Fakes, frauds and cheapsters – navigating the maze to find reputable ISO providers (Part 1)

Obtaining ISO certification from a JAS-ANZ registered certification body tells your customers and the community that you have been assessed by a reputable independent body as meeting  an internationally recognised standard of excellence.  Ultimately, it is this reputation that can allow you to gain a significant competitive advantage in your market through achieving certification.

Unfortunately, more and more, I see companies selling themselves and the industry short through a lack of understanding of the different grades of players in existence in the very competitive marketplace of ISO certification. All providers are not equal and, sad to say, not all are ethical.

Read on for some tips on emerging unscathed from encounters with lower quality and unscrupulous providers.

Part 1: Beware of offers of super quick and cheap ISO system development (especially INCLUDING certification)

When you are looking at organisations to assist you to set up your ISO system and to get certified, you need to be beware of offers that appear to be extremely quick, much cheaper than other providers or simply too good to be true.

I have summarised below what I believe are the best tips around this issue.

 Tip 1: “Buying” certification: the risks

There are some organisations out there that will almost let you buy your ISO certification after spending a matter of days to “develop” a system for you…but… the resulting system may well turn out to be worthless or a costly mistake for the following reasons.

The real story:

The only real way an organisation can offer to provide an ISO system (sometimes including certification) at a super cheap price is by having created a “1 fits all” generic manual with policies and procedures that, by their very template nature, cannot hope to match your actual operating environment and will not work unless significant time (read: your cost) and energy is spent customising them.

Tip: One of the warning signs is when there is no offer for a consultant to assist you to implement the system, in which case it will then fall to you the client to work it all out after your “system” and “certificate” have been delivered in a large binder.

Also, in general, the only way a company can include “certification” in that very cheap price is (best case) by using a non-accredited certification body or (worst case) using a false certificate.

NB I am not here referring to reputable companies who bundle consulting and certification from two different entities into a competitive price. The key word here is “reputable”.

Using non-accredited certification bodies or false certificates.

The bad news:

Most customers, and particularly government organisations, who insist on ISO certified and/ or compliant suppliers will not recognise a certification unless it is from a certification body accredited by JAS-ANZ. So if your tender has external certification as a prequalifier, your certificate will be checked by the tenderer.  If they find the certification body is not accredited by JASANZ, you will not only be ineligible for that tender but may also be discredited as a future applicant.

The good news:

 Many customers (except large corporations and government departments) are happy with a “certificate of compliance”- especially as a starting point. This can be a very cost-effective alternative to external certification while you are testing out the ROI on your compliant system in the market. You can always get externally certified in a short timeframe if you maintain your compliant system after it has been implemented.

What’s a “certificate of compliance”?

You need to understand the difference between a “certificate of compliance” and a “certification” to an ISO standard as provided by an approved certification body.

A company or consultant can legitimately provide you, as ICS frequently does, with a (in our case- free) “certificate of compliance” after a compliance audit of your system by a registered auditor. This basically says that you have been audited by a qualified auditor and based on the sample looked at, the consultant believes you are compliant.

The important distinction is that nowhere should the certificate mention that it “certifies” or “registers” or “accredits” you to any Standard.

If you are offered one of these certificates, what matters is that the difference is explained to you, the wording on the certificate is accurate and you are not under the impression that you are now “certified” instead of just “compliant”.

Tip 2: What’s wrong with quick?

3 things someone should have told you:

1.       First, all ISO systems are in essence guidelines for creating a best practice business management framework; designed to control and manage all relevant aspects of the running of a business for the life of the business. Knowing this, common sense would then tell you that you cannot build an entire business system in a matter of days or even weeks, – and any such undertaking deserves serious (not cursory) consideration.

2.       Second, in order to pass you at the audit, a reputable Certification Body’s Auditor is required to verify that your documentation, procedures and activities have been in place and actively used for a minimum of 2-3 months prior to seeking certification and you must be able to provide this with concrete evidence i.e. records.

3.       Third, just the elements required to be in place in order to comply  are quite extensive and require time to create or customise to your operations; including training staff. You will need to show evidence that all the mandatory requirements have been met before a reputable certification body will even accept your application for audit.

In short, creating any management system worth having will take work and time – often several months- as other business priorities have to be factored in. A reputable certification body will require a certain maturity of system with evidence acquired over months before they will certify you.

Final  tips on how to avoid unscrupulous providers:

!          Beware of an ISO system implementation that is not based on a site visit or gap analysis of your organisation

!          Beware of a company that does not take the time to talk your through how the certification process works or who seems “in a rush to make a sale”.

!          Always request references or testimonials and be suspicious if these are not provided. Insist on speaking to other companies who have used their service.

!          Beware of companies that advertise that they will create all of your procedures and provide you with the ISO certification to say that you meet the requirements within only a few days or weeks.  Some of these companies are scams and the certificates are worthless.  Those who are not will be on the list of accredited certification bodies- so check them out.

!          If they do not appear on the  JAS-ANZ register then they are not an accredited body that can issue ISO certifications.


ISO certification can be a true sign of the quality of your operations and that you utilise best practices throughout your organisation.  The risk associated with the process is that sales- focussed and unscrupulous organisations may try and deceive you.  By being aware of their tactics, you can identify and avoid many of the traps so you know you are receiving your ISO system and certification from an accredited and reputable organisation and can proceed with confidence into using your certification for future growth.

Credit should be given to the article “Beware of Quick ISO 9001 or APIQ1 Certification Offers” for several of the ideas included.

Part 2 & 3 to follow.

At Integrated Compliance Solutions, our expert consultants can assist your business in completing an ISO gap analysis, ISO 9001 internal audit, ISO internal audit and ISO audit. For more information, get in touch with us today.

Leave a Reply

Your email address will not be published. Required fields are marked *