Risks of Cyber-Attacks on Machinery

January 24th, 2019

In our hyper-connected world, IT security covers not just our data but virtually everything that moves – including machinery. Cyber-attacks or IT malfunctions in manufacturing can pose risks to the safety measures in place, thus having an impact on production and people. New international guidance to identify and address such risks has just been published.  Smart” manufacturing, or that which takes advantage of Internet and digital technology, allows for seamless production and integration across the entire value chain. It also allows for parameters – such as speed, force and temperature – to be controlled remotely.

A new ISO technical report (TR) has just been published to help manufacturers prepare for and mitigate these risks.

ISO/TR 22100-4, Safety of Machinery – Relationship with ISO 12100 – Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects, is designed to help machinery manufacturers identify and address IT security threats that can impact on the safety of their product. This guidance covers aspects such as the types of components that could be potential targets for cyber security attacks, the design of the machine to minimize vulnerability to such attacks and information for the machine operator on possible threats.  ISO/TR 22100-4:2018 can be purchased at the ANSI Webstore.  

 

Application of ISO 9001:2015 to Computer Software

December 26th, 2018

Developing software is not always a straightforward procedure.  An International Standard to apply the principles of the world’s most widely used quality management system enables engineers to smooth out the process.

ISO/IEC/IEEE 90003, Software engineering – Guidelines for the application of ISO 9001:2015 to computer software, is designed as a checklist for the development, supply and maintenance of computer software. The recently updated version combines the proven benefits of  ISO 9001 with some of the world’s most important support documents in software engineering, allowing an organization to benefit from international best practice in improving quality at every step of the life cycle. This includes everything from the supply, acquisition, operation and maintenance, to the circular process of continuous improvement.

This guideline has been written by software experts from many different countries, it adds great value to the wealth of knowledge already accumulated in the software world. It also provides links to other software engineering standards that may be of use to software developers, such as software life-cycle processes, information security and testing.  To purchase ISO/IEC/IEEE 90003, Software Engineering Guidelines visit the ANSI Webstore

A New Year Business Approach

November 8th, 2018

With the New Year approaching, many of us are thinking of what is the best way to shape our company’s economic future and growth into the most profitable form possible.

The answer is to deliver more than your share of customer value! Keep in mind your competition won’t be standing idle while you innovate and grow. To stay ahead of your competition, you should keep a strategic focus on what sets your company apart within your industry.

You could have a number of marketable differences from your competition. Spending more on R&D, or sales efforts? Acquiring capital equipment beyond your current capacities? Is what you’re doing focused on internal needs, or are you implementing your customer’s ideas?

1. Conduct face-to-face interviews.

Of all the ways to learn about customer needs-telephone, e-mail survey, Internet, nothing comes close in effectiveness to face-to-face customer interviews. Many of us use customer surveys to determine satisfaction levels. We use a Likert Scale method (1-5) based on questions we have determined are important. The reality, though, is that most questions asked are actually customer-reactive, not market-customer proactive interviews. Should we be asking our customers “Please rate the quality of our products?”, or “How can we provide a better quality product to you?” Get out and visit your customers and find out what’s important to them!

2. Develop a Voice of the Customer mentality.

Voice of the Customer studies typically consist of both qualitative and quantitative steps. They are generally conducted at the start or finish of a new product, process, or service design in order to better understand the customer’s wants and needs. That e-mail survey with the 3-5% average return, is it handing you a report of “what the customer wants?” This is a flawed model. Train your people to be VOC experts!

Best of all, you’ll develop a reputation among customers as “that supplier who really does listen to us.”

3. Become a quantitative organization.

After you conduct good qualitative customer interviews, you can target specific customer ideas you could work on. Which ideas do you target in your product design? Which ideas do you target in your product realization processes? At this point get quantitative. Being quantitative helps you to understand which customer outcomes are most important and least satisfied.

The key to taking advantage of the future is in changing the way your company approaches your current and future customers. Start now, with a new approach and you’ll shape a sustainable organization for Year 2019 and beyond!

Service Management System Life Cycle

October 5th, 2018

According to a Forbes report, IT service management is highly important to most executives and a lack of a service management approach hurts competitiveness due to too much time and money spent on ongoing maintenance and management rather than new initiatives.

A service management system (SMS) supports the management of the service cycle, from planning to delivery and improvement, offering better value for customers as well as those delivering the service. It gives ongoing visibility, allowing for continual improvement in effectiveness and efficiency.

ISO has updated two standards in its service management series, with new features, topics and tips from the top.

ISO/IEC 20000-1:2018, Information technology – Service management – Part 1: Service management system requirements, specifies the requirements for an organization to establish, implement, maintain and continually improve an SMS,

ISO/IEC 20000-10:2018, Information technology – Service management – Part 10: Concepts and vocabulary, describes the core concepts and terminology for the whole ISO/IEC 20000 series.

The ISO/IEC 20000 series can be of benefit to anyone that provides services to customers, whether it be a whole company or an individual department, not only improving their service but ensuring that service management activities meet business needs and objectives.

The revised versions take into account changes in market trends, including the services and the management of multiple suppliers by an internal or external service integrator. It also incorporates new features such as requirements about knowledge and service planning, as well as updated terminology and definitions.

You can purchase these service management system standards at the ANSI Webstore.

FDA To Use ISO 13485 for Medical Devices Regulation

August 29th, 2018

The US Food and Drug Administration (FDA), the government department that regulates the medical devices sector, announced its intention to use ISO 13485 as the basis for its quality system legislation.

ISO 13485, Medical devices — Quality management systems — Requirements for regulatory purposes, is the International Standard for quality management systems for the medical devices sector. Published in 2016, it is designed to work with other management systems in a way that is efficient and transparent. The standard, which is now in its third edition, received strong support from the FDA, in line with its drive for global convergence of medical device regulatory processes.

The announcement by the FDA that it will use ISO 13485 in replacing its current quality system regulation, is an important next step in the recognition this standard has already gained globally.  The committee Chair, Peter Linders, added that “this bold step by the FDA seems logical, considering the role of ISO 13485 as the foundation for the Medical Devices Single Audit Program (MDSAP), currently operated by Australia, Brazil, Canada, Japan and the USA”.