Export Regulations Due Diligence and Best Practices

Export Regulations Due Diligence
Export Regulations Due Diligence

Export regulations due diligence is a somewhat vague term given the gravity of maintaining an export compliance program.  It is no easy task to determine product classifications, obtain licenses, and screen potential customers.

Bureau of Industry and Science and Export Administration Regulations

The Bureau of Industry and Security (BIS) manages Export Administration Regulations (EAR).  The EAR is a series of regulations that control the export of items that have the potential to fall under dual usage categories.  Dual usage refers to technology that can be used for both peaceful and military purposes.  Before exporting a product a business must determine whether an export license is needed from the Department of Commerce.  This is done by finding the classification of the product’s Export Control Classification Number (ECCN).  All ECCNs are listed in the Commerce Control List (CCL) 

BIS Best Practices for Export Regulations Due Diligence

BIS guidelines include the following best practices for maintaining due diligence for the EAR:

  1. Conduct a thorough assessment of your product’s potential application.  Even if an item would not require a license you should consider if there are any potential dual usage concerns.
  2. Always conduct a stringent vetting of new or unfamiliar customers and be on the lookout for any of the following “red flags”.
    • A new customer places an unexpected and/or high-value order for sophisticated equipment.
    • The customer is a reseller or distributor. In such cases, you should always inquire who the end user is.
    • The customer has no website or social media and is not listed in online business directories.
    • The customer’s address is similar to an entity listed on the CSL, or the address indicates the customer is located close to end users of concern, including co-located with an entity listed on the Entity List.
    • Your customer places an order ex works.   Ex works refers  to instances when a seller makes a product available at a designated location, and the buyer of the product must cover the transport costs and make all shipping arrangements through a freight forwarding service.  In such cases, request that the freight forwarder provide you a copy of the Electronic Export Information (EEI) filing to ensure the information is accurate.

CVG Strategy

CVG Strategy has the compliance and training programs to help you meet EAR due diligence requirements.  Often smaller businesses often don’t have the bandwidth to dedicate to adequate export compliance.  Because of this we offer outsourced Export Compliance Officer services.  We also offer signs and accessories to aid in Visitor Access Control on our ITAR Store.

CVG Strategy, LLC is recognized the world over as the premier provider of customized ITAR Consulting and ITAR & Export Compliance Programs.  We provide training that addresses critical U.S. Government regulations including EAR, ITAR and other regulatory agencies.

Contact Us with your EAR and ITAR questions to see how we can help.

Quality and Human Factors in Consumer Products

quality and human factors
quality and human factors

Manufacturers of consumer products should incorporate human factors into their Quality Management Systems (QMS).  Because human factors are directly connected to product safety, it is important that it be considered in all phases of product development and life cycle.  The Division of Human Factors, U.S. Consumer Product Safety and Health Canada’s Consumer and Hazardous Products Safety Directorate jointly released Guidance on the Application of Human Factors to Consumer Products in February 2020.  This was released to help consumer product manufacturers integrate human factors into their product development process.

What is Human Factors?

Human Factors is a discipline that studies of relationships between humans and elements of a system or product.  The discipline is comprised of engineering and test and evaluation practices.  User Experience and Usability are associated fields that evaluate human/product interfaces.  Design methods that consider human characteristics, capabilities and limitations create safe and effective products.  The benefits of including human factors into product design include:

  • Improved usability and acceptance.
  • Increased safety.
  • Reduced lifecycle cost and risk.
  • Reduced support and help desk costs.

Quality Management and Human Factors

Human Factors engagement is not limited to product design.  It also applies to testing, validation, and evaluation during the production and post-production phases of a product lifecycle.  Because these activities are identifiable and create viable metrics for assessing product effectiveness and safety, they can be implemented into a QMS’s policies and procedures.  Risk identification and mitigation for product safety should:

  • Identify potential cost, schedule, design, safety, and performance risks that result from design aspects of human-system integration;
  • Quantify these risks and their impacts on cost, schedule, and performance;
  • Define and evaluate sensitivity of potential risks as related to the human interface;
  • Identify alternative solutions to human factors problems and define the associated risks of each alternative;
  • Document the identified risks, their impact on the product, and the mitigation action(s) taken;
  • Take actions to avoid, minimize, control, or accept each human factors risk; and
  • Ensure that human performance risks are included in the overall product’s risk-management process.

CVG Strategy QMS Solutions

CVG Strategy Quality Experts have experience with ISO 9001:2015 , AS9100D, ISO 27001:2013, ISO 13485:2016 and Association of American Railroads (AAR) M-100.  We can help in designing a QMS that is tailored to your business needs with relevant procedures and work instructions.  Understanding quality systems is a fundamental aspect of our work as consultants.  We help our customers make their businesses run more efficiently and improve customer satisfaction. 

Tech Standard Development Open to U.S. Companies

Tech Standard Development Open
Tech Standard Development Open

The US Department of Commerce has announced that tech standard development is open to participation by U.S. companies.  This new rule is designed to allow U.S. technology companies to influence the future of cutting edge technologies.

The Role of Standards in Technology

Standards are created to establish minimal criteria for functionality, interoperability, and safety.  They also establish methods of test and evaluation to ensure those criteria are met by products.  Because these standards effect the manner in which products are specified, it is important that U.S national security and foreign policy interests are represented in their formation.

Important Considerations for Future Standards

Because technology is controlling more and more critical functions, it is important that it functions safely and reliably.  This is especially this case for technologies like autonomous vehicles, and medical devices.  The ability of devices to not interfere with each other and coexist operationally is of increasing concern.  Standards must be created and evolve to rapidly developing technologies and airways that are becoming busier with wireless communication.

