There are many interpretations as to what, exactly, ISO 9001 certification means. Is it a third party assessment of pure conformity to ISO 9001 requirements? Or is it a confirmation of process effectiveness? Or both? Neither?

Regardless, the validity of any ISO 9001 certification rests on the knowledge that the audit process is independent and objective. These are the two recurring themes of any third party assessment, and govern much of the rules presented in ISO 17021, the standard to which ISO 9001 certification bodies must comply. We all agree that a subjective, opinionated, conflicted audit is not a good thing.

Well not everyone agrees. Enter the unaccredited registrars, or “certificate mills.” The Indefensibles.

These are companies or, more often, simply individuals, that issue ISO 9001, AS9100, ISO 14001, TS 16949 and other certificates without following ISO 17021 or obeying any international accreditation guidelines. They adhere to no rules; you pay them, they print you a certificate. What they lack in morals, they make up for with toner.

It’s not illegal. There is no requirement that a certification body become accredited, since ISO 9001 is not governed by any laws. It is a voluntary certification scheme, after all. So certificate mills can do whatever they like, and it’s up to the client organization to identify them, and steer clear.

Shadows

Who are the Indefensibles? Some are consultants who, at the completion of their consulting contract, provide an ISO 9001 certificate, in effect certifying their own work. Others are audit providers that issue certificates, but which do not want to pay accreditation fees. Others yet are simple print houses, who will print a certificate without even visiting the company they are certifying.

The nickname “Indefensibles” is doubly apt. First, most of us would recognize that such morally corrupt, unethical and generally despicable tactics are incapable of being defended. But these people know the ill they do, and when pressed, they refuse to defend their own profession.

In the early days of ISO 9001, accreditation hadn’t quite taken off, so these cert mills were a dime a dozen. No one knew any better, and accreditation was hard to get, and rare, so it made sense. But as accreditation took hold, and ISO 9001 users began to understand the benefits of using accredited CB’s, the cert mills died off. A few made last gasp fusses, but they were relegated to the dustbin of ISO’s broom closet.

Now we see a resurgence. ISO 9001 is on the decline, and AS9100 is struggling for validity at the hands of inept management. Smelling death, vultures swirl. And so we have the return of The Indefensibles.

The Del Straight Approach

Del Straight is one such creature. Operating an ISO 9001 consulting firm advertising the “Del Straight Approach,” while using his name in his company’s web domain and prone to referring to himself in the third person, he’s the classic narcissistic pitchman. Think Perry Johnson 2.0, as “PJ” did much of the same: in the beginning, Mr. Johnson provided both consulting and registration under his eponymous product line. Showing little in the way of a moral compass, Perry Johnson’s companies gained notoriety across the world, as not only did they certify their own quality systems, they were the first company sued for violating junk fax laws, and were outed for using prison labor to man their aggressive telemarketing phone banks. (Rumor has it, they still do.) Eventually, PJ was broken into two organizations, but the stigma stuck. Many today still think Perry Johnson Registrars and Perry Johnson Consulting are the same company because of an inexplicable refusal to rename one of them, even though they are actually under different ownership.

Del Straight follows the PJ playbook: his name plastered on everything, his presence ubiquitous, and his demeanor… well, creepy. What he lacks is commitment, though, and that will ultimately prevent him from reaching the fame and wealth of Mr. Johnson.

When his role as a cert mill was outed on LinkedIn, he deleted his account and erased his posts. Prior to that, however, Mr. Straight could be found spouting quasi-libertarian rants against any form of governance in the ISO 9001 world, calling for an end to accredited third party certifications, and a return to unaccredited 2nd party auditing (something, of course  his company provides.) He argued for legal separation of certification bodies by geographic locations, something he insisted would actually improve competition, and claimed that doing so would not require interstate legislation, but the adoption of a voluntary franchise model. Finally, he said the simplest fix for all of ISO 9001’s problems, worldwide, would be if he were given the Presidency of ANAB. To Del Straight, Randy Dougherty not only runs ISO 9001, he also controls the state-to-state commerce of every country on Earth.

