DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

It’s happening again, organizations are making claims about “lead auditor” training and certification, as well claims about their ability to certify companies to standards. Unfortunately, there is a long history of various companies and organizations selling products outside the accepted practices of the standards accreditation world. It’s happened with the ISO9001, ISO14001, ISO27001, and ISO28000; and now it’s happening with the standards in the PS-Prep Program. It is a buyer beware situation. Ask anyone who has paid for a “lead auditor” course only to discover it was not already accredited within the internationally recognized IRCA or RABQSA International certification schemes, or directly certified under the ASTM E2659-09 standard. Ask any company that has paid for a “third-party certification” only to discover that the certification did not come from a registered certification body.

Some training and certification providers claim their courses and certifications are recognized because someday they will seek the appropriate credentials and accreditation they need to provide a course or certification. But this isn’t the way it works. You have to actually be accredited, credentials issued before accreditation are not retroactively recognized. Anyone can claim they will seek accreditation but only organizations that have actually been accredited have achieved the benchmark.

It’s very much like an academic degree. Yes, you can earn your degree from institution advertising on the back of a matchbook, but is it an accredited institution? What happens when someone discovers, say in the middle of brain surgery, that your degree was issued by an institution that was a self-declared training provider not accredited to issue certifications? Will your answer be “they said it was real” or “they said they planned on seeking accreditation and my degree would be retroactive”?

The PS-Prep program will spawn many such programs and claims of authenticity. The details of the PS-Prep Program have yet to be totally finalized and announced. Isn’t it curious that you can already buy credentials from training providers? Isn’t it logical that the bar would be set at actual accreditation rather than self-declarations or simply announcements that organizations will seek accreditation in the future?

Another point of great confusion about the PS-Prep Program is who exactly can issue “third-party certifications.” There should not be any confusion about this; the process is very well choreographed in the standards world. Only certification bodies registered to issue certifications for specific standards by registration bodies can issue a credible certification. Contrary to common myth, an individual cannot simply take a “lead auditor course” that is issuing a credential (accredited or not) and provide “PS-Prep Certification.” First of all, organizations certify to standards not programs. Second of all, simply because you have completed a course your company cannot self-declare it can issue “third-party certifications.”

In these times of economic crisis it behooves people interested in seeking a career path in standards to first learn how the standards and certification processes work. Only take training from an already accredited training provider who has experience in standards auditing (standards auditing is not the same as bank or SOX auditing). Do your homework and save your money! Demand to see real accreditation and registration, not just vague self-declarations with intent. Organizations should only seek certification from registered certification bodies with the knowledge of their industry sector and accreditation to the specific standard they applied. Remember, even if your auditor is qualified, it does not mean that auditor’s company is accredited and registered to issue third-party certifications.

Buyers beware; less you discover that your certification is nothing more than a piece of paper.

DiMaria-JohnJohn A. DiMaria, Certified Six Sigma Black Belt; HISP, director of professional services, eFortresses, Inc and president of the HISP Institute. DiMaria (co-author of “How to Deploy BS 25999”) is a management system and standards professional with 24 years of successful experience in management system development, including information systems, quality assurance, international quality standards, statistical process control, regulatory affairs, customer service, subcontractor analysis and marketing/sales in a highly competitive environment. DiMaria holds formal qualifications in several areas of ISMS, ITSM and BCMS has served in several leadership roles with BSI Management Systems America as technical, scheme and marketing specialist responsible for overseeing development, education and expertise regarding all information security and business continuity activities including ISO 27001, ISO 20000 and BS 25999. DiMaria was also responsible for launching the BS 25999-2 in North America. He has served on committees that influence legislation and drive international harmonization such as the HISPI, various committees that influence BCMS standards and the BITS Shared Assessment Program.