Continuous Improvement and Organizational Development

Continuous Improvement and Organizational Development
Continuous Improvement and Organizational Development

What is Continuous Improvement?

Continuous Improvement and Organizational Development are valuable tools in a Quality Management System (QMS).  For improvement to occur it is essential that each important process in an organization be identified and analyzed.  Once identified and documented, these processes can be regularly reviewed to access effectiveness by applying improvement based on metrics.  It is important to realize that everything that happens in a business is a process and should be evaluated for inclusion into a QMS.  This is because there are no activities that can not be made more effective.  The benefits of this effectiveness can include increased product quality, enhanced customer satisfaction, reduction of costs, and employee satisfaction.

Types of Continuous Improvement

Basically there are two types of continuous improvement, incremental and breakthrough.  It all boils down to the size of the steps. Big steps can be more costly and involve a greater risk.  Therefore they are often reserved for cases where radical change is required.  Incremental improvement is taken in small steps an can be easily assessed for effectiveness.  Thereby allowing for more immediate adjustment of changes.

Establishing Paths for Feedback

Organizational feedback is very similar to feedback in mechanical systems.  The famous Scottish inventor James Watt pioneered early feedback mechanisms in the 1700’s.  One of his most important inventions was the centrifugal governor.  This mechanism automatically regulated the speed of a steam engine by supplying continuous feedback to a controller.  This mechanism paved the way for industrial automation and increased safety by removing the need for human intervention in a continuous process.

In a business setting, every stakeholder in a process is a source of feedback.  For effective use of the feedback all pertinent information must be assessed.  It must then be filtered in such a way as to remove statistical noise and then intelligently applied to inputs.  When applied, outputs can (results) be monitored as feedback to supply a control system into the process to provide continuous improvement.

Statue of James Watt, engineer and inventor, 1736 – 1819

Using Metrics as Feedback

Businesses today exist in a metrics rich environment.  A wealth of data is available for sales, costs, defective product, customer satisfaction, and employee process suggestions.  Looking into all data available in a process on a regular basis can provide more granular and intelligent findings.  These findings can be used to identify trends and point out potential issues before they become critical.  This is important because variances in business performance can occur for any number of reasons.  Understanding how all processes are effected by change can provide dynamic responses for continuous improvement and provide a smoother overall performance.

CVG Strategy

CVG Strategy quality experts understand continuous improvement and organizational development and how to set up management systems that can provide vital feedback as a business changes through all phases of development.   Contact Us with your questions to see how we can help.

Apple Email App Vulnerabilities in iPhone and iPad

apple email app vulnerabilities
apple email app vulnerabilities

Apple Email App Vulnerabilities Found in Over Half a Billion Devices

Apple Email App Vulnerabilities in iPhone and iPad were reported by ZecOps, a mobile security forensics company on April 20, 2020.  These vulnerabilities have existed since the release of iPhone 5 in September of 2012.  The vulnerabilities allows attackers to remotely infect a device by sending emails.    Attacks inserted into emails can allow remote code execution by consuming device memory resources.

ZecOps also reported that attackers may have used these vulnerabilities against a Fortune 500 organization, “an executive from a carrier in Japan” and “a journalist in Europe”.  It concluded that these attacks were conducted by “an advanced threat operator”.

Apple Debates Exploitation of Flaws

Although Apple has acknowledged the vulnerabilities, it has countered claims that that these flaws were exploited.  An Apple representative was quoted by Reuters as stating  that “these issues do not pose and immediate risk to our users”.  A patch is planned to be released to remedy the issues.  A beta update has already been released.

Possible Interim Security Measures

It can be surmised that if attacks are occurring that they will increase in frequency until patches are released.  Therefore, it may be advisable to access emails on effected devices until the required updates are available.  This news is unfortunately developing at a time when larger numbers of people are working remotely and are accessing business emails in a potentially unsafe manner.   

Apple mobile devices have generally had a good reputation for security and are used by many businesses.  There have however, been previous flaws that have exposed user data.  Because no platform is free from such flaws business IT departments should carefully select email apps and protocols to protect vital data.

CVG Strategy

Studies have shown that a majority of businesses have not achieved a sufficient cybersecurity maturity level.  This is especially distressing considering that the level of cyber attacks are growing and that businesses are primary targets.  CVG Strategy is committed to helping businesses secure their vital data.  We can assist businesses in establishing effective Information Security Management Systems (ISMS) through the implementation of ISO 27001.  Contact us with your questions.

