An international standard-setting body composed of representatives from national organizations for standards
POPULARITY
No novo episódio do podcast Canal Metrologia, mergulhe na sinergia entre a precisão metrológica e a eficiência do Lean. Apresentamos Reginaldo Origuella Filho, um especialista em Lean Six Sigma, que nos guia por uma jornada transformadora sobre a aplicação da filosofia Lean em laboratórios de calibração.Descubra como otimizar processos, eliminar desperdícios e tornar o fluxo de trabalho mais eficiente sem comprometer a qualidade ou a ciência da metrologia. Reginaldo desmistifica a ideia de que a calibração é um processo fixo, mostrando como a melhoria contínua pode ser o caminho para a excelência, com resultados comprovados, como a redução de 59,22% no tempo de espera no setor comercial e 32% no lead time total do laboratório.Neste episódio, você vai descobrir:O que é a cultura Lean e seus 5 pilares fundamentais, aplicados em ambientes administrativos e laboratoriais.Ferramentas práticas como 5S, Kanban e Poka-Yoke para melhorar a organização e o fluxo de trabalho5.A fascinante história por trás da filosofia Lean, que nasceu na Toyota e hoje é universal.Como o Lean se integra e complementa normas rigorosas como a ISO/IEC 17025.Conselhos valiosos para gestores e profissionais que buscam iniciar a jornada de melhoria contínua.Convidado:Reginaldo Origuella Filho: Técnico em Instrumentação Industrial, Engenheiro de Produção e certificado como Lean Six Sigma Black Belt, com vasta experiência na aplicação de princípios de otimização em ambientes técnicos.Recursos Recomendados:Livro: Lean Office – Gerenciamento do Fluxo de Valor para áreas administrativas (Don Tapping e Tom Shucker).Site: Lean Institute Brasil.Curso: Conceitos de Mapeamento de Processos (BPM) da P-Excellence.Não se esqueça de compartilhar este episódio com seus colegas e votar no Canal Metrologia no Prêmio Melhores Podcasts do Brasil 2025 na categoria Ciência!Até o próximo episódio!
Jane Weitzel has been working in analytical chemistry for over 40 years for pharmaceutical and mining companies. She was elected to the United States Pharmacopeia Council of Experts as chair of the 2020-2025 General Chapters–Measurement and Data Quality Expert Committee and is a member of the 2025-2030 EC Pharmaceutical Analysis Lifecycle and Data Science. She was a member of the USP 2015-2020 Statistics Expert Committee. She has been Director of pharmaceutical Quality Control laboratories. She has experience with many different regulatory environments. She is currently a consultant specializing in laboratory management systems, GMP testing, and ISO/IEC 17025. She is an auditor and an educator. Jane has applied Quality Systems and statistical techniques, including the evaluation and use of measurement uncertainty, in a wide variety of technical and scientific businesses. Recently she is focusing on the implementation of the new USP General Chapter 1220 Analytical Procedures Life Cycle.
SummaryIn this conversation, Sean M Weiss and Walter Haydock discuss the implications of ISO IEC 42001 in the healthcare sector, focusing on AI governance, regulatory compliance, and the management of bias in AI systems. They explore the challenges faced by multi-site healthcare organizations, the importance of leadership in ethical AI use, and real-world examples of organizations implementing ISO 42001. The discussion also touches on the legislative landscape surrounding AI and the need for clear policies in healthcare AI applications.TakeawaysISO 42001 is a blueprint for managing AI risk.Bias in AI is unavoidable but can be managed.Leadership commitment is essential for effective AI governance.ISO 42001 aids in compliance with regulations like HIPAA.Multi-site healthcare systems face unique challenges in AI implementation.Ethical AI use is crucial in telemedicine applications.Real-world examples show the benefits of ISO 42001 certification.Behavioral health can greatly benefit from AI governance.Integrating ISO standards enhances overall AI governance.Legislators need to improve their understanding of AI issues.
Hello, and welcome to episode 181 of the Financial Crime Weekly Podcast, I am Chris Kirkbride. In this episode, we look at US Treasury's action against an Iraqi-led network for smuggling Iranian oil disguised as Iraqi crude, and the UK and EU's decision to slash the Russian oil price cap to $47.60. In money laundering, updates on HM Treasury's approval of JMLSG guidance, FATF's new National Risk Assessment toolkit to help nations identify threats, and the Wolfsberg Group's latest framework for monitoring suspicious activity. Fraud saw major moves with a new U.S. Trade Fraud Task Force from the DOJ and DHS, and the UK enacting a landmark corporate offence for failure to prevent fraud. We'll look at Portugal's progress and areas for deeper reform in anti-corruption as noted by GRECO, insider trading convictions and repayments from the West brothers, and the SFO's review of rate-rigging convictions following a Supreme Court ruling. Finally, in cybercrime, we'll look at the statewide government shutdown in Nevada due to a ransomware attack, the alarming misuse of Anthropic AI by hackers in espionage and extortion schemes, a massive data breach fine for SK Telecom, and a new ISO/IEC standard targeting AI-driven morphing attacks in biometric ID fraud.A transcript of this podcast, with links to the stories, will be available at www.crimes.financial.
