-foot gift shop in Alamagordo, and still claim to be “ISO 9001 certified” anywhere in the world.

Is it shady? Absolutely. But if you’re going to be shady, you may as well learn from the best, and ANAB gives a master class on this every day.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.