{"id":2288,"date":"2014-01-26T16:37:35","date_gmt":"2014-01-26T20:37:35","guid":{"rendered":"http:\/\/www.oxebridge.com\/emma\/?p=2288"},"modified":"2014-01-28T13:16:22","modified_gmt":"2014-01-28T17:16:22","slug":"lrqa-granted-iso-9001-certificate-to-a-company-it-never-audited","status":"publish","type":"post","link":"https:\/\/www.oxebridge.com\/emma\/lrqa-granted-iso-9001-certificate-to-a-company-it-never-audited\/","title":{"rendered":"LRQA Responds to Official Complaint With Lawsuit Threat"},"content":{"rendered":"<div id=\"attachment_2290\" style=\"width: 191px\" class=\"wp-caption alignright\"><a style=\"font-size: 1em; line-height: 1.5em; color: #b7322c; text-decoration: underline; text-align: center; background-color: #f3f3f3;\" href=\"http:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa011.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-2290\" class=\"wp-image-2290 \" style=\"border: 0px none; padding: 0px; margin: 0px; -webkit-user-drag: none; width: 191px;\" title=\"lrqa01\" src=\"http:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa011.jpg\" alt=\"\" width=\"181\" height=\"249\" srcset=\"https:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa011.jpg 503w, https:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa011-109x150.jpg 109w\" sizes=\"(max-width: 181px) 100vw, 181px\" \/><\/a><p id=\"caption-attachment-2290\" class=\"wp-caption-text\">Click to enlarge<\/p><\/div>\n<p><span style=\"font-size: 1em; line-height: 1.5em;\">Earlier this month, we reported a story entitled &#8220;LRQA Granted ISO 9001 Certificate to Company It Never Audited.&#8221; We followed this up with a formal complaint to LRQA on the matter. LRQA responded to Oxebridge by threatening a lawsuit on the grounds of libel.<\/span><\/p>\n<p>Prior to the original article, Oxebridge was contacted by a customer of the company Hoerbiger Kompressortechnik, who revealed that a certificate bearing the LRQA logo (see right) had been submitted to his company, by Hoerbiger Hungary, in order to gain a contract. This representative &#8212; who, to date, has asked to remain anonymous &#8212; researched the certificate and found that the company was not, in fact, certified.<\/p>\n<p>The customer provided us emails between himself and LRQA&#8217;s Central Europe Area Manager\u00a0Bjoern Mueller which seemed to confirm the story that LRQA had issued the certificate. \u00a0<span style=\"font-size: 1em; line-height: 1.5em;\">On November 3, Mr. Mueller responded:<\/span><\/p>\n<blockquote><p>All LRQA certificates are issued in line with company procedures, which have been independently audited and accredited by\u00a0 over 50 accreditation bodies around the world.\u00a0 Also, our investigations into this incident are based on the processes that have been sanctioned by these accreditation bodies, in line with ISO 17021.<\/p>\n<p>On September 3<sup>rd<\/sup>, we responded to your initial concerns by confirming that the ISO 9001 certificate in question relative to Hoerbiger Hungary Kft was not a valid LRQA certificate.\u00a0 In parallel, we had informed the headquarters of our client Hoerbiger of this situation. Following their own internal investigation, Hoerbiger requested that LRQA undertook an ISO 9001 assessment at Hoerbiger Hungary Kft to ensure this particular site\u2019s compliance with international quality management system ISO 9001.\u00a0 This process has been completed and their certificate is now valid along with the other Hoerbiger sites.<\/p><\/blockquote>\n<p>(ISO 17021:2011 is the international accreditation standard under which LRQA is accredited, and which provides the rules for conducting 3rd party conformity assessment to ISO 9001. Under that standard, audits are required before any ISO 9001 certificate can be issued. )<\/p>\n<p>Based on that email, we assumed the following was true:<\/p>\n<ul>\n<li><span style=\"font-size: 1em; line-height: 1.5em;\">LRQA did not conduct an internal investigation of its own, but instead off-loaded this back to the customer,<\/span><\/li>\n<li><span style=\"font-size: 1em; line-height: 1.5em;\">The customer ascertained that their certificate was not valid, and they requested an audit to bring them into validity.<\/span><\/li>\n<li><span style=\"font-size: 1em; line-height: 1.5em;\">LRQA conducted that audit, and the certificate was &#8220;<em><strong>now valid<\/strong><\/em>&#8221; per Mr. Mueller &#8212; indicating it had not been before.<\/span><\/li>\n<\/ul>\n<p>From those points, we ran the story that LRQA had issued the certificate without proper auditing.\u00a0<span style=\"font-size: 1em; line-height: 1.5em;\">At the same time, Oxebridge escalated the matter to LRQA, as an official complaint under ISO 17021, and requested corrective action. <\/span><\/p>\n<p><span style=\"font-size: 1em; line-height: 1.5em;\">On January 22nd, LRQA responded by sending anonymous email threatening legal action against Oxebridge for making &#8220;false and libellous statements.