Ever wondered where digital trust fits in your company's strategy? We live in a world that's buzzing with AI, cybersecurity, and digital innovation. Everywhere you look, there's a new app, a smarter tool, or a faster system. But in the middle of all this tech hype, there's one thing we often overlook—trust.In this insightful conversation, Punit discusses with Bruno about the crucial influence of technology, economy, and other external factors on business strategies. They delve into how companies navigate different environments, the role of digital transformation, and the importance of maintaining a balanced ecosystem approach.If you're a leader, strategist, privacy professional, or tech enthusiast trying to make sense of innovation, trust, and governance in today's world—this conversation is a must-watch.KEY CONVERSION00:02:02 What is the concept of digital trust? Was it trust enough?00:04:40 Can we expect digital trust in an emerging world of new technology in 10-20 years?00:09:15 Is the board convinced about the value of digital trust or are they still in compliance mode?00:13:15 How do we sell this concept of digital trust on the boards? 00:18:51 Linking concept of trust, security and privacy to the broader agenda 00:25:58 What is it that you can sell them with and how can they reach out? ABOUT GUESTBruno Horta Soares is a seasoned executive advisor, professor, and keynote speaker with over 20 years of experience in Governance, Digital Transformation, Risk Management, and Information Security. He is the founder of GOVaaS – Governance Advisors as-a-Service and has worked with organizations across Portugal, Angola, Brazil, and Mozambique to align governance and technology for sustainable business value.Since 2015, Bruno has served as Leading Executive Senior Advisor at IDC Portugal, guiding C-level leaders in digital strategy, transformation, governance, and cybersecurity. He is also a professor at top Portuguese business schools, including NOVA SBE, Católica Lisbon, ISCTE, ISEG, and Porto Business School, teaching in Masters, MBA, and Executive programs on topics such as IT Governance, Cybersecurity, Digital Transformation, and AI for Leadership.He holds a degree in Management and Computer Science (ISCTE), an executive program in Project Management (ISLA), and numerous professional certifications: PMP®, CISA®, CGEIT®, CRISC™, ITIL®, ISO/IEC 27001 LA, and COBIT® Trainer. As a LEGO® SERIOUS PLAY® Facilitator, he brings creativity into strategy and leadership development.Bruno received the ISACA John Kuyers Award for Best Speaker in 2019 and is the founder and current President of the ISACA Lisbon Chapter. A frequent international speaker, he shares expertise on governance and digital innovation globally.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.RESOURCES Websites www.fit4privacy.com,www.punitbhatia.com, https://www.linkedin.com/in/brunohsoares/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy
Think legal and compliance are boring? Domain 6 of CCSP proves they're critical for cloud security success. This session breaks down the complexities of cloud legal frameworks, risk management, and regulatory compliance in an easy-to-grasp way.
Send us a textProfessor JRod makes a triumphant return to Technology Tap after a year-long hiatus, bringing listeners up to speed on his personal journey and diving straight into Security Plus 701 fundamentals. Having completed his doctorate and subsequently focusing on his health—resulting in an impressive 50-pound weight loss—he reconnects with his audience with the same passion and expertise that made his podcast popular.The heart of this comeback episode centers on essential cybersecurity concepts, beginning with the CIA triad (confidentiality, integrity, availability) that forms the foundation of information security. Professor J-Rod expertly breaks down complex frameworks including NIST, ISO/IEC standards, and compliance-driven approaches like HIPAA and GDPR, explaining how organizations should select frameworks based on their specific industry requirements.With his trademark clear explanations, he walks listeners through the process of gap analysis—a methodical approach to identifying differences between current security postures and desired standards. The episode then transitions to a comprehensive overview of access control models, including Discretionary, Mandatory, Role-Based, Attribute-Based, and Rule-Based controls, each illustrated with practical examples that bring abstract concepts to life.What sets this episode apart is the interactive element, as Professor JRod concludes with practice questions that challenge listeners to apply their newly acquired knowledge. This practical approach bridges the gap between theory and real-world implementation, making complex security concepts accessible to professionals and students alike. Whether you're preparing for certification or simply expanding your cybersecurity knowledge, this return episode delivers valuable insights from an educator who clearly missed sharing his expertise with his audience.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod
Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM
The invisible legal architecture behind AI systems, either talking to each other or failing spectacularly, takes center stage in this deep dive into interoperability. Far more than technical specifications, the ability of AI models to connect and share data represents a battlefield where intellectual property rights, competition law, and global governance clash to determine who controls the digital ecosystem.Starting with IBM's mainframe antitrust case, we trace how European regulators forced a tech giant to provide third parties with technical documentation needed for maintenance. This early precedent established that when your system becomes essential infrastructure, monopolizing access raises legal red flags. The SAS v. World Programming Limited ruling further clarified that functionality, programming languages, and data formats cannot be protected by copyright, giving developers freedom to create compatible