Q3 2021
The Importance of Internal Audits
ISO defines audit as systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Internal audits are performed by internal auditors who are employed by the organization being audited and are also known as first-party audits. 

The purpose of an ISO Internal audits is to assess the effectiveness of your organization's quality management system and your organization's overall performance. 

Your organization will likely conduct internal audits due to one or more of the following reasons:
·      Ensuring compliance to the requirements of internal, international and industry standards & regulations, and customer requirements.
·      To determine the effectiveness of the implemented system in meeting specified objectives.
·      To explore opportunities for improvements.
·      To meet statutory and regulatory requirements.
·      To provide feedback to Top Management

An internal auditor typically has a working knowledge of your organization and knows "what makes your company tick". Internal audits are meant to dive deeply into your processes and uncover anything and everything that could or might be a non-conformance to the external auditor. It is during internal audits that you want to find, report, and later act on these findings to help improve your organization.

If provided with appropriate training and support, internal auditors can offer objective insight with the added advantage of knowing the context of the organization inside out by virtue of working there and offering more specific feedback in view of it. The other advantage of internal audit is allowing you to inspect your organization and ensure compliance with laws and regulations in a more casual environment with lower stakes. Please keep in mind that internal auditor is your friend. 

Although external audits are important, internal audits are also equally important for the reason that your internal audits will likely give you a much more in-dept look of your systems than external audits will. Therefore, please take advantage of your internal audits and do it thoroughly to reap the benefits for your organization!
The Basic of ITAR
What is ITAR?
International Traffic in Arms Regulations (ITAR) is a set of regulations administered by the State Department to control the export and import of defense and military related technologies on the United States Munitions List (USML). The objective of the legislation is to control access to these specific types of technology and their associated data.
 
Who needs to comply with ITAR regulations?
Any U.S. company, research lab or university that engages in either manufacturing or exporting defense articles or furnishing defense services is required to register with DDTC and comply with ITAR regulations. 
 
What are the penalties for not complying with ITAR?
The penalties for ITAR infractions are stiff:
·      Civil fines up to $500,000 per violation
·      Criminal fines of up to $1 million and/or 10 years imprisonment per violation.
 
Have there been cases of enforcement in recent years?
Yes, there are quite a few of major fines issued due to ITAR infractions. Some examples are:
·      In 2007, $100 million penalty applied to ITT as a result of the unauthorized Retransfer of night vision technology to the PRC.
·      In 2018, the State department fined FLIR Systems, Inc. $30 million in civil penalties for transferring USML data to dual national employees. Part of the penalty requires that FLIR implement better compliance measure and hire an outside official to oversee their agreement with the State department.
·      In 2019, L3Harris technologies has agreed to pay $13 million settlement following ITAR violations. The State department said it alleged 131 violations.
·      In 2021, Honeywell International Inc had entered into a $13 million administrative settlement with the U.S. government to resolve allegations of export control violations related to aerospace and defense technical data (specifically) engineering prints for castings and parts for aircraft, gas turbine engines, and military electronics). The State department alleged that the company committed 34 violations of the Arms Export Control Act (AECA) and ITAR in connection with data exported to recipients in Canada, Mexico, Ireland, China, and Taiwan without required government approval.
·      In 2021, Keysight Technologies was charged with a $6.6 million in civil penalties for 24 alleged violations in connection with unauthorized exports of technical data.

Where can I find the complete ITAR Regulation?
ITAR regulation can be found here (22 CFR Part 120-130).
ISO Logo: Who Can Use It?
There are many confusions surrounding the use of ISO Logo. Just because an organization obtained an ISO 9001 certification, it does not grant the organization the right to use the ISO Logo. In fact, only ISO, ISO members, and ISO Technical Committees (TCs) are allowed to use the ISO logo and ISO short name in accordance with ISO Policies.
 
Here are some basic guidelines to remember about ISO logo:
·      Don't use or copy the ISO logo.
·      Don't modify or change the ISO logo.
·      Don't use a modified or changed ISO logo.
·      Don't say that you, your products or your services are endorsed, approved or certified by ISO. (Remember, ISO doesn't perform certifications.)
·      Do refer to ISO or the International Organization for Standardization in a fair and appropriate way.
·      Do refer to ISO standards with their full reference, e.g., "ISO 9001:2015".

ISO 9001:2015 Corner – ISO 9001, What Does It Mean in the Supply Chain?
If you have been watching the news lately, you have heard much news coverage surrounding supply chain issues.

The past year and a half has been difficult for many people and organizations. Having a broken supply chain is creating even more unnecessary stress to many organizations.

ISO has published a useful guide for ISO 9001 certified organizations on how they can get the most out of the ISO 9001 standard as a supply chain tool. You can access the free guide here.

Further, if your organization needs assistance to optimize your supply chain, IAPMO Supply Chain Services can also help assist your organization. For more information on IAPMO Supply Chain Services, you can visit our website at www.scsiapmo.org or send us an e-mail at solutions@scsiapmo.org.
AS 9100D Corner – What is OASIS?
Online Aerospace Supplier Information System® (OASIS) is a portal for all information related to Aerospace Quality Management System (AQMS) certifications, auditors and audit results. OASIS contains a list of suppliers who are certified/registered under the IAQG rules to be in compliance with the aerospace quality management system requirements (9100 series). It also contains a listing of all bodies involved in the process (i.e. National Accreditation Bodies, Certification Bodies and Authenticated Aerospace Experienced Auditors). If you are working in the aerospace industry, involved in aerospace supplier selection and surveillance, this is your reliable source for aerospace supplier certification and registration data.

Organizations that are AS 9100 certified will have a login access to OASIS to manage their certification audits, including access to respond to any nonconformity issued by their auditor. 

If you have questions about OASIS and how to navigate through OASIS, please do not hesitate to contact us at isoinfo@iapmort.org or 1-877-4-MY-ISO-1. 
IAPMO Group was established in 1926 and has offices in the USA, Canada, Australia, China, Indonesia, India, Mexico, Germany and Argentine. To learn more for the IAPMO Group complete services, please visit our website at www.iapmo.org.