Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 29 February 2016

AS9100, AS9110 & AS9120 Aerospace and Defence Standards 2016

The IAQG have advised that the revised standards are due for publication in April 2016 and the deadline for transition has been aligned with the revised ISO 9001:2015.  This means that there will not be a three-year transition period but rather two years and five months.  Any organisation not transitioning successfully before the deadline will be de-registered automatically.

All certificate holders are advised to plan for the new standards and ensure that they are aware of the changes and timescales.

We will plan the transition with our Clients as soon as the publication has been made.

Just to remind readers:

The revised standards use the Hi Level Annex SL format produced for all new ISO standards and comprise ten clauses.

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organisation
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

A number of the requirements deemed unnecessary in ISO 9001:2015 have been reinstated in AS 9100.

These additional requirements are necessary for control and traceability required in the aerospace industry, which would not be met with the basic ISO9001 standard.

These include:

  • management representative is required
  • documented information with items to be identified (Quality Manual)

In addition, a number of requirements have been added:

  • Protection from counterfeit products, 
  • Product safety (awareness and compliance)
  • Computer back up secured
  • Project management
  • Measures of on-quality and on-time delivery
  • Stakeholders
  • Transfer of work
  • Reviews of requirements related to products and services coordinated with applicable  functions
  • Actions to be taken when not meeting customer requirements
  • Handling obsolescence
  • Changes
  • Controls of external providers and sub-tier providers
  • Additional evaluation of data and test reports
  • Controls of production equipment
  • Tools and software programmes
  • Validation of special processes
  • production process variations
  • problems detected after delivery
  • procedure to define NC process and responsibilities
  • review of on-time delivery performance
  • actions based on risk assessments, and human factors.

Monday, 15 February 2016

Data Encryption

What is Encryption?

Encryption is a method of scrambling a message or other data so that is cannot be read by an unauthorised person. Sadly it has become too easy to intercept messages and use them for illegal purposes. Encryption protects that data.  It is important that an email with a sensitive attachment is encrypted to avoid this information being read by unauthorised persons.

A very simple encryption might be to use the alphabet In reverse:

A    B    C    D    E    F    G    H    I    J    K    L    M    N    O    P    Q    R    S    T    U    V    W    X    Y    Z

Z    Y    X    W    V    U    T    S    R    Q    P    O    N    M    L    K    J    I    H    G    F    E    D    C    B    A

'Please reply to this message' becomes KOVZHV IVKOB GL NVHHZV

Unfortunately this code would be broken very easily. A more secure system would use the shift method where the table is used but each letter is shifted to the right by 3 boxes.

'Please reply to this message' Now becomes SOSWVS FSHLE DI DPOE KSEEWQS. This is better but relies on the person receiving the message knowing the key (what method was used). This type of encryption would be broken in seconds by an experienced cracker.

Encryption used by spies during the cold war depended on a code based on a book with the page number, line and word in a line used to decrypt the message.  Both the sender and receiver must have a copy of the book. This method is far more difficult to crack.

Modern computers rely on even more secure methods:

The first of these is the SYMMETRIC KEY where the sender and the receiver know the key and the message is decrypted. Anyone else will see a jumble of letters.

The second method is known as PUBLIC KEY, a typical system uses PGP (pretty good privacy) and relies on a public key which is available in the message and a private key which is know to only to the sender and the receiver. Again anyone else will see gibberish.

The third method is known as DIGITAL CERTIFICATE where the certificate acts as a middleman, checking the identity of both the sender and the receiver; if both are genuine the certificate allows the message to be decrypted.

Additionally financial transactions use a secure system know as SSL (Secure Sockets Layer) the user will notice that the usual http:// is replaced by https:// and a small padlock is normally present on the web-site to show that SSL is in use. Credit Card transactions use this very secure method of encryption.

Monday, 1 February 2016

Data Hijacking

Recently a system called Ransomware has come to light; this relies on a Trojan which encrypts the receiver’s data with a very complicated password, typically 40 + characters long.  The criminal offers to sell the password to the receiver for a relatively small sum usually $100 or so but this must be paid in bitcoins.  Once the sum has been paid the password is sent to the receiver to decrypt the data.  Sadly some of the criminals do not send the password but then ask for a bigger sum of money.

I cannot stress enough the importance of keeping good back-ups which can enable a user to revert to a previous backup set which is not encrypted.  Many companies are targeted by these ransomware threats and it has become apparent that many have simply paid up.

The criminals are getting bolder by the day and the latest notification was from Lincolnshire County Council who received a ransom demand for a million pounds. The Council are working with a security company to clear the infection from their systems and revert to a clean backup.  The police are trying to identify the source of the ransom. The criminals are clever enough to cover their tracks under layers of security but we can hope that they slip up and are brought to justice.

At Quality Matters we have more than one back up of data and up to date antivirus and anti- malware systems in use but we are not complacent.  Vigilance is our byword. Security is a moving target and must be reviewed regularly.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design