Yet another attempt to create a universal, searchable database for verifying ISO 9001 and related certifications is underway, and it seems this time it might actually be pulled off. This is because it has the backing of Randy Dougherty, the one person who is involved in nearly every single aspect of anything whatsoever to do with ISO certifications; Dougherty is the VP of ANAB, the Chair of the IAF, and holds memberships and/or key roles in every possible related committee, including TC 176, IAQG, IAAC, IAAR, AQI, ILAC and CASCO. Don’t worry if you don’t know all the abbreviations; the short story is that Dougherty, basically, runs everything to do with ISO certifications, everywhere. It was Dougherty and ISO Secretary-General Kevin McKinley who signed the order authorizing that horrific three-year ISO 9001 transition date. And, no, he still hasn’t retired despite reports coming from his own people.
(Update 6/15: ANAB’s website no longer lists Dougherty at all, and we’re looking into that. Odd.)
Now Dougherty, who chairs ANAB’s “Database Management Committee” (DMC) largely because there aren’t enough employees at ANAB to do these things other than Dougherty, is working with consultant Jerry Norris to create a new ISO verification database, called the “Unicorn Database” by some because of its historic inability to materialize into reality. Previous attempts at creating such a tool were launched by folks like Paul Schicchitano of the now-defunct magazine Quality Systems Update, then a limited rollout by the International Association of Accredited Registrars (IAAR), and a host of half-hearted attempts by various magazine publishers, registrars and consultants. Even ISO tried to get in on the act, announcing its “CERTO” database, but quickly pulling the plug when they realized that, “it is unrealistic to build a global database of certificates when the bodies holding this information are not on board with the concept and reluctant to share the data.”
Norris operates something the looks like one now, at his awkwardly-named website http://www.closeandcompetent.com, but it reeks of conflict-odor since users — including registrars — have to pay to use it, and that means Norris is essentially getting paid by CBs to provide referrals, no matter what he and Dougherty may say to the contrary. That’s not supposed to be allowed under ISO 17021-1, the standard that ANAB is tasked with enforcing, but tomayto tomahto, right?
According to the IAF, Dougherty’s DMC is working alongside Norris in some way, presumably to work up the design spec, and is about to take bids from database providers for development and operation of the final product; it won’t surprise too many people if Norris’ company — or some other personal pal of Dougherty — wins the final contract. Norris himself apparently fell under the spell of RD after he did some database work for the International Association of Accredited Registrars, the … erm, “coordination” group that is comprised of key US registrars and which is totally not, and never ever would be, engaged in price-fixing. Norris’ LinkedIn profile features a recommendation by former IAAR President H. Pierre Salle, endorsing Norris for his work with the group. Dougherty is a permanent feature at the IAAR, hovering around in the corner like the Grim Reaper, so that would explain how he met Norris.
Which is where things get weird. Oxebridge pushed to create such a database for years, and even gave a presentation to the IAAR on the subject back in 2005… twelve years ago. During my presentation “Ten Steps to Save ISO 9001,” I made the case that a lack of verifiable data on certificates was allowing ISO to “spin” certificate totals and thus ensure no one had a critical, honest discussion about falling certification rates. Step # 8 was titled “Develop a Central ISO 9001 Registry” and it called on ISO to make submission of data a mandatory part of accreditation:
Actual slide from Oxebridge presentation given to IAAR in April 2004.
Both Salle and Dougherty were literally in the room during that presentation — it was the first time I met either man — along with then-RAB President Bob King. The entire group sniffed indignantly at the suggestion, and largely dismissed my presentation as “overlong” and batty. Salle even told me afterwards to keep the fact that I had presented to the group “private,” which was totally paranoid. It was an early lesson in how I would be received by the industry for the next decade.
Now, of course, we find the very same people from the very same organization adopting a proposal I made to them over a decade ago, and happily taking credit for it. I’m fine with it, so long as it gets done, which is still an uphill battle.
It Might Be Ludicrous, Anyway
To date every attempt at such a database has been foiled because of a lack of IAF enforcement; registrars have refused to allow their client data to be available in any universal database, out of an irrational fear that their CB competitors would use the data to “poach” their clients. So strong is this fear that the latest ISO 17021-1 accreditation rule revision — created by ISO-CASCO which (sigh) Dougherty also sits on — stripped out an old requirement that ISO registrars maintain public registries of their clients. This means calling a CB a “registrar” is now a false term, since they don’t have to have “registries” any more.
