In just 24 hours, Oxebridge has filed two new complaints against ISO 9001 certification bodies, alleging they violated ISO 17021-1 rules governing the provision of accredited certification audits. Both complaints came about as a result of the ISO Whistleblower Reporting program.

The first complaint was filed against Royal Impact Certifications Ltd., (RICL). RICL responded to a request for information by providing a pre-filled proposal, complete with pricing, despite the client not having provided any information on the size or scope of the quality system to be audited. RICL also provided a “sample” ISO 9001 certificate bearing the accreditation logos of JAS-ANZ and the United Accreditation Forum (UAF).

Oxebridge confirmed that RICL is accredited by both bodies. ISO 17021-1 demands that audit duration be calculated per the IAF Mandatory Document No. 5 (MD5) which bases the duration on the size of the company. Without knowing the size, Oxebridge alleges, RICL could not adequately quote the audit duration.

The second complaint was filed against SIS Certifications Pvt. Ltd., after SIS provided a series of emails to a potential client in which they promised to provide both ISO 9001 certification and full development of the QMS documentation. At the same time, SIS boasted of accreditation by the International Accreditation Service (IAS) and IOAS. The latter is not to be confused with the IAF member body IOAS from the USA, but instead appears to be a fake accreditation body located in Grenada.

Email from SIS Certifications openly describing how they intended to write the QMS procedures they would later audit.

Under its IAS accreditation, however, SIS is required to comply with ISO 17021-1. That standard prohibits a CB from certifying a system for which it performed “management system consultancy,” which is defined as including “preparing or producing manuals or procedures.

Both SIS and RICL are based in India, but serve clients throughout the world.

Both of their accreditation bodies — the UAF and IAS — face complaints that they have failed to police their CB pool, allowing them to issue certificates without adhering to accreditation rules. A formal complaint was filed with IAS and then escalated to the Asian Pacific Accreditation Cooperation after Oxebridge ruled IAS’s response was insufficient. A complaint against UAF is being prepared separately, but Oxebridge is having difficulty confirming the personnel who work there.

To date the ISO Whistleblower Program has received over 100 submissions, and has resulted in the filing of a dozen high-level, formal complaints in only a few months. The bulk of issues reported have been against Indian and Middle Eastern companies, which Oxebridge attributes to multiple factors, including a hesitance on the part of American or European users to file complaints.

UPDATE 4 October 2019: SIS Certifications responded by denying the complaint in only 20 minutes. The denial was given by the same management staffer who offered the simultaneous consulting and certification services; the manager then refused to recuse himself from the complaint process. SIS argues that they use a third-party consultant to provide the QMS consulting portion of their work, and provided a screenshot of a WhatsApp chat between the consultant and SIS to prove it. Oxebridge argues this only worsens the situation for SIS, as it provides evidence of collusion between SIS and the consultant, and does not absolve them. Oxebridge also argues that SIS has ignored entirely its own procedure for complaints handling, as published on its website. The SIS complaint has now been escalated to their accreditation body, IAS.