The Beginning of the End for Fake ISO 13485 Certificates

IAF announces the largest technical trade agreement ever prepared for the medical device standard

Many of us have heard horror stories about ISO certificates that were fakes, or of medical-device quality system audits being performed by persons who were not competent. A recent report published by the European Commission found that two out of 11 notified bodies were performing so inadequately, they were ordered to stop issuing CE certificates.

Interpol is regularly involved in tracking down fake certificates, while regulators have been losing faith in the entire chain of certification. The International Accreditation Forum (IAF) began to work on a solution to this problem for medical devices in 2007. The last work item to secure the credibility of ISO 13485 certificates worldwide has just been completed.

On Oct. 24, 2013, the IAF announced it is now able to accept applications from accreditation bodies (AB) to join in its multilateral recognition arrangement (MLA) for its new ISO 13485 medical device accreditation. This is the largest technical trade agreement ever prepared for the standard ISO 13485—“Medical devices—Quality management systems—Requirements for regulatory purposes.”

…

Want to continue?

By logging in you agree to receive communication from Quality Digest. Privacy Policy.

Create a FREE account

Forgot My Password

Comments

Your claims

I'm all for improvement, but some of what you say is unclear:

"... ISO certificates that were fakes" - what makes a certificate "fake"?

"... audits being performed by persons who were not competent. A recent report published by the European Commission found that two out of 11 notified bodies were performing so inadequately, they were ordered to stop issuing CE certificates. - what is the competency standard? how were the "notified bodies" - registrars? - failing?

"... Interpol is regularly involved in tracking down fake certificates" - in what way is this a legal issue?

"... while regulators have been losing faith in the entire chain of certification" - for what reason?

"The International Accreditation Forum began to work on a solution to this problem for medical devices in 2007. The last work item to secure the credibility of ISO 13485 certificates worldwide has just been completed." - how is this different than what has gone before, and how will it correct the deficiencies which, hopefully, you will identify for this community?

Is it appropriate to expect that QD, as a journal, would apply standards to this "article", or is this a blog or op-ed?

I'm all for regulation if it adds value. IMHO the entire accredition / registration ecosystem has some noble intentions but is compromised by hack registrars giving certificates to hack clients. The problem is some of these hacks are "properly" accredited and registered. I think a system of "labelling" various entities can give someone the warm fuzzies - like purchasing Government Inspected meats at a market - but all too often the Emperor has no clothes. I propose that instead of being labelled as "meeting a standard", the registrars instead should provide an objective assessment of how well, or the extent to which, a client performed certain activities - the kind of assessment that would truly relieve a customer of the need to perform an independent audit. A good/better/best model might air out some of the rot.

For Clarity

Dave, I guess we can divide this into two segments. a) Fake certs, and B) certs that are not fake, but not issued under a structure of credibility (per ISO and IAF accreditation standards).

We all know what a fake certificate is. A fake certificate bears registered marks belonging to an AB or CAB that are not earned. Quality Digest has another article that I believe explains this quite well, and the problems it creates for regulators in the field of product safety, as well as the role Interpol is playing to prosecute this kind of fraud. http://www.qualitydigest.com/inside/twitter-ed/t-v-s-d-intensifies-effo…

The question of competency is certainly the core issue, and there has been, and remains, wide ranging differences of opinion. Our working group at the IAF for ISO 13485 took documents from the Global Harmonization Task Force (GHTF) and other guidance from the Notified Body Operations Group, Designating Authorities Handbook and Canada's GD210, and then collaborated with top experts from AB, CAB, NBs and even regulatory representatives from US FDA, who led GHTF SG-4. We then took all of this, and shook it down to what is now captured in IAF “Mandatory Documents” MD8 and MD9. These became a stake in the ground that would establish competency requirements for ABs and CABs operating in the field of medical device QMS ISO 13485.

So indeed, the competency issue is probably the most important issue of all, but is quite pointless, unless there is a mechanism to assure that these requirements are being met, regularly and globally.

Do regulations add value, well; I'm not going to step into arguing one way or another, because the matter is already settled. If the regulation exists, then it is the law, and I would not risk breaking it. The business risks of not complying with the law are very severe indeed.

The Accreditation Body marks are not something someone can buy. Ask any CAB that has undergone an ISO 17021 and MD9 Accreditation Assessment, and they will tell you, they pay with more than money to carry their accreditation certificate. Competency and management system compliance with IAF/ISO accreditation standards is a full time effort. Some ABs are not willing to apply to the IAF for the new subscope of ISO 13485 for this very reason.

To be honest, this program went into effect July last year, but without the IAF MLA having yet been adjusted to add ISO 13485. Some CABs that had been performing regulatory audits suddenly felt concern to adjust their audit teams, to make sure they had the proper competency to meet IAF MD9. I learned ISO 9001 auditors were leading ISO 13485 audits and even CE audits. Since however the ABs now had IAF MD9 to leverage, the CABs could no longer get away with the lack of specified requirements that had plagued these other regulatory audits. Immediately after July 2012, the IAF program for ISO 13485 began to have a side effect of cleaning up other regulatory audits! Why? Because Accreditation Bodies, could revoke their Accreditation Certificates from the CAB, many who were also Notified Bodies under the Medical Device Directives.

You see, it is not merely the toughest competency requirements that make ABs and CABs perform better, but a regular system of enforcement from IAF assessors of ABs, to AB assessors of CABs, to CAB assessors to manufacturers. The marks are not merely registered trademarks; they are indicators that point to a link in the chain of credible certification.

Thank you

Grant, I appreciate the clarification. When you mentioned "fakes" I thought you meant unaccredited, not falsely advertised - I hadn't imagined any person or organization would fraudulently represent itself the way you described in "broad daylight".

Illegality of fake certs

I would add to what Grant said below

In the EU, the CE Mark is legally required for certain classes of products, medical devices for instance. If you sell certain types of medical devices without a CE Mark you are breaking the law. Ditto for claiming to have a CE Mark when you don't (via a fake cert for instance).

Rats !

D. Gentile opened a Pandora's vase: it's years we field auditors lament poor control by registrars and accreditation bodies over certificates. It's all about money, money is everything: an Redskin legend asks whether Man could thrive on gold only, when there would be nothing else on Earth. We daily hear of agreements, negotiates, more or less multilateral; but, as it was in the past centuries, Honesty only exists in dictionaries.

No restriction in use of fake ISO certificate.

ISO Central Secretariat has shrugged off its burden about taking an action about fake ISO certificate, saying that its not in their administrative jurisdiction. IAF is silent and National Accreditation board of India; NABCB has nothing to do as it has informed the party that the certificate awarded are invalid. The Joint Accreditation System of Australia and New Zealand; JAS-ANZ though assured that they will issue a notice to the party for withdrawal of the fake certificates from their website etc, but, do not keep its promise. JAS-ANZ further stated that in case the party doesn't pay any heed to their notice then they will initiate legal escalation of this issue for cancellation or withdrawal of the fake certificates. Ultimately JAS-ANZ keep silence.

Geological Survey of India, GSI are issued ISO 9001:2015 Certificates [Two certificates] on 12-August-2016. These certificates are declared fake by JAS-ANZ. These certificates are still in use by GSI. Lax regulation about fake ISO certificate give full freedom to certification and accreditation bodies to make ISO Certificate a piece of paper only, which can be obtained by paying a price only for it. Adaptation of standardisation of ISO's level is no compulsion. Rampant misuse, abuse of ISO certification and no concern will soon make ISO a nonentity.