TUV USA BLOG

Do you have any questions or comments? Contact us!
Subscribe to the Blog

October 2023

ISO/IEC 27001:2022
Key Changes to Transition     

ISO/IEC 27001:2022 is the latest version of the ISMS and involves updating an organization to comply with new guidelines set forth in the 2022 version. The new version was released October 25th, 2022, and certified Companies have a period of three years to update to the new version, before the end of 2025. The transition audit generally takes an extra day on top of a usual audit and is best completed at re-certification, but can be completed during any of the surveillance visits with the final date of October 31, 2025 to complete the transition.

One primary transition in this update is the shift from a risk-based approach to a risk-based thinking approach. This means organizations need to consider risk management as an ongoing process, rather than a one-time activity. It also emphasizes the need for continuous monitoring, evaluation, and improvement of information security controls.

Organizations are expected to evaluate the security of their supply chain and implement measures to mitigate risks. The standard also emphasizes the importance of having an effective incident response plan in place to handle security incidents appropriately. Additionally, there is increased focus on data privacy, including the protection of personally identifiable information (PII) and compliance with relevant data protection regulations.

To transition to ISO 27001:2022, organizations should review their existing ISMS and identify areas that need to be updated or improved to meet the new requirements. This may involve conducting a gap analysis, updating policies and procedures, and implementing necessary controls.

Training and awareness programs should also be conducted to ensure that employees understand the changes and their responsibilities in maintaining information security.

Overall, transitioning to ISO 27001:2022 requires a comprehensive review and update of an organization's ISMS to align with the latest requirements and guidelines for information security management.

 

Notable Points:

  • Companies have until 2025 to update to the new version of the standard.
  • Transition audits generally take an extra day, on top of a regular audit.
  • One primary transition is the shift from a risk-based approach to a risk-based thinking approach.
  • Organizations are expected to evaluate the security of their supply chain and implement measures to mitigate risks.
  • The updated standard also emphasizes the importance of having an effective incident response plan in place, to handle security incidents appropriately.

 

 

 

 

September 2023

OASIS v.3 – Challenges and Changes     

By now nearly everyone has had a chance to explore the new OASIS v.3 as well as share in the frustrations we are all finding within our uses of the system.  The IAQG and Intact, the platform developer and host, have assured us all that they are working “around-the-clock” to fix the issues that were both known and unexpected, and there is slow but sure progress being made. While we don’t know the full extent of what happened between the final testing and deployment/release, much of what is being worked on is behind the scenes, meaning that within the inner workings of v.3 and only once it is finally resolved will users be able to see and experience the fix.  A representative group for all Certification Bodies (CB’s) has begun to meet with the IAQG and Intact weekly, bringing feedback and questions from across the industry, including CB’s and our clients, to the table for response and actioning.  The first implemented action has been a commitment to keeping everyone informed through a frequently updated “Known Issues Log”, which can be found here: OASIS V3 Known Issues

 

We at TUV USA are very appreciative of your patience and understanding that we are all in this together and share the same frustrations.  We would like to take this opportunity to remind everyone that the IAQG and Intact are the only entities that can make the necessary changes and fixes within OASIS v.3.  TUV USA, like all other CB’s, have specific accesses, none of which are at the “IT level” and therefore like you, are reliant on the Intact Service Desk and the IAQG Contact Page for assistance.  We will do everything possible to help with your issues, so please do not hesitate to reach out to us at any time.  However, we ask that you keep in mind that we are also learning the system for the first time, using the same guidance material and recordings available to everyone.

 

August 2023

ISO 20121 Event Sustainability Management Systems

Have you ever wondered about the many events that are held throughout the country and all year long – and the sustainability aspect for resources? What about amusement parks, festivals, sporting events, conventions, and more? 

When not managed well, events can take a heavy toll on resources, the environment and society.

There is a tool for this: ISO 20121 Event Sustainability Management Systems.

ISO 20121:2012 specifies the requirements for the standard and provides guidance on conforming to those requirements. The standard considers all stages of events and supply chains and includes guidelines for relevant monitoring and measuring that reduce the use of resources and costs.

