We bring you up to date on developments in standards, certification schemes especially when they are going to impact your certificate, certification mark or inspection. But we also like to keep you informed of the expansion of our portfolio with new services, developing our accreditation, press releases and news from industry associations and foundations. Keep receiving our updates regularly for the latest news.
BLOG DISCLAIMER AND DATA PROTECTION POLICY
Stay informed of news and developments in the field of certification and TUV training:
Follow us on Twitter, LinkedIn, Facebook, Instagram and YouTube.
Blog
September 2022
TISAX® What does it mean and how does it impact your company?
Contributed by: Jitske van Heeswijk
Information security is critical to the automotive supply chain and the automotive industry overall. That is why automotive manufacturers focus a great deal of attention on Information Security. The German Association of the Automotive Industry (VDA) has developed the Trusted Information Security Assessment Exchange label known as TISAX®. What does this label mean and how does it impact your company?
What does TISAX® mean?
The TISAX® label was developed to achieve a uniform level of Information Security in the automotive industry. The label sets the standard for information sharing by incorporating secure information exchange policies. Based on important aspects and criteria from the ISO 27001 standard, and specified for the automotive industry, the label demonstrates that an organization is a reliable partner to the automotive industry.
Is TISAX® mandatory?
The TISAX® label was developed by the VDA, which includes German automotive manufacturers and suppliers including VW, BMW, Mercedes-Benz Group AG, Zeppelin-Stiftung, Audi and Porsche to name a few. As a means of protecting the exchanges in the supply system, members of the VDA and Original Equipment Manufacturers (OEM’s) attach great value to the label as evidence of a solid Information Security Management System (ISMS) and consider the label as a necessary condition for business engagement. Increasingly, members of the VDA will require TISAX® making it obligatory.
How do you obtain the TISAX® label?
In order to obtain a TISAX® label, your company must first register with ENX. The next step will be to define the scope of the assessment as well as the objectives (based on your customer’s requirements), with ENX. Within TISAX®, there are eight assessment objectives that define the scope and required level of protection (e.g. high protection level or very high protection level). The objectives are referenced in the TISAX Participant Handbook in Section 4.3.3.1 on the TISAX website.
Once the scope and objectives are defined with ENX, a Scope Excerpt will be issued that will include the required Assessment Level (AL): either AL 2 or AL3. With this information, you can advance to the next stage “the assessment process”. This begins with your self-assessment. The current VDA ISA catalog for the self-assessment against your implemented ISMS can be downloaded from the TISAX site.
Next, the initial assessment follows, either remote (AL2) or partial onsite (AL3), by a TISAX® assessment provider such as TUV USA. Your assessment provider will then upload the completed report to the ENX portal once the assessment process is completed. Lastly, the label is published in the portal as evidence that your company is a reliable partner in the automotive industry!
Getting started
Where do you start? Whether your company is required by your customer to obtain a TISAX® label, or your company decides to initiate the process for future business opportunities, we can provide you with more insight into the necessary steps to obtain the TISAX® label.
August 2022
Aerospace standards transition and new oasis database
Contributed by: Deann Minamino
Certification to AS9100, AS9110, and AS9120, depends not just on these core standards of the Aviation, Space and Defense Industry, but also on a foundation by which assessments and ongoing compliance by authorities, such as TUV USA, manage and perform these services. To ensure the needs and expectations of the industry continue to be met, these standards must undergo periodic revision.
Normally, we see a review and revision of the standards approximately every 5 years. In between these revisions, we are provided supplemental rules, requirements and clarifications, to sustain the evolving needs of the industry, which are later rolled up in these revisions. These forthcoming revisions were planned to have occurred in 2020 however, the Covid-19 Pandemic required an immediate shift of focus to sustaining certification activities and the industry recognized it was not an appropriate time to introduce such a change.
Beginning this year (2022), we will begin to undergo the transition. This is a long-awaited change that will not only provide realignment with the ISO9001 standard but result in a more structured analysis of a certified organizations performance, risks and complexity of their processes and services and the documented output of the certification audit. We will also see an exciting change to OASIS, offering increased functionality and user interface.
