Featured Product
This Week in Quality Digest Live
FDA Compliance Features
Jennifer Chu
Findings point to faster way to find bacteria in food, water, and clinical samples
Matthew M. Lowe
Take this opportunity to prepare for the future
Etienne Nichols
QMSR for medical device companies
Kari Miller
CAPA systems require continuous management, effectiveness checks, and support
Etienne Nichols
The answers will reveal the truth about your product and get it to market faster

More Features

FDA Compliance News
Facilitates quick sanitary compliance and production changeover
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Company’s first funding round will be used to accelerate product development for its QMS and MES SaaS offerings
Showcasing tech, solutions, and services at Gulfood Manufacturing 2022
Easy, reliable leak testing with methylene blue
Now is not the time to skip critical factory audits and supply chain assessments
Google Docs collaboration, more efficient management of quality deviations
Delivers time, cost, and efficiency savings while streamlining compliance activity
First trial module of learning tool focuses on ISO 9001 and is available now

More News

Grant Ramaley

FDA Compliance

IAF CertSearch Team Identifies 20,000 Fake or Fraudulent ISO QMS Certs

IAF CertSearch now mandatory for accredited certification bodies

Published: Monday, April 3, 2023 - 12:02

As of 2023, more than 27,000 medical device QMS certificates have been issued worldwide, providing confidence in medical devices. From cardiac stents to simple dental tools used to correct teeth, the healthcare systems of the world have come to rely on ISO 13485 to provide critical support to world health.

On Feb. 13, 2023, 33 nations sent their medical device regulators to Riyadh, Saudi Arabia, to participate in the Global Harmonization Working Party. The GHWP is a nonprofit organization that studies and recommends ways to harmonize global medical device regulations. Two more countries joined recently, including the U.S. Food and Drug Administration (FDA) and Japan’s Pharmaceutical and Medical Device Authority (PMDA). The GHWP is now the largest association of medical device regulators in the world.

The IAF was asked to participate and provide an update on the IAF CertSearch database, a global database where users can search and validate the status of accredited certificates issued by a certification body that has itself been accredited by an IAF-recognized accreditation body. The IAF presentation was provided by Nigel Johnston, who developed the database.

The presentation given to the GHWP members focused attention on the use of ISO 13485 and how the IAF CertSearch database is helping regulators to verify the credibility of these certificates. Johnston’s presentation raised alarms. He noted that the IAF CertSearch team had identified 20,000 fake or fraudulent certificates in the last year alone. The focus on the widespread use of fake or fraudulent certificates was followed immediately by another presentation on the widespread distribution of fake medical devices and medicines.

Although it isn’t fully populated (the database represents about 44% of all ISO QMS certificates included in the ISO Survey), it is now mandatory that accredited certification bodies upload them. Because of this requirement, this percentage is expected to increase significantly.

Growing use of ISO 13485

Many governments already use ISO 13485. The FDA announced that it’s reframing its quality system to use the newer ISO 13485:2016; Japan and Korea have already done so. A Chinese representative from their National Medical Products Administration suggested that they plan to align their own regulation to better use ISO 13485.

Many of the 33 member nations already require ISO 13485 certificates to support regulatory submissions for medium- and higher-risk medical devices, especially from overseas manufacturers. The questions IAF had been invited to address were how to verify ISO 13485 certificates using IAF CertSearch. In like manner, the IAF presentation asked for support from regulators to help see it more fully populated.

Regulators were also shown plans for a new software interface that will enable them to follow certificates, and a promise of free access to screen certificates by these same government agencies.

During the presentation, mention of the IAF’s ability to support food safety standard ISO 22001 and the occupational health and safety standard ISO 45001 were included as topics of interest to some of the same regulators.

By the end of the presentation, regulators were challenged to work harder to verify every ISO QMS certificate that they require. A later presentation given by a special group of advisors who review the presentations and work of the regulators concurred that all ISO 13485 and other ISO QMS certificates should be screened before accepting them.