Here is an example:

On February 20, 2023, for the first time in its history, the Ferrari Challenge North America achieved ISO 20121 Certification, the international standard for sustainable event management, issued by the certification body TÜV NORD Italia.  TÜV NORD Italia is part of TUV Nord Group, as is TUV USA.

The Ferrari Challenge North America is a single-brand championship present in the United States and Canada since 1994. It represents one of the four continental series of the Ferrari Challenge, along with the Europe, Asia-Pacific and the United Kingdom ones. The championship is sanctioned by the IMSA (International Motor Sports Association).

Ferrari Challenge North America is the first racing car series and motorsport series in USA with the ISO 20121 certification.

The ISO 20121 standard applies in the design, planning and execution of the Ferrari Challenge North America 2023. It demonstrates Ferrari North America's commitment to implementing a responsible management system, integrating it with the five pillars of Ferrari S.p.A.'s sustainability strategy.

Environmental, social, and economic impact characteristics were analyzed. Also involved in the analysis were all stakeholders (staff, suppliers, circuits, drivers, teams, dealers, guests, media, sponsors and the local communities).

As part of TUV Nord Group, TUV USA is able to support your organization’s sustainability goals through ISO 20121 certification.

 

 

July 2023

The future is... Electric Blue!

TUV USA is thrilled to announce the launch of our new brand design. The new, uniform, and modern look has been celebrated vigorously by our colleagues around the world. After months of hard work and dedication, we are delighted to share our bold new look with you.

Our new look perfectly captures the essence of our company - We are a strong GROUP. With many faces, broad expertise, and an international reputation. All the different companies within the TÜV NORD GROUP now have a uniform and modern look, so that it is immediately recognizable: We belong together!

TÜV NORD has aligned its #Brand towards the future with a bold and dynamic logo, vibrant colors and modern design. Our new look fits into the new overall appearance of a strong TÜV NORD GROUP and reflects our commitment to innovation and excellence. We are confident that this new branding will help us better connect with our global audience.

Thank you to our team of colleagues from TÜV NORD Mobilität GmbH & Co. KG, TÜV NORD Systems, TÜV NORD CERT and TÜV NORD Akademie GmbH & Co. KG  for their hard work and creativity that brought the new TÜV brand world to life. Read more...   

 

 

June 2023

The New OASIS v.3 is almost here!

The new OASIS v. 3 will soon be available to all users! On Friday, June 16, 2023, the IAQG shared with all OASIS Users, that the planned “check” before the OASIS freeze and v.3 implementation went well and things are on schedule.  This means the freeze of the current version of OASIS (status of “read only”) is on target for June 30th with a “Go Live” of v.3 on July 17, 2023.

As previously mentioned, the current version of OASIS we are using today, will be placed in a read only status and unable to accept any new entries. All new entries will be made in the new, OASIS v. 3, once live on July 17th.  We strongly urge you to visit the IAQG OASIS Knowledge Base – the hub of information, resources, and guidance for your journey with the OASIS read more...

 

May 2023

TUV USA is pleased to join the IAQG in announcing the arrival of the new OASIS v.3

A recent notification was sent through OASIS, alerting all users to the start of the 60-Day Launch of the new and improved OASIS Database, OASIS v.3. Starting on May 18, 2023, IAQG and their developers began to make final preparations for the “go-live” of the new database and have planned a “go/no-go” check on June 17, 2023, which kicks off the 30-Day Launch. On June 30, 2023, the current OASIS NG (Next Generation) will be placed into a read-only freeze while data is transferred into the new OASIS v.3, scheduled to go live on July 17, 2023. 

During this time, current and historical data will be available in a read-only format, but any changes or new entries will be held until after the new OASIS v.3 is operational on July 17, 2023. IAQG should be releasing further information and guidance for supporting audits and certificates during this time, and we will post an update to this blog as soon as this information becomes available. Read more... 

 

 

April 2023

AS9104 Series and AS9101 Standard Transition

Contributed by: Deann Minamino

In October 2004, as more and more people used the internet on a daily basis for work, school, shopping and to stay connected to others throughout the world, we became aware that Cyber Security was becoming a genuine concern; An increase in users and usage meant an increased risk for security breaches in internet safety.

