Maintaining Export Compliance in a Dynamic World

maintaining export compliance
maintaining export compliance

Continuing Changes in Export Compliance

Maintaining export compliance requires vigilance and is more important than ever.  The Bureau of Industry and Security (BIS) has increased enforcement and has also increased civil and criminal penalties for export violations.  At the same time changes in sanctions and Export Control Classification and the U.S. Munitions List (USML) make it more and more possible to unwitting violate the law.  Small businesses are not alone in this predicament as major players such as Apple, ExxonMobil, and Western Union have faced major penalties in 2019.  This holds true for those doing business under the scope of the Export Administration Regulations (EAR) and the International Trade in Arms (ITAR).

Strategy for Compliance

While there are many factors to maintaining export compliance, most involve continuing education of all involved players in a business.  This includes any parties who interact with customers or potential customers, those involved with Export Control Classification, and in the case of ITAR those involved with facility and information security.  This education should stress the dynamics of export compliance and a need to stay abreast of developments as they occur.

CVG Strategy Export Compliance Experts

CVG Strategy export experts know that knowledge is key. We can provide training in product classification, applying for licenses, screening potential customers, and securing data and facilities. We also include in our training which key US Government agencies and regulations specifically apply to your business.

Kevin Gholston, has 20 years’ experience in US export controls. He can guide you through the laws and regulations that apply to both the EAR and ITAR. We also provide a business simulation using the information learned during the course. Our training is available onsite and by webinar. Our classes are engaging and promote involvement by all participants. We also schedule time for questions you may have regarding your specific business applications.


We can also help you with export control classification of articles and technology. Our specialists have classified thousands of products, services and technology over the years and provide you with confidence in your export business.

 

NSO Group Under Investigation by the FBI

NSO Group Under Investigation
NSO Group Under Investigation

The FBI is Investigating NSO Group for Personal and Government Hacks

The Israeli based NSO Group is under investigation concerning possible attacks on United States citizens and companies by the FBI.   Reuters reported on January 30, 2020 that the probe, which has been active since 2017, concerns the infection of smartphones.  NSO Group creates products for government intelligence and law enforcement agencies for use against crime and terror.  A spokesperson for the NSO Group stated “We have not been contacted by any U.S. law enforcement at all about any such matters,” and the FBI will neither confirm or deny the existence of any investigations.

Pegasus Product of Special Concern

The NSO Group’s Pegasus product is a software tool that can capture data on a phone including encrypted messages and audio.  Allegations have been raised that Pegasus might have been used in a hack against Amazon’s Jeff Bezos.  The FBI has met with Bezos and has reported that if US citizens are being hacked that it considered both the company supplying the software and the criminals using those tools responsible.  In a quote an FBI official said “Whether you do that as a company or you do that as an individual, it’s an illegal activity”.

Where to Draw the Line

As with any tool, the ultimate benefit or harm in its use lays in the hands of the person or agency employing it.  While few would argue that fighting crime and terror are not noble goals, care must be taken in providing those tools to appropriate people or agencies.  Furthermore continued oversight by those agencies empowered by such tools must be maintained to make sure rogue individuals within an organization do not use them maliciously.   Perhaps of greater concern is that once the technologies are obtained by nefarious players there is no way to reestablish control of them, placing all of us at risk.

Smartphone Cyber Vulnerabilities for Businesses

Smartphones are of special concern to businesses because of the ability of users to inadvertently place proprietary data at risk.  The costs of such data breaches is difficult to ascertain because of the shared risk with suppliers, vendors, and customers.  Adequate mitigation requires a flexible strategic program that can adapt to threats as they evolve.  This is best provided by an Information Security Management System (ISMS).  An ISMS is a management system based on risk assessment to establish, implement, operate, monitor, maintain and improve information security.  CVG Strategy can help you achieve ISMS Certification.   Contact us to learn more.

Product Ruggedness and Water Centered Test Methods

product ruggedness and water
product ruggedness and water

Water is a Major Concern in Product Ruggedness Testing

Water is part of many test methods when evaluating product ruggedness. We live in a world that is predominated by the substance, and its effects on products for any application are severe. Because of this, products must be evaluated for their abilities to endure exposure to water as a solid, liquid, and as a gas. These tests, although seemingly simple, can present challenges to product designers.  Effects of water on products include:

  • Possible degradation of strength
  • Corrosion or erosion of materials
  • Fungal Growth
  • Malfunction of electronic and electrical equipment with possibility of hazardous operation
  • Fouling of lubricants
  • Increased chemical reactions
  • Swelling of materials
  • Condensation
  • Changes in material properties such as elasticity

Ingress Testing

Ingress testing is found in a wide variety of industry specific test methods.   Perhaps the standard with the broadest use is IEC 60529 which evaluates a product’s degree of protection as classified by an Ingress Protection Code (IP Code).  These tests also involve solid foreign objects including dust.  Testing that involves water includes dripping, spraying, splashing, jetting, powerful jetting, temporary immersion, continuous immersion, and water jet with high pressure and temperature. 