Certifiable

Then he was outed. Someone found posts elsewhere on the web under the nickname “ISOExpert” which included examples of ISO 9001, AS9100 and ISO/TS 16949 certificates issued by “QSRD” and signed by Del Straight. One certificate (see right) shows him using a RABQSA logo on his certificate, in apparently violation of their trademark. 

On his website — which appears to be written in HTML 1.0 and looks much like the manifesto site of a UFO conspiracy theorist — Mr. Straight announces that he is the recipient of a Raytheon “Presidential Letter of Commendation.” A representative of Raytheon told me they knew of no such award, and a Google search for the term only results in one hit: Del Straight’s web page. I asked Del three times to provide me a copy, and he ignored all three requests.

He also claims to be a “Lead Auditor with RAB/QSA [sic] credentials” and yet a search on the official RABQSA registry shows no auditor with this name.  He claims authorship of at least three articles on ISO 9001, and yet a simple Google search produces 0 hits on the titles given, and his site does not attribute the articles to any publication. He claims to have given “nationwide seminars” but this could not be verified either, since none are available online, and few people have actually ever seen him in public. While his site claims that his company is a “world leader” in ISO 9001 consulting, he admitted that his clients were almost entirely in Michigan and Ohio, something corroborated by his own published client list.

It’s a Gift

When questioned about issuing unaccredited certificates, Mr. Straight would only take the conversation offline, deleting public posts about the matter, and relying instead on private emails. He routinely insisted that he “does not charge for certification” and merely charges for the accompanying auditing services. In one email, Mr. Straight said that his ISO 9001 and AS9100 certificates are a “gift” given to his audit clients, compliant with local law.

“In the state of Michigan if you sell something and offer a free gift with purchase, even if you return the purchased item, you’re entitled to keep the gift.”

Alas, the certificates themselves say something else entirely:

“This certification remains the property of QSRD, 15400 Easudes Road, Ann Arbor, Michigan. It may be recalled for cause at any time.”

Needless to say, it’s not a gift if it remains the property of the giver, who reserves the right to recall it at any time. If QSRD maintains such certificates are “gifts,” then they could well be illegal under Michigan law, not in compliance with it.

Before I realized the full extent of what he was involved in, I admit it: I was having some fun at his expense. I sent him a snarky email asking — since he was printing stuff — for some “counterfeit money, and a certificate that makes me Emperor of the World.” I suggested he use new 3D printing technology and make me “an Oscar for best director, and a few extra kidneys, in case I need them.”

Narcissists usually lack a sense of humor, and Mr. Straight is no exception. He sent this deadpan reply where he goes on at length, making severe — and potentially libelous — accusations of fraud by a number of accredited registrars. It’s a long email, but worth reading in its entirety. Especially if you are a lawyer for one of the firms mentioned here.

The AS 9100 certificate issued 3 months ago by ASR to a custom hydraulic hose manufacturer in Detroit based on an audit conducted by an auditor that stayed in the conference room for 3.5 days and only left for his 2 hour lunches was a fake certificate.

The AS 9100 certificate issued by NSF 2 months ago to a painting facility in Niles Michigan that had well written documentation all in English for a work force of which 85% could only read and write in Spanish and was based on an audit conducted by an auditor that could not speak Spanish himself relying on a foreman as an interpreter was a fake certificate.

The dozens of certificates issued by Perry Johnson based on a “pay now -certificate now-audit later” plan are all fake certificates.

The AS 9100 certificate issued by SAI Global to a tooling company in Toledo a year ago that was purposely trying to fail the audit on a bet. (No management review, no internal audit, no corrective actions) That only had to answer 1 minor nonconformance to get the certificate was a fake certificate.

The AS9100 certificate issued by Smithers to a precision machine shop that was blatantly failing to meet any of his customer specific requirements for quality and delivery and had just lost a General Dynamics contract because of poor performance and took no corrective actions was a fake certificate.