Doing business with OEM and Prime Manufacturers nowadays requires certification to one or more AS9100 Series Standards. Industry-wide, first-tier and sub-contract suppliers continue to see these requirements flowed in purchase orders and contracts. The AS9100 Series Standards is desired as it meets the needs and expectations of the Aviation, Space and Defense industry as it increases the reliability and quality of products and services of the supply chain.

The industry's requirements are constantly changing and read more...

March 2023

TUV USA Welcomes New Vice-President, OBS Food & Agriculture

TUV USA, Inc. is pleased to announce that Darcy Segin has assumed the role of Vice-President, OBS Food and Agriculture. Mr. Segin brings a wealth of knowledge, having worked in various roles within the food industry over the past thirty years. In his most recent past position, Mr. Segin played a critical role in shaping and implementing of the organization’s strategy for growth throughout Canada and the USA.

“We are happy to welcome Mr. Darcy Segin to the TUV USA Family as he takes over the responsibilities of the Vice-President, OBS Food and Agriculture. He has proven familiarity in the field of Food Safety certification and with his passion to grow and succeed, he will guide the expansion of our Food Safety division,” says Hakan Sen, TUV USA Managing Director.

His role will include developing services, sales, and marketing activities across the food division nationwide and globally. Mr. Segin will also provide leadership while creating a greater brand awareness as part of long-term business growth strategies.

He resides in Southwestern Ontario and volunteers as a University Football coach, where the top kicker has been a league all-star the past 2 years.

 

October 2022

October is National Cyber Security Awareness Month

In October 2004, as more and more people used the internet on a daily basis for work, school, shopping and to stay connected to others throughout the world, we became aware that Cyber Security was becoming a genuine concern; An increase in users and usage meant an increased risk for security breaches in internet safety.

By this time, the internet had been a public space for a decade or so. Hackers went to work getting in where they didn’t belong; and cybersecurity has been an issue ever since.

 

Did you know?

  • 95% of cybersecurity breaches are due to human error
  • Even your printer can become victim to a cyberattack without proper precautions
  • Cybercrime damage costs are predicted to hit $10.5 trillion annually by the end of 2025

National Cyber Security Awareness Month was established out of this need to raise awareness for internet security and safety that is a critical concern to every internet user today.

Billions of people use the internet to accomplish tasks in cyberspace each day. This can be risky for those who do not know what to watch out for; or how to protect themselves. Thousands have their networks compromised and their security stolen, because they just do not know how to secure their web-equipped devices properly. Desktop computers, laptops, tablets and phones, all have important information stored that can be particularly sensitive, perhaps dangerous, if accessed by the wrong individual.

Technology advances so quickly that it can difficult for people to keep up with it. National Cyber Security Awareness Month reminds us all how important it is.

Here's what you can do:

  • Run Anti-Virus Programs; Since computer viruses have a tendency to evolve, it’s important to install updates when prompted to.
  • Change Your Passwords; We know we should, but we don't do it often enough. The inconvenience of remembering a new password is better than the inconvenience of being hacked.
  • Get Educated About CyberSecurity; the more people learn, the more equipped they are to protect themselves against nefarious creatures who are out on the web.

Do you know how to recognize a security threat? Those who are serious about their online security may consider investing in trainings that are specifically designed to educate users more about this topic.

Business owners and managers, team leaders and members, and pretty much anyone who ever uses a computer can benefit from learning how to identify phishing schemes, suspicious links, and email attacks.

TUV USA Inc. offers a wide collection of cyber security and data protection training courses. In addition, we offer on-demand E-learning Courses, which will give you the flexibility to take our courses at your own pace and follow your personal schedule. 

September 2022

TISAX® What does it mean and how does it impact your company?

Contributed by: Jitske van Heeswijk

 

Information security is critical to the automotive supply chain and the automotive industry overall. That is why automotive manufacturers focus a great deal of attention on Information Security. The German Association of the Automotive Industry (VDA) has developed the Trusted Information Security Assessment Exchange label known as TISAX®. What does this label mean and how does it impact your company?

What does TISAX® mean?

The TISAX® label was developed to achieve a uniform level of Information Security in the automotive industry. The label sets the standard for information sharing by incorporating secure information exchange policies. Based on important aspects and criteria from the ISO 27001 standard, and specified for the automotive industry, the label demonstrates that an organization is a reliable partner to the automotive industry.

Is TISAX® mandatory?

