Reengineering and modelling of a product certification process

Työn teoriaosuudessa tutkittiin prosessien uudelleen suunnittelua, prosessien mallintamista sekä prosessimittariston rakentamista. Työn tavoitteena oli uudelleen suunnitella organisaation sertifiointiprosessi. Tämän tavoitteen saavuttamiseksi piti mallintaa nykyinen ja uusi prosessi sekä rakentaa mittaristo, joka antaisi organisaatiolle arvokasta tietoa siitä, kuinka tehokkaasti uusi prosessi toimii. Työ suoritettiin osallistuvana toimintatutkimuksena. Diplomityön tekijä oli toiminut kohdeorganisaatiossa työntekijänä jo useita vuosia ja pystyi näinollen hyödyntämään omaa tietämystään sekä nykyisen prosessin mallintamisessa, että uuden prosessin suunnittelussa. Työn tuloksena syntyi uusi sertifiointiprosessi, joka on karsitumpi ja tehokkaampi kuin edeltäjänsä. Uusi mittaristojärjestelmä rakennettiin, jota organisaation johto kykenisi seuraamaan prosessin sidosryhmien tehokkuutta sekä tuotteiden laadun kehitystä. Sivutuotteena organisaatio sai käyttöönsä yksityiskohtaiset prosessikuvaukset, joita voidaan hyödyntää koulutusmateriaalina uutta henkilöstöä rekrytoitaessa sekä informatiivisena työkaluna esiteltäessä prosessia virallisille sertifiointitahoille.

Towards Certifiable Multicore-based Platforms for Avionics

Work in Progress Session, 21st IEEE Real-Time and Embedded Techonology and Applications Symposium (RTAS 2015). 13 to 16, Apr, 2015, pp 27-28. Seattle, U.S.A..

Estudio e implementación de una autoridad de certificación distribuida

Aquest projecte presenta, en primer lloc, un estudi dels protocols de generació de claus criptogràfiques i autoritats de certificació distribuïdes més destacables desenvolupades fins a l'actualitat. Posteriorment, implementem un protocol, que toleri les errades, de generació distribuïda de claus RSA sense servidor de confiança, orientat a xarxes ad-hoc. El protocol necessita la participació conjunta de n nodes per generar un mòdul RSA (N = pq), un exponent d'encriptació públic i les particions de l'exponent privat d, seguint un esquema llindar (t, n).

On data-centric misbehavior detection in VANETs

Detecting misbehavior (such as transmissions of false information) in vehicular ad hoc networks (VANETs) is a very important problem with wide range of implications, including safety related and congestion avoidance applications. We discuss several limitations of existing misbehavior detection schemes (MDS) designed for VANETs. Most MDS are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners, e.g. for gaining access to a particular lane. It is therefore more important to detect false information than to identify misbehaving nodes. We introduce the concept of data-centric misbehavior detection and propose algorithms which detect false alert messages and misbehaving nodes by observing their actions after sending out the alert messages. With the data-centric MDS, each node can decide whether an information received is correct or false. The decision is based on the consistency of recent messages and new alerts with reported and estimated vehicle positions. No voting or majority decisions is needed, making our MDS resilient to Sybil attacks. After misbehavior is detected, we do not revoke all the secret credentials of misbehaving nodes, as done in most schemes. Instead, we impose fines on misbehaving nodes (administered by the certification authority), discouraging them to act selfishly. This reduces the computation and communication costs involved in revoking all the secret credentials of misbehaving nodes. © 2011 IEEE.