Similar testing can be found in standards specific to the aerospace, automotive, and military sectors.  In the automotive sector a number of ISO, IEC, and proprietary standards are used in evaluation.  In defense applications MIL-STD-810 includes testing for blowing rain, immersion and fording.

Of major concern in these tests are gaskets and seals used to create “waterproof” enclosures.  Though it may appear to be an easy task, gasket design can be a great challenge.  In many cases a gasket must not only protect against ingress but also serve to attenuate radio frequency energy to meet EMI requirements.  The sealing materials must also endure thermal, solar, and dynamic effects.  In some cases, such as wind blown rain, the impact of droplets can cause resonances that defeat otherwise sound barriers.

Humidity

Large portions of the planet experience intense humidity.  Some areas experience this year round.  Additionally certain applications such as marine will have extreme conditions.  Humidity can wreck havoc in a large number of ways.  It can degrade plastics.  It can interact with deposits of dust and other substances to produce corrosive films.  Testing for the effects of humidity is difficult.  Thorough evaluation usually involves lengthy tests that can last months.  Aggravated or accelerated testing can at times be useful to point out potential design deficiencies, but it can be difficult to ascertain the validity of data returned with respect to anticipated exposures.

Fungus

Exposure to airborne fungal mycotoxins can be highly hazardous to humans resulting in neurological damage and cancer.  Fungus and mold species prosper in humid conditions.  A number of test standards can evaluate a products potential for supporting fungal growth.  It can be difficult to ascertain this by a simple analysis of materials in a Bill of Materials because deposits of contaminates may find their way on to a product during manufacturing or actual use.  Generally these organisms can attack a wide variety of materials.  Additionally their metabolic wastes can degrade materials.

Salt

Airborne salt can cause extreme corrosion.  Salt fogs are common in coastal areas and of course in marine applications.  Testing of protective coatings is essential for products that can expect such exposure.  While test methods can detect possible sources of problems they are not effective simulations of the actual environmental effects.  Of further concern, testing is usually performed on new product.  How a protective coating performs after thermal and solar can be difficult to evaluate, as can the effects of dropping, or impacts sustained in actual use.

Water as a Solid

Product ruggedness can be greatly diminished by ice and frost.  Deposits of ice can cause structural failures and of course render devices inoperable.  Frost and ice can gradually cause failures of seals and gaskets.  It can also cause failure of bonding materials and cause distortion of parts when recurring icing and thawing events occur.  Test methods are available for evaluation of ice effects and time should be taken to select appropriate procedures based on a product’s intended usage.

CVG Strategy

CVG Strategy has extensive experience in product test and evaluation of product ruggedness and water.  We can evaluate products, examine requirements, assess gasketing and sealing methods, and develop a test matrix to ensure that a product will perform as designed for its intended service life.  We provide a variety of consultant services to assist in product testing.

Apple iCloud Full Encryption News Should Raise Concerns

apple icloud full encryption
apple icloud full encryption

Apple Drops Plans for iCloud Full Encryption

As reported by Reuters on January 22, 2020, Apple has dropped plans for full encryption of the iCloud for iPhone users.  This was in response to complaints by the FBI that such encryption would harm investigations.  Certainly the need for the availability of data by law enforcement agencies in cases such as the Saudi Air Force officer who killed three people in Pensacola, Florida, can be argued to be valid.  It should however, raise larger questions as to the total security of cloud based computing and the efficacy of using it for businesses.

Cloud Computing and Businesses

Cloud computing is experiencing tremendous growth in the business sector.  On the face of it, there are many advantages to cloud computing for businesses.  It is a scalable solution that meet a company’s growth, it offloads requirements for back up and disaster recovery, and it improves document control.  That however involves some serious consequences.

Business Cybersecurity

A business’s data is priceless.  When you offload the responsibility for maintaining the security of that data you cannot be certain your best interests are being met.  Ask yourself this. How often do you ask somebody to hold your wallet or pocketbook?  You have no real way of determining security of your data because there is no standard of protection for cloud service providers.

You are also handing over incident mitigation to another party.  In the all too likely event of a data breach, or denial of service, or other cyberattack, a company will have little flexibility to respond to the incident.