While some dates are still in fluctuation, others have been confirmed, some even having already occurred. We would like to encourage you to check back frequently for updates and invite you to attend, or view, our upcoming communications on the changes as they become available. In the meantime, should you have any questions, please email or telephone TUV-Nord, USA, or follow us on our social media pages, found on LinkedIn, Twitter and Facebook.
AS9104/1: Requirements for Certification of Aviation, Space and Defense Quality Management Systems. This standard defines the scheme requirements for managing AQMS certification.
AS9104/3: Requirements for Aviation, Space and Defense Auditor Training, Development, Competence, and Authentication. This standard defines requirements for Auditors, CB’s, AAB’s, TPAB’s and TP’s.
AS9101: Audit Requirements for Aviation, Space and Defense – includes the forms within OASIS.
OCAP Tool: (Organization Certification Analysis Process) – Replaces Audit Duration Calculation (ADC) Tool. Used to calculate audit durations based on size, structure, scope, risk and complexity.
July 2022
What is IEC 62443
Contributed by: Fanny Ho
IEC 62443 Security for Industrial Automation and Control Systems (IACS)
The ISA99 and IEC committees have developed IEC 62443 to improve the safety, availability, integrity, and confidentiality of components or systems used in industrial automation and control systems (IACS). The IEC 62443 series of standards can be utilized across industrial control segments, and critical infrastructures and has been approved by many countries and endorsed by the UN.
Why do we need IEC 62443?
IEC 62443 is not solely meant for targeting hackers and malware on your network. It is designed to be an all-encompassing ethos of procedures and checks from every level of the organization ranging from hardware and end-users to policies and asset registers. It is about understanding what hardware and what interactions they have. The most important part of the standard is knowing how to recognize a threat, report it, respond, and recover.
What is included in IEC 62443?
IEC 62443 is evolving to become an essential standard in the industry, which consists of four parts:
General (Part 1); Policies and Procedures (Part 2); System (Part 3); Component (Part 4)
The IEC 62443 series includes standards and technical reports that address the need to design electronic security robustness and resilience into industrial automation control systems (IACS). The concept of IACS electronic security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries, which include, but are not limited to:
- Hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems,
- Associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
The IEC 62443 standard applies to the following types of products:
- Embedded devices (e.g., automation controllers)
- Host devices (e.g., operator stations)
- Network devices (e.g., firewalls, routers)
- Application software (e.g., engineering tools, HMI's)
June 2022
8 Mistakes Your QMS Makes
A Quality Management System – any management system, is only as good as the sum of its parts. Lots of things go right, and we all try our best. Yet, out in the world I see the same mistakes over and over again. I want to share those things with you now. Here they are, in a particular order.
1st of 8 Mistakes: Focusing on Manufacturing
A business is a complicated thing. No kidding, it really is. But it is too easy to think that the sections of it that appear to actually produce tangible objects are the most important.
Quite simply – it’s all important. The more you want to get the most out of everything you’ve got, the more important everything you’ve got becomes. If you own a racehorse (and who doesn’t?) it’s easy to think the galloping equine beast is the main… workhorse. But what about the shoes, and the guy who puts them on? (it’s a farrier, but that sounds highfalutin, so I didn’t say it).
And there’s the jockey- and the jockey’s Jockeys, the nutritionist, stable boy – and a whole slew of influential entities. If any of those are non-optimal, do you think the whole system can be optimal?
Many companies I go to have continual improvement projects related to assembly areas but neglect sales departments, or purchasing groups or human resource departments. There are always better ways of doing things, mostly because “better” is an evolving concept. Options need to be considered and tried out in all areas – not just manufacturing.
I’ll take a second to cover the frequent exception. Design functions, along with production, are often targeted for streamlining. Or rather, they become streamlined over time. It may be a stereotype, but engineers tend to find optimum paths somewhat organically. Or they are at least interesting paths.
