cashThe accreditation body UKAS has ignored ISO 17011 as well as both UK and EU law for some time now, and allowed certification bodies (CBs) to create and operate “partnership” programs with consultants that provide the CB with leads and contracts. It’s a disgusting practice that obviously — obviously — creates a conflict of interest that violates every principle dictating objectivity and impartiality on the part of CB audits, and thus negates all trust and validity of the resulting ISO 9001 certificates. The problem is less severe in the US, but ANAB has likewise looked the other way.

Registrars such as NQA, LRQA, TNV and BSI all operate some kind of consultant referral program, and each one has different rules, but typically the consultant gets to use a “badge” on their website and marketing material, featuring the CB logo, if they deliver a certain number of clients to the CB. In the US, the registrar EAGLE famously tried this, after having spent years promoting itself as the ethical alternative to the other North American CBs in operation. Then — after reporting by Oxebridge — EAGLE silently dropped the program (so silently, we’re not even sure it’s dropped) and dumped the Business Development guy who created it. ANAB never even raised an eyebrow throughout the entire thing, and once again Oxebridge stepped in to do the work assigned to the accreditation bodies, since they won’t.

But the situation under the UKAS banner is much, much worse.

The Alchemists of Alcumus

Meet Alcumus ISOQAR, a UK-based registrar (wholly unrelated to the Bonita Springs FL based US registrar ISOSAR Inc.) operated under the Alcumus Holdings Ltd group. Alcumus ISOQAR has created what it calls the ISOQAR Associate Network, or IAN, which rewards consultants that drive business to their certification operation. It’s not clear what a “normal” level would be, since it’s not defined, but Alcumus ISOQAR has a “Diamond Member Scheme” which breaks all ethical boundaries and just starts throwing bling and booze at consultants, all with the apparent approval of Nigel Overton and UKAS.

The Diamond Member Scheme requires a consultant to deliver “a minimum of 3 clients resulting in certification sales for Alcumus ISOQAR” or “£5K worth of business to Alcumus ISOQAR during the defined period.” It’s not clear what the “defined period” is. Alternatively, you can “have worked in partnership with Alcumus ISOQAR for more than 15 years” hinting that this rotten practice has been going on for that long, and UKAS has never so much as sneezed about it. If you’ve already met that morally leprous condition, you then need to “continue to bring 3 clients or £5K per year minimum” to maintain your Diamond status, although it’s highly unlikely any consultant is doing that, so it’s likely not enforced.

isoqaralcumus

Once you’ve dutifully thrown away all pretense of being an ethical consultant and signed up for this orgy, Alcumus ISOQAR will return the favor with a virtual flood of what they just openly call “rewards,” including a host of cash-value marketing materials (far beyond the simple webpage badge), free training slots, breakfasts, discounts on merchandise and electronics, and even 6 bottles of champagne, because nothing makes a dirty handshake deal appear more professional than topping it off with free booze.

isoqaralcumus2

This is particularly problematic since most of the “rewards” have a cash value, making them literally (under US law anyway) a “cash-value quid pro quo” form of gifting that would be tough to defend in a court of law.

In a hilarious bit of middle-fingering to the world, on one page Alcumus claims “we are unable to endorse the services of any consultant” and then on the next it openly endorses them anyway (emphasis added):

Diamond status demonstrates that these particular consultants have a proven track record of working with Alcumus ISOQAR and are known by us to deliver effective and consistent implementation of management systems on behalf of ISOQAR clients.

That single blurb not only offers an endorsement (“effective and consistent”), but ties it directly to the consultant’s work with Alcumus ISOQAR. Accreditors have to go very, very far out of their way not to see this publicly-displayed violation of accreditation rules.

Fire Up the Coal-Driven Complaints Engine

All of this came to light when, over at LinkedIn, an unwitting Alcumus marketer posted a promotion for a series of “breakfasts” targeting consultants, which throw some free food at them in order to rope new consultants into the program en masse. This prompted yours truly to issue a formal complaint against Alcumus ISOQAR about an hour later.

In my research, I found that Alcumus ISOQAR has violated the accreditation rules of ISO 17021-1:2015 at least nine eleven times. A tenth twelfth violation was reported as a result of me being utterly unable to find their complaints handling process published anywhere, another requirement of 17021-1 (if it’s there, I can’t find it.)

You can download the 8-page complaint here (PDF). In short, here are some of the violations I found:

  1. Alcumus ISOQAR has violated ISO 17021-1 Clause 4.2.3 because is impossible to expect that ISOQAR will be “impartial” to any consultant that has provided it the level of financial income required by the IAN/Diamond program, and which it then grants significant rewards of material goods and cash-value offers.
  2. Alcumus ISOQAR has violated ISO 17021-1 Clause 4.2.4 in that it has created a significant “threats to impartiality” which ISO 17021-1 defines as including include the following: (a) Self-interest threats: threats that arise from a person or body acting in their own interest. A concern related to certification, as a threat to impartiality, is financial self-interest and (c) Familiarity (or trust) threats: threats that arise from a person or body being too familiar with or trusting of another person instead of seeking audit evidence.
  3. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.3 by entering into relationships with consultants which then “pose an unacceptable threat to impartiality
  4. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.3 a second time, by offering “inducements for the referral of new clients” specifically prohibited under this clause, in the form of material goods which have a financial value, discounts, benefits, perks, and even free alcohol.
  5. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.7 by providing certification services to the clients of IAN/Diamond consultants, against the requirement that “the certification body shall not certify a management system on which a client … where the relationship between the consultancy organization and the certification body poses an unacceptable threat to the impartiality of the certification body.”
  6. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.9 by linking its marketing with that of the consulting organizations, specifically by awarding special ISOQAR-branded “badges” and other promotional materials for use by the consultant, which those consultants than use in their marketing materials to cross-promote ISOQAR.
  7. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.9 a second time by failing to take action against Diamond consultant TK Safety, which is marketing its membership in the Diamond program as enabling its consulting clients to save money on ISOQAR certification services, and indicating that changing to ISOQAR may result in a cost savings, thus violating the rule that “the certification body shall take action to correct … statements by any consultancy organization stating or implying that certification would be simpler, easier, faster or less expensive if the certification body were used.”
  8. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.9 a third time by endorsing the Diamond consultants on its webpage with the statement that “these particular consultants have a proven track record of working with Alcumus ISOQAR and are known by us to deliver effective and consistent implementation of management systems” in violation of the rule requiring that “a certification body shall not state or imply that certification would be simpler, easier, faster or less expensive if a specified consultancy organization were used.”
  9. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.11 by not only failing to “take action to respond to any threats to its impartiality arising from the actions of other persons, bodies or organizations,” but openly creating such threats.
  10. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.2.12 by allowing “commercial, financial or other pressures to compromise impartiality.”
  11. Alcumus ISOQAR has violated ISO 17021-1 Clause 5.3.2 by failing to “evaluate its finances and sources of income and demonstrate to the [that] commercial, financial or other pressures do not compromise its impartiality.
  12. Alcumus ISOQAR has violated ISO 17021-1 Clause 8.1.1 by failing to provide, on its website or other public media, its “processes for handling requests complaints and appeals.”

It gets worse. Checking into some of the Diamond-branded consultants, I found a few near-smoking-gun examples of how the eventual audits by Alcumus of its Diamond consultant’s clients routinely found “no nonconformities” at audit time. For example, Diamond consultant Daniels Management Services published four case histories of ISO 9001 clients, and all four used Alcumus ISOQAR as their registrar, and all four reported having received no nonconformities. Taken on its own, we might explain that away as coincidence, but given the overt schmoozing publicly displayed in Alcumus’ Diamond program, it becomes damning.

UKAS Needs to Step Up

It’s important to point out that these are allegations at this point, and are being formally reviewed (hopefully) by Alcumus ISOQAR. The process should provide for Alcumus to investigate, respond, and then — anticipating that they have no intention whatsoever of scrapping a program they’ve already invested a lot of money in — receiving their denial of wrongdoing. At which point it will get escalated to UKAS, who will also fail to act, and then up to the IAF, which will side with UKAS since they all share the same golf carts and brandy snifters.

Which will make things awkward, since the requirements for impartiality within the accreditation scheme are enshrined in actual law in the UK, unlike in the US where’s it a cowboy bar brawl of anarchy. The “UK Statutory Instrument 2009 No. 3155” brings an EU regulation (EC No. 765/2008) under UK law, meaning that such violations should be seen as overly illegal, and not just unethical Specifically, the law requires that UKAS ensure its accreditations are “organised and operated so as to safeguard the objectivity and impartiality of its activities.” 

In the past, UKAS ruled it was perfectly fine for BSI to offer consulting services under its “Entropy / Action Manager” software package, and for LRQA to issue a near-overnight ISO 9001 certificate to a company that had been caught submitting a forged LRQA cert to obtain a lucrative oil contract, in violation of the laws of at least three countries involved. So UKAS has an uphill battle bringing itself back into compliance with the law, but is probably relying on its political allies in the UK government to protect them. For sure they will ignore this entire thing, but it will stand as yet another marker in history when the eventual Enron-style collapse hits the ISO 9001 industry, and the regulators and press finally start poking around. Then these complaints will be entered into evidence, handed over to reporters, and all hell will break loose.

Alternatively, UKAS could use this as a wakeup call, force Alcumus ISOQAR to disband the program, and then tell LRQA, TUV, BSI and the rest to do the same. It would be expensive — the CBs have invested a lot of money in these programs, through marketing and management of them — but it would send a message that UKAS is upholding the law as well as the requirements of ISO 17021-1, and intends on ensuring ISO 9001 certs that bear its logo mean something.

To see the full list of ethically-challenged consultants that signed up for this incest-a-thon, click here.

Update 15 March 2016: Things get weirder still. One of the Alcumus ISOQAR Diamond consultancies, Rosewood Keen Management Services (RKMS) has a number of client profiles on its site, and while not all were certified by ISOQAR, the ones that were have the usual amazing successes. For its client ServiceMaster, RKMS alleges to have delivered an entire consulting package in only 8 (yes, that’s EIGHT) days for both ISO 9001 and ISO 14001, and “the company obtained certification to both standards at the first assessment by ISOQAR.”

For its client Outsourcery, RKMS implemented ISO 27001 and then reported, “the company was assessed by ISOQAR … and successfully achieved certification at the first attempt. The assessor commented that their management system was one of if not the best they had assessed to date.”

Meanwhile, Diamond consultant TL Safety throws the love back at ISOQAR by offering its clients a 5% discount on ISOQAR training, in what appears to be another overt violation of ISO 17021-1. The rules required CBs like Alcumus to “take action to correct inappropriate links or statements by any consultancy organization stating or implying that certification would be simpler, easier, faster or less expensive if the certification body were used.” In the TL Safety case, they just come right out and say, “We may be able to save you costs on your current surveillance fees from your certifying body” while talking about the Alcumus IAN program.

tlsafety

We’ve update the formal complaint to include these new pieces of evidence.

Update 16 March 2016: TL Safety representative Tony Lundy says the language on their webpage was not endorsing ISOQAR specifically, despite using their logo twice and referencing them four times. They have agreed to remove the language about ISOQAR and review the requirements of ISO 17021-1 moving forward.