Another major concern is the loss of control over users of data inside a company.  Once an employee has access to data in a cloud based system it is impossible to monitor and control how that data is being used.  This is of even greater concern to companies that must operate in compliance to information security regulations.  Examples of such regulations include International Traffic in Arms Regulations (ITAR), and Health Insurance Portability and Accountability Act (HIPAA) where such loss of control can lead to non-compliance which has serious repercussions.

Business Data Security is Important

Maintaining the security of a business’s data is a primary concern in today’s world.  This requires that those that are serious about cybersecurity take the long view and not follow the pack.  Asking the hard questions may bring answers that make seemingly convenient choices far less than appropriate.  Having a comprehensive program to address these concerns such as an Information Security Management System (ISMS) is often the best solution.  CVG Strategy can help you establish and maintain a viable solution for your data security.

 

 

 

ISO 9001 Certification Audits and Your Company

iso 9001 audits
iso 9001 audits

ISO 9001 Certification Audits

Once an ISO 9001 program is in place, a company will face audits as part of the certification process.  These audits ensure that the company’s program is in compliance with the requirements of the standard.  This may seem like a process that would likely cause a great deal of stress, but this needn’t be the case.

If your company is actively engaged in ISO 9001 Quality Management System (QMS) the audit can serve to enhance  and improve your improvement processes.  An auditor that is serious about the task at hand isn’t there to be the “bad cop”.  An auditor’s job is to verify compliance.  Where compliance is not found, that information is passed on to the company, so that corrections can be made to meet compliance.

What Strategy Should Be Taken to Prepare for an ISO 9001 Audit?

To best engage with the auditing process, one need only look to the standard itself and act accordingly.  Therefore, step one is to know the standard and prepare accordingly.  This should inform you as to what information the auditor will need to see so that you can have that information readily available. 

ISO 9001:2015 stresses a quality system that involves all stakeholders.  This means that all stakeholders should be prepared for the audit and informed as to what information the auditor is likely to require.  Again all of this is in the standard.  If proper training has been conducted, informing those involved in the audit, should be a review of that training.

Internal Auditing is part of the ISO 9001 management system.  If a thorough and honest appraisal has been conducted prior to the certification process it is likely that areas of possible non compliance are already known and can be addressed prior to the certification audit.

CVG Strategy QMS Consultants

We can help you meet your quality management goals.  CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors for ISO 9001:2015.  We can provide the training required to understand and engage in a QMS and make it meet desired objectives.  This process includes defining the context of your organization, creation of internal auditing processes and much more.  Contact us to learn more

 

 

Cybersecurity Strategy and Business Management

cybersecurity strategy
cybersecurity strategy

Having a Cybersecurity Strategy is Essential

Having an effective cybersecurity strategy is a necessity in today’s business world.  News stories and alerts appear daily, informing us of yet another threat or data breach that has put at risk the valuable data and security of millions of people.  This endless pressure can lead to paralysis induced by fear, but fear is not a strategy.  As Sun Tzu, author of the Art of War said, “He who exercises no forethought but makes light of his opponents is sure to be captured by them.”  Sadly, the modern business world is often too caught up in a tactical perspective at the expense of a strategic one.  Strategy involves vision, risk management, and a hankering for moving beyond the status quo. 

Learn From Those in the Lead of Cybersecurity Strategy

Having accepted the need for action, one need not re-invent the wheel.  A number of organizations who must respond effectively are setting excellent examples.  The Department of Homeland Defense (DHS) is such an example.  In its publication, Cybersecurity Strategy the DHS lays out its plan of battle in a series of goals.  These goals include Five Pillars:

  1. Risk Identification
  2. Vulnerability Reduction
  3. Threat Reduction
  4. Consequence Mitigation
  5. Enabling Cybersecurity Outcomes

Risk Identification

Identifying the evolving nature of the threat can inform an organization of the scope of the problem and the nature of the cybersecurity strategy that must be employed.  As cyber threats are constantly changing, effective strategies will require constant monitoring with goals of improvement of extent processes and controls.  

Vulnerability Reduction

For the DHS Vulnerability Reduction includes denial of access to malicious cyber activity and maximizing collaboration between stake holders.  This is an excellent practice for businesses as well.  Employing appropriate  policies and working together with all departments, employees, customers, and vendors is a major step is an important part of an effective cybersecurity strategy.

Threat Reduction

The DHS seeks to reduce cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.  While as executed by the DHS, such activities lay well beyond the purview of most companies, employing effective technological and security systems to protect your company is essentially performing the same task.

Consequence Mitigation

Having an action for mitigating the effects of a cybersecurity incident is of extreme importance to a business, its vendors, and customers.  Such responses must be planned for and coordinated across the board to minimize the damage as quickly as possible.

Enabling Cybersecurity Outcomes

This pillar is composed of two goals: To support policies and activities that enable improved cybersecurity risk management, and to execute these policies in an integrated and prioritized way. 