&#8221; The email came with an unsigned attachment, which gave a different account of events, confusing the matter further. According to the anonymous report:<\/span><\/p>\n<blockquote><p>In relation to the Hoerbiger Hungary Kft site, we can confirm that this location was originally part of LRQA Certificate number\u00a0<a href=\"http:\/\/www.oxebridge.com\/downloads\/attachment2_VNA0004741A.pdf\" target=\"_blank\">VNA0004741\/A<\/a>, &#8230;\u00a0\u00a0until April 30, 2013, when, along with a number of other locations, Hoerbiger Hungary was not continued as part of the certification. Prior to April 30 2013, Hoerbiger Hungary was periodically audited throughout the certification period in line with our accredited assessment process.<\/p>\n<p>In October 2013, following a successful audit, Hoerbiger Hungary, as a separate entity, received LRQA certificate number\u00a0<a href=\"http:\/\/www.oxebridge.com\/downloads\/attachment3_VNA6018699.pdf\" target=\"_blank\">VNA6018699<\/a>, which is only valid for the stated location. On-site visits in connection with this certificate were carried out on October 11, 2013 and October 31, 2013.<\/p>\n<p>Therefore, Hoerbiger Hungary did not have an ISO 9001:2008 certificate from LRQA between May 1st and October 31st, 2013.<\/p><\/blockquote>\n<p>In response to the LRQA certificate that showed Hungary as having an active certification through until 2016, LRQA&#8217;s representative said,\u00a0&#8220;<em>we can confirm that this did not originate from LRQA<\/em>.&#8221;<\/p>\n<p>You can read the full LRQA response\u00a0<a href=\"http:\/\/www.oxebridge.com\/downloads\/LRQAresponse.pdf\" target=\"_blank\">here<\/a>. (PDF)<\/p>\n<p>LRQA then demanded the reporting be pulled, and threatened a lawsuit:<\/p>\n<blockquote><p>As the evidence presented here clearly confirms, your allegations in relation to LRQA\u2019s\u00a0issuing of a certificate to Hoerbiger without undertaking an audit are entirely false.\u00a0Based on this fact, we must insist that you remove all such false and libellous\u00a0statements relating to LRQA from your website as soon as reasonably possible and by\u00a0no later than the 27th of January 2014. Please note that in order to safeguard our\u00a0reputation we reserve our rights to take any further legal action against you as we see fit\u00a0without further notice should you not comply with this demand, or if you continue to\u00a0defame us through any medium whatsoever. Please note that upon your immediate\u00a0removal of all false and libellous statements as set out above, we shall consider this\u00a0matter closed.<\/p><\/blockquote>\n<p>Oxebridge wrote back to the anonymous sender, using the email provided (&#8220;enquiries@LRQA.com&#8221;) and asked for a clarification on the two apparently contradictory accounts of Mr. Mueller and the anonymous sender. We also demanded a signed copy, as courts will not recognize a deadline issued by an anonymous email sender.<\/p>\n<p>Without an answer, we escalated the problem to Jim Harrison, of LRQA&#8217;s Legal Department, and demanded a signed copy of the request be sent. On January 24th we received a signed copy from LRQA EMEA Business Manager\u00a0<a href=\"mailto:denis.ives@lrqa.com\">Denis Ives<\/a>. Mr. Ives provided no explanation for the disparities between his account and that of Mr. Mueller, and instead reinforced the lawsuit threat. As of this publication date (January 27th) Mr. Ives has still not provided an answer.<\/p>\n<p><a style=\"font-size: 1em; line-height: 1.5em; color: #b7322c; text-decoration: underline; text-align: center; background-color: #f3f3f3;\" href=\"http:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa02.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2291 alignright\" style=\"border: 0px none; padding: 0px; margin: 0px; -webkit-user-drag: none; width: 227.9971466064453px;\" title=\"lrqa02\" src=\"http:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa02.jpg\" alt=\"\" width=\"218\" height=\"301\" srcset=\"https:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa02.jpg 519w, https:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2014\/01\/lrqa02-109x150.jpg 109w\" sizes=\"(max-width: 218px) 100vw, 218px\" \/><\/a>The &#8220;valid&#8221; certificate issued by LRQA after the exposure is shown at right, and dated October 31, 2013. Oxebridge has confirmed that the fake certificate was created by &#8220;photoshopping&#8221; the dates and signature portion of a valid certificate over the body of a previously expired one.<\/p>\n<p>While Oxebridge wants to make it completely clear that it no longer appears that LRQA issued a certificate for a company it did not audit, and has thus issued this corrected article, clear problems remain in place and have gone unanswered by LRQA.<\/p>\n<p><span style=\"font-size: 1em; line-height: 1.5em;\">For one, the dates appear to show that the error sat unnoticed by LRQA &#8212; and unreported by Hoerbiger &#8212; for five months. Worsening matters, the Hungarian Hoerbiger office was intentionally attempting to gain access to at least one major contract by knowingly submitting the false certificate during a bidding process; at no time did anyone in the Hoerbiger Hungary office volunteer to undergo an ISO 9001 audit until the issue was reported by the customer.