Charity Begins Within

Maybe we are in this boat ourselves, but every holiday season seems to bring about a strong feeling of thankfulness and gratitude for all we have and all we have been blessed with in life. It is this realization, which makes this time of year the easiest time to give back to those in need. We here at TUV USA are proud that for the 3^rd year in a row, we have been able to participate in donating to Toys for Tots due to the generosity of our selfless employees. The abundance of gifts that we accumulated will no doubt bring joy and happiness to many children this holiday season. We are confident that the small flame we have started will no doubt burn brighter in years to come. Wishing everyone a Happy Holiday Season and a Hopeful New Year.

TUV USA, Inc. has received full recognition as a Recognized Auditing Organization under the MDSAP Program

Salem, New Hampshire -- TUV USA, Inc. announced today that as of September 5, 2018, TUV USA has received full recognition as a Recognized Auditing Organization under the MDSAP Program.

In 2014, a few third-party auditing organizations were chosen to be part of the Medical Device Single Audit Program (MDSAP). The idea was to create a program that would aid in the easing of trade barriers for international medical device companies who would wait several years just to have their applications approved to sell to a new jurisdiction. The manufacturers would then face a rigorous and exhaustive annual audit program from each jurisdiction to which they sold, sometimes taking many weeks to complete for larger organizations. MDSAP was created as a solution to this.

MDSAP represents an agreement between member countries to accept the involvement of third-party auditing organizations to improve the approval processes, reduce the workload on Regulatory Authorities, and reduce the number of audits from Regulatory Authorities that medical device manufacturers have to coordinate. To date, there are five jurisdictions involved in MDSAP: Australia, Brazil, Canada, Japan, and the United States.

This has been an exciting journey for all of us involved, and we are looking forward to seeing how the MDSAP program further develops! TUV USA is proud to be one of the few certification bodies providing the new MDSAP certification.

Unique Features of GFSI Benchmarked Standards for Food Manufacturers

Maintaining compliance with the requirements of a Global Food Safety Initiative (GFSI) benchmarked scheme is a long-term marriage between the site, its elected certification body (CB), and the scheme owner; once the commitment is made, you’re in it for the long haul. Four popular schemes available to food manufacturers include the BRC Global Standard for Food Safety, Food Safety System Certification (FSSC) 22000, International Featured Standards (IFS) Food standard, and Safe Quality Foods (SQF) Food Safety Code for Manufacturing.

Each scheme is fundamentally similar as it is based on a core set of minimum standards established by the GFSI Benchmarking Requirements document (also known as the GFSI Guidance Document). This provides a framework for scheme owners (also known as certification program owners or CPOs) in establishing and maintaining certification standards and audit protocols, which result in certified food safety management systems (FSMS) of similar quality and effectiveness. At the most basic level, the benchmarking document requires scheme owners to develop standards that contain a core set of FSMS programs based on current, global regulation/ guidance and industry best practices. Notably, some of these programs include a food safety (HACCP) plan, good manufacturing practices (GMPs), food defense plan, food fraud vulnerability assessment, and supplier management program. However, each scheme offers a unique structure, set of requirements, and protocol for assessing a manufacturing site’s food safety system to meet both GFSI requirements and scheme stakeholder input. continue reading...

Data Protection Management Systems and the GDPR

 

The clocks are ticking down to May 25 2018, the day when GDPR becomes effective. The GDPR (or the General Data Protection Regulation) will require that all European Union and EEA member states adopt GDPR into their local legislation by this date.

What does this mean for companies selling products and services in the EU and the EEA? It simply means you need to comply with GDPR which apply to the product and/or service being sold – not all regulations included in the GDPR will be applicable to all companies. In this article, we discuss some tips on complying and staying up to date the GDPR regulations.

It is important to understand that you need to comply with GDPR, even if you don’t have a legal entity in the EU. As long as you collect, process, exchange, or store personal identifiable information (PII) of EU and EEA citizens (referred to as Principals), you will need to ensure you comply with these regulations. Non-compliance and data privacy breaches may result in fines – up to 20 million Euro or 4 % of your global annual revenue – whatever is higher. You should really avoid that.

Many of GDPR requirements are focused on the legal basis for collecting and processing Principals’ PII. At its basis is the idea that collecting and processing Principals PII is forbidden by law – unless there is a legal basis (by law, contract etc.), or you have a clear - and evidence based - consent. This creates a clear “Data Privacy by Default” and “Data Privacy by Design” working standard for companies looking to do business with the EU and EEA states, giving Principals the opportunity to control the use of their PII, including if you intend to change the use of PII already collected.

The message is clear to companies: you are obligated to get the Principal’s consent BEFORE you collect data and for a new or changed consent BEFORE you change the purpose of the use of PII already collected.

The first data protection law was published in 1970 in the German federal state of Hessen. In 1974 the US Privacy Act was introduced. In 1980, the Organization for Economic Co-operation and Development (OECD) launched the first version of international data privacy principles, designed to ease the international exchange of information based on a common understanding.