This may be influenced by two factors. One is that 9001 and the related standards that share design and development pieces with it, provide a good skeleton that hasn’t really changed in lots of years. It just might be a common-sense starting point or the successful modifications to it have traveled from company to company along with the migrations of engineers.
The other factor is, I believe, the cerebral nature of the activity itself. When you get a bunch of brains focused on development, the tendency for self-development; the development of the organism that’s developing – is a genetic inclination. It’s a bit like cleaning your office instead of working – but in a good way. Read more >
April 2022
Digital Signatures: Expectation vs. Reality
Contributed by: Stephanie Stephen
With the digitization of documentation these days, it can be challenging to understand exactly what is needed when a “signature” is requested. Sometimes it is simply typing a person’s name in a box, when other times it is required to provide an actual hand-written signature. Whether this is on a contract or something as simple as an attendance sheet, the purpose of a ‘signature’ is to provide evidence of acknowledgment for a specific document to maintain its authenticity.
In order to maintain document authenticity, there are some helpful points to consider. In cases where a wet signature (ink on paper) is necessary, like on a contract or attendance sheet, free smartphone applications like Tiny Scanner make it easy to snap a photo of the document directly into PDF. If the signature is required within a database that requires a private login and password, it is sometimes acceptable to use a typed “signatures” on non-contractual documents such as internal audit reports sent through email or uploaded to internal databases.
If one does not have access to a stylus to hand-write signatures electronically, there are also online signature services such as My Live Signature and DocuSign, which have tools and resources to help create a personalized signature. Having a unique signature can eliminate the confusion about whether or not a typed font will be acceptable and prevent the “back and forth” of getting documents signed and completed in a timely manner. With these tools, one can create a unique signature for all digital documents that can easily be inserted into word, excel, PDF and other formats.
Finally, there are times when documents are deemed incomplete due to the appropriate signature not be obtained. This means that the signature that was given may have been done electronically when in fact a handwritten signature was required. For the sake of being environmentally friendly and avoiding printing, there are options such as Adobe Acrobat’s “fill and sign” option, in which case a signature can be added via photo, unique typed signature font, or stamped electronic signature requiring a pin to access for more security and protection from copying.
The topic of signatures is evolving so continuously with the rapid developments in technology and security. For this reason, we find it necessary to discuss and provide resources for safe and effective ways to get documents signed so that this one aspect does not slow business processes. Whatever the case may be, we are willing to help ensure our documents are safe and meet the requirements of each situation to provide a smooth cooperation effort.
February 2022
Why do we need to take IRCA Accredited Training Courses?
Contributed by: Fanny Ho
The CQI's International Register of Certificated Auditors (IRCA), is the leading register for management system auditors in the world. It was originally formed in London in 1984 as part of the British government's enterprise initiative, designed to make industry and business more competitive through the implementation of quality principles and practices. Over 30,000 auditors have been awarded professional certification by CQI IRCA since 1984 and more than 120 countries are represented on the IRCA register. Every year, over 60,000 delegates attend an IRCA-certified training course. Becoming IRCA certificated auditors can give you the following benefits:-
- IRCA certificated auditors are highly valued by employers worldwide and represent the highest standards of training, and competence.
- Being IRCA certificated auditor, you can improve your career prospects through the use of logo in your email signature and business documents. You will also be listed on CQI IRCA’s online register, which is widely used by employers to find auditors.
- IRCA certificated auditors can significantly increase their bargaining power in salary at work.
- IRCA supports its auditor members in maintaining their knowledge and skills. You will get free access to IRCA’s update on any new ISO standards.
- You will get the latest news and insights from the auditing world via your inbox with IRCA’s monthly Knowledge e-newsletter, as well as the IRCA Networks e-newsletter.
- You will get free magazine called Quality World, which will give you plenty of information about what is new in the certification world.
- You can enjoy exclusive access to IRCA’s eLibrary, which contains thousands of journals, magazines and industry publications.