The TISAX® label was developed by the VDA, which includes German automotive manufacturers and suppliers including VW, BMW, Mercedes-Benz Group AG, Zeppelin-Stiftung, Audi and Porsche to name a few. As a means of protecting the exchanges in the supply system, members of the VDA and Original Equipment Manufacturers (OEM’s) attach great value to the label as evidence of a solid Information Security Management System (ISMS) and consider the label as a necessary condition for business engagement. Increasingly, members of the VDA will require TISAX® making it obligatory.

How do you obtain the TISAX® label?

In order to obtain a TISAX® label, your company must first register with ENX. The next step will be to define the scope of the assessment as well as the objectives (based on your customer’s requirements), with ENX. Within TISAX®, there are eight assessment objectives that define the scope and required level of protection (e.g. high protection level or very high protection level). The objectives are referenced in the TISAX Participant Handbook in Section 4.3.3.1 on the TISAX website.

Once the scope and objectives are defined with ENX, a Scope Excerpt will be issued that will include the required Assessment Level (AL): either AL 2 or AL3. With this information, you can advance to the next stage “the assessment process”. This begins with your self-assessment. The current VDA ISA catalog for the self-assessment against your implemented ISMS can be downloaded from the TISAX site.

Next, the initial assessment follows, either remote (AL2) or partial onsite (AL3), by a TISAX® assessment provider such as TUV USA. Your assessment provider will then upload the completed report to the ENX portal once the assessment process is completed. Lastly, the label is published in the portal as evidence that your company is a reliable partner in the automotive industry!

Getting started

Where do you start? Whether your company is required by your customer to obtain a TISAX® label, or your company decides to initiate the process for future business opportunities, we can provide you with more insight into the necessary steps to obtain the TISAX® label. 

 

August 2022

Aerospace standards transition and new oasis database

Contributed by: Deann Minamino

Certification to AS9100, AS9110, and AS9120, depends not just on these core standards of the Aviation, Space and Defense Industry, but also on a foundation by which assessments and ongoing compliance by authorities, such as TUV USA, manage and perform these services. To ensure the needs and expectations of the industry continue to be met, these standards must undergo periodic revision.

Normally, we see a review and revision of the standards approximately every 5 years. In between these revisions, we are provided supplemental rules, requirements and clarifications, to sustain the evolving needs of the industry, which are later rolled up in these revisions. These forthcoming revisions were planned to have occurred in 2020 however, the Covid-19 Pandemic required an immediate shift of focus to sustaining certification activities and the industry recognized it was not an appropriate time to introduce such a change.

Beginning this year (2022), we will begin to undergo the transition. This is a long-awaited change that will not only provide realignment with the ISO9001 standard but result in a more structured analysis of a certified organizations performance, risks and complexity of their processes and services and the documented output of the certification audit. We will also see an exciting change to OASIS, offering increased functionality and user interface. Read more...

 

July 2022

What is IEC 62443

Contributed by: Fanny Ho

 

IEC 62443 Security for Industrial Automation and Control Systems (IACS)

The ISA99 and IEC committees have developed IEC 62443 to improve the safety, availability, integrity, and confidentiality of components or systems used in industrial automation and control systems (IACS). The IEC 62443 series of standards can be utilized across industrial control segments, and critical infrastructures and has been approved by many countries and endorsed by the UN. 

Why do we need IEC 62443? 

IEC 62443 is not solely meant for targeting hackers and malware on your network. It is designed to be an all-encompassing ethos of procedures and checks from every level of the organization ranging from hardware and end-users to policies and asset registers. It is about understanding what hardware and what interactions they have. The most important part of the standard is knowing how to recognize a threat, report it, respond, and recover.

What is included in IEC 62443? 

IEC 62443 is evolving to become an essential standard in the industry, which consists of four parts:
General (Part 1); Policies and Procedures (Part 2); System (Part 3); Component (Part 4)
The IEC 62443 series includes standards and technical reports that address the need to design electronic security robustness and resilience into industrial automation control systems (IACS). The concept of IACS electronic security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries, which include, but are not limited to:

  • Hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems,
  • Associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.