ISO 27001 Information Security Management System (ISMS)

Fortunately for businesses who are serious about developing a comprehensive cybersecurity strategy, ISO 27001 employs all of these principals into action.  It incorporates people, processes, and IT systems to coordinate security efforts consistently and cost effectively.  CVG Strategy can help your business develop a cybersecurity strategy that is appropriate to your business goals, culture, and marketplace. 

 

 

 

Using MIL STD 810 in Product Development

using mil std 810
using mil std 810

When to Start Using MIL-STD-810

Most product designers begin using MIL STD 810 when they are ready to select test methodologies to evaluate a product, but to get the most from this standard it should be employed when first establishing design criteria and specifications.  Using the standard this way can save significant time and money in product development and help create a product that meets requirements and maintains customer satisfaction for the products lifetime.

Why Early?

Most test standards establish criteria for product specification in form of requirements, so in a sense all applicable test standards should be referenced when considering the creation of a product, but this is especially the case with MIL-STD-810.  Because this standard is much more than a collection of test methodologies with requisite requirements, it provides useful tools for analysis of environmental stresses likely to be encountered by the product from the time it leaves the shipping dock until it reaches its end of life.

This analysis, which examines logistical, tactical, and operational phases of product life provides a list of environmental stressors likely to be encountered by the product on its platform of intended use.  Further use of this guidance can provide appropriate profiles and severities based on the geographical areas of intended usage and the characteristics of the platform (ship, vehicle, aircraft) on which the product will be installed.

This analysis, along with measured data and customer requirements, will create a list of relevant and substantiated data from which specifications can be drawn.  This in turn will allow for a product that is neither over or under engineered.  It will also, of course, provide parameters for appropriate evaluation through testing.

A Standard With Three Parts

MIL-STD-810 is composed of three parts.  The first part describes the tailoring process which provides the aforementioned analysis.  Tailoring is a management and engineering procedure that conducts a Life Cycle Environmental Profile (LCEP) and creates an Environmental Issues/Criteria List (EICL).  The second part contains, as of Revision H, the 29 laboratory test methods for product evaluation.  The third part contains climatic data and guidance derived from a number of sources.

Given the complexity of modern environmental laboratory test methods, it is not surprising that parts 1 and 3 of the standard are often overlooked by designers, lab personnel, and even those involved with educating people about the standard.  A look through the many annexes in part 2 can be quite daunting.  Furthermore, many of these methods, especially dynamic (e.g. vibration and shock) are changing rapidly as the technologies utilized in the methods develop. 

Learning to Use MIL STD 810

CVG Strategy provides education in this important standard.  Our instructors have decades of experience in laboratory test and evaluation of military and commercial products.  We understand the importance of testing and getting a properly designed product to market in a timely fashion.  Instruction includes extensive coverage of the tailoring process and how to use it your product development.  Our courses are available online and on location. 

 

MIL STD 461 RE102 Radiated Emissions

MIL STD 461 RE102
MIL STD 461 RE102

MIL STD 461 RE102 Radiated Emissions Testing

MIL-STD-461 RE102 is a test method for evaluating electric field radiated emissions from systems and subsystems enclosures and cabling designed for U.S. military applications.  Requirements and testing vary for intended platform of intended installation.  The frequency ranges applicable for various platforms are:

  • Ground:  2 MHz to 18 GHz
  • Surface Ships: 10 kHz to 18 GHz
  • Submarines: 10 kHz to 18 GHz
  • Aircraft (Army and Navy): 10 kHz to 18 GHz
  • Aircraft (Air Force):  2 MHz to 18 GHz
  • Space:  10 kHz to 18 GHz

By the numbers, limits imposed on emissions are severe and well below most commercial standards.  The numbers however, do not tell the entire story, because test values measured are peak values, not average or quasi-peak.  Measurements are also made with antennas positioned 1 meter away from the edge of the test set up.  In short there is not an apple to apple comparison that can be made between RE102 and other standards; the emission limits are lower, the frequency ranges are larger, and the measurements are performed in a more severe manner.

Getting it Right

While RE102 testing should be performed as early in product development as possible, it is important that the test item be as representative as possible.  This means that enclosure, PCB revisions, firmware, software, and cabling should be fully representative of the final product.  Care should also be taken in creating the ability to simulate normal modes of operation so that testing can be performed on the Equipment Under Test (EUT) that reflects its intended use.  All of these parameters should be reflected in an Electromagnetic Test Procedure (EMITP) that is constructed in accordance to MIL-STD-461 requirements as described in DI-EMCS-80201.