- Being part of IRCA network, you will gain access to a range of networking opportunities where you can communicate with professional peers to share challenges, prospects, opinions and solutions. You can also connect with other members online through CQI IRCA’s LinkedIn group.
The first step to become CQI IRCA certificated auditor is to take IRCA Accredited Training Courses offered by TUV USA in 2022. If you are interested in our 5-Day IRCA Accredited ISO 9001:2015 Lead Auditor Course on March 14-18, 2022, please click the following link.
Should you have any questions about our training schedule and registration, please contact our Training Coordinator, Katie Lehoullier at 844-488-8872 ext. 250, or our Training Manager, Fanny Ho at (416) 570-3282.
January 2022
TUV USA, Inc. is proud to announce TÜV NORD Cert’s designation to EU (MDR) 2017/745
Today, TÜV NORD Cert has joined the list of notified bodies designated under the European Medical Device Regulation (MDR). We are now accepting applications and are ready to start the review of medical devices for the MDR under our German-based notified body (0044).
The MDR was published in the Official Journal of the European Union on May 5, 2017 with a three-year transition time. Due to the pandemic, the official date of implementation was delayed for one year to May 26, 2021. The MDR replaced directive 93/42/EEC Medical Device Directive (MDD) as well as 90/385/EEC Active Implantable Medical Device Directive (AIMD). Medical devices subject to the MDD and AIMD requirements are now subject to the new requirements under MDR. Read more >
December 2021
TUV USA is pleased to share 2022 Training Schedule
We offer a wide collection of virtual classroom and E-learning on-demand training courses. Our featured courses are listed below. Click on the course title to learn more and how to register.
January 24-28 | |
February 2-3 | |
February 4 | |
February 2-4 | |
March 14-18 |
View the 2022 Schedule |
If you are interested in any courses not currently listed on our training website, please send us an e-mail at academy-us@tuv-nord.com. Our training representative will reach out to you within 48 hours.
November 2021
9 Benefits to E-Learning
Contributed by: Fanny Ho
TUV USA, Inc. is currently offering a series of e-learning courses, which means that you can take our world-recognized courses at your own time following your own pace.
Benefits of taking our TUV USA, Inc. E-learning courses:
- E-learning is self-paced: You have a lot of flexibility in controlling your pace to complete the course.
- E-learning is student-centered: Our e-learning courses are created in a way that focuses on our students’ comfortable learning environment and makes our platform user-friendly for our students to complete the course easily.
- E-learning is cost-effective: Our e-learning courses are priced very competitively. You will gain a lot more from our courses than what you pay for.
- Individual learning styles: You can adjust your own learning styles while taking our e-learning courses.
- Customizable learning environment: Our e-learning courses are professionally designed for a virtual classroom learning environment.
- E-learning fully utilizes analytics: Our e-learning platform will allow you to monitor your learning progress and provide you with a lot of data about your learning on the dashboard.
- E-learning is environmental-friendly: All our course materials are presented electronically. No paper is needed in your learning which suits our current environmental-friendly world.
- No need for textbooks: No need to pay for textbooks anymore.
- E-learning is time-efficient: You can take our courses on your own time while managing your daily routine activities.
Read more about our E-learning
October 2021
October is National Cyber Security
Awareness Month
In October 2004, as more and more people used the internet on a daily basis for work, school, shopping and to stay connected to others throughout the world, we became aware that Cyber Security was becoming a genuine concern; An increase in users and usage meant an increased risk for security breaches in internet safety.
By this time, the internet had been a public space for a decade or so. Hackers went to work getting in where they didn’t belong; and cybersecurity has been an issue ever since.
Did you know?
- 95% of cybersecurity breaches are due to human error
- Even your printer can become victim to a cyberattack without proper precautions
- Cybercrime damage costs are predicted to hit $6 trillion annually by the end of 2021
National Cyber Security Awareness Month was established out of this need to raise awareness for internet security and safety that is a critical concern to every internet user today.