North Korean Cyber Threat Guidance

North Korean Cyber Threat
North Korean Cyber Threat

U.S. Government Provides Guidance on North Korean Cyber Threat

Guidance was provided on the North Korean cyber threat by the U.S. Departments of State, the Treasury, Homeland Security, and the Federal Bureau of Investigation on April 15, 2020.  North Korea, formally known as the Democratic People’s Republic of Korea (DPRK) continues to pose a significant threat to the international financial system through an increase in malicious cyber activities.  Many of these cybercrimes are being utilized to generate funding for DPRK development of weapons of mass destruction and ballistic missile programs.  Of special concern is DPRK’s increased ability to to conduct destructive activities on critical infrastructure.

Financial Theft and Money Laundering

In its 2019 mid-term report the UN Security Council 1718 Committee Panel of Experts (POE) found that the DPRK was using increasingly sophisticated cyber techniques to attempt in the theft and laundering of as much as $2 billion dollars in that year.  These findings are consistent with U.S. Department of Justice allegations released in March of 2020.  These activities were targeted at digital currency exchanges.

Other DPRK Cyber Crimes

The DPRK has conducted a number of extortion campaigns.  In some instances, DPRK cyber actors have demanded payment from victims under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.  These cyber actors have also been hired guns in the hacking of websites for extortion purposes.

Cryptojacking has been an activity engaged in by the DPRK.  This is accomplished by compromising a computer and steal its computing resources to mine digital currency.  The POE reported several instances in which infected computers mined assets and transferred digital currency to servers at the Kim Il Sung University in Pyongyang.

The DPRK Rap Sheet

The DPRK has had a long dark history of cyber crime.  The list below includes some of the more notable operations:

  • Sony Pictures cyber attack in November 2014 in retaliation for the film “The Interview”.
  • Bangladesh Bank Heist in February of 2016 where the DPRK allegedly stole $81 million.
  • WannaCry 2.0 ransomware that infected computers in hospitals, businesses, schools, and homes in over 150 countries in 2017
  • FASTCash Campaign which has targeted ATMs in Asia and Africa since 2016.
  • Digitial Currency Exchange Hack in April of 2018 where the DPRK stole nearly $250 million through digital currency transactions.

Countering the Threat

In its report the U.S. Government agencies have listed numerous measures to counter the DPRK threat include raising the awareness of the gravity and scope of the problem.  The single most important thing that must be accomplished however, is the adoption and promotion of cybersecurity best practices.  As mentioned in a previous post businesses around the world including the United States have not attained appropriate levels of cyber strategy and execution.  In a survey of businesses undertaken by the insurance provider Hiscox in 2019, 74% fell into the Novice classification for cybersecurity.

CVG Strategy

CVG Strategy knows the importance of effective cybersecurity and is committed to helping businesses create effective Information Security Management Systems (ISMS) to protect their sensitive information and vital assets.  Contact us to see how we can help you.

 

Accelerometers and Laboratory Testing

Accelerometers and Laboratory Testing
Accelerometers and Laboratory Testing

What Test Witnesses Need to Know About Accelerometers and Laboratory Testing

Shock and Vibration analysis utilizing accelerometers and laboratory testing is a requirement for many commercial and defense standards.  Because accelerometers provide the feedback to the excitation system, proper selection and placement is essential.  To achieve optimal testing validity the test witness and test manager should have some knowledge about accelerometers and how they are used so as to provide valuable information to the laboratory personnel setting up the test.

Pre-test Preparation for Dynamic Testing

Having a fixture that is designed for your test item is optimal.  Having the same fixture to mount your test item on ensures that a test is repeatable.  This fixture should be characterized prior to testing so that no resonances or nulls to the shock or vibration profile are being introduced to the Unit Under Test (UUT).  Fasteners used should be characteristic of those to be used in the product’s intended installation and should be tightened to the specified torque.  Furthermore the UUT should be mounted on the fixture identically for all tests.

Know the Parameters of the Tests

Because of the wide range of possibilities, it is important that the test witness be aware of the characteristics of the profiles to be used in a dynamic tests.  These characteristics include the frequency range and the amplitudes.  It is a good idea to review this information from the test plan with the laboratory test engineer to ensure proper accelerometer selection.  Selection of an appropriate accelerometer is essential because of the wide variety of usable frequency range and amplitude scale.

Mounting of the Accelerometers

The method of mounting an accelerometer can greatly effect its frequency response.  Methods for mounting include stud mounting, adhesive, and adhesive mounting pad. 