The IEC 62443 standard applies to the following types of products:

  • Embedded devices (e.g., automation controllers)
  • Host devices (e.g., operator stations)
  • Network devices (e.g., firewalls, routers)
  • Application software (e.g., engineering tools, HMI's)

April 2022

Digital Signatures: Expectation vs. Reality

Contributed by: Stephanie Stephen  

 

With the digitization of documentation these days, it can be challenging to understand exactly what is needed when a “signature” is requested. Sometimes it is simply typing a person’s name in a box, when other times it is required to provide an actual hand-written signature. Whether this is on a contract or something as simple as an attendance sheet, the purpose of a ‘signature’ is to provide evidence of acknowledgment for a specific document to maintain its authenticity.

In order to maintain document authenticity, there are some helpful points to consider. In cases where a wet signature (ink on paper) is necessary, like on a contract or attendance sheet, free smartphone applications like Tiny Scanner make it easy to snap a photo of the document directly into PDF. If the signature is required within a database that requires a private login and password, it is sometimes acceptable to use a typed “signatures” on non-contractual documents such as internal audit reports sent through email or uploaded to internal databases.

If one does not have access to a stylus to hand-write signatures electronically, there are also online signature services such as My Live Signature and DocuSign, which have tools and resources to help create a personalized signature. Having a unique signature can eliminate the confusion about whether or not a typed font will be acceptable and prevent the “back and forth” of getting documents signed and completed in a timely manner. With these tools, one can create a unique signature for all digital documents that can easily be inserted into word, excel, PDF and other formats.

Finally, there are times when documents are deemed incomplete due to the appropriate signature not be obtained. This means that the signature that was given may have been done electronically when in fact a handwritten signature was required. For the sake of being environmentally friendly and avoiding printing, there are options such as Adobe Acrobat’s “fill and sign” option, in which case a signature can be added via photo, unique typed signature font, or stamped electronic signature requiring a pin to access for more security and protection from copying.

The topic of signatures is evolving so continuously with the rapid developments in technology and security. For this reason, we find it necessary to discuss and provide resources for safe and effective ways to get documents signed so that this one aspect does not slow business processes. Whatever the case may be, we are willing to help ensure our documents are safe and meet the requirements of each situation to provide a smooth cooperation effort.

January 2022

TUV USA, Inc. is proud to announce TÜV NORD Cert’s designation to EU (MDR) 2017/745

 

Today, TÜV NORD Cert has joined the list of notified bodies designated under the European Medical Device Regulation (MDR). We are now accepting applications and are ready to start the review of medical devices for the MDR under our German-based notified body (0044).

The MDR was published in the Official Journal of the European Union on May 5, 2017 with a three-year transition time. Due to the pandemic, the official date of implementation was delayed for one year to May 26, 2021. The MDR replaced directive 93/42/EEC Medical Device Directive (MDD) as well as 90/385/EEC Active Implantable Medical Device Directive (AIMD). Medical devices subject to the MDD and AIMD requirements are now subject to the new requirements under MDR. Read more  >

December 2021

TUV USA is pleased to share 2022 Training Schedule

 

We offer a wide collection of virtual classroom and E-learning on-demand training courses. ­­­­Our featured courses are listed below. Click on the course title to learn more and how to register. 
​​​​

January 24-28

5-Day ISO 9001:2015 Lead Auditor 

February 2-3

2-Day ISO 9001:2015 Overview Course

February 4

1-Day ISO 9001:2015 Internal Auditor 

February 2-4

3-Day ISO 9001:2015 Advanced Internal Auditor 

March 14-18

5-Day IRCA Accredited ISO 9001:2015 Lead Auditor 

                         

  View the 2022 Schedule

If you are interested in any courses not currently listed on our training website, please send us an e-mail at academy-us@tuv-nord.com.  Our training representative will reach out to you within 48 hours.   

November 2021

9 Benefits to E-Learning 

Contributed by: Fanny Ho 
 

TUV USA, Inc. is currently offering a series of e-learning courses, which means that you can take our world-recognized courses at your own time following your own pace.  