Billions of people use the internet to accomplish tasks in cyberspace each day. This can be risky for those who do not know what to watch out for; or how to protect themselves. Thousands have their networks compromised and their security stolen, because they just do not know how to secure their web-equipped devices properly. Desktop computers, laptops, tablets and phones, all have important information stored that can be particularly sensitive, perhaps dangerous, if accessed by the wrong individual.
Technology advances so quickly that it can difficult for people to keep up with it. National Cyber Security Awareness Month reminds us all how important it is.
Here's what you can do:
- Run Anti-Virus Programs; Since computer viruses have a tendency to evolve, it’s important to install updates when prompted to.
- Change Your Passwords; We know we should, but we don't do it often enough. The inconvenience of remembering a new password is better than the inconvenience of being hacked.
- Get Educated About CyberSecurity; the more people learn, the more equipped they are to protect themselves against nefarious creatures who are out on the web.
Do you know how to recognize a security threat? Those who are serious about their online security may consider investing in trainings that are specifically designed to educate users more about this topic.
Business owners and managers, team leaders and members, and pretty much anyone who ever uses a computer can benefit from learning how to identify phishing schemes, suspicious links, and email attacks.
TUV USA Inc. offers a wide collection of cyber security and data protection training courses. In addition, we offer on-demand E-learning Courses, which will give you the flexibility to take our courses at your own pace and follow your personal schedule.
September 2021
TUV USA opts to meet virtually, moves toward a permanent remote model
Plans were in place to hold the first in-person, all-employees Company meeting in nearly two years this month with several guests from TUV Nord Mexico invited to attend. Alas, with so many variables still to consider for those traveling, the decision was made to postpone and meet virtually. Once again, they managed to make the most of the opportunity.
Due to the ongoing concern for employees’ health and safety in light of the ongoing COVID-19 pandemic, the majority of staff at TUV USA continues to work remotely. Now, steps are being taken to continue to do so permanently.
TUV USA was swift to action implementing a fully remote model in March 2020. The decision to extend the work at home protocol was made several times throughout the last eighteen months.
While management continued to monitor the situation around the world, they also considered their employees' performance and well-being, as well. Many stated they could perform not only the tasks of their job, but they could provide better service to our clients with the convenience of working from home; allowing for the flexibility to be available to meet our clients’ needs at their convenience, which may be outside of regular business hours in the Eastern Time zone.
Considering TUV USA employed several remote employees living in other states throughout the country, the discussions began about making the remote model permanent. Local employees gathered in person in July at their office located at 215 Main Street in Salem, NH to discuss the many pros and cons of moving to a permanent remote.
“TUV USA has been working remote since the start of COVID" said Offcier Manager, Lisa McKiel. "Our employees are productive and our customers remain happy. It is our goal to exclusively work from home while maintaining top-quality service to our customers, keeping our employees safe and our business cost effective.“
August 2021
5 Reasons Why Investing in Employee
Training is Essential
Contributed by: Katie Lehoullier
Companies increasingly require employees with proven knowledge specifically tailored to their functions within the organization. Investing in your employee shows how you value them as a worker and certifies a person's competence to perform certain practices.
Here are 5 reasons why investing in your employees training is essential to growth and successful in your business:
1. Practice
Every company needs to operate according to the latest editions to stay competitive and relevant in the industry. The more certifications your employees possess, the better it reflects on your company. It signals the forward thinking and progressive approach of both the employee and business.
2. Networking
Attending training courses or seminars along with other professionals in the field allows your employees the opportunity to network with individuals in related fields and hear other points of view. This can also lead to partnership between the companies.
3. Contribution
Businesses want individuals who can apply their knowledge by preventing mistakes and minimize risk factors. Trained employees with current certifications can operate systems and programs more efficiently.
4.Skills
In order for an individual to be efficient at their position, skills such as, collaboration and communication are imperative. Training and qualification are the keys to finding the right opportunities for full utilization of individual skills.
