This one was originally published back in 2016, but it’s worth republishing.
In a riff off of the old 1980’s meme that ISO 9001 could “certify a manufacturer of cement life jackets,” a number of unaccredited or self-accredited ISO 9001 certificate mills have agreed to do just that.
The saying came from a misunderstanding of ISO 9001 in its early days, with folks thinking that if someone designed a “cement life jacket” that killed the wearer, the company could nevertheless become ISO 9001 certified provided they did so while following “procedures.” This argument ignored the fact that at its core, ISO 9001 is about customer satisfaction, and killing the customer rarely achieves that.
The Setup
In a month-long journalistic investigation back in 2016, we presented a number of certification bodies — some accredited, and the rest “certificate mills” — with a test. We asked if they could provide ISO 9001 certification for a company called “LifeSink” which designed a “negative buoyancy wearable flotation” device targeted at “industrial deep sea mining and recreational diving” markets. To seal the deal, we sent them a LifeSink Quality Manual, sample management review meeting minutes, and even test reports that showed the product’s quality was measured by “fatalities.”
Throughout the documentation, some key indicators were included that should have triggered a red flag to anyone with a functioning neocortex, such as:
- The company’s name was LifeSink, FFS.
- Its product was a “TRUSINK” jacket, comprised of a “SolidCore 2.0” inner lining, which itself was made of cement and lead shot.
- The documentation claimed that objects can both sink and rise in water at the same time; not float, mind you, but literally move in both directions simultaneously.
- The point of contact was a quality manager named “Jack T. Pozzolan.” The word “pozzolan” refers to a common ingredient in cement.
- The company had other products in the pipeline, one called “Death Bell” and another called “RapiSink.” The test reports for a product called “Sharknado” even included a screenshot of the film Sharknado, which features (guess) a tornado comprised of sharks.
- The company’s VP of Engineering was named “Sandy Botoomes” (sound it out)
- The company was requesting a virtual audit of its office in Suriname, and did not want an onsite audit
- The management review minutes were dated April 31 (there are only 30 days in April)
- Prototype testing results in the management review minutes were in no way linked to data in the actual prototype testing records
- All of the data was utter junk, created by random formulas and number mashing in Excel, and had no meaning
- Stakeholder “validation testing” included a measurement of “fatalities” and utilized a “pulse monitor” presumably to measure when the wearer, you know… DIED
- Despite the product actually killing people, the US Coast Guard is shown having ranked the product “Very Good”
The certification bodies were also given a link to the “temporary website” of LifeSink, actually set up by the free site builder WebNode.com. The site (click here to view) included an utterly batshit explanation of how LifeSink products work:
Objects in an atmosphere, whether liquid (water) or gas (air) either rise or sink. Unless, of course, they have neutral buoyancy, in which case they float. But NB is rare in nature, because of the infinite micro-changes in pressure and gravity that are acting on us at all time, beyond our notice. Things tend to rise or sink, even if we think they are floating.
In a negative buoyancy condition, a device will sink while displacing the matter around it, causing that matter to “fill” the space above the object, thereby rising. By taking advantage of the simultaneous falling (of the object) and rising (of the surrounding matter), the LifeSink WFE products can provide both flotation and descent.
The website also featured this product blurb, of which the insanity is clearly obvious. Notice that the SolidCore lining is made of cement and lead shot.
The Prestige
With this nonsense in hand, we then submitted it to a number of certification bodies offering ISO 9001 conformity assessment. This included both ANAB-accredited bodies, and “certificate mills” — those CBs who are either not accredited at all, or self-accredited by a fake accreditation body. We targeted especially those mills that either claim compliance to ISO 17021/17011 or imply it.
Of the ANAB-accredited bodies, none agreed to provide services. Some responded back dryly, noting that a virtual assessment was not allowed under an accredited scheme. Others saw through the joke and laughed it off. We even tossed a copy over to ANAB, and they confirmed that any CB providing certification under these conditions would not be acceptable under ISO 17021.
Meanwhile, however, of the certificate mills approached, ALL of them agreed to provide ISO 9001 certification. One did so even after days of alleged review by its “technical managers and industry experts,” who — one wonders — must be a real laugh in the bathtub, if they don’t understand how stuff like “floating” works.
One of the mills even made a potentially illegal attempt to sweeten the deal for himself, by misrepresenting “requirements” and indicating that all the suppliers of LifeSink should get certified, too, preferably by his company. He also offered to do the consulting for all those suppliers as well.
In a tortured attempt to (one guesses) sound smart, the mill operator also indicated “materials need to be ROHS compliant- (need to verify materials) Especially if the products are made all over the world – China especially.” ROHS is a certification typically reserved for electronic components, with the intent of reducing lead content in electronic components. Good luck finding lead-free lead shot, moron.
Another certificate mill responded by immediately providing a price quote, even though we were merely asking if they could provide the services. (At no time did we sign any contracts or agreements.) That operator also misrepresented requirements by saying, “If you end up managing the manufacturing of saleable products an approved suppliers list would be required.” In comparison with ISO 9001 clause 8.4 requirements, this statement makes no sense whatsoever.
Worsening matters was that none of the certificate mills offered to sign a nondisclosure agreement before asking for, or receiving, the documentation. When the concept of an NDA was raised, one of the mill operators replied, “I had a security clearance – my specialty is NRR – it has to do with radar.” This would be yet another violation of confidentiality rules under ISO 17021.
The mills were all out of the USA, with one exception from The Netherlands.
The Reveal
At the point at which the mills agreed to provide the services, the sting was revealed, and no contracts were signed. It was made abundantly clear to the mills that Oxebridge offers no certification services, so therefore is not a competitor, nor has any relationship with any of their accredited competitors, and that this exercise was conducted entirely in the interests of public safety and the public good.
Needless to say, they were pissed. The mills threatened legal action, but — of course — they never followed through, nor could they since no laws were broken.
What this illustrates clearly is that the certificate mills pose a direct and credible risk to public safety and human health. They will offer to certify anyone willing to pay, even if they cannot actually verify the existence of an organization, and even if that product will kill people.
Now go back and read our report on how the world’s largest certificate mill, IMSM / QAS, literally certified a fake furniture store which wound up being a front for a UK heroin smuggling ring. Those guys are still operating in the UK, with the blessing of the UK government and key industry organizations in that country.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world