Facing the Music About RE102

The simple fact is that most product developers do not pass MIL-STD-461 RE102 testing the first time.  Retest and redesign cost money and time.  Adding patchwork cures such as filtered connectors can add significantly to product cost and often not provide the required attenuation.  Often the most cost effective solution is to perform an evaluation of the product to assess sources of the emissions and make design changes to mitigate them before they can couple onto wiring and power sources. 

CVG Strategy Can Help

CVG Strategy offers a wide array of services to help you with EMI/EMC issues.  Our experts have extensive experience in MIL-STD-461 RE102 and many other military and commercial standards. 

MIL STD 810 Shock Test Methods Are Numerous

MIL STD 810 Shock
MIL STD 810 Shock

MIL-STD-810 Shock Methods and Procedures

MIL-STD-810 contains numerous shock methods and procedures.  This is because the types of shock likely to be encountered during a product’s logistic, tactical, and operational service life are substantial.  MIL-STD-810 therefore, must contain multiple methods and procedures to simulate these events in laboratory testing.  To ensure effective developmental test and evaluation of a product it is important to understand these types of shocks, their characteristics, and how they could potentially effect the product to be tested.  Methods for evaluation include:

  • Shock
  • Pyroshock
  • Gunfire Shock
  • Ballistic Shock
  • Rail Impact

Within most of these methods various procedures are contained to further complicate the issue.  Method 516.8 Shock has eight different procedures these procedures include:

  • Functional Shock
  • Transportation Shock
  • Fragility
  • Transit Drop
  • Crash Hazard Shock
  • Bench Handling Shock
  • Pendulum Impact
  • Catapult Launch/Arrested Development

Choosing Appropriate MIL-STD-810 Shock Methods

Because time and money are limited resources, decisions must be made as to which testing will be performed.  While requirements can offer a degree of clarity into relevant test methodology selection, a thorough assessment must be made through a Life Cycle Environmental Profile (LCEP) to develop an effective test matrix.  The LCEP will map all anticipated logistical, tactical, and operational shock events and offer appropriate parameters for test selection and severity.  These inputs combined with requirements and measured data are then placed into an Environmental Issues/Criteria List (EICL).  Selection can then be made based on a risk assessment of vulnerabilities of the product based and probability of an environmental stress to occur.

Characteristics of Shock Types

Mechanical shock are generally events that have a short duration of under a second and are usually limited in frequency below 4 kHz.  Other types of shock such as Pyroshock (Pyrotechnic Shock) , Ballistic Shock, and Shipboard Shock (MIL-DTL-901) can have much higher frequency components.  Pyroshocks, for example, typically are less than 20 msec. in duration with a frequency range of 100 Hz to 1 MHz.  Higher frequency shock events pose a greater threat to smaller electronic components and can cause intermittent failures due to relay chatter and piezoelectric effects.  Therefore consideration must be given to the test items vulnerabilities to shock frequency content as well as  g forces.

Making the Decisions

MIL-STD-810 provides guidance for selection of appropriate test methodologies.  This allows for the development of systems in a timely fashion without excessive testing and over engineering.  When selecting, for example, appropriate scenarios for Transport Drop for Tactical situations, look at those with the greatest impact velocity and then make a risk assessment as to which of these would pose the greatest threat to the test item based on the probability of an event to occur. 

CVG Strategy Can Help

Our team of test and evaluation experts can assist you in creating a meaningful test program that meets requirements and prevents costly failures at the operational test stage.  CVG Strategy provides an array of services to help you with environmental and EMI/EMC testing.  We also offer classes in MIL-STD-810 to help you keep current with the latest developments in this important standard.

 

 

New Geospatial Software Export Restrictions to the EAR

Geospatial Software Export Restrictions
Geospatial Software Export Restrictions

New EAR Export Restrictions of Geospatial Software

The Bureau of Industry and Science placed restriction on the export of geospatial software on January 6, 2020.  This ruling classifies software specially designed to automate the analysis of geospatial imagery, as specified, under the Export Control Classification Number (ECCN) 0Y521 series, specifically under ECCN 0D521.  This ruling which effects exports to all countries except Canada, was determined to be necessary because these items could provide significant military or intelligence advantage to the United States.

What is Geospatial Software?

Geospatial software is a growing field of technology involved with mapping and analysis of the Earth’s surface.  It is a technology used to acquire, manipulate, and store geographic information.  Technologies that utilize geospatial software include Global Positioning Systems (GPS), Geographic Information Systems (GIS), and Internet Mapping.   As an analysis tool it can be used by businesses to understand trends at specific locations by understanding demographics, availability of natural resources, agricultural trends, and environmental conditions.

