ISO 27001 Cybersecurity Management System

ISO 27001 Cybersecurity

ISO 27001 Cybersecurity

ISO 27001 provides businesses effective cybersecurity against today’s threats.  Microsoft notified nearly 10,000 customers, in 2018 that they had been targeted.  Most of these customers were businesses.  The Director of National Intelligence (DNI) has identified Russia, China, Iran, and North Korea as nation-states responsible for most cyberattacks.  Other players include corporate competitors, organized crime, and company insiders.

What is the Nature of Cybersecurity Threats?

Microsoft Security Intelligence Report version 23 noted that breaches to cybersecurity are often caused by simple methods like phishing.  Over reliance on technological approaches cannot therefore adequately address the full nature of these threats.  Companies need a management centered solution like ISO 27001 for their cybersecurity requirements.

These attacks are usually political, military, or acts of industrial espionage.  China alone has been identified by the Department of Justice (DOJ) in attacks against Westinghouse Electric Company, Solar World, United States Steel Corporation, Allegheny Technologies Inc., Alcoa, and the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union.

Why ISO 27001?

ISO 27001 is an effective approach to cybersecurity because these threats require a coordinated systematic approach.   ISO 27001 requires a detailed assessment of vulnerabilities and potential impacts.  This therefore allows for an implementation of appropriate risk treatment strategies.

Because ISO 27001 institutes management review and auditing it ensures that the organization is attuned to the changing nature of cybersecurity threats.  It accomplishes this through a Plan-Do-Act-Check (PDCA) Cycle.  The PDCA establishes objectives and processes, implements them, assesses and measures effectiveness, and provides corrective actions.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  We can do this because our team of experts have extensive experience and deep information security process control expertise.  CVG Strategy ISMS experts have certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 cybersecurity solutions on time and on budget.

FCC Approval Process Streamlined

FCC approval

FCC Streamlines Approval Process

FCC Streamlines Approval Process

The FCC approval process has been streamlined for unintentional radiators.  Most electronic devices create radio frequency (RF) energy.  This energy can interfere with devices.  Intentional radiators are devices which communicate by way of radio frequencies (Bluetooth, Wi-Fi, radio).  Unintentional radiators create RF energy from their power supplies and digital components.  These devices are therefore less likely to interfere with the communications of other devices.

Because the previous requirements were confusing and time consuming the FCC’s streamlining of the approval process is a welcome relief to manufacturers of electronic products.

Supplier’s Declaration of Conformity (SDoC)

Previously the FCC required Verification and a Declaration of Conformity (DoC).  The new FCC approval process no longer requires Verification for unintentional radiators.  It now relies solely on the Supplier’s Declaration of Conformity (SDoC).  The SDoC is comprised of the following steps:

  • Electromagnetic Compatibility (EMC) testing must be performed that conforms to FCC compliance standards.
  • Preparation of a compliance information statement that includes product information, a list of a standards to which the product is compliant and the identification of a responsible party in the United States or its territories.
  • The end user of the product must receive FCC approval compliance information in a paper or electronic user manual.
  • The device should be labeled.  The label should uniquely identify a product name, identification number and/or description.
  • A FCC label can be affixed, though not required.  An electronic label can be used for products with display capabilities.

 CVG Strategy

Our experts at CVG Strategy have extensive experience in the FCC approval process.  We have the experience in EMI/EMC to guide you in requirements for both commercial and military products.  CVG Strategy can provide pretest analysis, thereby reducing EMI emission test failures and their resultant delays. We also have expertise in Environmental testing and evaluation in a number of industries and products.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.