The certificate issued by QSRD to Mantissa Industries was based on a thorough comprehensive audit. It enabled Mantissa to get work from United Technologies and Lockheed Martin. The owner of Mantissa knew that the certificate was unaccredited as it was stated so in bold print in the agreement he signed. He knew that as he grew he would eventually have to get a third party certification because he was specifically told so by his auditor. When he converted he passed with 0 nonconformances. At the time of his third party registration he had achieved a 100% rating with his two major customers. He was able to avoid the non-value added cost of $12000 for 3 years while he business grew. Fake Certificate? Depends on your point of view. It makes no false claims and includes no logos from fake ABs. It can also be supported with fully documented honest and true audit results.”

As you can see, Straight accuses registrar ASR of issuing “fake certificates” but then validates his own auditing services by boasting that Mantissa later went on to pass an audit with “zero nonconformities” from an accredited CB. What Mr. Straight does not mention is that ASR was that very same CB. Suddenly ASR’s audits were no longer “fake”, but valid, because they certified his client.

Straight also claims that “United [Technologies] would not issue [Mantissa] an RFQ without a certificate. They accepted the QSRD certificate for the RFQ.” But in reviewing United Technologies’ ASQR1 document, however, it clearly states:

1.3 “Supplier Certificates of Registration to applicable Aerospace Quality Management System assessments must be issued by a Certification Registration Body (CRB). The CRB must be accredited under the control of the International Aerospace Quality Group (IAQG) certification/registration schemes, as recognized by the Aerospace Standard SAE AS 9104.

In short, UT mandates that only accredited AS9100 registrars may be used, so either United never checked QSRD’s accreditation status, or Mr. Straight is not being truthful.

When asked about Lockheed Martin, which also requires the use of an accredited CB, Mr. Straight did not comment.

Probably because, at that point, I asked him for a new sled.

The Invisible Man

Other curious questions arise, none of which are demonstrative in and of themselves, but which taken together paint an odd picture of a would-be legitimate company. First, there appear to be no businesses registered by Del Straight in the state of Michigan. Nowhere on any of the Del Straight marketing materials is the company name ever mentioned, and therefore there is no indication of “Inc.” or “LLC”. “QSRD”  — the company name appearing on his certificates — apparently does not even represent a company, but rather the “Quality System Registration Department.” There are no records of any licensed business under that name.

Perhaps by way of funny coincidence, or at least heavenly irony, popping the QSRD address into Google Maps and firing up Streetview reveals a trash can on the side of an abandoned country road. No office, no buildings… just a trash can.

So who is Del Straight? There is no normal activity one would expect to see online these days — no Facebook profile, no old AOL profile, no photos under that name, nothing. As mentioned, posts elsewhere were made under the pseudonym “ISOExpert.” 

Delbert Lee Straight hails from Santa Barbara CA, with a 1986 felony arrest of unknown circumstances on the record. There exists only a single reference to employment, under “Quality Assurance System” — again, a company without any apparent legal filings, and one without any Michigan records. There is no indication of Mr. Straight having worked for Raytheon, at least as an employee.

So we are left with a man who has virtually no record of any of his stated accomplishments, earns a living providing unaccredited QMS certificates, who has run afoul of the law at least one (and almost twice, if we count the RABQSA logo usage), who makes claims about clients that appear to run contrary to fact, accuses accredited CB’s and AB’s of issuing “fake certificates,” and who refuses to discuss his profession in public.

Indefensible.

Perhaps it’s best to go out by quoting the last email I received from Del Straight, on February 7, 2013:

No point in posting at Del Straight in LinkedIn.  I removed the profile.  It has been fun bantering.  I got what I came for.  I hope the next version of ISO 9001 changes things but as long as the same audit structure remains, I am skeptical.

Have fun with the Boeing thing.  Hopefully, it exposes the value of certification and brings about change.

Be careful who you are talking to in this forum #Manti Tao.  Trust Me.  Not everyone is who they say they are.

Out

Indeed.

In Part 2: QualityMasters, an unaccredited certificate mill with a Jesus complex, and a really, really angry PR guy.

Advertisements

ISO 45001 Implementation