5. Knowledge
If an individual is pursuing a specific division, attending a training course can demonstrate commitment and comply with standard requirements. In many divisions such as Quality Systems or Food Safety, professional knowledge is vital to ensure that the job is done successfully. Gaining accreditation from a trustworthy and relevant resource will boost your business and satisfy industry requirements.
These 5 key points to investing in training for your employees are just a few of many reasons. Experience is necessary for most positions, however, continuing education is needed for keeping an individual’s skills and knowledge current to standards and practices of your business.
TUV USA, Inc. Academy Division offers a variety of trainings to suit your needs. Including Quality System, Food Safety and Medical training courses. We strive to keep your company compliant by offering trainings of the newest standards and practices. Visit us and learn more on what we offer and our Academy Division.
Invest for the best.
June 2021
Cybersecurity Vulnerability Found in Large Food Processing Plant Network
Contributed by: JR Long
A top meat processing company, JBS was subject to a cybersecurity attack at multiple locations in North America and Australia, with exception of their backup servers. The company took immediate action in suspending all affected systems and notifying the company's global network of Cybersecurity experts to resolve the attack. JBS has not confirmed evidence of customer, or other data that was exploited as a result of the attack.
A small delay in processing can vastly impact the food supply chain. And only a small number of companies process the majority of meat in North America. In response, the U.S. is considering all options in dealing with the attack that many experts suggest originated in Russia, who’s been accused of harboring cybercriminals.
Unlike other food-oriented certification bodies that may not offer Cybersecurity services, TUV USA can be a one-stop-shop providing food safety certifications such as SQF, as well ISMS.
The objective of the ISO 27001:2005 standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System". Regarding its adoption, this should be a strategic decision. Further, "The design and implementation of an organization's ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization". The standard covers all types of organizations (e.g. commercial enterprises, government agencies, and non-profit organizations) and all sizes from micro-businesses to huge multinationals. This is clearly a very wide brief.
The benefits of implementing ISO 27001:2005 are:
- Enhances a company’s credibility
- Demonstrates the validity of corporate information, and a real commitment to upholding information security
- Transforms corporate culture both internally and externally, opening up new business opportunities with security conscious customers/clients
- Improves employee ethics and the notion of confidentiality throughout the workplace
- Allows companies to enforce information security and reduce the possible risk of fraud, information loss and disclosure
March 2021
Coronovirus: One year later
It is hard to believe March 11, 2021 marked one year since the World Health Organization declared COVID-19 a global pandemic, and a State of Emergency was declared here in the U.S.
We fully understand and reflect upon the challenges everyone has faced. We extend our heartfelt thanks and appreciation for your tremendous support during the most challenging year of our history. As a proud 153-year-old company, we have experienced many obstacles before – but never a year like the one we have all just experienced.
From the beginning, our focus at TUV USA has been on putting all of our clients and their safety - as well as the safety of our employees - first. That commitment has never wavered; and never will.
Your support, calls, notes of appreciation for the care and service you received from our employees, inspectors and auditors have made a difference. Messages such as “Please hang in there - We miss you!” and notes from customers not cancelling audits, and working with our staff on transitioning to “remote audits” and finding options to keep their certifications was inspiring.
As we continue along the road to recovery, we will persist in our goals to be more resilient and more appreciative of those around us, and the meaningful work we all do for each other. These efforts to find solutions through collaboration, continue to motivate us, and give our teams the courage, drive and strength to push through to get all of us to the other side.
Even though there are challenges, uncertainties and obstacles ahead, I remain immensely hopeful and expect 2021 to be the year of opportunity to reconnect with the people and places we interact with as vaccinations continue, and our world safely reopens.
On behalf of TUV USA and our 15,000 employees worldwide, we thank you. To those of you who have worked with our staff during these last twelve months, thank you for trusting us. To those of you who are planning to expand your business, thank you for considering us. And to those of you who are unsure what your company will do moving forward, we welcome the opportunity to connect with you.
Your support and loyalty means more to all of us than you will ever know – thank you again for sticking with us. We look forward to being able to demonstrate how together we can make the world a safer place again very soon.
More from the BLOG
