Yikes, Rough Week for Online Certification Body Audit Platforms

Moving a certification body’s audit reporting tools to an online portal seems like a no-brainer, but apparently they are taking that a bit literally, and hiring people with no brains to run them. In just one week alone, I’ve noticed two major systems go down, one of which puts clients at risk of losing their certifications since the clocks on ISO 9001 and As9100 certs don’t stop just because a CB’s website craps out.

More Trouble at Intertek (Sigh)

The biggest concern is over Intertek’s “iEnable” portal going down. This is the official tool used by Intertek for, according to one former Intertek auditor, “developing plans, preparing reports, tracking NCRs and OFIs, tracking correspondence with clients,… basically everything.” This means that so long as iEnable is down, Intertek cannot schedule new audits, nor process any current ones. Again, there are no rules in place to “toll” the clock for clients, so if they cannot get Intertek to show up for audits or to process closing nonconformities before their certification expires, the clients will lose their cert.

And, let’s face it, Intertek isn’t about to reimburse them for any damages or lost contracts.

It’s just staggering how bad the SAI Global / Intertek mess is, and it continues to lead me to advise people to just stay away from them entirely. Before Intertek purchased it, SAI was hammered with years of crippling inability to schedule audits, resulting in companies all around the world losing their certificates because SAI auditors never showed up. The blame lay squarely at the feet of schedulers, who — for reasons still unknown — just couldn’t seem to schedule audits, but the auditors themselves sometimes never physically showed up for audits despite being scheduled. It was year after year of nightmare, and SAI lost its accreditation for a short period because of it.

With Intertek’s purchase, things were supposed to get better, but most assuredly have not. My source reveals that there has been a mass defection (or firing?) of former SAI schedulers (good riddance?), making things worse, not better. The source also claims “many of our best auditors have left Intertek,” since the merger, but that’s probably not saying much.

As I write this, iEnable may be back up, or it may not be. But if you are a current SAI Global / Intertek client, you may want to start reaching out to your auditor to see if you are affected. If you don’t hear back, you may want to start shopping around.

A fun aside: ISO 17021-1 requires an accredited CB to ensure it has “sufficient resources” to conduct its operation. Will one of the accreditation bodies finally step in and hold Intertek accountable? Puh-leeese.

OASIS Down, Too

At the same time comes word that the AS9100 scheme’s planned rollout for the new OASIS version 3 is borked, with the IAQG announcing the following:

As you are likely aware, the Digital Team identified migration challenges that impacted both audit data as well as access rights. Due to the sensitivity of the information, OASIS V3 was suspended.

To fully address the issues, our team is actively reviewing all access controls and audit records to confirm the information will be accessible as expected. This process is taking some time and we will keep you informed as work progresses. We anticipate the delay to continue into the week of 24 July 2023. We apologize for any inconvenience this has caused and will update you with specifics as soon as possible.

I haven’t been keeping up with the whole OASIS v3 thing, since as far as I can tell I’m still utilizing OASIS v1, and never saw a version “2” at all. I’ve just assumed that at some point I will try to log in and find a new interface staring at me.

But I do know that the plan was to sunset the current version and place a short lockout of the system while v3 was spun up. This makes sense: you don’t want people continuing to enter data in the old system. The lockout was to run from June 30 to July 17, so just about two weeks (which, frankly, was a bit long already.) The hope was that by July 17 the lockout would be lifted, and everyone would be using v3.

But of course, they donked it up. As I try to log in now, I’m greeted with an already-outdated message telling me I can’t log in, and still telling me that all will be well by July 17, which is great except that today is July 21. A link takes me to the notice above which is dated July 19, and there’s no newer information than that.

So this means that IAQG didn’t test v3 as well as they thought they had, which should surprise no one since they are morons.

But now it raises questions about whether clients will be affected or not, which is not good. So long as OASIS is down for everyone — which it is — auditors cannot enter audit information, and everyone’s AS certificates are at risk. Because IAQG has pushed key aerospace suppliers like Boeing and Lockheed to rely on OASIS to verify their suppliers’ certification status, there is a knock-on effect that impacts the entire supply chain. (Fortunately, no one relies on OASIS for this stuff as much as IAQG thinks they do, so it won’t be serious.)

But every day OASIS is down puts AS9100 certified clients at risk of losing their certificates because, again, there are no allowances to extend AS9100 expirations because the IAQG hired some idiot to create a new database no one asked for.

The combined problems highlight the huge gap in auditing rules, and refresh the need to call on ISO CASCO to carve out some allowances for CBs to temporarily extend certificate expiration dates when problems arise that are due to the CB itself or other outside factors. But don’t hold your breath. Until someone drags a CB to court over this, nothing is likely to change.