Because such powerful tools can also be used for a wide variety of intelligence gathering activities by unfriendly nations the new export restrictions were expected.  They will, however, place limitations on a large number of commercial, proprietary, and open source developers of software.  Included on the list of players are some rather large companies like Microsoft and Autodesk.  It will be necessary for these companies to place serious controls over the distribution of their products to prevent non-compliance.

The Need to Stay Aware

As technology develops into new market segments controls on the export of these items must be clarified.  EAR and International Trade in Arms Regulations (ITAR) are therefore a very dynamic.  For companies that are involved in export, keeping in step with these new regulations can be a challenge.  Maintaining an effective export control program for either commercial or military markets requires constant vigilance and education.  CVG Strategy can help with Export Classification, ITAR Training, and Anti-Boycott Regulations. 

Our consultants are premier providers of customized ITAR Consulting and ITAR & Export Compliance Programs and Training that addresses critical U.S. Government regulations, from Export Administration Regulations (EAR), to the International Traffic in Arms Regulations (ITAR) and Office of Foreign Asset Controls (OFAC) and other regulatory agencies and more.

 

Mozilla Firefox Vulnerabilities Show Need for Vigilance

Mozilla Firefox Vulnerabilities
Mozilla Firefox Vulnerabilities

High Profile Alerts Concerning Mozilla Firefox Vulnerabilities

On January 8, 2020 the United States Department of Homeland Defense’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert concerning Mozilla Firefox vulnerabilities.  These vulnerabilities could allow external control of Mac and Windows computer operating systems by cyberattackers.  Mobile devices are not affected by this problem. 

Mozilla has released versions of Firefox with fixes to these problems.  Versions that contain fixes are:

  • Firefox 72.0.1
  • Firefox ESR 68.4.1

Mozilla Firefox Not Alone

Mozilla Firefox, a favorite browser with privacy minded users since 2004 is not alone with issues however.  Juniper, Interpeak IPnet, and Cisco vulnerabilities were also mentioned this month.  These vulnerabilities illustrate a continuing trend in products and systems that are less secure than required to protect the information systems they serve.  The causes for these continuing problems lay at the heart of the software industry where product complexity and fast paced release cycles outstrip the abilities of product testing to ensure quality.

What Can Be Done?

The core issues concerning the causes of cyber vulnerabilities are probably not going away in the near future.  These vulnerabilities effect data security, the performance capabilities of infrastructure, and the reliability of health and safety centered systems.  These are very real concerns for businesses and addressing these concerns effectively is essential.  

Effective cybersecurity for businesses requires risk management approaches that include tools, policies, security safeguards, guidelines, and training.  Development of an Information Security Management System (ISMS) such as ISO/IEC 27001:2013 is an excellent method that establishes these tools and their implementation into the daily operation of a company.  Because it includes constant improvement as a part of a management review process, it can remain adaptive to the dynamic cyber-threat environment and provide an accredited solution to your company and its customers.

CVG Strategy Can Help

CVG Strategy can help your organization create and implement an effective ISMS.  Our experts are certified Exemplar Global Lead Auditors in ISO/IEC 27001:2013 and understand the varying requirements for businesses of all sizes. 

MIL STD 810 H Has Made Important Changes

mil std 810 h
mil std 810 h

MIL-STD-810 H Places Added Requirements on Product Developers and Test Labs.

MIL-STD-810 H was released in 2019.  This revision not only included major alterations and in many cases complete rewrites of test methods and procedures but also revised requirements that effect the manner in which all testing must be conducted.  These requirements effect both test laboratories and product developers conducting this important developmental test and evaluation.

Revisions Reflect Growing Concern for Test Performance

While many of the revisions have been made to address technological advances in dynamic test evaluation methods (vibration, and shock), others have been the result of increased emphasis on changes made in the past.  These changes include data collection of operational test monitoring, increased call out for use of upper and lower supply voltages, and limitations to scheduled test interruptions.

A great deal of emphasis has been placed on performing testing in operational modes (testing while the unit under test is powered up) in previous revisions.  These additional requirements serve to more closely replicate anticipated operational environments and capture any intermittent failures or unexpected behaviors of the tested item.

Another significant change in MIL-STD-810 H that effects many methods concerns definitions of temperature change.  Under the new revision the rate of temperature change shall not exceed 5°F (3°C) per minute to prevent thermal shock.  Meanwhile for simulation of thermal shock conditions, the temperature change rate should be greater than 18°F (10°C) per minute.   While these changes may seem minor, test program documentation such as Detailed Environmental Test Plans (DETPs) and Environmental Test Reports (ETRs) should be updated to reflect requirements.

