01.24.23

Gemini version available ♊︎

The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

Posted in Deception, Free/Libre Software, ISO, Security at 9:27 pm by Dr. Roy Schestowitz

The International Organization for Standardization (ISO) certification process means almost nothing. It’s just a glorified brand. Deep inside many people and organisations know it.

Dilbert on ISO
Dilbert on ISO 9000 Certification in 1996 (there are also 21 for ISO 9001)

Summary: Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)

THE past few days were spent explaining ISO certification in relation to Sirius. The next few days will be spent giving an example or a sub-set of examples of how Sirius handled sensitive data. It probably hasn’t improved at all since I left last month.

For some essential background, Sirius Open Source Inc. (not SIRIUS CORPORATION LIMITED) was grabbing Gates Foundation money back in 2019 — all this while registering in the US for this “first US client”, letting Windows users who adore surveillance get involved in decision-making while outsourcing more and more of what’s left of the company to dubious companies with NSA connections.

“While I’m not going to report this as a former insider, I do wish to explain what’s at stake here, at least as a cautionary tale.”The problem here is that Sirius had British clients with their clients’ data on the systems. Some was medical data. What does the law say about access from another country and why was Google (American company) getting/drowning in legal hot waters for involvement in the NHS?

What’s more, it’s not clear if ISO 9001 certifiation allows personal computers at home, purchased and maintained by staff along with many other uses and applications, to be used as work machines (deemed “Secure”? Really???). Remember that, as we noted repeatedly in the past, the managers never bothered supplying the staff with anything; the company does not even provide a chair and a desk, as already explained in length here (mostly back in December). Did that pass muster at ISO’s cash register (ISO just wants the money)?

“ISO doesn’t care; it has no quality control of its own; its workers are like corporate staff and they might not even care anyway; they got the money, and that’s what’s important to ISO.”Well, maybe in the ISO forms the company can pretend that those computers were supplied by the company to staff when in fact the staff receives almost nothing from the company except a very old phone (Cisco-branded, Ethernet only; maybe 2 decades old).

While I’m not going to report this as a former insider, I do wish to explain what’s at stake here, at least as a cautionary tale. ISO doesn’t care; it has no quality control of its own; its workers are like corporate staff and they might not even care anyway; they got the money, and that’s what’s important to ISO. Many questions remain, e.g. which actual shell was the certification for? Do they realise they deal with a hydra or a polymorphous entity here (some of its shells are based in another continent, without actual boundaries within the company)? Even the pension schemes seem to be struggling to keep track and they need to be lectured on how the company splits and then illegally compels staff to sign papers without legal advice (nor proper understanding), as we noted here before. It was covered a lot roughly one week ago.

“To be clear, NHS was not a client, except indirectly (contractors).”And sure, many lessons are to be learned outside the company, too. If regulators could find E-mails, they would not struggle to see incriminating stuff (we plan to add examples to the wiki), including NHS medical data “oopsies” (admission on the record, too), even for people do not consent to data sharing. ISO probably doesn’t care. As we said several times already, ISO only cares about money. With ‘anonymisation’ not working, accidents aside, there’s a big scandal brewing under the surface, but then again the privatisation of the NHS would likely misplace the blame. The media has several examples of known incidents and it’s a very big deal because the NHS has been pushing towards it, moreover offering to send some of this data abroad.

To be clear, NHS was not a client, except indirectly (contractors). But if someone wishes to find some major scandal/blunder, we welcome further investigation, i.e. people can do what ISO ‘cannot’ do because it would discredit ISO.

“There are 2 problems to track,” an associate noted, “one is the scam of the ISO 9000 certification. The other is the destruction of ISO as an organisation by Microsoft.”

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Leave a Comment

You must be logged in to post a comment.

DecorWhat Else is New


  1. Sirius Finished

    Yesterday I was sent a letter approving my resignation from Sirius ‘Open Source’, two months after I had already announced that I was resigning with immediate effect; they sent an identical letter to my wife (this time, unlike before, they remembered to also change the names!!)



  2. The Collapse of Sirius in a Nutshell: How to Identify the Symptoms and Decide When to Leave

    Sirius is finished, but it's important to share the lessons learned with other people; there might be other "pretenders" out there and they need to be abandoned



  3. Links 03/02/2023: WINE 8.1 and RapidDisk 9.0.0

    Links for the day



  4. Links 02/02/2023: KDE Gear 22.12.2 and LibreOffice 7.5

    Links for the day



  5. Linux News or Marketing Platform?

    Ads everywhere: Phoronix puts them at the top, bottom, navigation bar, left, and right just to read some Microsoft junk (puff pieces about something that nobody other than Microsoft even uses); in addition there are pop-ups asking for consent to send visitors’ data to hundreds of data brokers



  6. Daily Links at Techrights Turn 15, Time to Give Them an Upgrade

    This year we have several 15-year anniversaries; one of them is Daily Links (it turned 15 earlier this week) and we've been working to improve these batches of links, making them a lot more extensive and somewhat better structured/clustered



