cvg strategy logo
ITAR Question?
Login

call: 321-253-9791

Rss Twitter Youtube Linkedin Pinterest
CART
cvg strategy logo
Login
ITAR Question?
View Cart
cvg strategy logo
View Cart
Login
ITAR Question?

Month: October 2021

Using the Tailoring Process in MIL-STD-810

by
Using the tailoring process in MIL-STD-810
Using the tailoring process in MIL-STD-810

The Evolution of the Tailoring Process in MIL-STD-810

MIL-STD-810 Environmental Engineering Considerations and Laboratory Tests is a standard for environmental developmental test and evaluation.  Its purpose is to provide guidance for the development of analysis and test criteria to evaluate materiel, identify deficiencies and defects, and demonstrate compliance.  The tailoring process develops valid test criteria for evaluation of materiel in MIL-STD-810.

In its early revisions, it was a set of test procedures and parameters. It provided defined procedures for testing the effects of environmental stresses.  Revision A had one sentence about tailoring. “When it is known that the equipment will encounter conditions more severe or less severe than the environmental levels stated herein, the test may be modified by the detail specification.”

What is Tailoring

The concept of tailoring has evolved in MIL-STD-810.  The tailoring process provides input for evaluation based on the life cycle environmental conditions of the specific materiel.  Because of the environmental stresses it will encounter, the life cycle of materiel intended for use on the inside of a ground vehicle will be very different life cycle than those on the outside of an aircraft. 

It is therefore, the responsibility of the designer of the equipment to assess which environmental effects require testing and what the specific parameters of those tests should be.

MIL-STD-810 provides specific guidance for this assessment by creating a tailoring process.  Tailoring is a management process that uses engineering common sense.  Moreover, it involves systematically considering all environmental factors on a system throughout its service life to ensure a proper degree of design and test.

Six tasks are contained in the MIL-STD-810 tailoring process:

  • Define specific managerial roles
  • Profile the life cycle of the product from transport from manufacture facility to end of life
  • Document operational environmental information
  • Document specific environmental criteria
  • Develop Test Plans
  • Create Test Reports

MIL-STD-810 also provides guidance for the tailoring process in Part 3 World Climatic Regions.  This section provides valuable data to assist in the selection of appropriate test methods and the tailoring of parameters for those methods.  These parameters include temperature, humidity, solar irradiance, vibration profiles as well as severities and durations.

Using the Tailoring Process

It is important to profile the life cycle of the product early in product development.  The Life Cycle Environmental Profile (LCEP) maps environmental stresses encountered in all phases of the product.  This includes logistical transport, storage, tactical transport, and operational.   This allows identification of the most critical environmental factors for product specification and evaluation. 

These environmental factors serve as input in the tailoring process to select appropriate laboratory test methods, parameters, and procedures of test in MIL-STD-810.  Other inputs include specifications from procurement agencies and available measured data.

MIL-STD-810 Training

We offer MIL-STD-810 Training designed for Program Managers, Project Leads, Test Engineers, Design Engineers, and Qualification Test Procedure/Plan Writers.  It is also applicable for Test Laboratory Personnel responsible for generating quotes for customers. It covers all of the Dynamic and Climatic tests described in MIL-STD-810.

This class places emphasis on the processes necessary to develop a comprehensive test program.  This includes development of a Life Cycle Environmental Profile (LCEP).  An LCEP is an analysis of the environmental stresses likely to be encountered during the entire life of a product, from manufacturing to end of life. These stresses include those found in logistical, tactical, and operational phases.

The LCEP serves as an input for a Environmental Issues/Criteria List (EICL) which is a collection of justified environmental parameters for design and product test.

CVG Strategy Test and Evaluation Experts

CVG Strategy has expertise and experience in using the tailoring process in MIL-STD-810 to assist in the creation of effective product evaluation programs.  Furthermore, our test and evaluation team can manage evaluation programs, write test plans,  witness testing, and create test report summaries.  We have decades of experience in environmental and EMI/EMC testing in both commercial and military applications.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Voluntary Self Disclosure and Export Regulations

by
Voluntary Self Disclosure
Voluntary Self Disclosure

What is a Voluntary Self-Disclosure

A Voluntary Self-Disclosure (VSD) is conducted when an organization recognizes that violations or suspected violations of Export Regulations of the United States have occurred.  This disclosure can reflect the organization’s due diligence in detecting, and correcting these violation.  When conducting a voluntary self disclosure to the federal government the following supporting documentation should be presented:

  1. A description of the type of violation involved
  2. A compilation of all data that was not reported or incorrectly reported
  3. A list of dates of when the violations occurred
  4. A description of how the violations occurred
  5. Identities and addresses of all involved individual and entities
  6. Descriptions of any mitigating factors
  7. A compilation of corrective actions taken.
  8. A list of Internal Transaction Numbers (ITNs) of effected shipments
  9. Any additional information relevant to the issues

Do you need to file a Voluntary Self Disclosure?