 

Benefits of taking our TUV USA, Inc. E-learning courses:

  • E-learning is self-paced: You have a lot of flexibility in controlling your pace to complete the course.
  • E-learning is student-centered: Our e-learning courses are created in a way that focuses on our students’ comfortable learning environment and makes our platform user-friendly for our students to complete the course easily.   
  • E-learning is cost-effective: Our e-learning courses are priced very competitively.  You will gain a lot more from our courses than what you pay for. 
  • Individual learning styles: You can adjust your own learning styles while taking our e-learning courses.  
  • Customizable learning environment: Our e-learning courses are professionally designed for a virtual classroom learning environment.
  • E-learning fully utilizes analytics: Our e-learning platform will allow you to monitor your learning progress and provide you with a lot of data about your learning on the dashboard. 
  • E-learning is environmental-friendly:  All our course materials are presented electronically.  No paper is needed in your learning which suits our current environmental-friendly world. 
  • No need for textbooks: No need to pay for textbooks anymore.
  • E-learning is time-efficient: You can take our courses on your own time while managing your daily routine activities. 

 

Read more about our E-learning 
 

 

 

 

September 2021

TUV USA opts to meet virtually, moves toward a permanent remote model


Plans were in place to hold the first in-person, all-employees Company meeting in nearly two years this month with several guests from TUV Nord Mexico invited to attend. Alas, with so many variables still to consider for those traveling, the decision was made to postpone and meet virtually. Once again, they managed to make the most of the opportunity. 
 

 

Due to the ongoing concern for employees’ health and safety in light of the ongoing COVID-19 pandemic, the majority of staff at TUV USA continues to work remotely. Now, steps are being taken to continue to do so permanently. 

TUV USA was swift to action implementing a fully remote model in March 2020. The decision to extend the work at home protocol was made several times throughout the last eighteen months.

While management continued to monitor the situation around the world, they also considered their employees' performance and well-being, as well. Many stated they could perform not only the tasks of their job, but they could provide better service to our clients with the convenience of working from home; allowing for the flexibility to be available to meet our clients’ needs at their convenience, which may be outside of regular business hours in the Eastern Time zone.

Considering TUV USA employed several remote employees living in other states throughout the country, the discussions began about making the remote model permanent. Local employees gathered in person in July at their office located at 215 Main Street in Salem, NH to discuss the many pros and cons of moving to a permanent remote.

“TUV USA has been working remote since the start of COVID" said Offcier Manager, Lisa McKiel. "Our employees are productive and our customers remain happy.  It is our goal to exclusively work from home while maintaining top-quality service to our customers, keeping our employees safe and our business cost effective.“

August 2021

5 Reasons Why Investing in Employee Training is Essential

Contributed by: Katie Lehoullier


Companies increasingly require employees with proven knowledge specifically tailored to their functions within the organization. Investing in your employee shows how you value them as a worker and certifies a person's competence to perform certain practices. 

Here are 5 reasons why investing in your employees training is essential to growth and successful in your business:

1. Practice

Every company needs to operate according to the latest editions to stay competitive and relevant in the industry. The more certifications your employees possess, the better it reflects on your company. It signals the forward thinking and progressive approach of both the employee and business.

2. Networking

Attending training courses or seminars along with other professionals in the field allows your employees the opportunity to network with individuals in related fields and hear other points of view. This can also lead to partnership between the companies.

3. Contribution

Businesses want individuals who can apply their knowledge by preventing mistakes and minimize risk factors. Trained employees with current certifications can operate systems and programs more efficiently.

4.Skills

In order for an individual to be efficient at their position, skills such as, collaboration and communication are imperative. Training and qualification are the keys to finding the right opportunities for full utilization of individual skills.

5. Knowledge

If an individual is pursuing a specific division, attending a training course can demonstrate commitment and comply with standard requirements. In many divisions such as Quality Systems or Food Safety, professional knowledge is vital to ensure that the job is done successfully. Gaining accreditation from a trustworthy and relevant resource will boost your business and satisfy industry requirements.

These 5 key points to investing in training for your employees are just a few of many reasons. Experience is necessary for most positions, however, continuing education is needed for keeping an individual’s skills and knowledge current to standards and practices of your business. 

TUV USA, Inc. Academy Division offers a variety of trainings to suit your needs. Including Quality System, Food Safety and Medical training courses. We strive to keep your company compliant by offering trainings of the newest standards and practices. Visit us and learn more on what we offer and our Academy Division.

Invest for the best.