Changes to Methods

Many of the 29 methods that are part of MIL-STD-810 H have been completely revised.  These include Method 510.7 Sand and Dust.  Other sections like Method 504.3 Contamination by Fluids have undergone major changes that resulted in the deletion of one of the procedures.  Method 514.8 Vibration has vastly changed contents of the annexes that define test characteristics.

Staying Current About MIL-STD-810 H

Keeping up to date with the changes in MIL-STD-810 H is important for lab personnel and product developers.  CVG Strategy can help with our Understanding MIL-STD-810 classes.  This two day course is available onsite or by way of webinar.  We also offer a variety of  to assist you in your product test and evaluation program.

 

Military Susceptibility Testing and MIL-STD-461

military susceptibility testing
military susceptibility testing

Military Susceptibility Testing

Military Susceptibility Testing is performed to determine if a product can maintain normal operation when exposed to electrical, magnetic, and radio frequency, emissions and disturbances likely to be found in its intended environment.  In military applications, the density of equipment on a given platform and the levels of potential emissions and disturbances present create stringent requirements on product developers. 

To properly evaluate Equipment Under Test (EUT) the product developer must identify modes of operation most vulnerable to  these disturbances.  Simulation and monitoring equipment must be created that can exercise EUT in these modes and provide monitoring capable of capturing any abnormalities.  This equipment and its use must be documented in a test plans.  These test plans must also include criteria of acceptable operation and provide safety information such as emergency shut down procedures.

MIL-STD-461 Susceptibility Testing

MIL-STD-461 is an EMI/EMC standard for developmental test and evaluation.  This standard is broken out into nineteen various methods.  These methods include Radiated Emissions, Conducted Emissions, Radiated Susceptibility, and Conducted Susceptibility.

MIL-STD-461 susceptibility testing includes radiated and conducted test methods.  These methods involve simulations of magnetic, radio frequency, Electrostatic Discharge (ESD), and Electromagnetic Pulse (EMP) sources of potential disturbance.  Susceptibility requirements are determined by type of equipment, type of platform the equipment is to be operational on, and location of the equipment on that platform. 

Susceptibility requirements for these methods generally exceed those found in commercial standards.  As an example, RS103, Radiated Susceptibility, Electric Field, specifies levels as high as 200 Volts/meter across a spectrum that may extend from 2 MHz to 40 GHz.

Test Plans and EMI/EMC Testing

Given the potential of equipment malfunction that could result in hazardous conditions and the very real possibility of damage to the equipment, properly executed testing is essential to verify a product meets requirements.  While MIL-STD-461 describes very concise instructions as to how a test procedure is to be conducted by test lab personnel this alone does not provide the information required about the equipment to be tested.  As previously mentioned a test plan must be created to provide this critical data to the test lab and witnesses.  MIL-STD-461 sets very clear requirements for these test plans and their required information.

This information allows a lab to ascertain the specific chambers, equipment, and time that must be allotted for the procedures.  It establishes test parameters and severities for the test.  It provides description of the EUT, cabling, simulation, and monitoring equipment.  It also provides description of modes of operation and susceptibility criteria as it applies to the acceptable operation of the equipment.

CVG Strategy EZ-Test Plan Templates

CVG Strategy offers EZ-Test Plan Templates for EMI/EMC testing for your military susceptibility testing.  These test plans compliant with MIL-STD-461 Electromagnetic Interference Test Procedures (EMITP) requirements per DI-EMCS-80201.  Test plans include Addendums for documentation of equipment specific information and test lab site and equipment descriptions.  They also include instruction for test report construction that provides documentation of due diligence, information for post test analysis, and ensures repeatability of testing.

Implementing ISO 9001:2015 Around Your Organization

implementing iso 9001 2005

Implementing ISO 9001:2015 as a Powerful Tool

ISO 9001: 2015 is a powerful tool for quality management but care must be taken in its implementation to ensure that your company’s vision remains. 

Any tool is only as beneficial if it is used properly.  To be certain, any Quality Management System (QMS) requires processes.  While these processes can yield increased quality they also have the potential to limit creativity and strategic overview if they are not tailored to the context of the organization.

implementing iso 9001 2005

 

What is Context of the Organization?

Implementing ISO 9001:2015 requires that the organization employing the standard define the environment in which the business operates.  This analysis should include both internal and external factors.  These factors may include:

  • Type of industry
  • Company Objectives
  • Company Culture
  • Degree of Innovation
  • Customer Characteristics and Expectations
  • Competitors in the Field
  • Nature of the Market Sector

To be optimally effective these insights need to be gathered from people inside and outside of the organization.  These include people at all levels within the company, customers, and suppliers.  Once gathered an analysis can be made as to the function of the QMS as it best harmonizes with these factors. 