Violations of US Export Law for the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR) can often occur without malfeasance.  It is therefore crucial that when companies recognize a violation of US Export Law at their company that they take action to report these events. 

Such a filing can help mitigate potential damage to your company and in most cases results in the avoidance of fines, penalties, and negative exposure.  Because failure to report  violations may result in circumstances detrimental to U.S. national security and foreign policy interests, the enforcing agency will consider it an adverse factor when determining enforcement actions. 

Export Administration Regulations

The EAR is administered by the Bureau of Industry and Security (BIS). The BIS considers VSDs as an indicator of an organization’s intent to comply with U.S. export law.  The BIS carefully reviews VSDs to determine if violations have occurred.  They then determine the appropriate corrective action when violations of the export regulations have taken place.

International Traffic in Arms Regulations

The ITAR is regulated by the Directorate of Defense Trade Controls or DDTC.  The DDTC strongly encourages submitting a voluntary self disclosure of any potential violations of the Arms Export Control Act.  Voluntary Disclosures may be viewed as a mitigating factor when determining administrative penalties, if any, that should be imposed.

Corrective Actions

It is important to realize however, that the Voluntary Self Disclosure is the first step in addressing the potential violation.   Follow up measures must be taken to address the occurrence and organizational steps taken to prevent any subsequent similar violations.  This can involve any number of administrative actions but must include training to ensure future compliance. 

Failure to implement these steps can lead to penalties from the enforcement agency involved.  These penalties can occur years after the initial incident if there is a recurrence of the violation and it is found that sufficient action was not taken.

Export Compliance Programs

To be certain, compliance to export law as relates to EAR, ITAR can be a challenge for any organization.  Development of a program tailored to the needs of your company is important in protecting its reputation and ability to conduct business.  This program must include relevant and regular training to maintain organizational rigor and scheduled assessments to ensure that the compliance program is in sync with the dynamics of an organization’s evolution.

Conducting a Voluntary Self Disclosure

A voluntary self disclosure can be painless, as long as it is honest and the company filing it takes action to prevent its reoccurrence.  This action would likely include a formal written ITAR compliance program, training, processes to control restricted items and data from foreign persons and licensing when required by US export law.  It is recommended that when a company files a VSD, that you ensure that all the documentation is prepared properly and in compliance with the requirements of the EAR or ITAR.

CVG Strategy Export Compliance Expertise

While many export compliance providers offer programs geared toward compliance with a single set of regulations, CVG Strategy offers a harmonized program that will ensure that your company is compliant to all of these regulations.  Furthermore we consolidate this program in a collection of documents that can be integrated into a quality management system

The CVG Strategy team has over 20 years of experience in U.S. export controls.  We can help you develop an ITAR Compliance Program appropriate to your organizations requirements and provide training to prevent occurrences that could lead to violations and the need to file VSDs. 

We also have the experience to assist in guidance when unforeseen incidents do occur to develop strategies to prevent future violations.  CVG Strategy has assisted many organizations file Voluntary Self Disclosures in the past decade and is well equipped to help you, if your company needs to file.

Spyware a Growing Concern for Businesses

by
spyware a growing concern for businesses
spyware a growing concern for businesses

According to a number of leaders in cybersecurity, spyware is becoming an issue of growing concern for businesses.  Malwarebytes, in its 2021 report, Malwarebytes 2021 State of Malware Report, observed that business spyware detections increased 51% in 2020.  These spyware infections can be found on both computers and mobile devices.

What is Spyware?

Spyware is a type of malware that infiltrates a device to collect sensitive information.  Information is collected by monitoring internet activity and using keylogger type technology to relay information to outside parties.  This information can be used to track users or to commit cybercrimes.

Often this information is sold to third party data firms without a user’s consent.  This data can include various types of personal information including:

  • Login credentials
  • Credit Card Details
  • Account PINs
  • Clipboard data
  • Email data
  • Bank Account Information
  • Text messages
  • User location
  • Activation of device microphones and cameras
  • Documents and photos

Types of Spyware

There are a variety of types of spyware programs currently being used.  Often these pose as legitimate software offerings.  These programs use technologies that can range from relatively simple methods that rely on unmitigated software security flaws or highly sophisticated hacks that can compromise advanced security systems.  Because these methods employ endpoint attacks they are immune to end-to-end encryption security measures.

