I suppose we can at least breathe a bit easier now knowing that the IAF has (illegally) abandoned all pretense of upholding ISO 17011. Let’s make this clear: now, despite rules in ISO 17021 and related standards saying certification and accreditation bodies may not consult, they are allowed to consult. Under the IAF’s posture — which will only worsen when IAF and ILAC merge to form the for-profit company GLOBAC — the bodies may now:

  • Openly sell consulting and then later certify their own consulting work.
  • Partner with consulting companies and offer their clients discounts.
  • Partner with consulting companies and offer them referral fees.
  • Openly sell the services of “approved” consultants, and then certify those consultants’ work.
  • Participate in the creation of marketing materials — inlcuding videos — of select consultants.
  • Allow select consultants to market that their CB will be faster, cheaper, and easier than their competitors.
  • Get accredited in a single one-person office and then offer accreditations in all 195 countries around the world, with no oversight.
  • Get accredited without actual verification of CB / AB activities
  • Openly engage in crimes, violations of international sanctions, bribery, theft of service, and a whole host of other scams we haven’t even thought of yet.

While all of that is terrible, at least under Victor Gandy’s IAF, Etty Feller’s ILAC, and Matt Gantley’s UKAS (who helped “internationalize” this corruption at the literal cost of human lives), it’s all out in the open. No more secrecy, no more hiding, no more pretending that accreditation is based on impartiality and objectivity.

We are officially in the pay-to-play era of let’s-privatize-everything-and-not-regulate-anything certification schemes.

Scams Within Scams

While the efforts to scam the system have been cooking for over a decade, there’s been a mad dash in the last few years to ignore the ISO accreditation rules and IAF Mandatory Documents in the past 3 years or so.

The cybersecurity firm Vanta is openly marketing its relationship with multiple “fully-accredited” certification bodies, and the CBs — who are obligated to stop Vanta — are doing the opposite. They appear to be leaning into the conflicts of interest to fully embrace the ISO Scammer Culture.

Here we see Vanta marketing on behalf of the accredited CB BARR Advisory a “100% Satisfaction Guarantee” on ISO 27001 certification audits. At the same time, Vanta is claiming that British Assessment Bureau (which is now Amtivo) will give Vanta clients a 25% discount. All of that violates ISO 17021, but IAF doesn’t care.

And here we have Avani Desai, CEO of the CB Schellman, pitching back to Vanta, telling its clients to use its ISO 27001 auditing software to ensure that everything will go both faster and easier. Again, a blatant and egregious violation of ISO 17021.

 

And, as reported previously, in recent months we have seen:

  • Noted certification body LRQA (formerly Lloyd’s Quality Register) outright bought the ISO consulting firm Core Business Solutions and is now certifying its own consulting work, all while accredited by ANAB.
  • For over a decade, British Assessment Bureau certified clients who used its ActivCertify QMS software; Amtivo then bought BAB and continued to do so, all while accredited by UKAS.
  • BSI sold its “Entropy” QMS software for years under UKAS and ABAB accreditation.
  • TUV Nord continues to operate a consulting company under its own TUV name in Saudi Arabia, all while accredited by DAkkS.
  • Quality Austria continues to certify clients of its consulting companies operated by its own staff in Qatar and elsewhere, all while accredited by AA.
  • ANAB continues to promote the consulting solution Ideagen QualTrax, and cleared itself when a complaint was filed. IAF took no action, because ANAB’s Lori Gillespie is co-Chair of IAF.
  • EIK Certificering operated a consulting company under the name EIK Consultancy, all while accredited by RvA.
  • NSF-ISR openly sells consulting, but added a footer to its website saying it doesn’t. Mind you, it’s a footer on the website where it actually sells consulting.
  • Husk Registrars openly certified the consulting clients of its own CEO, all while accredited by IAS.
  • Accreditation Body IAS accredited bodies that bought the ISO 17021 template kit sold by its own Board member.
  • Bureau Veritas openly partnered with consulting company GreenBizCheck and then certified clients who used them, all while accredited by UKAS and ANAB.
  • Intertek… well, they’re a mess. See here and here, all while accredited by multiple IAF bodies.
  • So many CBs accredited by IAS and UAF are engaged in open co-marketing of consultants, I can’t even list them all. See here and here and here, for a few.
  • Accreditation body A2LA spun off its training and consulting body as A2LA Workpace Training and later falsely claimed the two companies were not related. Meanwhile, they ran press releases about how A2LA ran both.
  • CB Smithers created an entire alternative ISO 9001 scheme through collusion with a private consultant and ANAB, and got away with it.
  • ISO 27001 CB Zertia partnered with a consulting firm laughably named Ethically, and then marketed for them.

The History

Now, keep in mind that this used to be so taboo, they’d break up entire companies engaged in these practices. In the early days, Perry Johnson (the man) sold consulting and then certified his own clients. The IAF and the accreditation body RAB stepped in and forced Johnson to split his companies. He sold the CB off as Perry Johnson Registrars and launched a separate company called Perry Johnson Consulting. That only happened because folks in those days enforced the rules.

