ISO 27001 Cybersecurity Management System

ISO 27001 Cybersecurity

ISO 27001 Cybersecurity

ISO 27001 provides businesses effective cybersecurity against today’s threats.  Microsoft notified nearly 10,000 customers, in 2018 that they had been targeted.  Most of these customers were businesses.  The Director of National Intelligence (DNI) has identified Russia, China, Iran, and North Korea as nation-states responsible for most cyberattacks.  Other players include corporate competitors, organized crime, and company insiders.

What is the Nature of Cybersecurity Threats?

Microsoft Security Intelligence Report version 23 noted that breaches to cybersecurity are often caused by simple methods like phishing.  Over reliance on technological approaches cannot therefore adequately address the full nature of these threats.  Companies need a management centered solution like ISO 27001 for their cybersecurity requirements.

These attacks are usually political, military, or acts of industrial espionage.  China alone has been identified by the Department of Justice (DOJ) in attacks against Westinghouse Electric Company, Solar World, United States Steel Corporation, Allegheny Technologies Inc., Alcoa, and the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union.

Why ISO 27001?

ISO 27001 is an effective approach to cybersecurity because these threats require a coordinated systematic approach.   ISO 27001 requires a detailed assessment of vulnerabilities and potential impacts.  This therefore allows for an implementation of appropriate risk treatment strategies.

Because ISO 27001 institutes management review and auditing it ensures that the organization is attuned to the changing nature of cybersecurity threats.  It accomplishes this through a Plan-Do-Act-Check (PDCA) Cycle.  The PDCA establishes objectives and processes, implements them, assesses and measures effectiveness, and provides corrective actions.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  We can do this because our team of experts have extensive experience and deep information security process control expertise.  CVG Strategy ISMS experts have certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 cybersecurity solutions on time and on budget.

FCC Approval Process Streamlined

FCC approval

FCC Streamlines Approval Process

FCC Streamlines Approval Process

The FCC approval process has been streamlined for unintentional radiators.  Most electronic devices create radio frequency (RF) energy.  This energy can interfere with devices.  Intentional radiators are devices which communicate by way of radio frequencies (Bluetooth, Wi-Fi, radio).  Unintentional radiators create RF energy from their power supplies and digital components.  These devices are therefore less likely to interfere with the communications of other devices.

Because the previous requirements were confusing and time consuming the FCC’s streamlining of the approval process is a welcome relief to manufacturers of electronic products.

Supplier’s Declaration of Conformity (SDoC)

Previously the FCC required Verification and a Declaration of Conformity (DoC).  The new FCC approval process no longer requires Verification for unintentional radiators.  It now relies solely on the Supplier’s Declaration of Conformity (SDoC).  The SDoC is comprised of the following steps:

  • Electromagnetic Compatibility (EMC) testing must be performed that conforms to FCC compliance standards.
  • Preparation of a compliance information statement that includes product information, a list of a standards to which the product is compliant and the identification of a responsible party in the United States or its territories.
  • The end user of the product must receive FCC approval compliance information in a paper or electronic user manual.
  • The device should be labeled.  The label should uniquely identify a product name, identification number and/or description.
  • A FCC label can be affixed, though not required.  An electronic label can be used for products with display capabilities.

 CVG Strategy

Our experts at CVG Strategy have extensive experience in the FCC approval process.  We have the experience in EMI/EMC to guide you in requirements for both commercial and military products.  CVG Strategy can provide pretest analysis, thereby reducing EMI emission test failures and their resultant delays. We also have expertise in Environmental testing and evaluation in a number of industries and products.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

ISO 27001 Prevents Cyberattacks – ISMS for Data Security

ISO 27001 Prevents Cyberattacks

ISO 27001 Prevents Cyberattacks

ISO 27001 Prevents Cyberattacks

Implementing an ISO 27001 Information Security Management System (ISMS) prevents cyberattacks.  The Ponemon Institute in a 2017 study found that a typical firm experiences 130 security breaches each year.  Mitigating these breaches requires more than advanced IT practices, it requires a dedicated management system.  ISO/IEC 27001 is such a system.  It includes processes for human resource security, physical and environmental security, and dealing with information security incidents.

The Real Cost of Cyberattacks

The Cost of Malicious Cyber Activity to the U.S. Economy , released by the Whitehouse in February of 2018, estimates that such attacks cost the U.S. economy between $57 billion and $109 billion in 2016.  Their real impact however, can inflict damage that is difficult to assess or quantify in dollar amounts.  While most incidents are kept out of the public eye, a few attacks like the Sony Pictures in November of 2014 do make headlines.

How ISO 27001 Prevents Cyberattacks

Because ISO 27001 is configurable to your company’s requirements it is an effective means of organizing data security.  This is because it includes a complete process and involvement of all stakeholders in monitoring and preventing cyberattacks.  ISO 27001 also includes training to maintain a high state of awareness for all employees.

