A friend sent me an e-mail last week asking if the US has any civil penalties related to misrepresentation (e.g. consulting vs. auditing) comparable to the UK through its Department of Trade and Industry (DTI. It is a good question, which we are going to explore at greater depth in an article. Also, last week another friend who is an administrator for a notified body in the US asked if there have been any cases won against a Registrar or do they just go after a manufacturer?
These are questions that I spent some time exploring last summer in regard to a lawsuit that is heading to trial this summer. It is the most recent instance of my encounters with questionable behavior by a third party. While I know of no instance where a Registrar or Notified Body has lost a case in civil court, that doesn’t mean it hasn’t happened, especially if the outcome was settled out of court and sealed.
Concerning the first question asking if the US has civil penalties related to misrepresentation comparable to the UK, the answer is no. UK’s DTI is a governmental agency that can levy civil penalties. In the US, ANAB is a private entity that can impose penalties on its members for failing to abide by its rules and regulations, but civil penalties can only be levied by a governmental entity.
Concerning the impending lawsuit, the Registrar in question is the registrar for all of the opposing party’s plants around the world and its corporate office. When I first agreed to serve as legal expert on issues involving ISO 9001, I said I would contact the registrar to confirm that they are in fact the Registrar that certified the sites in question in this litigation. I contacted an acquaintance at their US headquarters and was told that they would have to first consult with their attorneys. Later in the day I received a call from the Registrar stating that they were not allowed to share this information. (It was, however, a sharp contrast from the assistance I had received in another lawsuit in the previous year from BSI when working on depositions in the UK.) Fortunately, I was able to obtain the necessary information on the web from QSU.
I then reviewed ISO/IEC 17021:2006 Conformity assessment – Requirements for bodies providing audit and certification of management systems. In 1 Scope it says, “This International Standard contains principles and requirements for the competence, consistency and impartiality of the audit and certification of management systems of all types (e.g. quality management systems or environmental management systems) and for bodies providing these activities.”
In 4.5 Openness, 4.5.1 “A certification body needs to provide public access to, or disclosure of, appropriate and timely information about its audit process and certification process, and about the certification status (i.e., the granting, extending, maintaining, renewing, suspending, reducing the scope of, or withdrawing of certification) of any organization, In order to gain confidence in the integrity and credibility of certification. Openness is a principle of access to, or disclosure of, appropriate information.”
4.5.2 “To gain or maintain confidence in certification, a certification body should provide appropriate access to, or disclosure of, non-confidential information about the conclusion of specific audits (e.g. audits in response to complaints) to specific interested parties."
Quite clearly, the Registrar did not abide, as required, by the requirements of ISO/IEC 17021:2006 in response to my question about the certification status of the Registrar even though this is the international standard that governs their behavior as a Registrar. While I am not surprised that their attorneys are clueless about the professional and legal responsibilities of the Registrar, I am surprised that the Registrar’s management and personnel failed to read the requirements of Certification Bodies and share that information with their attorneys.
To return to the question of whether there have been any cases won against a Registrar, the answer is, there will be such cases if Registrar behavior violates their Impartiality Certification Requirements in a manner that could influence the outcome of a lawsuit. More about this issue in the second half of this blog.