It was clear from this meeting that the vision statement of the IAF, “Certified once, and accepted everywhere,” is bearing fruit. The leader of the GHWP Working Group on quality systems also made a point of thanking the IAF for incorporating their “Good Distribution Practices” into IAF MD9 as well as for providing useful tools for determining audit durations.

Improving the supply chain, from Earth-grown food to Mars-bound spacecraft

More than 1.9 million valid ISO QMS certifications are used worldwide by nearly every sector of industry. ISO considers a valid certificate as one that has been issued by a certification body accredited by IAF MLA members. Many of these certificates provide support to public health and safety. Supply chains worldwide support far more than just medical devices, and during the presentation the last slide showed endorsements from a large number of companies working across every sector of industry.

From the food we eat to spacecraft that will one day take us to Mars, the medical device regulators gathered in Riyadh were provided a glimpse of a future, while shaking them with the frightening threats to world health inferred by the discovery of thousands of fake ISO certificates. The IAF showed that efforts to harmonize around ISO 13485 or any other standard are futile without having systems the like IAF CertSearch to establish the credibility of those certificates.


About The Author

Grant Ramaley’s picture

Grant Ramaley

Grant Ramaley is the director of regulatory affairs for Aseptico Inc., a manufacturer and marketer of dental support equipment in the United States and Canada since 1975.  Ramaley also is co-chairman of the Regulatory Affairs and Standards Committee for the Dental Trade Alliance, Convener for the ISO 13485 Medical Device Working Group at the International Accreditation Forum, and Technical Committee Advisor to the Global Harmonization Working Party.


Certsearch mandatory?

The author says -- twice -- that participation in IAF CertSearch is "mandatory for accredited certification bodies." But he offers no proof of this. 

In order to make this "mandatory," one of two things would need to happen. First, the ISO CASCO committee would have to make participation in CertSearch a mandatory requirement under ISO 17011 and/or ISO 17021-1. This will not happen, since ISO cannot make participation in a third-party program a requirement in any of its standards.

That only leaves a contractual change to the IAF MRA. But that has NOT happened. 

The IAF has floated a "model" whereby they will require its AB members to push down a requirement to participate in CertSearch to their CBs. However, the IAF lacks the legal authority to do so, and cannot inject itself into the contractual arrangements between third parties, so this could be challenged in court. Furthermore, the IAF has refused to enforce the "MD" and "ML" series documents that exist now, so there is no precedent for them to suddenly begin doing so. Finally, this doesn't address the fact that the ABs and CBs can simply refuse, forcing the IAF to either withdraw its CertSearch requirement or close up shop entirely. Since the CBs (especially BSI) have been the biggest critics against the idea of CertSearch, their refusal is a near guarantee. 

Furthermore, the official IAF FAQ page on the Certsearch program indicates that this "mandatory" requirement can only be flowed down via an update to IAF ML4. (See https://iaf.nu/en/faq/ and scroll down to Q41.) IAF ML4 was updated in June of 2023, and no language at all was added regarding Certsearch.

So I invite Mr. Ramely to explain where he is getting this information from, and provide the source. Failing that, I urge the editors to correct the article and the tagline, as it appears to contain wholly false information.

Even more?

If "fraudulent" also includes organizations claiming product design in their scopes and other inaccuracies (like having a 2015 compliant QMS when it hasn't changed since 2000), then the number is (much) higher...

IAF CertSearch

Grant. Its ISO 22000:2019, not ISO 22001. "https://www.iso.org/standard/65464.html"

Fake Iso certificates

The story of 3 Apr mentions IASCertSearch team identified 20000 fake certificates. How did it do that. Certainly not from those uploaded since Accredited CBs are uploading data and they would not upload such data. Pl clarify.


According to Nigel Johnston in an email to Quality Digest: "The IAF database only includes valid accredited certifications. However users often write to the IAF CertSearch support team to validate certifications they can't find in the IAF database, these can often be identified as counterfeit or fraudulent where an organisation claims to be certified when they no longer are. These inquiries from users and additional research is how the team has identified the amount of false claims in the market."