The other problem is that CBs often want to hide their registration data to avoid public scrutiny, scandal or even potential litigation. The company that produced the defective airbag inflators for Takata had been ISO certified by a CB called Entela; a former executive confirmed to Oxebridge that when Entela was sold to Intertek, all the certificates — including those for Takata’s inflator company — transitioned to Intertek. But Intertek has since insisted it “can’t find” those records now. A similar “lost records” problem happened over at BSI, which had previously certified the Houston management office that oversaw the doomed Deepwater Horizon oil rig, which exploded killing 11 people and causing the worst man-made environmental disaster in human history.
Having a searchable, permanent database would be a goldmine for reporters and plucky bloggers like me, who would rush to check the ISO certification status of every company involved in recalls, product failures, food poisonings, medical device scandals and more. We’d finally have verifiable proof of the weaknesses inherent in the IAF accreditation scheme. Such a database would also be incredibly useful to stem the flow of fake certificates, self-accredited print-and-mail certs, and other garbage documentation. It would provide industry and the public a single one-stop shop to verify the validity of certs, while also improving the annual data published by ISO in its “ISO Survey” reports on worldwide certificate totals. The last two years of ISO Survey data were reportedly corrupted when one or two US-based registrars entered falsified data, spiking the US’ certificate totals artificially in order to keep skittish ISO users from dropping their certificates entirely in a “rats off a sinking ship” scenario.
IAQG Gotta Eat
There’s another angle. The IAQG has worked for years to build its OASIS database for the AS9100 scheme, quietly collecting data on every single AS91xx certified company, every AS auditor, and every AS registrar. Year after year they impose new rules requiring the various parties to upload their data into OASIS as part of the mandatory rules for doling out and obtaining AS91xx certificates. This leaves the IAQG with a single database of information that makes it as simple as flipping a switch to take over the entire accreditation/certification scheme for aerospace QMS certifications. When they do — and they will — it will mean that not only will IAQG kick ISO to the curb by publishing “IAQG 9100” without a single word of ISO 9001 in it, but that IAQG will become, overnight, its own accreditation body and/or registrar, throwing the IAF and ANAB into the ditch as well. All that money will flow solely to IAQG, and neither ISO nor IAF will see a dime of it. And they already have the data in place to do it.
If the IAF was paying attention, they may be scrambling now to combat this development by creating their own OASIS-style database so that they don’t lose all that data to IAQG. But it’s likely too late. The IATF has begun decoupling from ISO and the IAF with the automotive 16949 scheme, and the IAQG will follow suit with AS9100. Again, they were warned about this years ago (by me, natch) and they ignored it. Now chickens, meet roost.
CB reps feeding data into the new database.
It doesn’t mean it’s not a good idea, and a necessary one, however. But the only way this can work is if the IAF makes submission of data to the central repository a mandatory part of accreditation, meaning any CB that refuses would risk losing accreditation. It’s unlikely, however, that Dougherty would push any such extreme enforcement, since his ANAB has shown itself historically unwilling to enforce existing accreditation rules, never mind new ones. Dougherty tends to get involved in things that make some noise for a while, and then go nowhere — SN9001 anyone? — because he lacks the stomach to see them through to their logical end, which is nearly always a confrontation with the CBs under his control. So while the “Doughertybase” has a better chance than previous attempts to get off the ground, it still faces near impossible odds in getting active participation by CBs, who prefer to hide their data and make verification impossible to avoid lawsuits.
So, unfortunately, the new system will likely be another dole-out to the Friends of Dougherty* for a temporary cashgrab followed by inevitable collapse when the CBs remind the IAF just who’s boss. The only way to make this work is to have CASCO update ISO 17021-1 (through a technical supplement?) and make inclusion in the system a mandatory part of accreditation, enforceable through normal AB oversight audits. Dougherty essentially runs CASCO, so he can do it; the question is whether he has the will.
But we can dream…
(*Even I snickered out loud at that one, and I wrote it.)
[CORRECTION: an earlier version of this article erroneously indicated the Oxebridge presentation before IAAR was in 2004; the actual date was 2005.]