Cookie Trackers

Cookie trackers monitor internet browser history.  Although this data has been a free target, a growing number of nation states and organizations have made moves to control its collection and use.  This includes the European Unions General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR), and the California Consumer Privacy Act (CCPA).  These actions have resulted in the terms and conditions additions on websites.

Adware

Adware tracks not only browsing habits but monitors downloads and basic computer user activity.  This type of malicious software not only share this information with outside parties but can slow down systems by using processor resources.

System Monitors

System monitors pose an even more malicious threat in that they can often capture vital information such as login credentials, messaging, and basically any information created or received on the device.  This can lead to loss of proprietary information and identity theft.

Stalkerware

Stalkerware is software designed to surreptitiously run in the background of smartphones.  Its purpose is to keep tabs on activities and report it to an outside party. Data captured can include location, phone calls and text messages, passwords, contacts, emails, and photos.

Security Practices for Preventing Spyware

The Cybersecurity and Ifrastructure Security Agency (CISA) provides the following advice for preventing unintended spyware installation:

  1. Avoid interaction with links within pop-up windows. CISA recommends clicking on the “X” icon in the title bar instead of using the “close” button inside the window.
  2. Select “no” or “cancel” when queried by unexpected dialog boxes that suggest running a program.
  3. Be especially wary of free downloadable software. These programs may not perform as advertised and create security issues. In fact any software should be carefully scrutinized before installation.
  4. Utilize browser security setting preferences to limit pop-up windows and cookies.
  5. Incorporate valid malware protection programs that include anti spyware detection.

Information Management Security Systems

Spyware is a growing concern for businesses and organizations of any size.  To effectively mitigate cybersecurity risks and their effects, it is important to institute effective Information Management Security Systems (ISMS).

An Information Security Management System is a collection of policies, procedures, and controls that systematically address information security in an organization.  It is a framework based on risk assessment and risk management.  The most widely recognized and instituted ISMS in the business environment is ISO 27001.  It shares many of the features of a quality management system such as ISO 9001. 

CVG Strategy Information Security Management System Consultants

We can help you meet your information security management system goals.  CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors.  We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more.

 

Test and Evaluation for Robustness

by
test and evaluation for robustness
test and evaluation for robustness

Test and Evaluation for Robustness

Test and Evaluation for robustness of a product is an involved process.  For electrical and electronic equipment an evolution of design engineering evaluation has been required to meet acceptable failure rates for fielded product.  Instituting these test methodologies requires looking beyond a test to pass approach.

Robustness in Military Applications

In the military this requirement was apparent following World War II where new materiel had often failed to meet performance criteria when introduced to its operational environment.  This led to the creation of AAF Specification 41065 in 1945.  This specification was comprised of ten methods for developmental product evaluation with preset parameters.  This standard later became MIL-STD-810 Environmental Engineering Considerations and Laboratory Tests

As this standard evolved, it became more and more apparent to those writing it the limitations of a cookie cutter approach.  Environmental issues are far too complicated and nuanced to be easily defined in a manner that is appropriate for all applications.   Because of this, every revision of the standard has increasingly stressed the need for tailoring tests to meet the anticipated environmental stresses in the lifetime of the product.  

Because industry largely ignored the requirements for tailoring, a tailoring process was created in revision G in 2008.  Despite this though, developmental test and evaluation of products has often not been adequately performed.  This has led to costly redesigns in operational testing phases and caused delays in final systems.

Part one of MIL-STD-810 now details the creation of a design and evaluation management system.  This system identifies environmental stressors expected to be encountered in the life cycle of the product including logistical transport, tactical transport, storage, and operational.   Proper implementation of these processes allows for release of product that is capable of meeting its mission requirements.

Robustness in Automotive Applications

As electronics were first introduced in automobiles failure rates were excessive.  These failures were caused by climatic, mechanical, chemical, electrical, and electromagnetic stresses in vehicle applications.  As the industry moved towards longer warrantied products, emphasis shifted from the detection of failures at the end of the development process to prevention of failures throughout the full life cycle. 

This prevention requires designing for ruggedness at concept development with a Zero-Defect Strategy.  Here again developmental test and evaluation is seen as essential for success.  A test to pass approach that does not return useful data is not desirable.  A detailed analysis of this approach can be found in SAE J1211: 2012 Handbook for Robustness Validation of Automotive Electrical/Electronic Modules.

