Having visited a company this week for their annual check, I found that they had a non UKAS 45001 certificate awarded in the past 2 months.

A little surprised as they had not contacted me but that’s not always what people do. However, after questioning them on how they achieved it etc. it became very clear that there were gaping holes in the standards requirements. I also found the assessor hadn't looked at any of the risk assessments. They were confused when I started talking about managing change and it was very clear that they hadn't got this in place.

My question is this, they have been awarded a non UKAS accredited certificate for ISO45001, and it’s clearly been awarded without some elements of the standard being complied with. Should I do anything/report it etc.

I'm a lead auditor for this standard so have a good working knowledge of what should be there

Sorry should have made that a bit clearer.

The company has been accredited to ISO45001 by a non UKAS or LRQA accredited company.

I didn't think that was possible?

…and as I said UKAS ( the United Kingdom Accreditation Service)  accredits the certifying bodies and it is the certifying body that grants the certificate saying that such and such a company is compliant with which ever standard you want. The certificate should explain what standard the company is compliant with , and from what date. The certificate should also detail that the  certifying body  has been accredited by UKAS. If the certifying body is not accredited then it’s not really a certifying body.  Anybody can test someone against an ISO standard but unless they are UKAS accredited, its not really worth the paper it is written on. I am not sure who you report it to unless there is an element of deception: “Bung us  a pony  and we’ll get you the paperwork. No questions asked”, sort of thing.

UKAS is applicable to activity conducted by companies who choose to be UKAS accredited.

The various management systems standards derive from International Standards Organisation publications.

BS EN ISO 45001:2023+A1:2024 is the UK adoption of EN ISO 45001:2023 identical to ISO 45001:2018.

BS EN ISO 45001:2023 supersedes BS ISO 45001:2018 and BS OHSAS 18001:2007, which are withdrawn.

What has the certificate issuer described the standard as?

Where are they based?

Who accredits their issuing of certification?

Judging by your audit it sounds to be a pay the cheque / get the certificate style operation which in themselves are not strictly illegal although many do incorrectly abuse the copyright of the International Standards Organisation (logos and letters are trademark).

Originally Posted by: A Kurdziel

unless they are UKAS accredited, its not really worth the paper it is written on

Not very encompassing - in the world are many bodies certifying management systems a great many of who are not UKAS accredited but covered by their respective national organsiation.

Some examples from our global supplly chain:

TUV accredited by DAkkS (German equivalent)

Tecnalia accredited by ENAC (Spanish equivalent)

Geographically we may be an island, commercially we are merely a trading point.

Hi Jackson

There are two primary reasons to go down the ISO route and often BOTH may apply:

1. As an aid to checking that an organisation's systems consider most of the key issues with managing whateer the ISO standard covers. Getting the systems accredited is not actually needed to achieve this goal.

2. To impress people, usually customers, by being able to produce a piece of paper [of electronic equivalent] saying "accredited to ISO number whatever". The discerning will expect that the person ticking the box is approved by some body such as UKAS (or others e.g. those Roundtuit has referred to). If the person ticking the box can't pass that test, then the discerning will probably be underwhelmed. However, others might be impressed by that pretty piece of paper. 

However, this happens in all sorts of areas of life, so for OSH professionals (and others) there are as example all sorts of bodies giving out pieces of paper saying that some training ticks a "CPD" box. Not really that surprising that some training organisations will pay a few pennies to link up with those issuing the pretty pieces of paper. 

There is nothing strictly speaking wrong with a self-styled certifying body that is not UKAS accredited certifying the management system of a company and there is no one that this needs to be reported to, as no wrong doing has occurred.  (I'm assuming here that they haven't tried to pass themselves off as UKAS accredited by using the UKAS tick.).

Indeed organisations as reputable as the British Safety Council offer this service to customers without any accreditation to do so. 

The downsides are, as you have demonstrated here, that (a) they may not audit as rigorously as an accredited certifying body would, so missing enormous gaps and (b) outsiders evaluating their H&S arrangements may think that this is a bit off. 

UKAS and the IAF (the body that represents UKAS and all its overseas equivalents) have been promoting their online certificate checkers which allow third parties to find out whether a given organistaion has a certificate accredited by UKAS or, in the case of the IAF, an overseas equivalent. 

Those doing supplier evaluations who are in the know (which is not everyone) will be checking for UKAS or equivalent accreditation of the body that has issued the certificate.  When I have done supplier evaluations, I have always considered a non-accredited certificate to be suspicious.

The only thing I would do in this situation (which I have also been in) is to explain these downsides to your client so that they understand the limitations of the certification they have got (possibly using words such as "not worth the paper it's written on") , and can then make an informed decision about whether it is worth their while to get a proper UKAS accreditated certificate.