Certificados electrónicos de servidor en administración y comercio electrónicos: garantías de seguridad

El uso de Internet por parte de los ciudadanos para relacionarse con las Administraciones Públicas o en relación con actividades de comercio electrónico crece día a día. Así lo evidencian los diferentes estudios realizados en esta materia, como los que lleva a cabo el Observatorio Nacional de las Telecomunicaciones y la Sociedad de la Información (http://www.ontsi.red.es/ontsi/). Se hace necesario, por tanto, identificar a las partes intervinientes en estas transacciones, además de dotarlas de la confidencialidad necesaria y garantizar el no repudio. Uno de los elementos que, junto con los mecanismos criptográficos apropiados, proporcionan estos requisitos, son los certificados electrónicos de servidor web. Existen numerosas publicaciones dedicadas a analizar esos mecanismos criptográficos y numerosos estudios de seguridad relacionados con los algoritmos de cifrado, simétrico y asimétrico, y el tamaño de las claves criptográficas. Sin embargo, la seguridad relacionada con el uso de los protocolos de seguridad SSL/TLS está estrechamente ligada a dos aspectos menos conocidos:  el grado de seguridad con el que se emiten los certificados electrónicos de servidor que permiten implementar dichos protocolos; y  el uso que hacen las aplicaciones software, y en especial los navegadores web, de los campos que contiene el perfil de dichos certificados. Por tanto, diferentes perfiles de certificados electrónicos de servidor y diferentes niveles de seguridad asociados al procedimiento de emisión de los mismos, dan lugar a diferentes tipos de certificados electrónicos. Si además se considera el marco jurídico que afecta a cada uno de ellos, se puede concluir que existe una tipología de certificados de servidor, con diferentes grados de seguridad o de confianza. Adicionalmente, existen otros requisitos que también pueden pasar desapercibidos tanto a los titulares de los certificados como a los usuarios de los servicios de comercio electrónico y administración electrónica. Por ejemplo, el grado de confianza que otorgan los navegadores web a las Autoridades de Certificación emisoras de los certificados y cómo estas adquieren tal condición, o la posibilidad de poder verificar el estado de revocación del certificado electrónico. El presente trabajo analiza todos estos requisitos y establece, en función de los mismos, la correspondiente tipología de certificados electrónicos de servidor web. Concretamente, las características a analizar para cada tipo de certificado son las siguientes:  Seguridad jurídica.  Normas técnicas.  Garantías sobre la verdadera identidad del dominio.  Verificación del estado de revocación.  Requisitos del Prestador de Servicios de Certificación. Los tipos de certificados electrónicos a analizar son:  Certificados de servidor web:  Certificados autofirmados y certificados emitidos por un Prestador de Servicios de Certificación.  Certificados de dominio simple y certificados multidominio (wildcard y SAN)  Certificados de validación extendida.  Certificados de sede electrónica. ABSTRACT Internet use by citizens to interact with government or with e-commerce activities is growing daily. This topic is evidenced by different studies in this area, such as those undertaken by the Observatorio Nacional de las Telecomunicaciones y la Sociedad de la Información (http://www.ontsi.red.es/ontsi/ ). Therefore, it is necessary to identify the parties involved in these transactions, as well as provide guaranties such as confidentiality and non-repudiation. One instrument which, together with appropriate cryptographic mechanisms, provides these requirements is SSL electronic certificate. There are numerous publications devoted to analyzing these cryptographic mechanisms and many studies related security encryption algorithms, symmetric and asymmetric, and the size of the cryptographic keys. However, the safety related to the use of security protocols SSL / TLS is closely linked to two lesser known aspects:  the degree of security used in issuing the SSL electronic certificates; and  the way software applications, especially web Internet browsers, work with the fields of the SSL certificates profiles. Therefore, the diversity of profiles and security levels of issuing SSL electronic certificates give rise to different types of certificates. Besides, some of these electronic certificates are affected by a specific legal framework. Consequently, it can be concluded that there are different types of SSL certificates, with different degrees of security or trustworthiness. Additionally, there are other requirements that may go unnoticed both certificate holders and users of e-commerce services and e-Government. For example, the degree of trustworthiness of the Certification Authorities and how they acquire such a condition by suppliers of Internet browsers, or the possibility to verify the revocation status of the SSL electronic certificate. This paper discusses these requirements and sets, according to them, the type of SSL electronic certificates. Specifically, the characteristics analyzed for each type of certificate are the following:  Legal security.  Technical standards.  Guarantees to the real identity of the domain.  Check the revocation status.  Requirements of the Certification Services Providers. The types of electronic certificates to be analyzed are the following:  SSL electronic certificates:  Self-signed certificates and certificates issued by a Certification Service Provider.  Single-domain certificates and multi-domain certificates (wildcard and SAN)  Extended Validation Certificates.  “Sede electrónica” certificates (specific certificates for web sites of Spanish Public Administrations).

