Apple iCloud Full Encryption News Should Raise Concerns

apple icloud full encryption
apple icloud full encryption

Apple Drops Plans for iCloud Full Encryption

As reported by Reuters on January 22, 2020, Apple has dropped plans for full encryption of the iCloud for iPhone users.  This was in response to complaints by the FBI that such encryption would harm investigations.  Certainly the need for the availability of data by law enforcement agencies in cases such as the Saudi Air Force officer who killed three people in Pensacola, Florida, can be argued to be valid.  It should however, raise larger questions as to the total security of cloud based computing and the efficacy of using it for businesses.

Cloud Computing and Businesses

Cloud computing is experiencing tremendous growth in the business sector.  On the face of it, there are many advantages to cloud computing for businesses.  It is a scalable solution that meet a company’s growth, it offloads requirements for back up and disaster recovery, and it improves document control.  That however involves some serious consequences.

Business Cybersecurity

A business’s data is priceless.  When you offload the responsibility for maintaining the security of that data you cannot be certain your best interests are being met.  Ask yourself this. How often do you ask somebody to hold your wallet or pocketbook?  You have no real way of determining security of your data because there is no standard of protection for cloud service providers.

You are also handing over incident mitigation to another party.  In the all too likely event of a data breach, or denial of service, or other cyberattack, a company will have little flexibility to respond to the incident.

Another major concern is the loss of control over users of data inside a company.  Once an employee has access to data in a cloud based system it is impossible to monitor and control how that data is being used.  This is of even greater concern to companies that must operate in compliance to information security regulations.  Examples of such regulations include International Traffic in Arms Regulations (ITAR), and Health Insurance Portability and Accountability Act (HIPAA) where such loss of control can lead to non-compliance which has serious repercussions.

Business Data Security is Important

Maintaining the security of a business’s data is a primary concern in today’s world.  This requires that those that are serious about cybersecurity take the long view and not follow the pack.  Asking the hard questions may bring answers that make seemingly convenient choices far less than appropriate.  Having a comprehensive program to address these concerns such as an Information Security Management System (ISMS) is often the best solution.  CVG Strategy can help you establish and maintain a viable solution for your data security.

 

 

 

ITAR Training Seminars Online

Picture depicting Aeroplane, Truck and Ship

VIERA, FL USA – Jan 05, 2020 – CVG Strategy, a trusted name in ITAR and Export Compliance consulting and training announces new ITAR Training Seminars for 2020.  CVG Strategy has been providing ITAR training seminars now for over 6 years and is adding more online web based training seminars.

CVG Strategy is hosting several ITAR Training Seminars in 2020 that are available to the public and will be led by CVG Strategy’s Senior ITAR Training Manager, Kevin M. Gholston.

January 23, 2020         February 20, 2020          March 19, 2020          May 7, 2020

With ISO 9001:2015 and the new “Context of the Organization,” external regulatory requirements such as ITAR are becoming more prominent in a quality management system (QMS).  Combined with the Risk Based Thinking concept, organizations need to be aware of what auditors will be asking about ITAR/export compliance and how it affects their organization.  CVG Strategy can provide implementation, training and support for clients needing an export compliance program.

“We’ve had great success in helping companies with ITAR training and export compliance consulting,” said Cindy V. Gholston, President of CVG Strategy. “With the enhanced focus on external regulations in the new ISO 9001:2015 and AS9100D it’s important to incorporate export compliance as part of their QMS.  That is what these ITAR Training Seminars are all about.”

CVG Strategy’s ITAR and Export Compliance Program conforms with the guidelines from the Department of State’s Guidelines and the Department of Commerce’s Elements.  For ease of implementation, CVG Strategy’s ITAR Compliance Program combines these requirements into one policy and set of procedures to protect a company from possible violations.

***

About CVG Strategy

CVG Strategy is a certified 8(a) minority woman-owned consultancy located on the Space Coast of Florida, just south of Cape Canaveral.  Areas of focus include ITAR, Product Qualification Testing, Business Operations and ISO 9001:2015 training and consulting services.  For more information, please visit CVG Strategy’s website: www.cvgstrategy.com.

ITAR Definitions Changes for 2020

ITAR definitions

Changes in ITAR Definitions

The U.S. State Department has made changes in important definitions of what constitutes an export under the International Trade in Arms Regulations (ITAR).  These changes are due to take effect on March 25, 2020 and will effect the manner in which companies with ITAR classification must conduct business.  These definitions concern what activities are deemed exports, reexports, retransfers, or temporary imports.  Additionally a new definition has been created concerning “Access Information”.

