- Whistleblower Program
- Legal Defense Fund
- Request Quote
Welcome to The O-Forum! Read this first! Then, feel free to introduce yourself here! If you need immediate, real-time support for the Oxebridge ISO 9001 or AS9100 Template Kits, click here to join our Slack chat channel.
A 2014 US Dept. of State Charging Letter issued against Esterline Technologies Corporation reveals the company’s network of subsidiaries engaged in a decade of ITAR violations, for a total of 282 separate charges. In at least two cases, criminal investigations were launched. Esterline was ordered to pay a civil penalty of $20 million in response to the violations.
Seven different Esterline companies were named in the Charging Letter, which documented export violations going back as far as 1997 through until 2011. All of the companies held accredited AS9100 or ISO 9001 certifications before, during and after the ITAR violations were reported by State.
A seventh Esterline company, Memtron of Frankenmuth MI, held ISO 9001:2008 certification instead, issued by Lloyds Register (LR). That company was reported for a single ITAR violation, but the dates of the actual activities in violation spanned from 2007-2010, all years covered by the LR certificate. It is not immediately clear if Memtron has an updated ISO 9001:2015 certificate.
Despite the publication of the Charging Letter in 2014, and criminal investigations launched in years prior, at no point did any of the companies lose their AS9100 or ISO 9001 certifications.
All of the certificates were accredited by a single US accreditation body: ANAB.
AS9100 repeatedly requires that certified companies satisfy regulatory requirements. Clause 5.1.2 requires “customer and applicable statutory and regulatory requirements are determined, understood and consistently met,” while clause 8.2.2 requires the company capture “the requirements for the products and services are defined, including any applicable statutory and regulatory requirements” and then not agree to provide products if those regulatory requirements cannot be met. In all, the concept of satisfying regulatory requirements appears in 10 separate AS9100 clauses, and is repeated in the front and back matter of the standard.
It is not clear how auditors from six different accredited certification bodies, auditing seven different certified companies, could have missed ITAR violations during every audit, spanning a decade. It is also not clear how each of the companies could have faced no repercussions to their certifications even after the findings of State were released, and criminal investigations launched.
ANAB has been accused of conducting lax oversight of CBs who pay it a fee for accreditation, allowing companies to obtain AS9100 certification despite rampant quality problems, and then allowing them to maintain that certification even after the problems are reported, or after disaster strikes.