Certification : le manque d’indépendance des audits privés

Certains mouvements sociaux transnationaux (MSTN) militent pour le respect des normes sociales et environnementales en particulier dans les pays à bas salaires. Ils développent pour cela de nouveaux instruments, des labels et des codes de conduites. Ces mouvements sociaux transnationaux cherchent au travers ces derniers à renforcer la régulation sociale, environnementale et sa démocratisation au plan international. Mais la privatisation de la vérification des normes sociales et environnementales nuit à l’indépendance économique des auditeurs. Ainsi, ce mode de régulation s’avère contraire à leur objectif à long terme : une régulation sociale encadrée par des pouvoirs publics démocratisés.

Forest certification in Amazonia: standards matter

Forest Stewardship Council (FSC) certification promises international consumers that `green-label` timber has been logged sustainably. However, recent research indicates that this is not true for ipe (Tabebuia spp.), currently flooding the US residential decking market, much of it logged in Brazil. Uneven or non-application of minimum technical standards for certification could undermine added value and eventually the certification process itself. We examine public summary reports by third-party certifiers describing the evaluation process for certified companies in the Brazilian Amazon to determine the extent to which standards are uniformly applied and the degree to which third-party certifier requirements for compliance are consistent among properties. Current best-practice harvest systems, combined with Brazilian legal norms for harvest levels, guarantee that no certified company or community complies with FSC criteria and indicators specifying species-level management. No guidelines indicate which criteria and indicators must be enforced, or to what degree, for certification to be conferred by third-party assessors; nor do objective guidelines exist for evaluating compliance for criteria and indicators for which adequate scientific information is not yet available to identify acceptable levels. Meanwhile, certified companies are expected to monitor the long-term impacts of logging on biodiversity in addition to conducting best-practice forest management. This burden should reside elsewhere. We recommend a clarification of `sustained timber yield` that reflects current state of knowledge and practice in Amazonia. Quantifiable verifiers for best-practice forest management must be developed and consistently employed. These will need to be flexible to reflect the diversity in forest structure and dynamics that prevails across this vast region. We offer suggestions for how to achieve these goals.

Sustainability certification of bioethanol: how is it perceived by Brazilian stakeholders?

This paper investigates whether initiatives for sustainability certification of Brazilian ethanol can be expected to stimulate a change among producers toward more sustainable production - and, if so, what those changes would likely be. Connected to this, several questions are raised including whether producers might prefer to target other markets with less stringent demands, and if certification might lead to structural changes in the sector because producers who lack the capacity to meet the new requirements cannot remain competitive. The analysis of interviews with a diverse group of stakeholders under the guidance of the Technological Innovation Systems framework allowed us identify different actions taken by the Brazilian sugarcane ethanol sector in response to requirements of sustainability. The interviewees agreed that sustainability certification is an important element for the expansion of biofuel production in Brazil. Brazilian stakeholders have created a platform for more competitive sustainable production and have initiated relevant processes in response to the development connected to sustainability certification. Yet, the certification activities have had a limited impact in terms of the number of involved stakeholders. But interview responses indicate that the sector may adapt to new certification requirements rather than leave markets where such requirements become established. Structural changes can be expected if certification requirements as they exist in many initiatives are introduced in unflexible ways. The social importance of the ethanol industry is large in Brazil and some adjustments for certification may be required. The paper concludes by suggesting some actions for the industry. (C) 2010 Society of Chemical Industry and John Wiley & Sons, Ltd

The main benefits associated with health and safety management systems certification in Portuguese small and medium enterprises post quality management system certification