ITAR definitions

Five Key Changes

Under § 120.54, five new provisions have been made for activities that do not require authorization from the Department of State.  These provisions are as follows:

  1. Items launched into space are now not deemed a controlled event.  A controlled event is defined as an export, reexport, retransfer, or temporary import.
  2. It is not deemed a controlled event to transfer technical data to a U.S. Person within the United States from a person in the United States.
  3. The third provision was added as a result of public comments to proposed rule changes in 2015.  It states that transmissions or other transfers of technical data between and among only U.S. Persons in the same foreign country will not be deemed a reexport provided they do not provide that information to a Foreign Person or a person otherwise prohibited from receipt of such information.
  4. It is now not a controlled event to move a defense article between states, possessions, or territories of the United States.
  5. It is now not deemed a controlled event to send, take, or store technical data when it is appropriately end to end encrypted.  Encryption must be executed in a manner that is certified by The U.S. National Institute for Standards and Technology (NIST), or must exceed a 128-bit security strength.

Definition of Access Information

The Department of Stated has added § 120.55 to define “access information.”  Access Information is defined as methods of unlocking data security parameters.  These would include decryption keys, network access codes, and passwords.  It is important to note that an authorization for release of technical data is required through access information to the same extent as other provisions of data transfer under ITAR,

Definition of Release

Clarifications as to what constitutes a release of technical data have been provided as well.  These controlled events which require authorization include the aforementioned access information.  The definition of release include:

  • The release of access information to cause or enable a foreign person to have access to controlled data.
  • To use access information in a foreign country in a manner that would cause technical data to be in an unencrypted form, including when these actions are performed by a U.S Person abroad.  There is an exemption however, in ITAR § 125.4(b)(9) that allows most U.S. Persons abroad to release technical data to themselves or over their employer’s virtual private network.

CVG Strategy

Our ITAR experts can guide you through the changing requirements of ITAR to keep your company compliant.  We offer a wide array of services to help you keep on track with this important legislation.

%MCEPASTEBIN%

Voluntary Self Disclosure and Export Regulations

Voluntary Self Disclosure

Do you need to file a Voluntary Self Disclosure?

Many companies face the challenge of whether or not they need to file a Voluntary Self Disclosure when they recognize a violation of US Export Law at their company.  Violations of US Export Law for the Export Administration Regulations (EAR) and International Trade in Arms Regulations (ITAR) can often occur without malfeasance.  The ITAR is regulated by the Directorate of Defense Trade Controls or DDTC, the EAR is regulated by the Bureau of Industry and Security.  Most violations involve an improper export of a controlled item.  It is important to realize however that information conveyed in an email or phone conversation to a non-U.S. person can fall under this classification.  It is therefore easy to see how potential violations can occur.

In such cases it is appropriate to file a Voluntary Self Disclosure (VSD) of any significant potential of regulatory violation.  Such a filing will help mitigate potential damage to your company and in most cases results in the avoidance of fines, penalties, and negative exposure.

It is important to realize however, that the Voluntary Self Disclosure is the first step in addressing the potential violation.   Follow up measures must be taken to address the occurrence and organizational steps taken to prevent any subsequent similar violations.  This can involve any number of administrative actions but must include training to ensure future compliance.  Failure to implement these steps can lead to penalties from the enforcement agency involved.  These penalties can occur years after the initial incident if there is a recurrence of the violation and it is found that sufficient action was not taken.

To be certain, compliance to export law as relates to EAR, ITAR can be a challenge for any organization.  Development of a program tailored to the needs of your company is important in protecting its reputation and ability to conduct business.  This program must include relevant and regular training to maintain organizational rigor and scheduled assessments to ensure that the compliance program is in sync with the dynamics of an organization’s evolution.

A voluntary self disclosure can be painless, as long as it is honest and the company filing it takes action to prevent its reoccurrence.  This action would likely include a formal written ITAR compliance program, training, processes to control restricted items and data from foreign persons and licensing when required by US export law.  It is recommended that when a company files a VSD, that you ensure that all the documentation is prepared properly and in compliance with the requirements of the EAR or ITAR.