 

June 2021

Cybersecurity Vulnerability Found in Large Food Processing Plant Network

Contributed by: JR Long

A top meat processing company, JBS was subject to a cybersecurity attack at multiple locations in North America and Australia, with exception of their backup servers. The company took immediate action in suspending all affected systems and notifying the company's global network of Cybersecurity experts to resolve the attack. JBS has not confirmed evidence of customer, or other data that was exploited as a result of the attack.

A small delay in processing can vastly impact the food supply chain. And only a small number of companies process the majority of meat in North America. In response, the U.S. is considering all options in dealing with the attack that many experts suggest originated in Russia, who’s been accused of harboring cybercriminals.

Unlike other food-oriented certification bodies that may not offer Cybersecurity services, TUV USA can be a one-stop-shop providing food safety certifications such as SQF, as well ISMS.

The objective of the ISO 27001:2005  standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System". Regarding its adoption, this should be a strategic decision. Further, "The design and implementation of an organization's ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization". The standard covers all types of organizations (e.g. commercial enterprises, government agencies, and non-profit organizations) and all sizes from micro-businesses to huge multinationals. This is clearly a very wide brief.

The benefits of implementing ISO 27001:2005 are:

  • Enhances a company’s credibility
  • Demonstrates the validity of corporate information, and a real commitment to upholding information security
  • Transforms corporate culture both internally and externally, opening up new business opportunities with security conscious customers/clients
  • Improves employee ethics and the notion of confidentiality throughout the workplace
  • Allows companies to enforce information security and reduce the possible risk of fraud, information loss and disclosure

March 2021

      

Coronovirus: One year later

It is hard to believe March 11, 2021 marked one year since the World Health Organization declared COVID-19 a global pandemic, and a State of Emergency was declared here in the U.S.

We fully understand and reflect upon the challenges everyone has faced.  We extend our heartfelt thanks and appreciation for your tremendous support during the most challenging year of our history.  As a proud 153-year-old company, we have experienced many obstacles before – but never a year like the one we have all just experienced.

From the beginning, our focus at TUV USA has been on putting all of our clients and their safety - as well as the safety of our employees - first. That commitment has never wavered; and never will.

Your support, calls, notes of appreciation for the care and service you received from our employees, inspectors and auditors have made a difference. Messages such as “Please hang in there - We miss you!” and notes from customers not cancelling audits, and working with our staff on transitioning to “remote audits” and finding options to keep their certifications was inspiring.

As we continue along the road to recovery, we will persist in our goals to be more resilient and more appreciative of those around us, and the meaningful work we all do for each other. These efforts to find solutions through collaboration, continue to motivate us, and give our teams the courage, drive and strength to push through to get all of us to the other side.

Even though there are challenges, uncertainties and obstacles ahead, I remain immensely hopeful and expect 2021 to be the year of opportunity to reconnect with the people and places we interact with as vaccinations continue, and our world safely reopens.

On behalf of TUV USA and our 15,000 employees worldwide, we thank you. To those of you who have worked with our staff during these last twelve months, thank you for trusting us. To those of you who are planning to expand your business, thank you for considering us. And to those of you who are unsure what your company will do moving forward, we welcome the opportunity to connect with you.

Your support and loyalty means more to all of us than you will ever know – thank you again for sticking with us. We look forward to being able to demonstrate how together we can make the world a safer place again very soon.

 

                                     

    

More from the BLOG

Managing cross-contamination and cross-contact across the food supply chain

Cross-contamination and allergen cross-contact incidents are frequently indicated as causes of food recalls. According to U.S. Food and Drug Administration (FDA) Enforcement Reports, food products recalled from January 1 through August 30, 2017 due to contamination from pathogens was approximately 40%; those from undeclared allergens also accounted for approximately 40%.(1) While the specific cause of contamination events from pathogens or the presence of allergens in non-labelled product is not always known at the time of reporting, cross-contamination and cross-contact incidents are often later identified as likely contributing factors.
Read more

What Do Class I Recall Trends Tell Us About Food Safety Management?

The U.S. food industry—and those supplying the U.S.—have seen regulatory expansion in food production and handling systems with the advent of the Food Safety Modernization Act (FSMA). But, what impact have the mandated controls and management system requirements had on keeping contaminated food out of the marketplace.
Read more