The purpose of this study is to characterize how Portuguese Small and Medium Enterprises (SMEs) view the Occupational Health and Safety Management Systems (OHSMSs) certification process, after receiving the Quality Management System (QMS) certification. References were based on the ISO 9001 standard for a QMS and OHSAS 18001 for OHSMS. The method used to evaluate the implemented systems, was by form of questionnaire. Those questioned had to have a certified quality management system, an implemented OHSMS and be a SME. The questionnaire was sent to 300 SMEs; 46 responses were received and validated. Of them, only 12 SMEs had the OHSMS certificate according to OHSAS 18001. Within those 12 companies that participated: 7 SMEs are from the industrial sector; 3 belong to the electricity/telecommunications sector and 2 SMEs are from the trade/services activity sector. The size of the sample was small, but corresponds to Portuguese reality. Moreover, 34 SMEs did not have the OHSMS certificate. The questionnaire requested the main reasons for SMEs to opt for non-certification and it was related with high costs, while the main reasons to certificate were, among others, needed to eliminate or minimize risks to workers. The main benefits that Portuguese SMEs have gained from the referred certifications have been, improved working conditions, ensuring compliance with legislation and better internal communication about risks and hazards. Also presented are the main difficulties in achieving an OHSMS certification including high certification costs, difficulties motivating personnel, difficulties in changing the company’s culture and increased bureaucracy.

Certification and integration of management systems: the experience of Portuguese small and medium enterprises

The purpose of this study was to characterize the situation of Portuguese Small and Medium Enterprises (SMEs) concerning the certification of their Quality Management Systems (QMS), Environmental Management Systems (EMS) and Occupational Health and Safety Management Systems (OHSMS), in their individually form, to identify benefits, drawbacks and difficulties associated with the certification process and to characterize the level of integration that has been achieved. This research was based on a survey carried out by the research team; it was administered to 46 Portuguese SMEs. Our sample comprised 20 firms (43%) from the Trade/Services activity sector, 17 (37%) from the Industrial sector, 5 (11%) from the Electricity/Telecommunications sector and 4 (9%) from the Construction area. All SMEs surveyed were certified according to the ISO 9001 (100%), a quarter of firms were certified according to the ISO 14001 (26.1%) and a few certified by OHSAS 18001 (15.2%). We undertook a multivariate cluster analysis, which enabled grouping variables into homogeneous groups or one or more common characteristics of the SMEs participating in the study. Results show that the main benefits that Portuguese SMEs have gained from the referred certifications have been, among others, an improvement of both their internal organization and external image. We also present the main difficulties in achieving certification. Overall, 7 of the Portuguese SMEs examined indicated that the main benefits of the IMS implementation management included costs reduction, increased employee training and easier compliance of legislation. The respective drawbacks and difficulties are also presented. Finally, we presented the main integrated items in the certified Portuguese SMEs we examined.

Certification and integration of environment with quality and safety – a path to sustained success

According to Wright [1] certification of products and processes began during the 1960’s in the manufacturing industry, as a tool to control and assure the quality/conformity of products and services provided by suppliers to customers/consumers. Thus, the series of ISO 9000 was published first time, in 1987 and it was been created with a flexible character, to be reviewed periodically. Later, were published others normative references, which highlight the ISO 14001 in 1996 and OHSAS 18001 in 1999. This was also, the natural sequence of the certification processes in the organizations, i.e., began with the certification of quality management systems (QMS) followed by the environmental management systems (EMS) and after for the Occupational Health and Safety Management System (OHSMS). Hence, a high percentage of organizations with an EMS, in accordance with the ISO 14001, had also implemented, a certified QMS, in accordance with ISO 9001. At first the implementation of a QMS was particularly relevant in high demanding activity sectors, like the automotive and aeronautical industries, but it has rapidly extended to every activity sector, becoming a common requisite of any company worldwide and a factor of competitiveness and survival. Due to the increasingly demanding environmental legislation in developed countries, companies nowadays are required to seriously take into consideration not only environmental aspects associated to the production chain itself, but also to the life cycle of their products.