SAE J1211:2021

Like MIL-STD-810, SAE J1211defines a Robustness Validation process that involves both the user and the supplier to define and establish requirements and acceptance criteria based on the end vehicle’s specific application. These requirements and criteria are based on a defined Mission Profile with the goal designing out susceptibility to failure mechanisms.

This Robustness Validation process relies first on knowledge-based modeling simulation and analysis methods in the design phase.  These designs are then to be verified and validated testing protocols including test-to-failure and failure/defect susceptibility testing to confirm or identify Robustness Margins

The standard categorizes these failure mechanisms as follows:

  • Thermal
  • Mechanical
  • Radiation
  • Dust
  • Humidity
  • Water
  • Chemical
  • Electromagetic Compatibility (EMC)

As with MIL-STD-810 the automotive industry’s approach examines the synergetic effect of environmental stressors.  This approach requires a comprehensive analysis when a test and evaluation program is initiated. 

Understanding Environmental Stresses

For any application of ruggedness design, an understanding of the environmental stresses involved is essential.  This therefore requires an assessment and identification of all probable environmental factors, their frequency of occurrence, and intensities.  In MIL-STD-810 parlance this is accomplished through the development of a Life Cycle Environmental Profile (LCEP). 

For automotive applications this is done through a Mission Profile.  These profiles should include all phases of product life including transit and storage.  They should also include lessons learned from similar product histories. 

Once these stressors have been identified, their criteria can be used for development of design specification.  These criteria are also used to develop a test master plan with relevant stress values to be used in robustness tests. 

CVG Strategy

Military and automotive applications require design and test methods that ensure ruggedness.  The development of a test and evaluation program that will verify a design and return significant data must be initiated at the concept stage of product development.  This is true when ruggedness is required of any product. 

CVG Strategy has experience in developmental test and evaluation for a wide variety of industries including military and automotive.  Because of this we understand looking beyond a test to pass perspective.  We can help develop a test program that will return meaningful data and verify a products ability to survive harsh environments.

Technical Data and Export Law – Canada and the U.S.

by
technical data and export law
technical data and export law

Technical Data and Export Law

Understanding what technical data is and how it pertains to export law is important for companies doing business in the U.S. and Canada.  Both countries have different requirements and regulations controlling how technical data is stored and transferred.  Additionally, these regulations are subject to change.

What is Technical Data?

Definitions under U.S. Law

Under the International Traffic in Arms Regulations (ITAR), technical data, which is defined in 22CFR 120.10(4), is information which is specifically required for the design and production of defense articles and services such as drawings, instructions, or other documentation. It also includes software that is directly related to defense articles.  

The Export Administration Regulations (EAR), which are administrated by the Department of Commerce, define controlled technical data as an export of technology that is required for the “development, production or use” of items on the Commerce Control List (CCL).  Under the EAR transfer of technical data is defined as a Deemed Export

Under both sets of U.S. export control regulations, transfer of technical data to a foreign nation or foreign persons will in most cases require an export license.

Definitions under Canadian Law

The Canadian Controlled Goods Program (CGP) defines technical data as Technical data is any information, such as blueprints, drawings, plans, computer software or technical documentation that could be developed or adapted for use in military or space equipment.

Canadian Export Regulations for Cloud Service Providers

Canada’s Controlled Goods Program, as of April of 2021, has placed requirements on cloud service providers that provide storage for controlled goods data. These cloud service providers must now be registered regardless of encryption protocols utilized.

Registrants that currently store data on unauthorized servers outside of Canada are required to remove all controlled goods data from the foreign service and move that data to local secure servers or cloud service providers registered in the Controlled Goods Program.

Differences in Canadian and U.S. Requirements

These cloud service requirements contrast with the Directorate of Defense Trade Controls (DDTC) interim final ruling, released on December of 2019, concerning transmissions or storage of unclassified technical data which is controlled for export under (ITAR).

The current ITAR requirements (§ 120.54) allow for storage of unclassified ITAR technical data on foreign servers if end to end encryption compliant with the U.S. National Institute of Standards and Technology (NIST) requirements.

This variance in requirements places increased complexity in compliance programs for organizations that conduct business in both Canada and the United States.

Protection of Technical Information

Both the U.S. and Canada are actively engaged in securing access to export controlled information to protect their national security interests.

