Well-oiled racket involving sale of ISO certificates uncovered in the UAE

Sidney Vianna

Post Responsibly
Staff member
Admin
#1
DUBAI: Like millions around the world, if it’s an ISO certificate that makes you pick a product or service, then wait till we tell you about its dark side.

Under normal circumstances the much trusted and globally recognised stamp is awarded only after a detailed audit and compliance survey which takes weeks, if not months. But here in the UAE you can have it for as little as Dh4,000 and within three days.

An XPRESS undercover operation blew the lid off the well-oiled racket when we got the coveted ISO 9001:2015 certificate for a company that shut down long ago and, worse, is under investigation for fraud.

read the whole story...
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
Color laser printer - Check.
Money? - Check.
...
...
Profit!

The audit report is a good touch, admittedly.

This is one reason (of several) I have said over the years that ISO 9001 certification is a poor to useless supplier acceptance criteria.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#5
About 10-15 years ago remember we all talked about this in jest righ here?
Infrequently, but yes. I think Sidney has been a proponent for the need for a database of legitimate certificates along the lines of the SAE's OASIS database in aerospace's AS9100. It can be a lot of work to verify whether someone with a decent printer just printed up their own "certificate" or not.

We did have a recent discussion thread here on an AS9100 certificate from what I think was from a "certificate mill" which is a bit different, but along the same lines.

I just did the Google on "fake iso 9001 certificates" and there are articles going back years. It's not, as I think most people here know, a new problem by any means, nor is the UAE the only country it is a problem in.

I know years ago I would tell clients that though more expensive than many smaller registrars, companies like DNV, UL, BSI and several other biggies were "better" because 1. the validity of a company's certificate was easy to verify, and 2. the companies were trustworthy, known entities.

I think DNV, BSI and several others have online databases for certificates they issue.

I have no idea how big the problem really is, but I suspect it's pretty big.

I do come back to my opinion that companies should be using many aspects other than an ISO 9001 certificate to qualify their suppliers.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#7
I think Sidney has been a proponent for the need for a database of legitimate certificates along the lines of the SAE's OASIS database in aerospace's AS9100. It can be a lot of work to verify whether someone with a decent printer just printed up their own "certificate" or not.
Exactly right, Marc. As I mentioned several times here, in this space, over the last 15 years, it is mind boggling the lack of vision and business savvy by the people in charge of the management system certification industry. An OASIS-like database would serve several purposes, one of them being a real-time, credible repository of properly vetted (accredited) certificates, but it would also facilitate stakeholder feedback to relevant parties when suspicion exists over a certified system.

On top of that, if you extrapolate the annual revenue stream of the OASIS database, making corrections for the much larger pool of ISO MS certificates, the defunct ISOCERTO database could generate upwards of US$100 million/year. Maybe this will get some people's attention...

Good question, but I suspect it's "Whack-a-Mole" problem.
True, but if a brand does not defend it's IP, are they derelict?
 

Paul Simpson

Trusted Information Resource
#9
Thanks for this, Sidney. I've recently been given a new role to liaise with CASCO on behalf of TC 176. I'm looking to gather some options for how I deliver against the role requirements and this kind of feedback will be so valuable.
 

Wes Bucey

Quite Involved in Discussions
#10
About 10-15 years ago remember we all talked about this in jest righ here?
Not so much "jest" as I recall, but more "kidding on the square." Our original discussion began over a registrar headquartered in the USA with a reputation for issuing certificates as soon as the check cleared.

That discussion evolved into an exposé of some operations issuing certificates without even bothering to send an employee to a manufacturing site

From there, we determined that the bureaucratic gullibility of corporate purchasing processes combined with a thick-headed insistence that every link in a supply chain be "registered" to make life easier [read "cheaper"] for incoming inspection meant we professionals should go into the business of cobbling together generic paperwork (Q manuals and such) for supply chain links, then have our "Chinese Wall" separated divisions issue the certificates of registration to those same links. I think we pretty much determined the only things necessary were word processors, Word templates, printers, and reams of paper. Essentially, printing money without the pesky problem of being arrested for counterfeiting currency.

[How long do we have to wait before the furor dies down so we can start another round of lucrative deception?;):whip::notangel:]
 
Top Bottom