Motivation and Benefits of Implementation and Certification according ISO 9001 – the Portuguese Experience

The aim of the research is to analyze the different aspects associated with the motivation and benefits of certified ISO 9001 companies in Portugal. A total of 426 certified Portuguese companies were surveyed. The response rate was equal to 61.03 percent. Our results suggest that the main motivation for certification were “improvement of quality”, “improvement of company image”, “marketing advantage”, “give empowerment to workers / capturing workers knowledge” and “cost reduction”. The main benefits that Portuguese companies have gained from the referred certification have been, among others, the improvement of “procedures”, beneficial effect on the “company’s image”, the improvement of quality products/services, increase of the “customer satisfaction”, improvement of “on-time delivery”; improvement the “morale” of workers’ increase in productivity and decrease of “production costs”, among others. The surveyed firms belong only to the Minho region of the north of Portugal. This paper aims to provide a contribution to the research related to the motivation and benefits associated to the quality management systems. The selection of the motives and benefits were validated through statistical analysis and the relationship between expected and perceived benefits was discussed.

Implementing and certifying ISO 14001 in Portugal: motives, difficulties and benefits after ISO 9001 certification

The purpose of this study is to characterise the environmental management systems (EMS) certification process (International Organization for Standardization (ISO) 14001) in Portuguese small and medium enterprises (SMEs) following quality management system (QMS) certification (ISO 9001). The study is based on a sample from Portuguese SMEs which characterise the local reality in terms of companies certified in accordance with ISO 14001 after ISO 9001 certification. Some Portuguese SMEs have the EMS implemented but not certified, mainly given the lack of investment support and because it is considered merely a form of marketing. As such, they do not feel motivated to certificate an EMS in the company since they consider that it is a form of advertising and not a way to protect the environment. Nonetheless, it is already evident form other Portuguese SMEs that gained EMS certification that gains supersede marketing benefits and allow for evermore enduring benefits such as prevention of environmental risks, environment protection, improved company image, compliance with legislation and efficient use of natural resources. This paper also presented the main difficulties in achieving an EMS certification, including high certification costs, human resources, motivation issues and difficulties in changing the company’s culture.

Methodology for in-game certification in serious games

Serious games are starting to attain a higher role as tools for learning in various contexts, but in particular in areas such as education and training. Due to its characteristics, such as rules, behavior simulation and feedback to the player's actions, serious games provide a favorable learning environment where errors can occur without real life penalty and students get instant feedback from challenges. These challenges are in accordance with the intended objectives and will self-adapt and repeat according to the student’s difficulty level. Through motivating and engaging environments, which serve as base for problem solving and simulation of different situations and contexts, serious games have a great potential to aid players developing professional skills. But, how do we certify the acquired knowledge and skills? With this work we intend to propose a methodology to establish a relationship between the game mechanics of serious games and an array of competences for certification, evaluating the applicability of various aspects in the design and development of games such as the user interfaces and the gameplay, obtaining learning outcomes within the game itself. Through the definition of game mechanics combined with the necessary pedagogical elements, the game will ensure the certification. This paper will present a matrix of generic skills, based on the European Framework of Qualifications, and the definition of the game mechanics necessary for certification on tour guide training context. The certification matrix has as reference axes: skills, knowledge and competencies, which describe what the students should learn, understand and be able to do after they complete the learning process. The guides-interpreters welcome and accompany tourists on trips and visits to places of tourist interest and cultural heritage such as museums, palaces and national monuments, where they provide various information. Tour guide certification requirements include skills and specific knowledge about foreign languages and in the areas of History, Ethnology, Politics, Religion, Geography and Art of the territory where it is inserted. These skills are communication, interpersonal relationships, motivation, organization and management. This certification process aims to validate the skills to plan and conduct guided tours on the territory, demonstrate knowledge appropriate to the context and finally match a good group leader. After defining which competences are to be certified, the next step is to delineate the expected learning outcomes, as well as identify the game mechanics associated with it. The game mechanics, as methods invoked by agents for interaction with the game world, in combination with game elements/objects allows multiple paths through which to explore the game environment and its educational process. Mechanics as achievements, appointments, progression, reward schedules or status, describe how game can be designed to affect players in unprecedented ways. In order for the game to be able to certify tour guides, the design of the training game will incorporate a set of theoretical and practical tasks to acquire skills and knowledge of various transversal themes. For this end, patterns of skills and abilities in acquiring different knowledge will be identified.