As readers are likely aware, Oxebridge has been tracking patterns in ISO certifications since the earliest days of the Mobil Survey, which eventually became the ISO Survey, released annually by the International Organization for Standardization. That only tracks valid ISO certificates, so we also began tracking — to the extent possible — invalid certificates. These would be ISO certificates issued by unaccredited “certificate mills,” or those issued by valid bodies but in violation of international accreditation standards. Collectively, we call these “unqualified” certificates, since they are a mix of unaccredited and accredited certs.
It’s very, very hard to get hard numbers on the unqualified certificates in the world, since certificate mills either don’t publish their certificate totals or make up astronomical numbers to give themselves a veneer of respectability. For the unqualified certificates issued by accredited bodies, these numbers are buried amidst the valid certificates and reported within the ISO Survey totals; there’s no easy way to separate them out.
ISO is obsessed with boasting about total certificates issued and, more recently (to further inflate the numbers), the number of sites certified. It’s not about to start being honest about its reporting, nor perform any significant vetting which might cull bad certificates and affect their totals.
Instead, all we can do is track patterns in whistleblower complaints, scandals, uncovered certificate irregularities, and other reports to build a sense of where the most trouble comes from.
With that in mind, we’ve developed a list of Top Ten Hotspots for Unqualified ISO Certificates, as follows:
#5 – Japan
Japan is renowned for its quality, so one might be surprised that it makes this list at all. Japan is also not known for the presence of many unaccredited certificate mills. So just why are they showing up at the #5 slot?
In short, the Japanese Accreditation Body (JAB) has proven to be one of the most corrupt accreditation overseers in the world. On their watch, we have now uncovered decades of fraudulent behavior by ISO-certified firms in Japan, all bearing certificates issued by JAB-accredited certification bodies like JQA or JIC Quality Assurance. The largest number of these scandals involve falsification of inspection and test data, and often of critical products that involve assuring human health and safety. Some of this could be explained away as simple incompetence by the Japanese auditing firms, but the fact that JAB has not taken any action after 30 years points to full-on corruption. JAB simply doesn’t care because it makes money on each ISO certificate issued in that country.
This is criminal activity, and the Japanese government should be holding JAB accountable. It cannot be known how many lives have been put at risk — or even lost — due to the data falsification culture that has grown to overshadow the huge strides Japan had previously taken to improve quality. Now we cannot trust Japanese products because, despite glitzy marketing and a (now fading) history of quality, Japan is instead pumping out potentially lethal products that bear certificates with the JAB seal of authenticity.
So while Japan may not be producing fake ISO certificates, the “real” ones it produces cannot be trusted, making it even more heinous.
# 4 – United Arab Emirates
Dubai may be a glittering city trying to stand apart from its otherwise drab surroundings, attracting both business and tourism to great effect. But its ineffective and dubious government structures have proven woefully inept at governing the country’s image of “quality.” The number of certificate mills and unqualified valid certificates issued out of Dubai is growing at an astonishing rate. Ironically, much of this is driven by UAE’s use of immigrant auditor labor, the bulk of that coming from its neighbor across the Arabian Sea, India. Much of UAE’s growth is due to aggressive recruiting of labor from countries like the Philippines, India, and Pakistan, and this shows up in low-quality assessments and near-absent accreditation oversight by its two national accreditation bodies EIAC and GCC.
# 3 – Russia
This should surprise no one, as Russia has been a source of fake certifications for decades. Twice, ISO had to revise its ISO Survey data to remove fake certificate numbers coming out of Russia, rare moves that show ISO has the ability to correct the data when it wants to.
As we will see with China, Russia has a tangible interest in putting forth an image that its capable of quality and adhering to standards. The government drives this, so isn’t about to hold companies accountable if they “fudge” the numbers a bit, and exaggerate their capabilities. Russia also has no effective accreditation body, and is currently not under any real obligation to abide by IAF MLA agreements or requirements. It operates in a bubble of its own making. It is making an effort to get under the full IAF wing, and IAF regional bodies (APAC, in particular) are showing a willingness to allow this and ignore the tremendous number of fake certificates coming out of Russia in exchange for a percentage on each certificate.
Now we have the virus-like growth of unqualified certificates coming out of firms operated by Rostec, the Russian defense firm. Sub-companies under Rostec have been unmasked as issuing certificates to themselves, as well as to anyone who will pay. Through a (potentially illegal) partnership with Quality Austria and Austria’s accreditation body, Akkreditierung Austria, Rostec is positioning itself to be one of the world’s fastest-growing producers of fraudulent ISO certificates. Similar to Quality Austria, a lot of other certification bodies — also accredited by IAF MLA members — have established (again, potentially illegal) partnerships and agencies in Russia, which are issuing or selling certificates without any real control or oversight from their foreign “partners or owners”. They are using incompetent auditors and do not follow relevant rules. The certification bodies operating this way include various TUV companies, BV, DQS, etc.