When practical stud mounting provides the maximal frequency response.  Often a coupling fluid such as grease or beeswax is used to enhance frequency response to compensate for surface flatness or roughness.  If these are used the specific medium used should be documented so that the test parameters can be replicated. 

There are small differences between adhesives in their frequency responses.  Often Loctite 454 is used.  Generally these work well.  For testing where large forces are at play however, such as hammer shock tests used in shipboard shock and ballistic shock, adhesives are not advised.  These adhesives can fail during the test resulting in necessary retest and possible over test of the UUT.

Once the location of the accelerometer(s) have been established and validated the locations and means of mounting should be documented.  Documentation, preferably by photo, should also show the means of securing the accelerometer wiring because base strains caused by wiring can effect the response of the sensor.

Other Considerations

The vast majority of test laboratory engineers are well informed about the dynamic testing they perform on a regular basis.  They however, need to know about any specific information particular to the UUT.  If dynamic testing is to be conducted with the UUT in an operational state, areas that reach high temperatures should be noted.  If these areas are used for mounting the test engineer may have to utilize thermal compensation.  Additionally if the UUT generates extreme magnetic fields shielding might be required.

CVG Stategy Test and Evaluation Experts

CVG Strategy has performed test and evaluation for a wide range of commercial and military applications.  We have extensive experience in dynamic, climatic, and EMI/EMC.  We can provide test program management, test witnessing, test program documentation, and product evaluation.  Contact us to see how we can help you get the most from your test and evaluation program.

Effective Quality Management Systems Implementation

Effective Quality Management Systems
Effective Quality Management Systems

Creating Effective Quality Management Systems.

Effective Quality Management Systems (QMS) are the products of proper implementation.  For ISO 9001:2015, that implementation is dependent on a detailed assessment of what processes are required for by the context of the organization.  That assessment can also provide guidance for requirements of  the management team that needs to be assembled.

Is There a Requirement for a Quality Manager Representative?

ISO 9001:2015 does not have a requirement for a Quality Manager Representative but consideration should be given to creating this position in you organization.  When examining the requirements for leadership as described in ISO 9001:2015 it may well serve an organization to centralize the responsibilities of program coordination.  This may be particularly important when a large number of specialized processes are required, each with its own owner.  The important question to be answered is are all of the requirements of section 5.3 being adequately performed and coordinated?

Section 5.3

  • Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.
  • Top management shall assign the responsibility and authority for:
    a) ensuring that the quality management system conforms to the requirements of this International Standard;
    b) ensuring that the processes are delivering their intended outputs;
    c) reporting on the performance of the quality management system and on opportunities for improvement (see 10.1), in particular to top management;
    d) ensuring the promotion of customer focus throughout the organization;
    e) ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

Context of the Organization

If an organization has sufficient complexity, a great deal can be accomplished by having a dedicated Quality Manager Representative that can oversee a these tasks.  Because of the broad nature of these task the ideal representative may not be a member of the quality department.  In fact having an independent advocate for customer input can be very important.  Additionally input from product development teams is equally important.

Getting Perspective in Creating a Quality Management System

It can often be difficult for managers to assess the structure of a QMS.  This is because they can be caught up in the immediate requirements of the workplace.  It is therefore important to engage a third party with expertise to help with this essential analysis.  CVG Strategy experts in ISO 9001 can help you on the path to defining required processes and recommending management structures that are appropriate for your business.  Our team has been helping businesses develop Effective Quality Management Systems in a wide array of industries.  Contact Us today to see how we can help.

Understanding Export Administration Regulations (EAR)

Understanding Export Administration Regulations
Understanding Export Administration Regulations

The Importance of Understanding Export Administration Regulations (EAR)

Understanding Export Administration Regulations is especially important for businesses today because of the prevalence and ease of conducting international trade in today’s world.  Many businesses learn too late the consequences of remaining ignorant of federal export laws.  Unfortunately, ignorance is not a defense.

Title 15 of the Code of Federal Regulations

The Export Administration Regulations (EAR) are comprised of a set of regulations in Title I5 of the Code of Federal Regulations.  These regulations are enforced by the Bureau of Industryand Security.  While the EAR is not the sole set of regulations, it is the set that covers the broadest range of items for export and reexport.

Other regulations include:

  • International Trade in Arms Regulations (ITAR) which controls defense articles and services listed on the U.S. Munitions List (22 CFR part 121).
  • Treasury Department, Office of Foreign Assets Control (OFAC) which controls embargoes on specific nations.
  • U.S. Nuclear Regulatory Commission (NRC) which controls the export and reexport of nuclear materials and technologies.

