Bulletin / When is an...

When is an ISO not an ISO?

Author: Charlie Maclean Bristol, Training Director, FBCI, FEPS

Charlie looks at the accreditation side of ISO certification and the importance of knowing which companies are selling 'fake' ISO's. 

This week at PlanB Consulting we are celebrating passing part 2 of our audit and being certified to ISO 9001. It has been 6 months of hard work and lots of late nights for some, but we have achieved it. I am a great believer in ISO standards and at PlanB Consulting we have ISO 9001 and ISO 22301. As BC plans aren’t tested often, it is not too difficult to let things slip and push them on to next year. With an ISO, you are regularly audited and it keeps you honest. There will be a flurry of activity prior to the auditor coming in, but at least the work gets done!

I didn’t realise until a while ago that not all ISO's are created equally. I entered a competitive bid for some work at a large facilities management company, quoting £25k to put them through the whole business continuity lifecycle and assist in getting them certified to ISO 22301. They had a number of existing ISO’s and wanted to achieve the business continuity one. When I put in my proposal, they said they were surprised, as their existing ISO body was going to charge £5k. I would like to think of us as ‘reassuringly expensive‘, but we do not charge 5x others. A friend showed me their proposal, in which they would supply ISO 22301 templates to be filled in and they would then certify them to the standard. I was aghast, I thought all ISO certification had to be separate to the people doing the work, but here was a straight case of it not happening. 

I looked into it a bit deeper and realised that anyone can certify anyone to any standard and there is nothing in the standard to say that the organisation doing the work can’t self-certify their own work. The main certification bodies; BCI, Certification Europe and LRQA, which are usually the ones we go with, had an additional level of checking called UKAS accreditation. This means they cannot certify their own work, their standards are regularly checked and they adhere to a code of conduct. UKAS is for the UK, there are different accreditation bodies worldwide. The way you tell whether a certification is done by an accredited body, is the tick in their certification mark.

The body which wanted to charge £5k for the ISO work was not UKAS accredited, which is why they could provide the standard so cheaply and had no external quality checking. If you Google ISO, you quickly realise that there are a number of companies which do not provide accredited certifications and they are making huge amounts of money out of this. I shall not name them, for fear of being sued, but they are not hard to find! What is even more dishonest is that they include a tick in their logo, so they try and make themselves look like they are a certified body. There are a number of court cases where they have been taken to court by Trading Standards for misrepresentation of products. They are still all trading.

I know the work that goes into getting an ISO standard and it is a little soul-destroying to see a company which has simply filled in a few forms, claim the same standard you have worked so hard to gain. The consolation is that an ISO is not just about a badge, but is about making your organisation better, so in the end we will be achieving continuous improvement. So next time you are out and about, especially in the car, look at vehicles which advertise their company and see how many ‘fake’ ISO's you can spot. Unfortunately there are a lot about. Secondly, educate your procurement people about this issue, so when companies are bidding for work with you, those with non-accredited ISO certification are not given the same weight as those with accredited ISO's.

Upcoming certified ISO courses - over 30% discount

Certified ISO/IEC 27001 Foundation: 22nd-23rd January
Certified ISO 22301 Lead Implementer: 23rd-27th April
Certified ISO 22301 Lead Auditor: 21st-25th May



Black Friday Deals - Available Now


20% off all full-price courses and BCI E-Learning Building Resilience

10% off CBCI Online Training Course with Exam

50% off VIA-C Worked Examples and Good Practice Guidelines 2013

Offers running until 30th November 2017

You might be interested in the following stories

ISO 22301 and the Business Continuity Octopus

Tips on an ISO22301 audit

You may be interested in the following course

PECB Certified ISO 22301 Lead Auditor course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
Charlie's Top 10 Business Continuity and Crisis Management Books for Christmas

Charlie counts down his top 10 Business Continuity and Crisis Management books, as recommended by you.

14 December 2018

“Concise, great grounding for BCP staff, both new and existing”

Andy Rogers
Home Office
View further testimonials