And let’s talk about RAB. At the time, the US accreditation body operated under the name Registrar Accreditation Board. But it, too, was engaged in conflicts of interest, selling Lead Auditor credentials to its own certification body clients. This was seen as a conflict of interest — RAB could threaten to withhold accreditation if a candidate CB didn’t buy their Lead Auditor classes — so the IAF and industry forced RAB to divest. RAB sold its auditor training and credentialing company to the Australians, and it was rebranded as RABQSA, which later rebranded as Exemplar Global. The accreditation body rebranded as today’s ANAB.

So, ANAB literally exists because someone else enforced the same rules they no longer enforce. Got it?

The IAF itself promised both ISO and the World Trade Organization that its “peer evaluation” process would be better than having actual regulations imposed on the industry. The WTO was pushing ISO to regulate and manage accreditations through a scheme called, at that time, QSAR, but ISO really did not want the role. When the IAF emerged, created by UKAS, RAB, and a few other ABs, they happily shuttered QSAR and the WTO bought into the lie.

There was never any chance that self-regulation by private companies would work. But the world was still drunk on the Reagan / Thatcher “goverments suck at everything” illusion, so they all bought into it.

We see how well that worked out.

Legitimization and Illegality

All of this is prohibited, but there is an obvious way for the parties to wave the entire problem away. They can have ISO/CASCO simply rewrite ISO 17021 and ISO 17011 to remove the prohibitions. That activity is, no doubt, underway. Since CASCO is dominated by the ABs themselves, through national standards bodies who typically either own the AB or collude with them, this is the likely future we face.

Once the CASCO standards are stripped bone-dry of ethics, the IAF can update its Mandatory Documents to suit, pretending they only did so to align with CASCO. They will hope you don’t know they actually influenced CASCO to begin with.

So, this will all get legitimized at some point. But when I say this is all illegal, what do I mean? Under US law, you can’t accuse someone of violating a law unless it’s true. I don’t make this claim lightly.

In fact, it’s not outright illegal for the CBs themselves. There are few laws governing this, with one major exception: the EU regulation EC 765-2008. That regulation does require compliance with the ISO accreditation rules, but enforcement is nearly impossible. The EU cannot take action against, say, UKAS or ANAB. Instead, it can only scold the applicable EU member nation involved. The enforcement is then given to EA (European co-operation for Accreditation), which is an IAF regional body and infected with all the same corrupt practices as its mother organization.

To fix this, the European Commission would have to disband EA, which is never going to happen. As usual, the labyrinthine laws and regulations of the European Union are largely window dressing.

So, no: there are no laws that really stop a CB or AB from engaging in conflicts of interest. Maybe someone could make a B2B fraud issue of it, but it would likely fail in court.

The illegality sits on the heads of the IAF and the ABs. Most of these, if not all, are not-for-profit organizations. In order to be granted the (frankly astonishing) right to not pay taxes, the bodies have to promise their home governments they will provide a charity-type service. And, so, they do. The IAF and ANAB and UKAS have all filed very official-looking papers with their governments claiming things, and then they were granted tax-exempt status as a result of those representations.

The illegality comes in when one scratches the surface to find out the bodies don’t actually do the things they said in their official representations and claims. They do the opposite.

The IAF, for example, was granted tax-exempt status on the false allegation that it upholds ISO 17011. We have decades of evidence showing it does the opposite, and helps its paying members circumvent ISO 17011. So much so, an IAF member can engage in other crimes — like violating international sanctions — and the IAF won’t do anything.

Ditto for ANAB and UKAS and the rest. Their official representations claim they operate in accordance with ISO 17011, when they do the opposite. That standard requires them to enforce other standards (like ISO 17021, ISO 17025, etc.) on their CB clients. But instead, they help CB clients circumvent those rules, engage in conflicts of interest, sell deadly products, engage in test data falsification, and help them cover up for fraud even after regulators have uncovered it!

Again, none of these organizations pay taxes. We pay taxes to support them. Your money goes to prop up this corruption.

So the fix would be for the various national tax agencies to finally grow some stones and enforce the law against fraudulent not-for-profits. That requires government fortitude, and that is not something the world currently has in any abundance.

What can you do? Report these organizations to the tax regulators in your country and hope that if they get enough complaints, maybe — just maybe — they will take action.

In the meantime, the IAF has created a headache it does not want. Oxebridge can now solicit discounts from CBs, have CBs market our consulting services, and engage in overt co-branding of consulting and certification services… and there is nothing the IAF can do about it. If they come after any CB that works with Oxebridge, they will face a lawsuit on restraint of trade, fraudulent business practices, and potentially criminal tax fraud. They cannot suddenly cherry-pick enforcement of the rules solely against the one stakeholder who, for 25 years, had been trying to get them to enforce the rules against everyone else.

That is not a can of worms ANAB or the IAF wants to open.

But feel free to try, guys!

 

Advertisements
ISO 14001 Implementation