The Importance of U.S. Involvement

Making tech standard development open to U.S. tech firms allows major technology developers to shape the industry based on expectations of future product capabilities.  U.S. product standards are often accepted as a baseline for the creation of international standards. 

Department of Commerce Secretary Wilbur Ross stated “The United States will not cede leadership in global innovation. This action recognizes the importance of harnessing American ingenuity to advance and protect our economic and national security.  The Department is committed to protecting U.S. national security and foreign policy interests by encouraging U.S. industry to fully engage and advocate for U.S. technologies to become international standards.”

Reasons for Concern

Huawei, a Chinese technology company, has been at legal loggerheads with the United States.  It has also been very active in the development of various international standards.  This action is meant to ensure Huawei’s placement on the Entity List in May 2019 does not prevent American companies from contributing to standards that will shape the future of important technology.

CVG Strategy

CVG Strategy offers consultant services for export compliance and ITAR.  We also offer a variety of services for product test and evaluation to commercial and defense standards.  We have expertise in environmental and EMI/EMC standards provide product test program management to assist your product development program during the Covid-19 pandemic.  Contact us today to see how we can help.

Mobile Banking Apps Warning from the FBI

Mobile Banking Apps Warning
Mobile Banking Apps Warning

Mobile Banking Apps Warning

The FBI issued a mobile banking apps warning on June 10, 2020.  Many people are now switching over to mobile bank apps to limit visits to the bank during the Covid-19 pandemic.  The agency is concerned that this increased usage presents opportunities for exploitation from cyber actors.  The chief concern is that customers new to mobile banking may download fake or trojan apps.

Fake and Trojan Apps

Fake apps have become one of the fastest growing forms of cyber crime.  Fraudulent apps impersonate real apps to gather login credentials.  These apps show an error message after login and use permission requests to obtain and bypass security codes texted to users.

Trojan apps use codes concealed in apps unrelated to financial activities.  They can often be founds in games or tools that have been downloaded.  The malicious code will remain dormant until triggered by a legitimate banking app.  The trojan will then create a false version of the legitimate login page to collect credentials.  It then returns the user back to the authentic app so as to hide the data theft.

Important Tips for Protecting Your Information

Purchase Your App From a Reputable Source

The FBI encourages people to purchase apps from smartphone app stores or download them directly from a major U.S. bank website.  Smartphone app stores actively screen apps for malicious content. Additionally, most major US banks will provide a link to their mobile app on their website.  

Two Factor Identification

Most users of websites and applications do not enable two-factor identification.  Most people who don’t use this tool consider it an inconvenience.  Actually, two factor identification is easy to use and is very effective against cyber crime.  The FBI strongly recommends using two factor identification whenever possible.

Password Protocols

The FBI encourages people to engage in practices recommended by the National Institute of Standards and Technology (NIST).  These include:

  • Use passwords that contain upper case letters, lower case letters, and symbols.
  • Use a minimum of eight characters per password.
  • Create unique passwords for banking apps.
  • Use a password manager or password management service.
  • Use common passwords or phrases, such as “Password1!” or “123456.”
  • Reuse the same passwords for multiple accounts.
  • Store passwords in written form or in an insecure phone app like a notepad.
  • Give your password to anyone. Financial institutions will not ask you for this information over the phone or text message.

For more information concerning mobile device cybersecurity see the Cybersecurity & Infrastructure Security Agency’s (CISA) recommendations.

Challenging Times for Cybersecurity

An array of threats have entered our lives as new technologies emerge.  Cybersecurity is a challenge for individuals, businesses, and governmental agencies.  The banking industry is no different in addressing these vulnerabilities.  Recent breaches of Capitol One illustrate the massive dangers these vulnerabilities pose.  CVG Strategy is committed to helping businesses create and maintain viable Information Security Management Systems (ISMS).  Contact Us today to see how we can help you protect your vital data.


Effective Quality Management Documentation

Effective Quality Management Documentation
Policies and Procedure. Two binders on desk in the office. Business background.

Creating Effective Quality Management Documentation

Effective Quality Management Documentation is the backbone of a ISO 9001:2015 quality program.  The documentation created therefore should be clear, concise, and targeted for its intended audience.   Documents serve to explain and instruct all stakeholders on policies, procedures, and work instructions.  They also provide the basis for evaluation for continuous improvement and organizational development.

Documentation Requirements

Documentation requirements will vary in complexity and from organization to organization.  Factors that will determine this complexity include:

  • The size of the organization
  • Activities of the organization
  • Types of processes and products
  • Complexity of those processes
  • Level of competence of intended audience

Document requirements serve several purposes in the quality program.  High level documents are required for defining the scope, processes, policies, and objectives of the program.  Lower level documentation is required to define organizational responsibilities, procedures, work instructions, quality plans and other information.  Additional documentation is required for providing the results of quality processes.  These documents are required for demonstrating conformity.

Knowledge as a Basis for Documentation

Because we are all products of an educational system that rewards the perception of competency, it is easy to create obtuse documents.  Real knowledge of a given subject provides a basis for simple and clear documentation.  This will effectively convey expectations of performance and establish goal posts for review. 

Required knowledge includes an understanding of the upper level objectives of the quality program, the Context of the Organization, who the stake holders are, and what audience the document is intended for.

CVG Strategy Quality Experts Can Help

CVG Strategy provides Quality Management System (QMS) consulting services for ISO 9001:2015, AS9100, ISO 27001, and other standards.  We can help your organization establish and modify a QMS that can improve your business performance and save money.  We can provide training and auditing services.  CVG can also provide a complete documentation set, customized for your program requirements.

Contact Us today to see what our certified quality management experts can do for you.