In the United States protecting Controlled Unclassified Information (CUI) has been a priority for the Department of Defense (DOD) for many years now. DoD contractor CMMC requirements have been in development since 2015 in an on going effort to safeguard Controlled Unclassified Information (CUI).  

In 2020 the Defense Acquisition Federal Regulation Supplement (DFARS), mandated that private DoD Contractors adopt cybersecurity standards according to the NIST SP 800-171 cybersecurity framework as an interim measure until the Cybersecurity Maturity Model Certification (CMMC) is finalized.

CVG Strategy

CVG Strategy is a consultancy dedicated to assisting businesses navigate increasing requirements for export compliance and information security.

Export Compliance Expertise

Navigating international import and export laws can be extremely challenging for organizations. This is especially the case for those whose products are defense related. CVG Strategy export compliance experts have over a decade of experience in assisting businesses establish and maintain export compliance programs.

CVG Strategy has helped companies comply with both U.S. and Canadian regulations.  We can answer your export compliance questions to keep your organization in compliance to regulations. We can also provide essential training to ensure that your team is up to date on ever changing export laws. 

Cybersecurity Expertise

CVG Strategy is committed to helping businesses protect the United State’s controlled unclassified information by helping them establish effective cybersecurity programs.  We know that viable solutions include all stakeholders in an enterprise.  They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.

CVG Strategy provides cybersecurity consulting and training for large and small organizations.  Our experts can tailor a program using risk management process to identify information assets and interested parties.   We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.

 

ISO 9001 Business Management Beyond Quality

by
iso-9001 business management
iso-9001 business management

ISO 9001 provides tools for business management beyond the scope of product quality.  Incorporating these tools can help an organization effectively and consistently manage specific issues and requirements strategically.  Furthermore, because ISO 9001:2015 requires involvement from top management and relevant stakeholders, it ensures that these issues will be addressed comprehensively. 

Context of the Organization

“Context of the Organization”, Clause 4 of ISO 9001:2015, provides a means of encompassing wider business planning activities into a Quality Management System (QMS).  This clause places requirements to ascertain, monitor and review both internal and external issues that are relevant to an organization’s specific purpose and strategic direction.  The importance of these various factors should be assessed through risk management.

External issues can include an array of concerns including legal, financial, social, regulatory and cultural factors.  By identifying these issues when creating a quality program by they can be addressed in a process approach that provides continual improvement.

ISO 9001 Business Management Opportunities

Export Compliance

Organizations providing products and services are subject to a number of export regulations.  For exporters in the United States these include the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR).  These laws prevent export of controlled items to hostile entities.  With regards to the ITAR, these include the export of defense related materials.

Violation of export compliance can result in fines, imprisonment, and export debarment (organization not allowed to export).  Therefore, export compliance is an important external factor that can be addressed through ISO 9001 business management policies, processes, and procedures.  Once these have been implemented they can be monitored so that corrective actions can be taken to prevent violations.

Product Design Protocols

Many industries are faced with specific design protocols requirements.  These requirements can involve inputs from customers, engineering, government procurement agencies, sales, and upper management.  Such is the case for product developers that must meet standard requirements under MIL-STD-810.

MIL-STD-810H establishes distinct processes for conducting a Whole Life Assessment (WLA) of a product under development.  This process is to be initiated at the product concept phase. 

Proper implementation of these processes allows for identification of relevant environmental stressors likely to be encountered in the product’s life cycle.  These include development of a Life Cycle Environmental Profile and an Environmental Issues/Criteria List. Once these assessments have been conducted, design specifications and testing requirements can be created. 

These processes can be incorporated into a quality management system to that is initiated at the concept phase of development.  These processes should include all stakeholders to ensure that a complete WLA is conducted. 

Implementing ISO 9001 for Your Organization

Achieving the highest possible return on investment is important, regardless of which quality management systems standard you organization implements.  Taking advantage of all the features of that standard requires an understanding of Quality Management Systems and the growing number of requirements businesses face in their specific sectors.

Effective management of these requirements in a single program can create a more productive and efficient organization that consistently improve its performance and stay in compliance of regulations.

CVG Strategy Quality Management Expertise

Our Exemplar Global and Probitas Certified Quality Experts provide quality consultation in the Quality and Inspection disciplines to customers across North America.  Our quality strategy allows clients new to Quality Management Systems to rapidly implement a tailored system. 

We have assisted customers in implementing business management opportunities into their quality management systems by coupling our QMS expertise with our extensive experience in export compliance and product test and evaluation.  This allows to readily deliver compliant procedures and work instructions.