The security of data is not only of great concern to your organization.  It is of interest to your customers.  ISO 27001 certification shows that your company is a responsible partner and maintains an active interest in monitoring and mitigating cyberattacks.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 certification on time and on budget.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

EMC Test Plans, A Requirement for Proper Testing

EMC Test Plans

EMC Test Plans

EMC Test Plans

EMC Test Plans are important in preparing for your trip to the lab.  The test plan should communicate all relevant information about the nature of the system to be tested.  This will allow the test lab to sufficiently assess the requirements needed to complete testing.  These requirements include: size of chamber, number of antennae positions, numbers of cables to be tested, power requirements, and specific measurement and susceptibility equipment.

Equipment Function

Representative functionality is a requirement in EMC testing for both commercial and military applications.  The EMC test plan should include a description of all modes of operation.  The plan should also provide a description of all peripheral equipment required to attain this functionality.  This information should also include a description of normal operation so that an assessment can be made in evaluation of susceptibility.

Safety

The lab will need to know if any potential hazards are posed by the equipment to be tested.  This will allow for any precautionary measures to be made ahead of time.  Because susceptibility testing can produce unforeseen equipment malfunctions, the EMC test plan should also include shut down procedures.

Requirements

Every standard will have general requirements for EMC test plans.  These include: product identification, description, power requirements, cable requirements and descriptions.  Certain standards, like MIL-STD-461, have very detailed and specific additional requirements.   Understanding the testing to be performed and the applicable standards will therefore ensure that the data provided is complete.

Why Write a EMC Test Plan?

Preparing an EMC test plan provides the test lab with the data to properly assess compliance of your product.  It also provides the necessary information for the lab to create a viable EMC Report which is a necessary record of your product’s conformity to applicable requirements.

CVG Strategy

Our experts at CVG Strategy have extensive experience in EMI/EMC.  We can provide requirement analysis, write EMC test plans, perform test witnessing, and provide troubleshooting and analysis of EMI/EMC test failures.

We also have expertise in Environmental testing and evaluation in a number of industries and products, both military and commercial.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Developmental Test and Evaluation

Developmental Test and Evaluation

Developmental Test and Evaluation

Developmental Test and Evaluation (DT&E) is normally conducted by designers of military equipment to verify that the product will meet specifications.  These tests are generally performed on the component level in a laboratory setting.  Testing is conducted early in the acquisition process.  Properly conducted, this testing can decrease the costs and scheduling requirements of failure in Field/Fleet testing.  It also serves to demonstrate that the design and development process is complete.

Effective Developmental Test and Evaluation can, by catching materiel deficiencies early on, allow sufficient time for required design modifications.  This can reduce the overall program costs.  This is because the product will more likely survive the predicted environmental stresses and meet operational requirements.  The Defense Science Board Report, Test and Evaluation Capabilities, December 2000 estimated that correction of defects added 10 to 30 percent to system costs.

Developmental Test and Evaluation

MIL-STD-810

MIL-STD-810 is an effective standard for Developmental Test and Evaluation, that when properly employed can provide evaluation of environmental factors throughout a product’s life cycle.  It is a collection of 29 laboratory test methods with numerous procedures.  The standard has stressed with increased emphasis the need for tailoring test parameters and durations to effectively evaluate these factors.  It has had to do so because of the reluctance of industry to initiate the required management and engineering processes.  In essence, it is easier to test to cookie cutter specifications that to assess the actual severities of environmental stresses.

CVG Strategy

CVG Strategy has expertise and experience in using the tailoring process in MIL-STD-810 to assist in the creation of effective Developmental Test and Evaluation programs.  Furthermore, our test and evaluation team can manage evaluation programs, write test plans, witness testing, and create test report summaries.  We have decades of experience in environmental and EMI/EMC testing in both commercial and military applications.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Counterfeit Parts and Quality Management Systems

Counterfeit Parts

Counterfeit Parts

Counterfeit Parts and Quality Management Systems (QMS)

AS9100 and AS5553, provide a Quality Management System (QMS) approach to the problem of counterfeit parts for the aviation, space, and defense industries.  Unfortunately, counterfeit parts threaten every sector of manufacturing, most especially the electronics industry.

Counterfeit Parts pose a Threat to OEMs

The best product design is only as good as its implementation.  Counterfeit parts can cause failures of products causing injury and even death.  This therefore creates huge levels of liabilities for manufactures.

They can also create Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) issues rendering a once compliant product non-compliant.  While much has been accomplished by distributors of components to control the problem of items made frauduently in recent years, the danger is still very present and costs industries billions of dollars each year.