As a company grows and evolves these factors can be revised and again used to reshape the manner in which the organization is implementing ISO9001:2005 to reflect these changes.  This allows the company to manage the process instead of the process managing the company.

ISO 9001:2015 Flexibilty

One of the great strengths of ISO 9001:2015 is the degree of flexibility in implementation.  This makes it a valuable and effective Quality Management System for large and small businesses alike for a wide variety of market sectors.  The essential task is to ascertain how to best implement this powerful QMS.

CVG Strategy

CVG Strategy has over a decade of experience in helping companies reach their goals.  Our ISO 9001:2015 consultants fine-tune the implementation of QMS programs to fit our clients needs so that they can engage in continual improvement while staying true to their goals, strategies, and identity.

 

Military Power Quality Testing Standards

Miltary Power Quality Testing
Miltary Power Quality Testing

Military Power Quality Testing Can Be Challenging

Test requirements for equipment designed for use on military platforms include a number of power quality standards.  These standards evaluate the equipment’s ability to operate normally when subjected to disturbances characteristically found on their platform of intended use.  They also place limits on the level of disturbance the equipment can contribute to the voltage distribution network.

Power distribution systems are subject to extreme variances and disturbances caused by devices that share the system.   They can also have disturbances caused by variances in power generation devices such as generators and alternators.   Inductive load dumps, surges, spikes, coupled interference, voltage fluctuations, and frequency variations can all cause significant disturbances in equipment’s normal operation  that could lead to hazardous conditions or render the equipment inoperable.  Because of this, military standards for evaluation of these phenomena can place stringent demands on Equipment Under Test (EUT).

MIL-STD-1275

MIL-STD-1275 “Characteristics of 28 Volt DC Power Input to Utilization Equipment in Military Vehicles” is a series of tests that simulate expected variances on vehicle power distribution systems.  Test also evaluate variances emitted by the equipment under test to ensure that the equipment does not contribute excessive disturbances to supply voltage inputs. Test methods employed in this evaluation include:

  1. Operational Voltage Range – For this test the EUT is power at 20 and 30 Volts DC for 30 minutes at each voltage.
  2. Voltage Ripple – The Voltage Ripple test is in fact a variance of MIL-STD-461 CS101 with the upper test frequency extended from 150 kHz to 250 kHz.
  3. Starting Operation including Initial Engagement Surges and Cranking Surges.
  4. Voltage Spikes both emitted and injected.
  5. Voltage Surges both emitted and injected.
  6. Reverse Polarity – For this test the EUT is powered at 33 Volts with reverse polarity for five minutes.

All of these tests can be challenging, but in particular the surge test can result in smoke emanating from power input circuitry,  a disappointing end of a trip to the lab to be certain.

MIL-STD-704

MIL-STD-704 “Aircraft Electrical Power Characteristics” evaluates equipment for power distribution systems present on U.S. military aircraft platforms.  Separate matrices of evaluation are performed based on the type of power input the equipment utilizes.  Power types include:

  1. Single Phase, 400 Hz, 115 VAC
  2. Three Phase, 400 Hz, 115 VAC
  3. Single Phase, Variable Frequency, 115 VAC
  4. Three Phase, Variable Frequency, 115 VAC
  5. Single Phase, 60 Hz, 115 VAC
  6. 28 Volts VAC

For any of the above power types, as many as 18 various tests are to be conducted.  These tests include Current Harmonic Measurements, Voltage and Frequency Modulations, Transients, Interrupts, Emergency Limits, and Phase Reversals.  Consideration for classes of equipment and their level of immunity are covered in this standard.  For example, a coffee pot can be rendered momentarily inoperable but a flight navigational system cannot.  In no case can equipment equipment under test suffer damage or cause an unsafe condition.  As with MIL-STD-1275 limits are placed on disturbances the equipment contribute to the power distribution system.

MIL-STD-1399-300

MIL-STD-1399-300 “Electric Power, Alternating Current” provides test methodologies for evaluating equipment for shipboard operation.  As with any of the aforementioned standards, limits and specifications are mandatory.  This standard is broken up into two parts.  Part one covers low supply voltages (115 or 440 VAC).  Part two covers medium voltage supplies from 4,160 VAC to 13,800 VAC.

Required testing includes variances in Voltage and Frequency, Voltage Spikes, Emergency Conditions, Grounding Tests, Equipment Profile Tests, Current Waveform Tests, Simulated Human Body Leakage Current, Equipment Insulation Tests, and Active Ground Tests.

CVG Strategy

CVG Strategy offers a wide array of services to assist you with EMI/EMC and electrical product evaluation to keep your product development on schedule.  We also can provide EZ-Test Plan Templates for MIL-STD-461, MIL-STD-1275, MIL-STD-704, and MIL-STD-1399-300.