The CVG Strategy team has over 20 years of experience in U.S. export controls.  We can help you develop an ITAR Compliance Program appropriate to your organizations requirements and provide training to prevent occurrences that could lead to violations and the need to file VSDs.  We also have the experience to assist in guidance when unforeseen incidents do occur to develop strategies to prevent future violations.  CVG Strategy has filed dozens of Voluntary Self Disclosures in the past decade and is well equipped to help you, if your company needs to file.

US Person and Foreign Person Definitions

us person definition

VIERA, FL USA – December 8, 2018 – CVG Strategy, a trusted name in ITAR and Export Compliance consulting and training announces its release of detailed US Person Definition and Foreign Person Definition for use by ITAR Compliance Executives.  CVG Strategy, a provider of ITAR training seminars, consulting and training for over 8 years and has added detailed definitions for US Person Definition and Foreign Person Definition on its website.

Many companies struggle to apply the legal and regulatory definitions published by the Department of State’s Directorate of Defense Trade Controls (DDTC) and the Department of Commerce’s Bureau of Industry and Security (BIS).  In order to support its customers, CVG Strategy has prepared a special white paper that not only contains a practical explanation of these important designations, but it also gives examples of types of identification to be used to verify an employee or visitor’s status.

Also, this week CVG Strategy announces additional ITAR Compliance Training Seminars that are available to the public and led by CVG Strategy’s Senior ITAR Training Manager, Kevin M. Gholston.

December 12, 2018                January 17, 2019        February 14, 2019

With ISO 9001:2015 and its “Context of the Organization,” external regulatory requirements such as ITAR are becoming more prominent in a quality management system (QMS).  Combined with the Risk Based Thinking concept, organizations need to be aware of what auditors will be asking about ITAR/export compliance and how it affects their organization.  CVG Strategy can provide implementation, training and support for clients needing an export compliance program.

us person definition“We’ve had great success in helping companies with ITAR training and export compliance consulting,” said Cindy V. Gholston, President of CVG Strategy. “With the enhanced focus on external regulations in the new ISO 9001:2015 and AS9100D it’s important to incorporate export compliance as part of their QMS.”

CVG Strategy’s ITAR and Export Compliance Program conforms with the Department of State’s Guidelines and the Department of Commerce’s Elements.  For ease of implementation, CVG Strategy’s ITAR Training Program combines these requirements into one policy and set of procedures to protect a company from possible violations.

***

About CVG Strategy

CVG Strategy is a certified 8(a) minority woman-owned consultancy located on the Space Coast of Florida, just south of Cape Canaveral.  Areas of focus include ITAR, Product Qualification Testing, Business Operations and Quality training and consulting services.

For more information, please visit CVG Strategy’s website: www.cvgstrategy.com.

CVG Strategy Fall 2018 ITAR Training Seminars

ITAR Training Seminars

CVG Strategy Announces Fall ITAR Training Seminars

VIERA, FL USA – August 17, 2018 – CVG Strategy, a trusted name in ITAR and Export Compliance consulting and training announces new ITAR Training Seminars for Fall 2018.  CVG Strategy has been providing ITAR training seminars now for over 8 years and is adding more online web-based training seminars.

CVG Strategy is hosting several ITAR Compliance Training Seminars in 2018 that are available to the public and led by CVG Strategy’s Senior ITAR Training Manager, Kevin M. Gholston.

September 18, 2018                  October 16, 2018                 November 15, 2018

With ISO 9001:2015 and the new “Context of the Organization,” external regulatory requirements such as ITAR are becoming more prominent in a quality management system (QMS).  Combined with the Risk Based Thinking concept, organizations need to be aware of what auditors will be asking about ITAR/export compliance and how it affects their organization.  CVG Strategy can provide implementation, training and support for clients needing an export compliance program.

“We’ve had great success in helping companies with ITAR training and export compliance consulting,” said Cindy V. Gholston, President of CVG Strategy. “With the enhanced focus on external regulations in the new ISO 9001:2015 and AS9100D it’s important to incorporate export compliance as part of their QMS.”

CVG Strategy’s ITAR and Export Compliance Program conforms with the guidelines from the Department of State’s Guidelines and the Department of Commerce’s Elements.  For ease of implementation, CVG Strategy’s ITAR Training Program combines these requirements into one policy and set of procedures to protect a company from possible violations.

***

About CVG Strategy

CVG Strategy is a certified 8(a) minority woman-owned consultancy located on the Space Coast of Florida, just south of Cape Canaveral.  Areas of focus include ITAR, Product Qualification Testing, Business Operations and Quality training and consulting services.

For more information, please visit CVG Strategy’s website: www.cvgstrategy.com.

Using Your QMS For Your Company

Using your QMS

Using Your QMS for your company, this is critical to it being effective!

Please remember that your Quality Management System should be designed to improve your processes and improve the satisfaction of your customers.  It is up to your management team and senior leadership to identify the strategic direction of your company and align the QMS to meet the goals that you need to achieve to move your company forward.  Your certification body quality auditors are there to identify problems, and they may identify some opportunities for improvement, but the QMS is not there to satisfy them.  Using your QMS must suit your needs, make sure it works!

If you are looking for more guidance on how you should be using your QMS in a more profitable manner, there is a guidance standard: ISO 10014 – Quality management — Guidelines for realizing financial and economic benefits, which is available to help you with improving the return on investment for your ISO 9001 implementation.  So, when you are addressing the requirements of ISO 9001:2015, think about each element of your Quality Management System as you implement each process and determine how you can use this process to become more profitable.  You will quickly find that if you are using your QMS with business profitability in mind, there are many more elements of the interrelated processes that work toward better profitability besides the four main processes – you just need to find and capitalize on them.

“What’s in it for me?” is not an unreasonable question for anyone to ask, especially if you are going to ask them to spend money.   If you want your business to invest in a Quality Management System (QMS) such as ISO 9001:2015 you should have some idea of what it is going to cost you and how much you will get back for your investment.

ISO 10014 Quality Management Guidelines for realizing financial and economic benefits

It provides guidelines for achieving financial and economic benefits from using your QMS with the Eight ISO 9000 Quality Management Principles:

  1. Customer focus
  2. Leadership
  3. Involvement of people
  4. Process approach
  5. System approach to management
  6. Continual improvement
  7. Factual approach to decision making
  8. Mutually beneficial supplier relationships

Like ISO 9001, ISO 10014 requires the involvement of top management and works in conjunction with ISO 9004 for performance improvements. It provides examples of achievable benefits and outlines tools to realize them.   Using your QMS with a PDCA based improvement cycle can help employees better utilize the system.  The PDCA diagram should display each quality management principle that lists activities for each Plan-Do-Check-Act stage.  The eight examples (listed above) provide outputs for each QMS principle which provide benefits to the organization.

USING YOUR QMS
PDCA Cycle

Economic benefit – Improved processes usually result in better resource management, improved customer relationships, and the overall worth of an organization.

Financial benefit – A direct result of organizational improvement expressed in financial terms and realized by cost-effective management practices.

CVG Strategy Experts

Our Exemplar Global Lead Auditor Consultants can help you with implementing a quality management system, which will include a risks and opportunities procedure.  CVG Strategy has prepared, trained and implemented quality management systems for manufacturing companies in the past 10 years.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Product Test and Evaluation.  For any additional questions, please contact us now!

Corrective Actions – Make them Work For You

Corrective Action Check Mark Box Fix Problem Repair 3d Render Illustration

 Corrective Actions provide Opportunities for Improvement!

One of the most overlooked areas of the QMS for increasing profitability is to implement a process to control corrective actions. Some business leaders see this process as unnecessarily complicated and time consuming, but this is often because it is excessively used on small problems that do not need a full root cause analysis and complex correction procedure. It is worth a second look at how you can make a corrective actions system work to help you find improvements.

If you could take your biggest operational issues, identify the root cause of those problems, and then find a way to make sure the problem does not happen again – think about the cost savings you could realize.  By making sure that a corrective actions process is focused on finding real solutions to the problems that cost you money, and effectively addressing those problems so that they do not happen again, you can find the cost savings and profitability you want from your QMS.

Corrective actions are reactive – something has gone wrong and these are the actions taken to deal with the problem.  Non-conformances are resolved through corrective actions.  This will include the immediate corrective actions you take to keep your customer happy, e.g. you sent the wrong part and will immediately replace it with the correct part.  However, ‘dealing with it’ for ISO 9001 means that you eliminate the problem and make sure it will not happen again.  So the corrective actions you take will also include the longer term actions you take to make sure the problem will not occur again.

The problem might be identified in processes, materials, suppliers, the product, the service, the workplace, or the management system itself.

You might find opportunities for corrective actions through:

  • audits (internal and external)
  • consulting with staff
  • customer feedback
  • hazard reporting
  • inspections – workplace opportunities
  • investigating complaints
  • resolving non-conforming products or services
  • reviewing system failures
  • reviewing regulatory requirements
  • testing, inspecting, and monitoring of plant and equipment

CVG Strategy Experts

Our Exemplar Global Lead Auditor Consultants can help you with implementing a quality management system, which will include a risks and opportunities procedure.  CVG Strategy has prepared, trained and implemented quality management systems for manufacturing companies in the past 10 years.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Product Test and Evaluation.  For any additional questions, please contact us now!

Opportunities for Improvement – Internal Audits

Opportunities for Improvement

Opportunities for Improvement are tied to effective Internal Audits and Management Review.

Companies must strive to identify Opportunities for Improvement in many ways, the biggest opportunity is through its Internal Audit with a critical review in the subsequent Management Review meeting.  Many in management view their internal audit program as a waste of resources that simply takes up the time of employees who would be better spent doing their jobs.  Nothing could be less far from the truth, if the internal audit program is used properly.  The idea of your internal audits is to have an objective and impartial person look at the outputs of the processes to ensure that these processes are meeting the planned arrangements that were set out for the process. The audits also provide information on the effective implementation and maintenance of the QMS.

By taking the opportunity to take an impartial look at a process, your internal auditors can identify problems that could go unnoticed during day-to-day activities.  In addition, they will be able to identify issues with the linkages between processes that can cause inefficiency and identify opportunities to improve the overall effectiveness of the QMS.   Evaluating and taking action on improvement opportunities makes your company better and can lead to cost savings and better profitability.

Opportunities for improvement exist in every company, in every job, in every workflow. Organizations that recognize this fact and engage their entire workforce in identifying those opportunities work to create a culture of continuous improvement. By engaging front-line workers in improvement efforts, organizations are able to improve on a more granular level than is visible to managers and senior leaders.

Whether they are part of top-down initiatives or bottom-up daily improvement, it’s important that each be accelerated through the improvement cycle as quickly as possible.  In this way, successful organizations are able to sustain momentum and increase engagement in continuous improvement.

CVG Strategy Experts

Our Exemplar Global Lead Auditor Consultants can help you with implementing a quality management system, which will include a risks and opportunities procedure.  CVG Strategy has prepared, trained and implemented quality management systems for manufacturing companies in the past 10 years.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Product Test and Evaluation.  For any additional questions, please contact us now!

Quality Objectives – Use to Drive Improvements

Quality Objectives

Quality Objectives must be established for your QMS and be measurable and reasonable for your company.

The use of quality objectives to drive improvement is not new to the ISO 9001:2015 requirements.  Quality objectives, which are one of the best ways to focus the improvement activities within your company, have been included in the QMS since the ISO 9001 update that happened in 2000.  These objectives are your way of identifying what aspects of quality management and customer satisfaction you have chosen as your main improvement aims, with reasonable and timely targets, so that you can make plans to make these improvements and move your company strategy forward.

Quality Objectives – Details

The quality objectives are the main method used by companies to focus the goal(s) from the Quality Policy into plans for improvement. The Quality Policy is created with the Customer Requirements in mind, then quality objectives are linked back to the Customer Requirements through the Quality Policy.  Quality objectives take the goal(s) stated in the Quality Policy and turned these into statements for improvement against which plans can be made.

For example, if the Quality Policy of an aerospace manufacturer had identified a customer need for just-in-time delivery with no defects as the most important requirements, the goal from the Quality Policy might read: “To deliver whatchamacallits to our customers when they need them, with no defects, every time.”  This company might then have two Quality Objectives: the first being to address improvement of on-time delivery, and the second to address defective parts shipped to the customer.  The first objective might be: “to improve on-time delivery from 90% to 95% within the next year” and the second could be: “to reduce field escapes to the customer from 4% to 3% within the next year”.  In doing so, the improvement derived from the Quality Objectives is directly linked to the needs of the customer.

These quality objectives would then be communicated to each level of the organization with corresponding quality objectives and plans at each level to help meet the overall planned goal.  If your company uses a Balanced Scorecard, this is a good format to use for this communication of quality objectives.

The quality objectives need to be set for the different levels of the organization right down to objectives for the product (e.g. one objective for the whole QMS, then individual objectives for the product or process that supports the overall objective). These product or process objectives are often referred to as Key Performance Indicators (or KPIs).  By utilizing the KPIs that the company has identified as the important indicators that the processes are functioning well the overall QMS quality objectives for improvement become much easier to measure.

CVG Strategy Experts

Our Exemplar Global Lead Auditor Consultants can help you with implementing a quality management system, which will include a risks and opportunities procedure.  CVG Strategy has prepared, trained and implemented quality management systems for manufacturing companies in the past 10 years.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Product Test and Evaluation.  For any additional questions, please contact us now!

Risks and Opportunities – Making Plans to Address

Diagram showing risks and opportunities

Risks and Opportunities are managed on a daily basis at every company.

Everyone evaluates risks and opportunities every time they make a decision.  It is all about weighing the probability of a positive outcome versus the impact or cost of a negative outcome from an action taken.

An addition to the ISO 9001:2015 requirements, compared to previous versions of ISO 9001, is to understand and take action to address the risks and opportunities for your QMS.  This can be done however you want, and many companies will perform a SWOT analysis as a way to identify business strengths and weaknesses, but the important factor in realizing profit is deciding what actions you will take.  A SWOT or Strengths, Weaknesses,

By identifying the risks and opportunities that are applicable to your company, and deciding what actions you will take, if any, to address these, you will be able to find ways to limit the negative impacts of potential problems and also capitalize on the opportunities that can lead you into new sales markets or product lines. Properly acting on risks and opportunities can realize great profit for your company and help resolve a fundamental requirement in ISO 9001:2015 for “risk based thinking”.

Risks and Opportunities play a role in continual improvement and should be “plugged in” to your regular improvement processes where specifically enumerated in the ISO 9001:2015 standard.  Prior to approving and implementing a quality plan, corrective action, non-conformance, design and development plan are all areas that require “risk based thinking”.  These quality processes (and more) are required and used by most companies who apply a formal and organized risks and opportunities procedure.

CVG Strategy Experts

Our Exemplar Global Lead Auditor Consultants can help you with implementing a quality management system, which will include a risks and opportunities procedure.  CVG Strategy has prepared, trained and implemented quality management systems for manufacturing companies in the past 10 years.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Product Test and Evaluation.  For any additional questions, please contact us now!

ITAR Export Compliance Regulations

Export Compliance Training

ITAR  Export Compliance is an important set of regulations and laws that apply to every business both in America and all over the world, according to the U.S. Government.

ITAR Export Compliance regulations are always available from CVG Strategy.

ATF, Customs, EAR, OFAC, FTR, HTSUS & ITAR Export Compliance Current documentation links

[hr]

ATF ARMS IMPORT REGULATIONS: 27 CFR Part 447-Importation of Arms, Ammunition, and Implements of WarITAR Export Compliance

  • Last Amendment: 15 Jan 2016: 81 FR 2657-2723: Machineguns, Destructive Devices and Certain Other Firearms; Background Checks for Responsible Persons of a Trust or Legal Entity With Respect To Making or Transferring a Firearm

CUSTOMS REGULATIONS: 19 CFR, Ch. 1, Pts. 0-192

  • Last Amendment: 27 Jan 2017: 82 FR 8589-8590: Delay of Effective Date for Importations of Certain Vehicles and Engines Subject to Federal Antipollution Emission Standards; and 82 FR 8590: Delay of Effective Date for Toxic Substance Control Act Chemical Substance Import Certification Process Revisions

DOD NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL (NISPOM): DoD 5220.22-M

  • Last Amendment: 18 May 2016: Change 2: Implement an insider threat program; reporting requirements for Cleared Defense Contractors; alignment with Federal standards for classified information systems; incorporated and canceled Supp. 1 to the NISPOM.

EXPORT ADMINISTRATION REGULATIONS (EAR): 15 CFR Subtit. B, Ch. VII, Pts. 730-774

  • Last Amendment: 18 Apr 2017: 82 FR 18217-18220: Revision to an Entry on the Entity List)

FOREIGN ASSETS CONTROL REGULATIONS (OFAC FACR): 31 CFR, Parts 500-599, Embargoes, Sanctions, Executive Orders

  • Last Amendment: 10 Feb 2017: 82 FR 10434-10440: Inflation Adjustment of Civil Monetary Penalties

FOREIGN TRADE REGULATIONS (FTR): 15 CFR Part 30

  • Last Amendment: 15 May 2015: 80 FR 27853-27854: Foreign Trade Regulations (FTR): Reinstatement of Exemptions Related to Temporary Exports, Carnets, and Shipments Under a Temporary Import Bond
  • HTS codes that are not valid for AES are available FTR.

HARMONIZED TARIFF SCHEDULE OF THE UNITED STATES (HTS, HTSA or HTSUSA)

  • 1 Jan 2017: 19 USC 1202 Annex. (“HTS” and “HTSA” are often seen as abbreviations for the Harmonized Tariff Schedule of the United States Annotated, shortened versions of “HTSUSA”.)
  • Last Amendment: 26 Apr 2017: Harmonized System Update 1703, containing 2,512 ABI records and 395 harmonized tariff records.

FOREIGN TRADE REGULATIONS (FTR): 15 CFR Part 30

  • Last Amendment: 19 Apr 2017: 82 FR 18383-18393: Foreign Trade Regulations: Clarification on Filing Requirements

INTERNATIONAL TRAFFIC IN ARMS REGULATIONS (ITAR): 22 C.F.R. Ch. I, Subch. M, Pts. 120-130

  •  Latest Amendment: 11 Jan 2017: 82 FR 3168-3170: 2017 Civil Monetary Penalties Inflationary Adjustment

CVG Strategy has specialists who can help you navigate these ITAR Export Compliance Regulations.

Context of the Organization and ITAR Compliance

Context of the organization

Context of the organization and ITAR Compliance utilizes this new requirement in ISO 9001:2015 for companies to conform to the ITAR.  As the subsequent updates to other ISO Standards are released this will be integral to all new Quality Management Systems.  It is about stating how an organization must consider both the internal and external issues that can impact its strategic objectives and the planning of its QMS. It pretty much changes the concept and application of clause 4, and requirements regarding the context of the organization do sound a little bit vague, so what does this clause actually require?

Context of the Organization and ITAR Compliance
Context of the organization – Navigate

Clause 4 of ISO 9001:2015 Context of the organization and ITAR Compliance requires the organization to evaluate itself and its context with regards to ITAR as an External Factor. This means that you need to define influences of various elements on the organization and how they reflect on the QMS, the company’s culture, objectives and goals, complexity of products, flow of processes and information, size of the organization, markets, customers, etc. It is also a means to detect risks and opportunities regarding the business context.

If your company manufactures or provides services that are classified as restricted under the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR) consideration for compliance must be included.  Registrars are becoming more aware in the past few years of how U.S. Government Regulatory compliance impacts companies and their operations.  And, they are starting to issue derogatory findings for companies that explicitly ignore the ITAR or EAR in their QMS, when they clearly are providing products or services that should be controlled.

Context of the Organization is all about the external and internal factors that will guide the company and its pursuit of risk mitigation through its commitment to continuous improvement.  The Context of the Organization and ITAR Compliance is the lens that companies need to view their commitment to ITAR and EAR Compliance.

Consultants can help you with understanding how to implement this.  We do recommend that your work with a consultant who is fluent in the ITAR and EAR and is experienced in Quality Management Systems such as ISO 9001:2015, ISO 13485:2016 and AS9100D.  Our experts are Exemplar Global Certified Lead Auditors in these areas as well as certified through ECTI as Export Compliance Professionals.

AS9100D Release announced for October 2016

AS9100D release

The new AS9100D Release (2016) has been announced by the International Aerospace Quality Group (IAQG) to be published in October 2016 as opposed to the previously announced 2nd quarter 2016 date.

AS9100d release is expected with the new AS9101 and AS9110 standards out in November 2016, and with AS9120 in December 2016.  They are making efforts to shorten the publication dates and publish concurrently as soon as possible. There was no explanation given for the delay with the AS9100D Release.

IAQG has agreed to align transition of the revised aerospace standards with the International Accreditation Forum’s (IAF) Resolution 2013-15, which requires transition to the ISO9001:2015 quality management system standard no later than September 15, 2018.  This same date will be applicable to all AS9100C certifications.

The purpose of the AS9100D release is to standardize quality management system requirements which can be utilized at all levels of the supply chain by aviation, space and defense organizations around the world.

KEY CHANGES INCLUDE:

  • High level structure (HLS)
  • Terminology
  • Risk-based thinking
  • Process approach strengthened and more explicit with integration of the QMS into organization’s business processes
  • Concept of preventive action now addressed throughout the standard by risk identification and mitigation
  • Emphasis on change management
  • Introduction of knowledge management
  • Clearer understanding of the organization’s context
  • Aligning QMS policy and objectives with the strategy of the organization
  • Explicit performance evaluation requirements
  • Greater flexibility with documentation
  • More compatible with services

AREAS OF FOCUS

  • Configuration Management: Clause clarified and improved considerably to address stakeholder needs.
  • Counterfeit Parts: Enhanced in carefully select areas while successfully limiting new requirements.
  • Design Development and Supplier Management: Gap Analysis complete – ISO text has been added back in to meet the IAQG needs
  • Human Factors: Added as a consideration in the Nonconformity/Correction Action Clause.
  • Management Representative: Requirement added back in for Management Representative QMS oversight.
  • Post Delivery Support: Merged current 9100 requirements with the new ISO requirements.
  • Preventive Action: Current clause requirements absorbed into Risk, Opportunities and Nonconformance.
  • Product Realization & Planning: Clarified and enhanced planning throughout the standard.
  • Product Safety: Added in carefully selected areas with consideration of current 9110 requirements.
  • Project Management: Combined with Operation Planning clause to address user interpretation issues.
  • Quality Manual: Note added pointing to the requirements that typically make up a Quality Manual
  • Risk: Merged with current 9100 requirements with the new ISO requirements.
  • CVG Strategy will release more information about the transition and timeline as it becomes available along with scheduled dates for AS9100D release training. The latest information will also be posted on our blog.

Certified companies with AS9100C will need to upgrade to AS9100D from when their certification body can begin issuing certificates (sometime late in 2016) through June 14, 2018. This should typically coincide with a scheduled surveillance or recertification audit. A special audit can also be scheduled and paid for. You should plan your upgrade based on this transition timing window and when your audit cycle falls.

CVG Strategy can help you with your transition to AS9100D release, contact us for more information.

Military Product Testing – It is important!

military product testing

When it comes to weapons and weapons systems it is highly important that these should also work in the heat of battle – verified by military product testing.

It is no good for our Warfighters if the US Military has spent many billions of dollars on military hardware and weapons systems if they fail to work, or stop working when a battle is raging on around the people trying to use the ineffective equipment.

Basically when weapons stop working then it puts the lives of US military personnel at serious risk. Whether it is a rifle too prone to jamming, a tank with defective armor, or a plane that cannot fire its missiles, the lives of forces personnel are been put in unnecessary extra danger. However such extra risks can be avoided by increased levels of product testing.

However these days firing guns, missiles, and rockets a few thousand times over on firing ranges and at still targets simply does not cut it in terms of effective product tests for the US military. Technology even more than basic mechanics or engineering is what makes modern weapons systems so effective and so destructive when they are operating as they should be. Computer hardware, software, and programs are what make the smart weapons of today work so well. For effective product testing the US military is best seeking the services of a MIL-STD-810 Military Product Testing Consultant.

Military Product Testing

A fully qualified MIL-STD-810 Product Testing Consultant, like the test engineers at CVG Strategy, will not only save the US military money, it keeps their personnel safer too. And they can help private industry keep their engineers focused on new products rather than sitting at a test lab.  These consultants are thorough in testing weapons systems and also the equipment designed to keep the pilots, sailors, and soldiers protected during battle.  Battlefield environments can be really hard to survive in, let alone fight in. Therefore the side that has the better protective equipment to go alongside superior firepower, and better weapons systems has the best chance of gaining victory. Modern service personnel have to be prepared to fight and win in harsh conditions that could include the use of biological, chemical, dirty, or nuclear weapons. Even if such weapons are not deployed US military personnel will have to fight in smoke, and potentially breath in lethal gases as tanks and other vehicles get destroyed and burn out.

The testing of protective equipment and gear is almost of equal importance as the testing of weapons to improve the prospects of surviving and eventually winning in battle. Protective suits and respirators aid survival when there is a great deal of pollution on the battlefield sometimes through the deliberate use of weapons, and sometimes as the consequences of weapons being destroyed in the fighting itself. Personnel can also put on armor and bullet proof vests to enhance their survival prospects.

Over all then it is a good thing for the US military to use the services of product testing consultants. Thoroughly testing both weapons systems and protective equipment will and does enhance the chances of the US military winning battles, and therefore wars.