What is an Export Under EAR?

An export can be a tangible or intangible item.  Intangible items include software, technology, or information.  This means that in certain cases a telephone call, email, or conversation could be deemed an export and could violate federal regulations.  This means that for effective export compliance, a large sector of a business must be involved, not just those directly involved with sales.

EAR Export Classification

The first action any business must perform when seeking to export a product is to perform an Export Control Classification.  Items which are not controlled under ITAR or other regulations will fall under the EAR.  EAR classifications are designated by a five-character alpha numeric code.  Most items will fall under the classification of EAR99 which means they are not specifically controlled for export.  Other classifications are for items that may be controlled because of its specific performance characteristics, qualities, or designed-end use.  Export of these items are very specifically defined and may be restricted or require licensing dependent on country of intended export.

Due Diligence

Even if an item is deemed EAR99 you must ensure the item is not going to an embargoed or sanctioned country, a prohibited end-user, or used in a prohibited end-use.  These criteria must be documented for every transaction.  Furthermore, Schedule B Code export numbers are required to be reported to the Foreign Trade Division for the collection of U.S. export statistics.

CVG Strategy Can Help

Export Compliance is important.  Failure to comply with regulations can result in criminal prosecution including imprisonment and fines.  It can also result in civil penalties and disbarment from export activities.  Your business cannot afford to have its reputation ruined by a failure to comply.

CVG Strategy can help you in understanding Export Administration Regulations and establishing a coherent and effective export compliance system.   We can perform export control classifications, perform audits, and educate your team.  Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help.  Contact Us with you export regulation questions.

Coronavirus and Cybersecurity Issues

coronavirus and cybersecurity issues
coronavirus and cybersecurity issues

Cybersecurity Vulnerabilities Exploited During Coronavirus Crisis

Businesses are being strained during the Coronavirus epidemic and Cybersecurity Issues are on the rise.  Cyber criminals and hostile nation states are wasting little time in exploiting the vulnerabilities this crisis has created. 

Remote Work Protocols

Working remotely has been growing at an exponential rate.  While cybersecurity can be maintained in a remote work scenario, adequate protocols must be in place.  Because many businesses have suddenly been thrust into this arena those protocols may not have been adequately established.   This has increased the chances of remote employees using unsecured Wi-Fi or personal devices when accessing sensitive data.

Educating and Training Employees

Proper training at regular intervals is essential for any Information Security Management System (ISMS).  Establishing coherent and effective protocols and policies does little good if the members of an organization are unaware of them or don’t know how to implement them.  Because any weak link can defeat the best cybersecurity program, proper practices should be everybody’s number one priority. 

FBI Warnings on Coronavirus and Cybersecurity Issues

During this Coronavirus (COVID-19) crisis the Federal Bureau of Investigation has advised businesses to carefully consider the safety of their data when selecting tools that provide communication over the internet.  It is important to consider the possibility of eavesdropping on virtual meetings, theft of data, or other malicious activities.  The FBI has seen an increase in activity of this sort including a practice called Zoom-bombing where video conferencing tools have been disrupted by pornography and threatening language.

Business Email Schemes

Additionally, Coronavirus and Cybersecurity Issues are giving rise to a large variety of email schemes.  These include emails that appear to be from persons inside an organization or persons outside of the organization that a company conducts business with.  The FBI advises that businesses be particularly on the look out for the following:

  • The use of urgency and last-minute changes in wire instructions or recipient account information;
  • Last-minute changes in established communication platforms or email account addresses;
  • Communications only in email and refusal to communicate via telephone;
  • Requests for advanced payment of services when not previously required; and
  • Requests from employees to change direct deposit information.

FBI Recommended Cybersecurity Practices

Do:

  • Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
  • Restrict access to remote meetings, conference calls, or virtual classrooms, including the use of passwords if possible.
  • Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
  • Beware of advertisements or emails purporting to be from telework software vendors.
  • Always verify the web address of legitimate websites or manually type it into the browser.

Don’t:

  • Share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
  • Open attachments or click links within emails from senders you do not recognize.
  • Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.1

CVG Strategy

CVG Strategy is committed to helping businesses with their cybersecurity concerns during this COVID-19 crisis.  We can assist businesses create and support Information Security Management Systems.  We provide businesses with services for ISO 27001, NIST 8000-171, and CMMC certification.  Contact Us to see how we can help you.