Applicable Quality Management Systems

AS9100 is the overall QMS system for the aerospace and defense sector.  It defines a QMS model that while compatible with ISO 9001 adds requirements relevant to the industry such as Counterfeit Parts, Human Factors and Product Safety.

AS5553 – Counterfeit Electronics Parts; Avoidance, Detection, Mitigation and Disposition was created in 2009.  It provides for OEMs, methods, requirements, and practices for parts management, supplier management, procurement, inspection, test/evaluation, and response strategies.

Counterfeit Part QMS Solutions for Commercial OEMs

For OEMs outside of the purview of these standards there is an answer.  Because ISO 9001:2015 provides flexibility in implementation for the specific requirements of a company, it allows for creation of stricter traceability requirements in the procurement process.   This means  AS5553 can be implemented to the unique requirements of any OEM.  In conclusion the risk of counterfeit parts poses a threat to manufacturers in all sectors.  A well designed Quality Management System can identify such risks and mitigate counterfeit components from your products.

CVG Strategy

Our Exemplar Global Lead Auditor Consultants can help you with implementing a Quality Management System (QMS) to address counterfeit parts.  CVG Strategy has prepared, trained and implemented quality management systems for manufacturing companies in the past 10 years.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Emissions Test Failures Cost Time and Money

Radiated Emissions Testing

EMI emission test failures are a major cause of product development delays.  The fact is most products fail in their first trip to the lab.  Radiated Emissions is the most common problem and one that is difficult to fix.  This is true for both military and commercial products.

Radiated emissions testing

EMI Emission Design Issues

Application of ferrites and shielding at the lab is often a desperate battle with diminishing returns.  The best strategy is to identify major sources of emissions early in the design and mitigate at the source.  A well-designed Printed Circuit Board (PCB) can alleviate many problems but it is important to remember that every interconnecting cable is an antenna that can provide a path for radiated emissions.

Unwanted radiated emissions can be mitigated utilizing a number of strategies in the design stage but, each product has its area of special concern.  A product that controls stepper motors will have very different mitigation issues than a Bluetooth communication device.

Switching power supplies are a common area of concern for all products.  This includes main power sources and Point of Load (POL) circuits.  Care must be taken to ensure the selection of components (e.g. low ESR capacitors) and their proper placement and interconnection.

Preparation for Emissions Testing

A great design can still fail if poorly constructed.  Pre-production or early production samples of products often will have paint and coatings in unwanted areas resulting in ungrounded cables and chassis parts.  Cables utilized for testing will often not be representative due to size constraints of the lab.  These cables often are not constructed to the same standards and may not have adequate shielding. Off-chamber simulation and monitoring equipment requires special attention. This equipment can often contribute emissions that will cause a “false” EMI emissions test failure.

CVG Strategy

Our experts at CVG Strategy have extensive experience in EMI/EMC.  We can provide pretest analysis to help reduce EMI emission test failures and their resultant delays. We also have expertise in Environmental testing and evaluation in a number of industries and products, both military and commercial.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Quality Management System Documentation

Quality Management System Documentation

ISO 9001: 2015 Quality Management System Requirements

Proper documentation is the cornerstone of ISO 9001:2015.  Creating a system of documentation that is appropriate to your company’s requirements is crucial.  This is because the documentation defines the manner in which it will conduct business.  Paying attention to the design of your Quality Management System (QMS) at the offset can provide an efficient system that avoids a cumbersome bureaucratic framework.

Quality Management Documentation

Elements that comprise ISO 9001:2015 documentation are:

  • Scope Statement
  • Quality Policy
  • Quality Objectives
  • Process Flowchart
  • Work Instructions
  • Records

Fitting the Documentation to a Company’s Requirements

The formation of each of these categories is critical and requires detailed analysis to properly implement.  There is no specific requirement as to format or layout.  Because each company has a unique business model, “cookie cutter” methods of implementing a QMS can have diminishing returns.

Quality Management System Documentation should be created understanding the needs and expectations of the organization.  This requires that all stakeholders.  Moreover it should be concise and user oriented.  ISO 9001:2015 documentation provides instructions on how your QMS is run and ultimately how your company is run. Therefore, properly structured documentation can actually make your operations easier.  This is because well designed program can integrate ISO-14001, Lean methodologies and other business models into your vision and strategy.

As your company grows, so too will its QMS.  A program started out on the right path can therefore easily grow to facilitate new aspects and players in your company’s scope, objectives, and goals.

In conclusion, ISO 9001:2015, if well incorporated and conceived in its documentation, is a powerful tool that can enhance a business’s potential by creating intelligent processes, quality products, and a satisfied customer base.

CVG Strategy

CVG Strategy quality experts focus on processes and process improvement in all our work.  Understanding Quality Management System Documentation development is a fundamental aspect of our work as consultants, helping our customers make their business run more efficiently and improving customer satisfaction.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.