  7. Back to Focusing on Unified Patent Court (UPC) Crimes and Illegal Patent Agenda, Including the EPO's

    The EPO's (European Patent Office, Europe's second-largest institution) violations of constitutions, laws and so on merit more coverage, seeing that what's left of the "media" not only fails to cover scandalous things but is actively cheering for criminals (in exchange for money)



  8. European Patent Office Staff Votes in Favour of Freedom of Association (97% of Voters in Support)

    The Central Staff Committee (CSC) at the EPO makes a strong case for António Campinos to stop breaking and law and actually start obeying court orders (he’s no better than Benoît Battistelli and he uses worse language already)



  9. Links 02/02/2023: Glibc 2.37 and Go 1.20

    Links for the day



  10. IRC Proceedings: Wednesday, February 01, 2023

    IRC logs for Wednesday, February 01, 2023



  11. Links 01/02/2023: Security Problems, Unrest, and More

    Links for the day



  12. Links 01/02/2023: Stables Kernels and Upcoming COSMIC From System76

    Links for the day



  13. IRC Proceedings: Tuesday, January 31, 2023

    IRC logs for Tuesday, January 31, 2023



  14. Links 31/01/2023: Catchup Again, Wayland in Xfce 4.20

    Links for the day



  15. Links 31/01/2023: elementary OS 7

    Links for the day



  16. Intimidation Against Nitrux Development Team Upsets the Community and Makes the Media Less Trustworthy

    Nitrux is being criticised for being “very unappealing”; but a look behind the scenes reveals an angry reviewer (habitual mouthpiece of the Linux Foundation and Linux foes) trying to intimidate Nitrux developers, who are unpaid volunteers rather than “corporate” developers



  17. Links 31/01/2023: GNOME 44 Wallpapers and Alpha

    Links for the day



  18. Free and Open Source Software Developers' European Meeting (FOSDEM) and KU Leuven Boosting Americans and Cancellers of the Father of Free Software

    The Free Software Foundation (FSF) and its founder, Richard M. Stallman (RMS), along with the SFLC one might add, have been under a siege by the trademark-abusing FSFE and SFC; Belgium helps legitimise the ‘fakes’



  19. Techrights in the Next 5 or 10 Years

    Now that I’m free from the shackles of a company (it deteriorated a lot after grabbing Gates Foundation money under an NDA) the site Techrights can flourish and become more active



  20. 60 Days of Articles About Sirius 'Open Source' and the Long Road Ahead

    The Sirius ‘Open Source’ series ended after 60 days (parts published every day except the day my SSD died completely and very suddenly); the video above explains what’s to come and what lessons can be learned from the 21-year collective experience (my wife and I; work periods combined) in a company that still claims, in vain, to be “Open Source”



  21. IRC Proceedings: Monday, January 30, 2023

    IRC logs for Monday, January 30, 2023



  22. Taking Techrights to the Next Level in 2023

    I've reached a state of "closure" when it comes to my employer (almost 12 years for me, 9+ years for my wife); expect Techrights to become more active than ever before and belatedly publish important articles, based on longstanding investigations that take a lot of effort



  23. The ISO Delusion: When the Employer Doesn’t Realise That Outsourcing Clients' Passwords to LassPass After Security Breaches Is a Terrible Idea

    The mentality or the general mindset at Sirius ‘Open Source’ was not compatible with that of security conscientiousness and it seemed abundantly clear that paper mills (e.g. ISO certification) cannot compensate for that



  24. Links 30/01/2023: Plasma Mobile 23.01 and GNU Taler 0.9.1

    Links for the day



  25. EPO Management Isn't Listening to Staff, It's Just Trying to Divide and Demoralise the Staff Instead

    “On 18 January 2023,” the staff representatives tell European Patent Office (EPO) colleagues, “the staff representation met with the administration in a Working Group on the project “Bringing Teams Together”. It was the first meeting since the departure of PD General Administration and the radical changes made to the project. We voiced the major concerns of staff, the organization chaos and unrest caused by the project among teams and made concrete proposals.”



  26. Links 30/01/2023: Coreboot 4.19 and Budgie 10.7

    Links for the day



  27. IRC Proceedings: Sunday, January 29, 2023

    IRC logs for Sunday, January 29, 2023



  28. [Meme] With Superheroes Like These...

    Ever since the new managers arrived the talent has fled the company that falsely credits itself with "Open Source"



  29. Not Tolerating Proprietary 'Bossware' in the Workplace (or at Home in Case of Work-From-Home)

    The company known as Sirius ‘Open Source’ generally rejected… Open Source. Today’s focus was the migration to Slack.



  30. The ISO Delusion: A Stack of Proprietary Junk (Slack) Failing Miserably

    When the company where I worked for nearly 12 years spoke of pragmatism it was merely making excuses to adopt proprietary software at the expense of already-working and functional Free software


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts