MIL-STD-810 Low Pressure (Altitude) Testing

mil-std-810 low pressure
mil-std-810 low pressure

MIL-STD-810 Low Pressure (Altitude) testing is performed to evaluate equipment’s ability withstand exposures to low pressures.  These pressures may occur while the equipment is in storage, logistic transport, tactical transport, or actual operation.  This method (500.6) is one of twenty-nine laboratory environmental tests in the standard.

Low Pressure (Altitude) Procedures

The Low Pressure method is comprised of four testing procedures.  Dependent on requirements and the Life Cycle Environmental Profile (LCEP) of the equipment to be tested, one or more procedures can be performed.  

Procedure I – Storage/Air Transportation is in intended for equipment that will be transported by air or stored at high elevations.  For ground transport and storage, 15,000 ft. (4,572m) is the accepted maximum standard test altitude.  This same value is accepted as a standard pressure for pressurized aircraft altitude testing.

Procedure II – Operation/Air Carriage is to be performed to evaluate equipment in operational modes at low pressure.  The equipment is placed in an environmental chamber and brought to the desired pressure and temperature at which point tests are performed to ensure that the Unit Under Test (UUT) can perform as designed in all modes of operation.

Procedure III – Rapid Decompression is used to determine if rapid decreases could result in a rupture or other malfunction of the UUT that would cause potential harm to the aircraft in which it is being transported in or personnel in the area.  This test procedure starts with an initial chamber pressure of 8,000 ft. (2,438m) (10.9 psia or 75.2 kPa) and a final chamber pressure of 40,000 ft. (12,192m) (2.73 psia or 18.8 kPa).  The decompression between these two pressure levels is to be accomplished in not more than 15 seconds.

Procedure IV – Explosive Decompression is to be performed as Procedure III except that decompression time is 0.1 seconds.

MIL-STD-810 Requirements for Tailoring

Proper test and evaluation as defined in MIL-STD-810 Low Pressure (Altitude) requires tailoring.  This tailoring should consider a complete Whole Life Assessment of environmental stressors likely to be encountered by the materiel in question.  Obviously, these stresses will vary greatly dependent on the platform for which it is designed.  Equipment designed for the exterior of an aircraft will have very different LCEP than equipment designed for a ground vehicle engine compartment.

Once this study has been completed, appropriate test methods, procedure selections, and test parameters can be established and documented in a Test and Evaluation Master Plan (TEMP).  These parameters can then be used in the creation of a Detailed Environmental Test Plan (DETP).  The DETP should also contain functional and operational tests that are to be performed before, during, and after chamber testing.  

Detailed Environmental Test Plan Templates

CVG Strategy offers EZ Test Plan Templates for environmental (climatic/dynamic) and EMI/EMC testing documentation.  Our Detailed Environmental Test Plans (DETP)s are written as specified in MIL-STD-810 Task 405.  They are available for specific applications such as Ground Mobile, Ground Stationary, and Shipboard Controlled, Shipboard Uncontrolled, and Aircraft Military.

These DETPs include appropriate test methods, (such as MIL-STD-810 Low Pressure) addendums for product specific information, test labels for photo identification and data sheets for collection of required data. Profile (LCEP). 

Our Electromagnetic Interference Test Plans are written as specified in MIL-STD-461.  They contain the test methodology, addendums for product specific information, test labels for photo identification and data sheets.  These plans are available for procedures listed in MIL-STD-461 and are also available for MIL-STD-1275, MIL-STD-704, and MIL-STD-1399-300. 

Custom Test Plans are also available for applications not covered in the EZ Test Plan offerings.  These plans can be written for any number of applications and their relevant standards.

Put CVG Strategy’s Experience to Work for You

Companies of all sizes, from start up to established product developers, face challenges in product test and evaluation.  This can particularly be the case when a product is developed for a new market sector or expanding sales internationally.

Properly tested products prevent costly product recalls, product redesign, and product liability.  They maintain customer satisfaction and keep your company’s reputation in good standing.  Contact CVG Strategy to see how our testing services can assist your engineering team.

 

Vibration Test Fixtures – A Reason For Concern

vibration test fixtures
vibration test fixtures

The Importance of  Vibration Test Fixtures

For most projects, the design of vibration test fixtures is often left to the last minute.  Regardless of your industry, vibration testing is one of the most important tools in product test and evaluation.  A well designed fixture will provide ample rigidity to prevent resonances that can result in product over test.  It will help provide confidence that the vibration encountered by the unit under test is representative of the required spectrum.

Using you own

Using your own vibration test fixture as opposed to using one from a test facility has many benefits.  Fixtures laying around test labs are often drilled out and adapted for any number or customers’ immediate requirements.  If retesting is required, having your own fixture assures you of a more repeatable test regardless of the test facility you may use. 

The same fixtures can also be used for shock testing where rigidity and strength are requirements.  Using vibration test fixtures in environmental chamber tests for can facilitate proper orientation of equipment and prevent accidental damage to interconnected test items during removal from the chamber.

Designing your Fixture

Rigidity

Rigidity is the major consideration in vibration fixture design.  A microscopic deflection in any part of the fixture can result in alarming resonances and nulls.  Aluminum is an excellent material for vibration test fixtures as it provides the required rigidity while minimizing weight.  Consider the intended orientations of test items and provide mounting holes for test items so that they can be easily installed and removed. 

Weight

Weight is also a consideration when designing a fixture.  This is particularly the case if multiple units undertest are to be tested simultaneously.  Material selection can help reduce the overall weight requirements for the vibration table.  Aluminum is a good material for most fixtures. It is relatively inexpensive and is light as compared to steel.  It is easily worked and can be constructed to provide the required rigidity. 

Magnesium provides the best material for tensile strength to weight ratio.  It also has better dampening at high frequencies.  It is however, more costly and is not as easy to machine.  It is therefore usually reserved for high test performance requirements.

Computer Modeling

A well designed fixture will provide repeatable testing and provide the required excitation to the product being tested without resonances or nulls.  To accomplish this, computer modeling should be performed. These evaluations are will ensure that the fixture has a minimum of harmonic distortion over the bandwidth of planned testing.  

Validating your Fixture

Before using your vibration fixture in testing it is beneficial to perform a resonance scan  to check for any unwanted responses.  This is accomplished by attaching multiple accelerometers to the fixture, and sending low-level random signals that cover the frequency range of your intended test.

CVG Strategy Experts

CVG Strategy engineers can design and build vibration fixtures to meet you specific test requirements.  We have decades of experience in vibration and shock testing.  Let our expertise keep your test program on schedule by letting us assist you with your test and evaluation needs.

Our experts at CVG Strategy have extensive experience in Climatic/Dynamic and EMI/EMC testing for a number of industries and products, both military and commercial.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including development of Test Plans, Test Procedures, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Product Ruggedness and Water Test Methods

product ruggedness and water
product ruggedness and water

Water is a Major Concern in Product Ruggedness Testing

Water is part of many test methods when evaluating product ruggedness. We live in a world that is predominated by the substance, and its effects on products for any application are severe. Because of this, products must be evaluated for their abilities to endure exposure to water as a solid, liquid, and as a gas. These tests, although seemingly simple, can present challenges to product designers. 

Effects of water on products include:

  • Possible degradation of strength
  • Corrosion or erosion of materials
  • Fungal Growth
  • Malfunction of electronic and electrical equipment with possibility of hazardous operation
  • Fouling of lubricants
  • Increased chemical reactions
  • Swelling of materials
  • Condensation
  • Changes in material properties such as elasticity

Ingress Testing

Ingress testing is found in a wide variety of industry specific test methods.   Perhaps the standard with the broadest use is IEC 60529 which evaluates a product’s degree of protection as classified by an Ingress Protection Code (IP Code).  These tests also involve solid foreign objects including dust.  Testing that involves water includes dripping, spraying, splashing, jetting, powerful jetting, temporary immersion, continuous immersion, and water jet with high pressure and temperature. 

Similar testing can be found in standards specific to the aerospace, automotive, and military sectors.  In the automotive sector a number of ISO, IEC, and proprietary standards are used in evaluation.  In defense applications MIL-STD-810 includes testing for blowing rain, humidity, salt fog, immersion, the effects of icing.

Of major concern in these tests are gaskets and seals used to create “waterproof” enclosures.  Though it may appear to be an easy task, gasket design can be a great challenge.  In many cases a gasket must not only protect against ingress but also serve to attenuate radio frequency energy to meet EMI requirements. 

The sealing materials must also endure thermal, solar, and dynamic effects.  In some cases, such as wind blown rain, the impact of droplets can cause resonances that defeat otherwise sound barriers.

Humidity

Large portions of the planet experience intense humidity.  Some areas experience this year round.  Additionally certain applications such as marine will have extreme conditions. 

Humidity can wreck havoc in a large number of ways.  Prolonged exposure to humidity can degrade plastics.  It can interact with deposits of dust and other substances to produce corrosive films. 

Testing for the effects of humidity is difficult.  Thorough evaluation usually involves lengthy tests that can last months.  Aggravated or accelerated testing can at times be useful to point out potential design deficiencies, but it can be difficult to ascertain the validity of data returned with respect to anticipated exposures.

Fungus

Exposure to airborne fungal mycotoxins can be highly hazardous to humans resulting in neurological damage and cancer.  Fungus and mold species prosper in humid conditions.  A number of test standards can evaluate a products potential for supporting fungal growth. 

It can be difficult to ascertain this by a simple analysis of materials in a Bill of Materials because deposits of contaminates may find their way on to a product during manufacturing or actual use.  Generally these organisms can attack a wide variety of materials.  Additionally their metabolic wastes can degrade materials.

Salt

Airborne salt can cause extreme corrosion.  Salt fogs are common in coastal areas and of course in marine applications.  Testing of protective coatings is essential for products that can expect such exposure.  While test methods can detect possible sources of problems they are not effective simulations of the actual environmental effects. 

Of further concern, testing is usually performed on new product.  How a protective coating performs after thermal and solar can be difficult to evaluate, as can the effects of dropping, or impacts sustained in actual use.

Water as a Solid

Product ruggedness can be greatly diminished by ice and frost.  Deposits of ice can cause structural failures and of course render devices inoperable.  Frost and ice can gradually cause failures of seals and gaskets. 

It can also cause failure of bonding materials and cause distortion of parts when recurring icing and thawing events occur.  Test methods are available for evaluation of ice effects and time should be taken to select appropriate procedures based on a product’s intended usage.

CVG Strategy Product Test Expertise

CVG Strategy has extensive experience in product test and evaluation of product ruggedness and water.  We can evaluate products, examine requirements, assess gasketing and sealing methods, and develop a test matrix to ensure that a product will perform as designed for its intended service life.  We provide a variety of consultant services to assist in product testing.

We also provide test plan templates for MIL-STD-810, IEC 60529, and a number of other standards.  These provide the necessary documentation to ensure that testing is performed as required, functional and operational tests are conducted, and important data is collected.

ISO 27001 Cybersecurity Management System

ISO 27001 cybersecurity

ISO 27001 cybersecurity

ISO 27001 cybersecurity management is an effective Information Security Management System (ISMS) for organizations and businesses of all sizes.  It provides a means to ensure confidentiality, integrity, and availability of information in a system that can be harmonized with other management systems.

The ISO Advantage

There are numerous cyber security solutions for protecting confidential information.  Some of these however, are not well suited for the requirements of a business environment.  To be effective in these environments cyber security must integrate information security risk assessments with other risks facing the organization so that upper management can tailor the program to fit the context of the organization.

When this has been accomplished, policies and procedures can be created that allow for cooperation and involvement at all levels of the organization.  Then appropriate security controls can be implemented with assurance that adequate resources are available for proper execution.

This advantage is due to the fact that ISO 27001 shares the 10 clause framework of other ISO management standards such as ISO 9001:2015.  This framework establishes methodologies for:

  1. Identifying the expectation of all stakeholders for information security.
  2. Identifying the specific risks that will likely threaten the confidentiality, integrity, or availability of that information.
  3. Selection of appropriate controls for addressing these risks.
  4. Establishment of measurable goals and objectives for securing information.
  5. Implementation of controls and mitigations.
  6. Establishing methods for measuring the effectiveness of the entire program and reporting that effectiveness to management.
  7. Establishing a methodology for continuous improvement of ISMS.

ISO 27000 Set of Standards

The ISO 27000 series of information security standards include over sixty separate standards that address specific elements intrinsic to a complete ISMS.  While ISO 27001 provides the framework of the management system, other standards address specific information security controls.  Many of these address the needs of specific technologies such as communication, cloud services, or storage security.  Others provide guidelines for incident management and the analysis of digital evidence.

This vast set of resources allows organizations adopting this standard to address issues specific to their industry’s requirements.  Additionally, because it is an internationally accepted standard it allows for enhanced supplier and customer relationships worldwide.

Competitive Advantages of an ISMS

ISO 27001 is an effective approach to cybersecurity because it incorporates a coordinated systematic approach that involve all levels of an organization.  Because this standard institutes management review and auditing it ensures that the organization is attuned to the changing nature of cybersecurity threats.  It accomplishes this through a Plan-Do-Act-Check (PDCA) Cycle.  The PDCA establishes objectives and processes, implements them, assesses and measures effectiveness, and provides corrective actions.

Implementing an ISMS in compliance with ISO 27001 and achieving certification, demonstrates to all parties that an organization is actively engaged in the confidentiality, availability, and integrity of information.  It can provide a competitive edge for businesses in any sector by instilling confidence that valuable and sensitive information is safe.

There have been countless incidences of cyberattacks that compromised operation and data of organizations.  Industry experts do not forecast these events diminishing, as new strategies are constantly being refined by cybercriminals.

For many smaller businesses, failure to address the likely hood of a data breach could result in catastrophe.  In today’s world, addressing data security and having comprehensive plans for recovery in the event of a breach is essential.

CVG Strategy ISMS Solutions

Businesses worldwide are under attack from players that are well funded and very focused on compromising proprietary data.  IT solutions alone are not sufficient to combat these forces.  Viable solutions include all stakeholders in an enterprise.  They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.

CVG Strategy provides cybersecurity consulting and training for large and small organizations.  Our experts can tailor a program using risk management process to identify information assets and interested parties.   We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.
CVG Strategy also provides consulting services for NIST 800-171 and CMMC Certification for those businesses and institutions providing services to the Department of Defense and other government agencies.

Military Power Quality Testing Standards

Miltary Power Quality Testing
Miltary Power Quality Testing

Test requirements for equipment designed for use on military platforms include a number of power quality standards.  These standards evaluate the equipment’s ability to operate normally when subjected to disturbances characteristically found on their platform of intended use.  They also place limits on the level of disturbance the equipment can contribute to the voltage distribution network.

Power distribution systems are subject to extreme variances and disturbances caused by devices that share the system.   They can also have disturbances caused by variances in power generation devices such as generators and alternators.   Inductive load dumps, spikes and surges, coupled interference, voltage fluctuations, and frequency variations can all cause significant disturbances in equipment’s normal operation  that could lead to hazardous conditions or render the equipment inoperable.  Because of this, military standards for evaluation of these phenomena can place stringent demands on Equipment Under Test (EUT).

MIL-STD-1275

MIL-STD-1275 “Characteristics of 28 Volt DC Power Input to Utilization Equipment in Military Vehicles” is a series of tests that simulate expected variances on vehicle power distribution systems.  Test also evaluate variances emitted by the equipment under test to ensure that the equipment does not contribute excessive disturbances to supply voltage inputs. Test methods employed in this evaluation include:

  1. Operational Voltage Range – For this test the EUT is powered at 20 and 30 Volts DC for 30 minutes at each voltage.
  2. Voltage Ripple – The Voltage Ripple test is in fact a variance of MIL-STD-461 CS101. with the upper test frequency extended from 150 kHz to 250 kHz.
  3. Starting Operation including Initial Engagement Surges and Cranking Surges.
  4. Voltage Spikes both emitted and injected.
  5. Voltage Surges both emitted and injected.
  6. Reverse Polarity – For this test the EUT is powered at 33 Volts with reverse polarity for five minutes.

All of these tests can be challenging, but in particular the surge test can result in smoke emanating from power input circuitry,  a disappointing end of a trip to the lab to be certain.

MIL-STD-704 

MIL-STD-704 “Aircraft Electrical Power Characteristics” evaluates equipment for power distribution systems present on U.S. military aircraft platforms.  Separate matrices of evaluation are performed based on the type of power input the equipment utilizes.  Power types include:

  1. Single Phase, 400 Hz, 115 VAC
  2. Three Phase, 400 Hz, 115 VAC
  3. Single Phase, Variable Frequency, 115 VAC
  4. Three Phase, Variable Frequency, 115 VAC
  5. Single Phase, 60 Hz, 115 VAC
  6. 28 Volts VDC

For any of the above power types, as many as 18 various tests are to be conducted.  These tests include Current Harmonic Measurements, Voltage and Frequency Modulations, Transients, Interrupts, Emergency Limits, and Phase Reversals. 

Consideration for classes of equipment and their level of immunity are covered in this standard.  For example, a coffee pot can be rendered momentarily inoperable but a flight navigational system cannot.  In no case can equipment equipment under test suffer damage or cause an unsafe condition.  As with MIL-STD-1275 limits are placed on disturbances the equipment contribute to the electric power system.

MIL-STD-1399-300

MIL-STD-1399-300 “Electric Power, Alternating Current” provides test methodologies for evaluating equipment for shipboard operation.  As with any of the aforementioned standards, limits and specifications are mandatory. 

This standard is broken up into two parts.  Part one covers low supply voltages (115 or 440 VAC).  Part two covers medium voltage supplies from 4,160 VAC to 13,800 VAC.  Required testing includes variances in Voltage and Frequency, Voltage Spikes, Emergency Conditions, Grounding Tests, Equipment Profile Tests, Current Waveform Tests, Simulated Human Body Leakage Current, Equipment Insulation Tests, and Active Ground Tests.

Designing Equipment for Power Sources

Military power quality testing is a specific set of methodologies that examine equipment’s ability to operate when subjected to extreme characteristics of electric power to ensure compatibility in their intended environments.  While being associated  Electromagnetic Compatibility (EMC) and Electromagnetic Immunity (EMI) it presents specific challenges to equipment designers.  

In many cases, specially designed power supplies can be utilized to provide protection from electrical supply disturbances and distortions.  However, when equipment is designed to control large inductive loads, care must be taken early in design to ensure that the equipment does not itself cause power distribution issues.

CVG Strategy Test and Evaluation Experts

CVG Strategy offers a wide array of services to assist you with EMI/EMC and electrical product evaluation to keep your product development on schedule.  We also can provide EZ-Test Plan Templates for MIL-STD-461, MIL-STD-1275, MIL-STD-704, and MIL-STD-1399-300.

CVG Strategy can also provide guidance for MIL STD environmental testing including performance of a Life Cycle Environmental Profile as required for MIL-STD-810.  Our engineers can perform design analysis to identify potential design issues before testing.  We can also assist in developing test programs for product verification and validation.

 

MIL-STD-810H Change 1 Revises Method 509

MIL-STD-810H change 1
MIL-STD-810H change 1

MIL-STD-810H change 1 Environmental Engineering Considerations and Laboratory Tests was released by the Department of Defense (DoD) on May of 2022.  Although changes in the standard were few, Method 509 Salt Fog has been entirely rewritten.  Method 509.8 is now titled Salt Fog / Corrosive Environments and is comprised of three procedures.

Procedures for Salt Fog / Corrosive Environments

This test method now contains the following procedures:

  • Procedure I – Corrosion Screening
  • Procedure II – Design Corrosion Verification
  • Procedure III – Natural Environment

Procedure I – Corrosion Screening, most closely resembles the salt fog testing of previous revisions of MIL-STD-810.  It is intended for equipment and representative coupons to evaluate protective coatings and finishes.  It is applicable for the identification of design flaws and quality control deficiencies in a short period of time.  This method is to be performed in a salt spray test chamber in a testing laboratory.

Procedure II – Design Corrosion Verification is intended for verification of system designs and is to be performed early in product development.  This testing should, when practical, be conducted on actual components, subsystems, or avionic subsystems. 

This evaluation is to be tailored to specific corrosion types as specified by the Cognizant Engineering Authority (CEA) from the procurement agency.  Required testing is dependent on intended environments and may include corrosive pollutants such as sulfur dioxide modified salt fog.  These additional requirements are to be performed in accordance with a variety of test standards including ASTM B117, ASTM G85, and GMW 14872.

Procedure III – Natural Environment is to be performed to verify the corrosion resistance of coatings and system designs.  This testing involves the use of mock-up test specimens in natural locations for extended durations.  As with Procedure II, testing methodologies are to be specified by the CEA.

Other Changes for Salt Fog Testing

For Procedures I and II, refinements in MIL-STD-810H change 1 have been made in the preparations and methodologies employed.  Changes in handling and configuration, preparation of the salt solution, and recommendations for preheating of pressurized air will require test program personnel and test facility engineers to ensure that laboratory equipment is correctly configured for accelerated corrosion testing.

Additions have also been made for possible effects of corrosion, pretest ambient checkout, and test interruption.  Additionally, guidance is provided for post test analysis of possible physical, electrical, and corrosion effects that may have resulted from the Salt Fog / Corrosive Environments testing.

Tailoring for Environmental Testing

The secret to using the MIL STD 810 is in the seldom read Part 1 of the standard.  Part 1 establishes a process for evaluating the relevant environmental stressors likely to be encountered in the product’s life time.  This includes storage, transport, and operational configurations.  It provides a tailoring process to create realistic design parameters and test methods.

The authors of MIL-STD-810 have consistently stressed the need for tailoring in the test and evaluation process.  Tailoring is performed by matching the severity and duration of a test to its anticipated environments’ stressors.  This is accomplished through specifications provided by the acquisition agency and by performing a Life Cycle Environmental Profile (LCEP).

The LCEP was introduced in MIL-STD-810D and refined to its current status in MIL-STD-810G.  It provides an analysis of climatic and dynamic stresses likely to be encountered by materiel during storage, logistic transport, tactical transport, and operation.  From this analysis, a list of environmental issues and criteria (EICL) can be produced that will assist in the design and test of military components.

The LCEP process is integral to the development of relevant Test Plans that will provide meaningful information for design verification and validation.  This can greatly reduce the cost of development by identifying potential design deficiencies early in product development.

CVG Strategy Can Help

Our team of test and evaluation experts can assist you in creating a meaningful test program that meets requirements and prevents costly failures at the operational test stage.  CVG Strategy provides an array of services to help you with environmental and EMI/EMC testing. 

Our instructors have decades of experience in laboratory test and evaluation of military and commercial products.  We understand the importance of testing and getting a properly designed product to market in a timely fashion. 

We also offer classes in MIL-STD-810H change 1 to help you keep current with the latest developments in this important standard.  This instruction includes extensive coverage of the tailoring process and how to use it your product development.  Our courses are available online and on location. 

 

BIS Considers Enforcement Policies Changes

BIS Considers Enforcement Policies
BIS Considers Enforcement Policies

The Bureau of Industry and Security (BIS) considers enforcement policies changes an instrument for combatting national security threats.  This was highlighted in remarks released from Matthew Axelrod, Assistant Secretary for Export Enforcement.  In recent presentations he outlined the changing focus of the United States export control system and the need for bolstering enforcement actions of the Export Administration Regulations (EAR).

Administrative Enforcement Changes Under Consideration

The BIS is considering three major changes in the way that export regulations are enforced.  These proposed changes are as follows:

  1. Publicizing administrative charging letters when filed.  Currently charging letters are not publicized until the case has been resolved.  Making these letters public will incentivize other companies involved in similar violations to desist in those activities.  A policy to make administrative charges public would be similar to actions taken in criminal proceedings taken by the agency.
  2. Limiting the use of no admit / no deny settlements.  The BIS has often settled various administrative enforcement cases out of court, allowing organizations to pay reduced penalties without admitting to violation of export regulations.  While the agency does desire to incentivize companies to resolve violations, the overuse of no admit / no deny falls short of getting companies to admit fault and fails to identify root causes of those violations.
  3. The BIS is considering raising penalty amounts for administrative cases.  Axelrod pointed out that if penalties are not sufficiently severe, that organizations can conclude that the risk is not sufficient to deter violation of the law.  Furthermore, it was pointed out that penalties should be commensurate with the level of threat they present to national security.

Other Areas of Increased Enforcement Focus

Enforcement of Sanctions

Sanction enforcement is not a new area of enforcement for agencies involved with export regulations.  In fact, in the last decade, enforcement authorities actions in sanction cases have resulted in billions of dollars in civil and criminal penalties.  This is because many businesses are lax in ensuring that parties they are engaging in transactions are not on denied parties lists. 

In the past sanctions have been considered by many to be applicable solely to financial institutions.  Today, however, as sanctions have been increasingly utilized for national security and foreign ends, they are becoming increasingly relevant to any business in the international supply chain.  This is the case for companies doing business in any number of countries, as more and more nations are working together in imposing sanctions multilaterally. 

Antiboycott Compliance

Mr. Axelrod, along with enforcing the Department of Commerce’s EAR, also oversees the Office of Antiboycott Compliance.  Anti boycott regulations were adopted to require U.S. firms to refuse to participate in foreign boycotts that the United States does not sanction. They have the effect of preventing U.S. firms from being used to implement foreign policies of other nations which run counter to U.S. policy.

The enforcement of these regulations are also currently under review.  As with EAR enforcement, increases in administrative penalties and reconsideration of no admit / no deny settlements are being eyed.  Additionally, those involved with enforcement are looking to prioritize which violations are being actively investigated, placing emphasis on more severe violations.

Changes in the Implementation of Export Controls

Export controls are increasingly being implemented in response to a complex and challenging geopolitical landscape.  These issues include:

  • A growing concern over Russian actions and intentions
  • Nations engaged in genocide
  • Nations involved in subjection of ethnic minorities
  • Nations involved in slavery and forced labor
  • Nations actively engaged in theft of proprietary information including trade secrets
  • Nations involved in propping up illegitimate regimes through institutional corruption

As Axelrod pointed out, companies that engage in transactions with these nations, receive profit at the expensive of the world’s collective peace and prosperity.  It is therefore more important than ever that those involved in export activities to effectively engage in the complexities of export compliance.

CVG Strategy Export Compliance Expertise

CVG Strategy, a proven leader in export compliance, can help your organization implement and maintain viable export compliance programs to navigate this increasingly complex business concern.  We can provide expertise in Export Administration Regulations, International Traffic in Arms Regulations (ITAR), Sanctions, Denied Parties Screening, Anti Boycott and Canadian Goods Program (CGP).

We also provide assistance in item classification, Technical Assistance Agreements (TAA),  and voluntary disclosures.  Our staff can also provide effective training for all levels of an organization to ensure that all personnel are aware and up to date on export compliance issues.

As the BIS considers enforcement policies changes, it is becoming more and more important for companies to develop effective export compliance programs.  These developments are likely to continue to raise the complexity and associated risks for companies involved in the international supply chain. 

 

Challenges in Adopting CMMC Standards

challenges in adopting CMMC standards
challenges in adopting CMMC standards

Many small businesses owners have expressed concerns about the challenges in adopting CMMC standards.  While the Department of Defense (DoD) has been stressing the necessity for contractors to reach various levels of Cybersecurity Maturity Model Certification (CMMC) for years now, many businesses are at a loss as to how to implement an effective program despite the fact that failure to reach certification may hinder their ability to be eligible for DoD contracts.

This situation continues despite efforts by the DoD to ease implementation through the creation of CMMC 2.0, which was created following push back from the DoD contractor community.

Cybersecurity is Complex

In an interview with Federal News Network, Dr. Kelly Fletcher, principal deputy CIO for the DoD, recounted feedback from small business owners who were confounded by CMMC requirements.  In one instance when Dr. Fletcher was giving a presentation to the public on cybersecurity, the owner of a building contractor company politely stated, “Lady, I don’t know what you are talking about”.

This is a good summation for many in the business world.  While they may have high levels of competence in their respective fields, they are not cybersecurity experts.

The requirements laid out in CMMC are well intentioned.  There is a definite need for data security for government contractors who handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  Adversaries of the United States are actively engaged in stealing this information in efforts to duplicate technologies under development.  There are, however, real challenges in incorporating these security practices into the daily operations of a small organization.

CMMC 2.0 Requirements

Currently CMMC 2.0 requirements are divided into three levels of compliance:

  • Level 1 – Foundational is comprised of the 17 practices described in FAR 52.204-21 and requires an annual self-assessment.
  • Level 2 – Advanced is comprised of 110 practices which are aligned with the NIST SP 800-171 Revision 2 This is a set of security practices and security standards for non-governmental organizations that handle CUI.  It requires that a third-party assessment by conducted every three years for information deemed critical for national security.  It also requires an annual internal assessment
  • Level 3 – Expert includes over 110 practices based on the NIST SP 800-17 cybersecurity standard and includes further controls.  There is also a requirement for triennial assessments conducted by government representatives. 

Upon further investigation, one will find that NIST SP 800-171 involves references to over half a dozen other documents which are comprised of thousands of pages.  While these documents describe the implementation of controls and development of a risk management framework, they often fail to provide solutions easily integrated into business practices.

NIST SP 800-17 and Business Management

While NIST SP 800-17 does contain a number of requirements for establishing and maintaining a cybersecurity program, it often comes up short in detailed descriptions on how non-IT functions are to be executed.  This is particularly the case for critical functions such as auditing and management review.  These functions must be performed properly to insure that accurate assessments have been conducted.

Businesses operating in the defense sector often utilize ISO management systems to effectively and consistently provide products and services.  These management systems can address quality, legal and regulatory compliance, environmental compliance, and information security requirements for a company. They share a harmonized approach to business management that includes a methodology for continual improvement.

ISO-27001 Information Security Management Systems

An Information Security Management System is a collection of policies, procedures, and controls that systematically address information security in an organization.  It is a framework based on risk assessment and risk management.  The most widely recognized and instituted ISMS in the business environment is ISO 27001.  It shares many of the features of a quality management system such as ISO 9001. 

Because ISO 27001 is configurable to your company’s requirements it is an effective means of organizing data security.  This is because it includes a complete process and involvement of all stakeholders in monitoring and preventing cyberattacks.  An ISMS can readily address numerous issues because centers it around policies and processes that are adopted from top management down and includes all stakeholders including third parties. 

Because an ISMS is a management system it incorporates mitigation strategies beyond technical controls.  It specifically addresses auditing, training, and management review.  Additionally, because it shares the basic structure of other management systems, it can be more easily implemented and maintained in the daily operations of a business.

CVG Strategy Information Security Management System Consultants

To assist businesses meet the challenges in adopting CMMC standards, CVG Strategy has developed an approach that combines the requirements of CMMC compliance with the ISO 27001 information security management system.  This provides a coherent methodology for implementing and maintaining essential cybersecurity for businesses of any size.

We can help you meet your information security management system goals.  CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors.  We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more. 

 

Medical Equipment EMC Requirements from the FDA

Medical Equipment EMC Susceptibility
Medical Equipment EMC Susceptibility

The Food and Drug Administration (FDA) has completed guidance for medical equipment Electromagnetic Compatibility (EMC) information to be submitted before an electrical medical device that is manufactured in the United States is marketed.  This guidance updates previous submission recommendations released in 2016.  Its intent is to provide clarification of what the FDA will consider in its premarket reviews.

The FDA is requiring the sponsors of most medical devices to adopt to the new guidance but is extending the period to one year for In Vitro Diagnostic (IVD) devices. While this guidance refers to electromagnetic compatibility, the guidance applies to both interference and immunity.  

Electromagnetic Compatibility (EMC)

Electromagnetic compatibility refers to the requirement for electronic devices to not interfere with the normal operation of other equipment in its shared environment.  All  electronic products are sources electromagnetic energy.  This energy may be transmitted both in radiated and conducted forms. 

Radiated energy may be comprised of digital signals generated by the circuitry, energy generated by Point of Load (PoL) voltage regulators, or inappropriate usage of intentionally radiated Bluetooth or Wi-Fi signals (e.g. transmission protocol or excessive bandwidth).  Conducted emissions are those that are introduced onto power lines or interconnecting cables.

Electromagnetic Interference (EMI)

EMI can be generated by environmental factors.  The Sources of naturally occurring EMI include:

  • Radio Atmospheric – (Sferic) Broadband impulses that occur as a result of lightning.
  • Solar Radiations – Including Solar Flares and Aurora Borealis resulting when charged particles emanating from the sun interact with Earth’s magnetic field.
  • Cosmic Noise – Radiation caused by planets and other stars other than the sun. (Generally, this does not pose a significant risk to modern electronics.)

EMI can also be caused by other electrical and electronic systems in the proximity of the device of concern.  Potential sources of interference include any number of analog or digital sources.  This energy can be classified into broadband and narrowband. 

Broadband EMI is usually from unintentional radiators.  Sources of broadband include power convertors, electrical motors, and digital circuits.  Narrowband is usually generated by intentional transmitters.  These include TV and radios stations, cellular phones, Wi-Fi and Bluetooth devices.  

EMI can enter a circuit either by radiated energy or energy coupled onto wiring such as power inputs.  These energies are further categorized into radio and magnetic.  Magnetic refers to low frequencies generally below 100 kHz.  Radio extends from 100 kHz to the GHz range.  

Other sources of interference include power fluctuations, surges, and disturbances, and Electrostatic Discharge (ESD).

Required Information

Medical Product’s Intended Environment

Information required by the FDA includes that the product designer define the environment of intended use.  A modern medical facility is packed full of electronic devices that can be effected by electromagnetic energy.  Many of these devices have safety critical functions that if effected could result in life threating events.  These devices include defibrillators and ventilators.

Test Summary

A test summary should be provided on all testing performed on a finished product.  This summary should include data, pass/fail criteria, and any allowances, deviation or modifications.

Defined Modes of Operation

The FDA is also requiring that manufactures define the device’s functions and modes of operation.  There is an emphasis on defining which modes would be most at risk for EMI events.

FDA Adopts Consensus Standard IEC 60601

The IEC 60601 series of standards address hazards to to electrically powered medical equipment (ME) and ME systems.  They include many specific standards that address specific categories of devices such as sterilizers, infusion pumps, and centrifuges.  

IEC 60601-1-2: 2014 includes risk management requirements in form of an assessment be performed before testing to determine immunity test levels and pass fail criteria. 

This analysis must be conducted by the manufacturer.  It should define the essential performance for each essential function of the device to be tested against the factors likely to be encountered in the intended environment.  These factors include radiated energy sources, conducted sources, electrostatic discharge, and power fluctuations and disturbances.

After this assessment is performed a list of relevant immunity test methods can be selected at realistic levels can be documented in a test plan.  This test plan, again, is the responsibility of the manufacturer to create.

CVG Strategy Expertise

CVG Strategy EMI/EMC consultants can provide susceptibility analysis for medical equipment EMC requirements and recommend appropriate test methodologies to ensure reliable operation of safety critical products.  Our team has decades of experience in automotive commercial, aerospace, and defense sector testing. We can also provide assessment for coexistence of products using Wi-Fi protocols.

Emissions Test Failures Cost Time and Money

Emissions Test Failures

Emissions Test Failures

EMI emission test failures for compliance testing are a major cause of product development delays because most products fail in their first trip to the lab.  Radiated Emissions is the most common problem for developmental electronic products and one that is often difficult to mitigate.  This holds true for both military and commercial products.

Radiated Emission Test Standards

For most commercial equipment radiated emission testing must be performed per CISPR 11/EN 55011, CISPR 32/EN 55032, or FCC Part 15 to achieve certification.  Medical , industrial, and scientific equipment are tested to CISPR 11.  For equipment designed for U.S. military applications and space system applications MIL-STD-461 is the standard used.  These testing requirements vary in terms of frequency range measured, acceptable levels of radiation, and test equipment employed in testing.

Limits imposed on emissions in MIL-STD-461 are severe and well below most commercial standards.  There are two separate test procedures for radiated emissions in this standard, RE101 for magnetic field emissions  from 20 Hz to 100 kHz and RE102 for electric field emissions.

Testing measurements for RE102 are made with antennae position 1 meter away from the Equipment Under Test and test values are peak values, not average or quasi-peak.  Furthermore, this testing can be a requirement for high frequencies up to 18 GHz.

Common Mode Considerations

Electromagnetic energy emanating from electronic devices appear in two modes, common and differential.  Common-mode emissions appear simultaneously on two conductors in the same phase.  Often these electromagnetic fields will radiate from cables connected to equipment being tested.

This energy will generally not be related to the intended signals on the cable. Because these emissions are in phase different mitigation techniques must be considered than those commonly used with differential signals.  For lower current applications common mode chokes can provide required levels of signal reduction.

EMI Emission Design Issues

Application of ferrites and shielding at the lab is often a desperate battle with diminishing returns.  The best strategy is to identify major sources of emissions early in the design and mitigate at the source.  A well-designed Printed Circuit Board (PCB) can alleviate many problems but it is important to remember that every interconnecting cable is an antenna that can provide a path for radiated emissions.

Unwanted radiated emissions can be mitigated utilizing a number of strategies in the design stage but, each product has its area of special concern.  A product that controls stepper motors will have very different mitigation issues than a Bluetooth communication device.

Switching power supplies are a common area of concern for all products.  This includes main power sources and Point of Load (POL) circuits.  Care must be taken to ensure the selection of components in these circuits (e.g. low ESR capacitors) and their proper placement and interconnection.

Preparation for Emissions Testing

A great design can still fail if poorly constructed.  Pre-production or early production samples of products often will have paint and coatings in unwanted areas resulting in ungrounded cables and chassis parts.  Cables utilized for testing will often not be representative due to size constraints of the lab.

These cables often are not constructed to the same standards and may not have adequate shielding. Off-chamber simulation and monitoring equipment requires special attention. This equipment can often contribute emissions that will cause a “false” EMI emissions test failure.

CVG Strategy

Our experts at CVG Strategy have extensive experience in EMI/EMC.  We can provide pretest analysis to help reduce EMI emission test failures and their resultant delays. We also have expertise in Environmental testing and evaluation in a number of industries and products, both military and commercial.

The fact is that most EMI/EMC tests result in failures. Design teams often have to go through multiple design iterations before achieving success. Our EMI/EMC experts can provide a pretest analysis of a product to identify potential design shortcomings and provide appropriate modifications. This prevents costly program delays and patchwork solutions.

Our EMI/EMC engineers can provide a wide array of services to help you with your problems and questions. We have experience in Aerospace, Automotive, Commercial, and Defense standards. We can also work with you on IoT and Wi-Fi issues.

CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Controls on Marine Toxins to Go into Effect

Controls on Marine Toxins
Controls on Marine Toxins

The Bureau of Industry and Security (BIS) is placing controls on marine toxins in a unilateral effort to prevent biological threats to humans and the environment by way of accidental or deliberate release.  This control specifically addresses the export, reexport, or transfer of the biotoxins brevetoxin, gonyautoxin, nodularin, and palytoxin.  These toxins are generally found in various species of marine algae though palytoxin can also seasonably be found in herbivorous fish and crabs.

Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler welcomed comments on the proposal.  In her comments she emphasized the importance of ensuring that the scope was appropriately defined and that controls implemented be maximized for effectiveness.   She also stated that though this action is currently unilateral that it is scheduled to be proposed to the Australia Group later in 2022.

Toxins Could be Used in Biological Attacks

These controls on marine toxins were enacted in response to emerging and foundational technologies that now make it possible to isolate and purify these toxins to create biological weapons.  Under this proposal, marine biological agents would be added to the Export Administration Regulations (EAR) Export Control Classification Number (ECCN) 1C351. 

These toxins were placed on the Commerce Control List (CCL) under mandate of Section 1758 of the Export Control Reform Act.  ECCN 1C351 places prohibitions on human and animal pathogens.  These prohibitions require licensing from the Department of Commerce for export for all destinations, including Canada. 

These restrictions are in place to comply with the Chemical Weapons Convention (CWC).  The CWC is an international arms control treaty headquartered in the Hague in Netherlands.  Its membership is comprised of 193 nation states.

It should be generally assumed that licensing for export will be denied.  The Anti-Terrorism (AT) Commerce Country Chart column 1 applies to all items that fall under Chemical Warfare (CW) classifications.  Currently, controlled items listed under this ECCN, include certain forms of saxitoxin and ricin. 

Saxitoxin is a neurotoxin found in algae blooms and in shellfish that are contaminated by this toxin.  Ingestion of this toxin by humans causes Paralytic Shellfish Poisoning (PSP).  Ricin is a toxin extracted from castor oil seeds that has chemical warfare applications.  Ricin causes a wide array of symptoms that can be developed by ingestion or inhalation. 

Naturally Occurring Algal Biotoxins

Natural occurrences of harmful algal blooms have been increasing in frequency and severity across the globe.  These blooms have caused massive die offs of fish and birds.  They have also caused foodborne illnesses in humans. 

Causes for this increases include run off from nutrient rich agricultural run off and coastal upswelling.  These outbreaks greatly impact aquaculture, fisheries, and tourism industries.

Although many types of algae contain lethal toxin, most types of these phytoplankton sustain the environment by producing more than half the world’s oxygen supply.  They also, acting as the base of the marine food chain, provide nutrients to the worlds oceans.  Additionally, significant medical research has been conducted into the medical benefits of algae in the human diet.

CVG Strategy Export Compliance Expertise

If you are part of a large corporation or a small company with a part-time compliance person, CVG Strategy has the compliance and training programs to help you meet ITAR and EAR rules and requirements.  Often smaller businesses often don’t have the bandwidth to dedicate to adequate export compliance.  Because of this we offer outsourced Export Compliance Officer services.  We also offer signs and accessories to aid in Visitor Access Control on our ITAR Store.

CVG Strategy, LLC is recognized the world over as the premier provider of customized ITAR Consulting and ITAR & Export Compliance Programs and Training that addresses critical U.S. Government regulations, from Export Administration Regulations (EAR), to the International Traffic in Arms Regulations (ITAR) and Office of Foreign Asset Controls (OFAC) and other regulatory agencies and more.

Using MIL STD 810 in Product Development

using mil std 810
using mil std 810

Defining MIL-STD-810

MIL-STD-810H – Environmental Engineering Considerations and Laboratory Tests is a Department of Defense (DoD) test standard to evaluate the effects of environmental stresses on materiel that are likely to occur during all phases of service life.  Using MIL-STD-810 effectively in product development is of great importance to developers of military equipment.

Over and above being a collection of testing procedures, this document defines the engineering processes of environmental tailoring.  These environmental tailoring processes allow for the creation of an environmental test program that realistically reflects service life conditions during storage, logistic transport, tactical transport, and operation.

MIL-STD-810 is composed of three parts.  The first part describes the tailoring process which provides the aforementioned analysis.  Tailoring is a management and engineering procedure that conducts a Life Cycle Environmental Profile (LCEP) and creates an Environmental Issues/Criteria List (EICL). 

The second part contains, as of Revision H, the 29 laboratory test methods for product evaluation.  The third part contains climatic data and guidance derived from a number of sources.

Part 1 of the standard is often overlooked by those involved in product specification for the DoD.  It is also overlooked by product designers, lab personnel, and even those involved with educating people about the standard.  This leads to materiel that is either under or over tested.  More importantly, it results in failures later in the product development process that cause delays and budget overruns associated with redesign.

Steps in the Tailoring Process

It essential for those involved in managing the development of a product to identify, as early as possible, the environmental characteristics in which the materiel is to be deployed in, stored, and transported through.  These environmental conditions include climatic factors such as high temperature and humidity.  They also include dynamic factors such as shock and vibration.  This process is referred to as a Whole Life Assessment (WLA).

When conducting a WLA, measured data is always preferred.  As an example, for a piece of equipment intended for mounting on an engine compartment firewall, measured temperatures at the point of intended installation during extreme operations will provide more realistic criteria than an assumed value.  

Additionally, it is important to evaluate forcing climatic functions induced by the equipment itself.  For example, a standard high temperature for an enclosed area that is not controlled is 160 °F (71 °C).  However, if the enclosed area allows the materiel to be subject to sunlight, the appropriate value may be much higher

Environmental Engineering Management Plan (EEMP)

This document defines and establishes an environmental engineering program that incorporates a Whole Life Assessment (WLA) to assess a product’s safety, reliability, and performance throughout its intended life.  The goal of establishing an environmental engineering program is to establish an organizational structure with requisite processes and procedures to ensure a complete analysis of the environmental stressors likely to be encountered by a product in its intended life cycle. 

This document should also identify and provide rationale for any evaluations not to be performed or evaluations that are to be conducted by analysis.

Operational Environmental Documentation Plan (OEDP)

The Operational Environmental Documentation Plan (OEDP) conveys a schedule for gathering essential information.  This information is to be obtained to establish criteria for design specification and product test and evaluation.  This process should be initiated early in the design concept phase.

This document contains plans for obtaining essential data for developing a product’s design and test criteria.  It also contains plans for collecting data not available currently, describing how to obtain those environmental data under realistic operating or field conditions using actual or closely related systems/platforms.

Life Cycle Environmental Profile (LCEP)

The Life Cycle Environmental Profile (LCEP) provides the guidelines for conducting a Whole Life Assessment (WLA) for a product under development.  This assessment should be initiated early in the design concept phase.

The LCEP is part of an Environmental Test and Evaluation Master Plan (ETEMP) which serves to identify significant environmental stressors likely to be experienced by the product under development throughout its intended useful life.  The document is compliant to MIL-STD-810H.

Environmental Issues/Criteria List (EICL)

The Environmental Issues/Criteria List (EICL) is a compilation of environmental data acquired from product requirements, inputs from the Life Cycle Environmental Profile (LCEP), and data collected from the Operational Environmental Documentation.  As such, the EICL should be considered a living document that will be updated as new information becomes available.

The environmental data contained in this document include rationale and assumptions taken in the data’s acceptance with regard to materiel performance, durability, and any factors for conservatism. 

Test and  Evaluation Master Plan (TEMP)

The TEMP includes all planned evaluations including software simulation, evaluations performed in test labs, and field/fleet testing.  It can also include non environmental testing such as EMI/EMC testing.  

Learning to Use MIL STD 810

CVG Strategy provides education in this important standard.  Our instructors have decades of experience in laboratory test and evaluation of military and commercial products. 

We understand the importance of testing and getting a properly designed product to market in a timely fashion.  Instruction includes extensive coverage of the tailoring process and how to use it your product development.  Our courses are available online and on location. 

 

Messaging App Security and Information Privacy

messaging app security
messaging app security

Many users take messaging app security for granted when sending text messages, voice messages, photos, and videos.  However, not all apps secure messaging data equally.  This is a concern for both organizations and individuals who wish to ensure the confidentiality, integrity, and authenticity of information transferred between authorized users.

Elements of Messaging Security

Messaging app security has many facets, each of which are of importance to achieving data security.  

Encryption

Encryption scrambles data into an unreadable format that is sent to its intended recipient to protect data.  The encrypted data is then decyrpted into its original intelligible format when received.  To accomplish this encryption keys are shared between the sender and the recipient.  

There are various types of encryption and decryption used, some are more secure, some less.  The two major types used today are symmetric and asymmetric encryption.  Symmetric encryption uses a single key for data transfer.  Asymmetric encryption, the stronger of the two, uses two keys, a public key that is shared between users to scramble data and a private key which is not shared to return the data into its original format.

Password Protection 

Some messaging apps require a password to protect information.  This adds another layer of security should a device is lost or stolen.  

Multi-factor Identification

Multi-factor identification has become a common feature for enterprise security management.  This provides assurance that access is open only to authorized parties.

Message Deletion

Many apps have the capability to destroy messages automatically after a determined amount of time.  This feature although included in an app may require activation in its settings.  Here again this feature can provide an additional layer of security if a device is stolen or lost.  

Message deletion functionality can vary greatly across app providers.  Some apps such as Signal and Telegram allows users to delete messages on both sides of a conversation.  Others such as Apple iMessage only allow deletion of messages from one devices.  Additionally, iMessage only allows deletion of entire chats, not a single message.

Data Collection

Many providers of messaging apps collect a user’s metadata.  Metadata is in essence data about data.  This data can include names, numbers, email addresses, timestamp data, source, and destination information. 

Many providers of apps such as Google Messages profit by selling metadata to other companies.  Other providers such as Signal, Threema, and Session encrypt metadata to protect it from external viewers.

This data can also be accessed by other organizations such as the Federal Bureau of Investigation (FBI).  While FBI access may be a reason for concern, this data cannot be obtained without a warrant or subpoena.

Protection Against External Attack

As with other forms of electronic data transfer, messaging app security is subject to malware, viruses, and phishing.  Once a device is compromised by these attacks other devices or networks sharing information can be effected.  Apps selected for use should be resilient to attacks and possibly be supplemented by malware apps.

Open Source Code

Much has been written about the value of applications that are have publicly available source code.  These platforms are generally considered to be more reliable because they are open to peer reviews from security experts.  This creates an increased level of trust in that users can have a higher expectation that vulnerabilities and hidden backdoors do not exist in the product.

This is a major consideration when choosing a messaging app as many popular apps use closed source code.  These include Google, Apple, Facebook, and Skype.  Providers that do use open source include Signal, Threema, Wire, and Session.

Video Encryption

While video is not generally associated with messaging, there are video messaging apps.  Video calls however are widely used and can expose far more personal data than a text message.  Many apps do not provide end to end encryption.  If video messaging is desirable and privacy a concern, Wire is an open source provider that encrypts data.

Special Concerns for Organizations

Employee data access often can cross lines between business and personal usage.  Where the protection of sensitive data is concerned it is important that organizations protect devices by blocking unapproved apps and communicating to employees the inherent risks through policies, guidelines, and education.

It is also important to realize that controls that prevent data breech such as encryption can also prevent cyber security controls from detecting data loss or leakage.  Policies and controls in place in an Information Security Management System (ISMS) should take these risks into consideration.

No system is stronger than its weakest link, and all too often that link is the human operating a device.  Again and again organizations have fallen prey to the least sophisticated scams and suffered severe data breeches.  Continual education of people at all levels should re enforce best practices such as not using public Wi-Fi, sending sensitive information over messaging apps, clicking on links on messages, and keeping devices secured.

There are numerous options when selecting an appropriate app for an organization’s messaging needs.  While product reviews can be helpful in making these selections it is important to remember to check that the desired security features are enabled in the system settings.

Conclusions

Collaborative tools have become more essential as business models have incorporated remote workplaces.  Organizations that rely on apps to promote collaboration must therefore critically assess their employee habits to weigh and balance risks.

There are no easy answers when selecting the perfect app.  Generally however, it would be wise to avoid providers whose business models are centered around the collection of user information.  This would include companies such as Google, Facebook, and Microsoft. 

CVG Strategy Information Security Management System Consultants

We can help your organization protect its sensitive information with an Information Security Management System.  An Information Security Management System is a collection of policies, procedures, and controls that systematically address information security in an organization.  It is a framework based on risk assessment and risk management.  

The most widely recognized and instituted ISMS in the business environment is ISO 27001.  It shares many of the features of a quality management system such as ISO 9001.

CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors.  We can provide the training required to understand and engage in a ISMS and make it meet desired objectives including messaging app security. This process includes defining the context of your organization, creation of internal auditing processes and much more.  Contact us to learn more.

EMC for Space Systems – AIAA S-121A-2017

EMC for space systems
EMC for space systems

AIAA S-121A-2017 is a test standard based on military standards MIL-STD-461 and MIL-STD-464 that addresses EMC for space system requirements.  This standard relies heavily upon appropriate tailoring in the development of a test plan.

EMC and Space System Applications

The burgeoning New Space Economy is providing opportunities for a wide array of product developers to provide equipment and subsystems designed for space missions.  These systems must be robustly designed to be suitable for missions where high-reliability is essential.  The American Institute of Aeronautics and Astronautics (AIAA) has created this standard to provide designers with an adequate tool to conduct verification and validation testing for electromagnetic emissions and susceptibility. 

AIAA S-121A Testing

An emphasis in this standard’s test protocols is the testing of actual flight hardware in representative modes of operation.  This means that special attention must be focused on defining these methods and creating the necessary off chamber interfacing hardware to control and monitor the Equipment Under Test (EUT).  Furthermore, test planning should include the identification and documentation of risks and intended mitigations that will serve as a baseline for stakeholders’ decisions and rationale.

Test Requirements for Units and Subsystems

Requirements are normally tailored by the procuring agency to reflect the needs of a specific program.  These requirements include the following parameters

  • Conducted Interference for audio frequencies
  • Conducted interference for radio frequencies (50 kHz to 20 MHz)
  • Common mode emissions from power and signal cables
  • Antenna conducted emissions
  • Transient conducted emissions
  • Conducted susceptibility for power leads, antenna ports
  • Conducted susceptibility for bulk cables
  • Radiated Emissions for audio, magnetic, and radio frequencies
  • Radiated Susceptibility for magnetic and radio frequencies
  • Conducted Susceptibility for lightning transients 
  • Conducted Susceptibility from Personnel Bourne Electrostatic Discharge (ESD)

Special Test Requirements for AIAA S-121A

Test requirements and procedures for space applications can often exceed those of the military standards that this standard was derived from.  This can often be the case for radiated emissions where the limits for certain frequency bands are extremely low.  To achieve these measurements, tailored testing involving scans at reduced Resolution Bandwidths (RBW).  Performing these tests requires detailed communications with test facilities to ensure that testing is performable and to calculate required time for test performance.

CVG Strategy Experts

Our experts at CVG Strategy have extensive experience in EMI/EMC testing for a number of industries and products, both military and commercial.  We also have expertise in testing for space requirements including AIAA S-121A.  Our industry experts can assist in developing tailored test plans, test witnessing and troubleshooting.  We can also provide design analysis and guidance for space applications.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

Opportunities for Improvement – Internal Audits

Opportunities for Improvement

Opportunities for Improvement – Internal Audits and Management Review.

Opportunities for improvement can be identified during the performance of a Quality Management System (QMS) Internal Audit.  When findings are analyzed with a critical review by management, valuable insights can be gained into increased profit, efficiency, and customer satisfaction. 

Opportunities for Improvement

The Benefits of Effective Auditing

Often an internal audit is viewed by management as an interruption to the normal flow of business.  Employees can be apprehensive to share insights or participate fully because they fear that confidentiality is not ensured.  The truth of the matter is however, that when planned and executed in a proper fashion the internal audit can cause minimal interruption and maintain the confidentiality of those who provide comments.

In essence an internal audits should objectively and impartially evaluate the outputs of processes to ensure that these processes are meeting the planned expectations and goals of the QMS.  

By taking the opportunity to take an impartial look at a process, internal auditors can identify problems that could go unnoticed during day-to-day activities.  In addition, they will be able to identify issues with linkages between processes that can cause inefficiency, thereby identifying opportunities to improve the overall effectiveness of the QMS.   Taking action on these improvement opportunities can lead to cost savings and increased profitability.

Third Party Internal Audits

Third party internal audits can provide fresh insights into an organization’s opportunities.  A third party auditor will not only have exceptional experience and expertise in the auditing process, but will also have perspectives gained from auditing other entities.  More importantly, an external auditor will not be limited to the internal politics and culture of the organization, thus ensuring a greater degree of objectivity.   Additionally third party internal audits are also useful if an organization’s team members are not available to conduct an audit.

Management should be active in establishing parameters when performing an audit with an auditor outside of the organization.  These include defining the criteria, scope, and objectives of the audit.  They should have previous audit reports available for review, especially any findings.  Once these boundaries have been established, management should ensure that the required time and resources to conduct the audit are available.  

Effective Management Review

Once an audit has been completed, management should review findings and recommendations.  While this process is often limited to problem solving of nonconformities and corrective actions, time should earnestly be spent evaluating areas of improvement.  These areas of improvement can range from changes to corporate governance, improvements to work environments, and improvement of organizational communication skills.

Opportunities Are Everywhere

Every workflow or process has opportunities for improvement. Organizations that strive to realize these opportunities, endeavor to engage their entire workforce in providing feedback, thereby creating an organizational culture of continuous improvement.  This is because front-line workers can provide a more granular perspective than an organization’s managers and senior leaders.  

CVG Strategy ISO 9001 Consultants

CVG Strategy quality consultancy firm can help your organization implement an ISO 9001system effectively and painlessly.  Our consulting services will guide you through all phases of QMS, from assessment and development to the certification process.  This includes:

  1. GAP Analysis and Reporting
  2. QMS Plan and Schedule
  3. Training
  4. Preparation of Procedures, Work Instructions, Forms and Policy
  5. Internal Auditor Training
  6. Coaching and Implementation
  7. Pre-Audit Support
  8. Post-Audit Support

CVG Strategy also provides the inclusion of statutory requirements for export compliance into your program.  A compliance program is a requirement for both the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations. (EAR).  Ask our experts how we can provide this feature into your quality management system.

There are many consulting companies providing support in ISO 9001:2015. What sets CVG Strategy apart from the rest is our approach. We fine-tune our statement of work depending on your capability and goals. Some clients have us serve as an advisor while they generate the documentation and implement the program themselves.

Many of our clients outsource the Quality Manager role to one of our experts, and we write the quality manual and supporting documentation set and provide all the training.  Some use our expertise to include other quality guidelines and standards into their ISO 9001:2015 QMS including food, hazardous materials and department of defense.

Other Quality Management Systems

CVG Strategy has  experience in a large number of quality management systems standards.  In addition to ISO 9001:2015 our Global Exemplar Lead Auditors can assist you designing and implementing a QMS to the following standards:

  • AS9100
  • ISO 27001
  • ISO 13485:2016
  • FDA Title 21 Part 820
  • EN ISO 14971:2019

CVG Strategy can provide a QMS that incorporates multiple quality standards. This includes incorporating management strategies for ensuring compliance to industry regulations such as EU Directive 98/79EC for medical devices.