At this point, not a single certificate emerging from Russia can be trusted. Period.
# 2 – India
India has always been a producer of dubious ISO certifications which are then exported to regional neighbors and around the world, a product of its relatively higher educational standards and English-language speakers. Within the last ten years, however, India’s export of fake certificates has exploded with the help of countries like the US and UK, who allow representatives in those countries to form quickie-LLC companies to mask the actual owners in India.
India’s government has proven entirely inept in controlling, if not complicit in, that country’s ISO scandals. Accreditation bodies like NABCB have made great theater in claiming they are working to rein in counterfeit certificates, but the numbers speak for themselves: the proliferation of fake certs coming out of India has, by Oxebridge’s accounting, tripled in the past ten years.
Because India falls under the IAF regional body APAC, one of the most corrupt bodies in that pyramid, there is essentially no oversight. The peer-evaluation of APAC members is carried out by incompetent assessors who, in many cases, do not understand the CASCO standards and IAF requirements they are tasked with assessing to. APAC’s head Graeme Drake has prioritized adding bodies to his roster en masse over actually enforcing accreditation rules over the ones he has already, so this is unlikely to change. The fact that Drake and APAC operate out of Australia, some 8,000 km away from India, doesn’t help matters.
India also has the worst numbers related to consultants working side-by-side with allegedly “proper” accredited CBs. Yet again, the IAF and APAC have done nothing to stop this practice, despite it being a clear violation of conflict-of-interest rules. The problem is so pervasive in India, that it is both common and accepted to receive a quote for simultaneous consulting and certification. They put it right down on paper, knowing that neither APAC nor the Indian government will do anything about it.
Like Russia, not a single certificate coming out of India can be considered valid without extensive — and often impossible — individual verification.
# 1 – China
Taking Russia’s “government-sanctioned fraud” to entirely new levels, China allows tens of thousands of fake or unqualified ISO certificates to be issued every year, resulting in its overinflated figures in each annual ISO Survey report.
Previously, a US-based CB I worked with (on an Advisory Board capacity) reported that in the first month it had opened a satellite office in China, that office produced 400 certificates. The CB canceled its license with the Chinese branch office immediately, knowing that it was physically impossible for its tiny team of auditors in Guangzhou to conduct 400 audits in a year, never mind a single month.
Much of this is due to various Communist Party policies, such as “Made in China 2025” and the “Belt and Road Initiative”, which seek to present China as a nation capable of innovation and quality.
This is all made worse by the fact that China now manages the activities of the IAF, with the head of China’s CNAS accreditation body also being the President of IAF. Xiao Jianhua has given speeches clearly and openly stating that the IAF is being used to push ahead on official Chinese Communist Party policies like Belt and Road, and the world has essentially shrugged. Also, it is not clear what are the administrative links with the majority of government-owned CBs and CNAS. The impartiality of the conformity assessment activities in China is questionable.
Whereas countries like India and UAE see floods of unqualified certificates due to government incompetence or disinterest, in China the government is an active participant in the fraud. It does make largely symbolic gestures towards the control of accreditation fraud, and occasionally throws a company under the bus. But the figures don’t lie.
If we were to expand this list to ten, the other five nations to watch would be Qatar, Pakistan, Turkey, the United Kingdom, and the United States. Each of these countries has a growing problem of mill-produced certificates which threaten the validity of ISO certs overall, as well as the health and safety of the public.
In its defense, Pakistan has improved slightly in the past five years, and it’s not clear how or why. There’s no evidence that the government of Pakistan has any more mettle or competence to rein in ISO certificate fraud than its regional neighbors, but something is going on there, and it’s trending in the right direction (for now).
At the same time, some countries in South America are ramping up their dubious certification issuance, and you might not be surprised to find a country like Brazil taking Pakistan’s place on this list. There’s also an argument that Austria might be a worse player than Pakistan, but Austria’s problems are related more to its willingness to bless certificate mills in other countries — like Russia and Qatar — while generally keeping things clean in their home nation. In Austria’s case, however, government officials appear openly complicit, and we’re tackling that one in court right now.
The US and UK have no excuse, other than sheer plutocratic capitalist greed. Under their models of “free enterprise” — which has become just a tool to enable fraud as opposed to innovate or ensure a nation’s overall welfare — the US and UK have allowed certificate mills to thrive. The UK is particularly nefarious, allowing them seats at government tables, honorifics issued by the Royal family, and more. UKAS is protected under UK law, and knows it — there’s no interest, therefore, for UKAS to start acting like a valid accreditation body.
In the US, meanwhile, the proliferation of “national accreditation bodies” — a term without any meaning in America, mind you — has led to the overall lowering of standards for accreditation. Now it’s a race to the bottom, as CBs seek out the cheapest US accreditation body they can find, all with the IAF’s blessing. And, yes, the IAF is located in the US, too, so that’s not wonderful.
We’ll revisit this list in the coming years to see if there’s any change.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.