<\/span>Then there is LRQA&#8217;s response. When responding to the original complaint by Hoerbiger&#8217;s customer, it is not clear if\u00a0<span style=\"font-size: 1em; line-height: 1.5em;\">a formal internal corrective action was filed, per ISO 17021 rules, since no evidence was provided. If such a corrective action was taken, the result appears not to have addressed the root cause, which is how the counterfeit certificate was released into the supply chain. Furthermore, the email from Mr. Mueller indicates that LRQA shifted the responsibility for investigation to its client, Hoerbiger, rather than conducting one itself. ISO 17021 clause 9.8.2 requires that, <\/span><em style=\"font-size: 1em; line-height: 1.5em;\">&#8220;u<span style=\"font-size: 1em; line-height: 1.5em;\">pon receipt of a complaint, the certification body shall confirm whether the complaint relates to\u00a0<\/span><\/em><span style=\"font-size: 1em; line-height: 1.5em;\"><em>certification activities that it is responsible for and, if so, shall deal with it.&#8221;<\/em> It does not allow the Certification Body to delegate the investigation to the client.<\/span><\/p>\n<p>The Ives version of events lacks any mention of the customer complaint, indicating that a new audit was just conducted in October, apparently not driven by any complaints whatsoever. Whether this is true, or whether Mr. Ives just left that part out of his explanation, is not clear.<\/p>\n<p>What is very clear, however, is that rather than provide a rational explanation that clarified the two accounts (of Mueller and Ives), and allow Oxebridge the time to correct its reporting, LRQA jumped immediately to the threat of a lawsuit, apparently without even advising Mr. Harrison&#8217;s Legal team at LRQA. This sends a chilling message that LRQA will threaten to sue complainants rather than abide by the spirit of ISO 17021, which says:<\/p>\n<blockquote><p>4.7 Responsiveness to complaints<\/p>\n<p>Parties that rely on certification expect to have complaints investigated and, if these are found to be valid,\u00a0should have confidence that the complaints will be appropriately addressed and that a reasonable effort will\u00a0be made to resolve the complaints. Effective responsiveness to complaints is an important means of\u00a0protection for the certification body, its clients and other users of certification against errors, omissions or\u00a0unreasonable behaviour. Confidence in certification activities is safeguarded when complaints are processed\u00a0appropriately.<\/p><\/blockquote>\n<p>The question now becomes one of the counterfeit certificate.\u00a0Per ISO 17021, part of every CB audit includes a mandatory review of proper usage of the registrar&#8217;s logo and accreditation mark. Since we know LRQA had been informed of the counterfeit certificate as early as August 2013, how did it conduct a registration audit in October of 2013 and not raise issues with the fake certificate being sent out as part of a bid request?<\/p>\n<p>Oxebridge is formulating a new complaint based on this question, and will escalate to UKAS if a suitable answer is not forthcoming.<\/p>","protected":false},"excerpt":{"rendered":"<p>Earlier this month, we reported a story entitled &#8220;LRQA Granted ISO 9001 Certificate to Company It Never Audited.&#8221; We followed this up with a formal complaint to LRQA on the matter. LRQA responded to Oxebridge by threatening a lawsuit on the grounds of libel. Prior to the original article, Oxebridge was contacted by a customer [&hellip;]<\/p>","protected":false},"author":2,"featured_media":2291,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","mc4wp_mailchimp_campaign":[],"footnotes":""},"categories":[3],"tags":[24,23,43,52,14,29,162,163],"class_list":["post-2288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-accreditation","tag-certification-bodies","tag-iso","tag-iso-17021","tag-iso-9001","tag-iso-90012008","tag-lloyds","tag-lrqa","et-has-post-format-content","et_post_format-et-post-format-standard"],"_links":{"self":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts\/2288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/comments?post=2288"}],"version-history":[{"count":23,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts\/2288\/revisions"}],"predecessor-version":[{"id":2296,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/posts\/2288\/revisions\/2296"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/media\/2291"}],"wp:attachment":[{"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/media?parent=2288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/categories?post=2288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oxebridge.com\/emma\/wp-json\/wp\/v2\/tags?post=2288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}