systems without infringement concerns.Patent battles reveal another dimension of interoperability politics. Cases like Huawei v. ZTE established detailed protocols for negotiating Standard Essential Patents, preventing companies from weaponizing their intellectual property to block competitors. The Microsoft v. Motorola judgment defined what "reasonable" licensing fees actually look like, protecting the principle that interoperability shouldn't bankrupt smaller players.Google's decade-long fight with Oracle over Java API copyright culminated in a Supreme Court victory validating that reimplementing interfaces for compatibility constitutes fair use, a landmark decision protecting the ability to build systems that communicate with existing platforms without permission. Meanwhile, the Oracle v. Rimini ruling reinforced that third-party software support isn't derivative copyright infringement, even when designed exclusively for another company's ecosystem.Beyond courtrooms, international frameworks increasingly shape AI interoperability standards. From UNESCO's ethics recommendation to ISO/IEC 42001 certification, from the G7 Hiroshima AI Process to regional initiatives like the African Union's Data Policy Framework, these governance mechanisms are establishing a global language for compatible, trustworthy AI development.Whether you're building AI systems, crafting policy, or simply trying to understand why your tools won't work together, these legal precedents reveal that interoperability isn't just about good coding. It's about who controls the playground, the rulebook, and ultimately, the future of AI innovation.Send us a text
Send us a textLas batallas legales por la interoperabilidad están definiendo silenciosamente el futuro de la inteligencia artificial. Mientras desarrolladores y empresas se concentran en crear sistemas cada vez más potentes, el verdadero poder radica en quién controla los estándares, protocolos y ecosistemas donde estos sistemas operan.Nuestro recorrido comienza con casos emblemáticos como IBM frente a la Comisión Europea, donde se estableció que cuando una tecnología se vuelve infraestructura crítica, sus propietarios adquieren responsabilidades especiales. El tribunal europeo en el caso SAS vs World Programming revolucionó nuestra comprensión de los límites del copyright al determinar que funcionalidades y lenguajes de programación no están protegidos, abriendo la puerta a la ingeniería inversa para compatibilidad.Las guerras de patentes esenciales para estándares también han moldeado el panorama de interoperabilidad. Desde Microsoft contra Motorola hasta la batalla entre FTC y Qualcomm, estas disputas han definido cuándo y cómo los titulares de patentes incorporadas en estándares deben licenciarlas bajo términos justos, razonables y no discriminatorios (FRAND). El caso Google vs Oracle sobre APIs estableció un precedente crucial para la reimplementación de interfaces en nuevos contextos, vital para el desarrollo de ecosistemas de IA compatibles.Más allá de los tribunales, marcos internacionales como la Recomendación de la UNESCO sobre ética en IA, el estándar ISO IEC 42001 y la Declaración de la Década Digital europea están creando una infraestructura global de gobernanza que prioriza la interoperabilidad como requisito fundamental. Estas iniciativas reconocen que la IA del futuro no solo debe ser potente, sino también compatible, transparente y capaz de funcionar a través de fronteras y plataformas.Si estás desarrollando sistemas de IA o invirtiendo en ellos, comprender estas dinámicas legales no es opcional—es estratégico. La verdadera innovación no está solo en crear la IA más avanzada, sino en construir sistemas que puedan colaborar, cumplir con estándares globales y escalar responsablemente. ¿Tu sistema de IA está preparado para este nuevo paradigma de interoperabilidad jurídica y técnica?Support the show
Information security governance is more than policies—it's the backbone of aligning cybersecurity with business strategy. In this in-depth session, we break down Domain 1 of the CISM exam to help you lead with purpose.From aligning security with business goals to navigating frameworks like COBIT and ISO/IEC 27001, this episode equips you with the tools to build strong governance practices that support risk management, compliance, and operational excellence.
In episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company. Here are some highlights from our episode:00:58. Introductions with Angelo and Stephanie02:07. A pro and a con of IT consulting work04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls07:08. How IT and IT security are essential to corporate strategy07:45. The use of governance to support merging three business units into an integrated security company12:04. The value of security champions in adapting to regulatory and business changes15:15. What IT and Security teams can accomplish when they work as partners17:18. The use of data to inform Board decisions and conversations around risk20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 202029:30. Advice for folks starting out in security31.28. The importance of collaboration and culture in implementing security as an organizationResourcesEpisode 144: Carrying on the MS-ISAC's Character and CultureThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1CIS Controls v8.1 Mapping to ISO/IEC 27001:2022CIS Controls v8.1 Mapping to SOC2CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3Reasonable CybersecurityEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Bentornati e bentornate su Azure Italia Podcast, il podcast in italiano su Microsoft Azure!Per non perderti nessun nuovo episodio clicca sul tasto FOLLOW del tuo player
In this episode, Matthew speaks with academic and philosopher Catherine Botha, Professor of Art, Culture, and Technology at the University of Johannesburg. Together, they explore whether there's a uniquely African context for AI development - and what cultural, social, and economic values should guide its deployment across the continent. They also dive into ISO/IEC 42001, asking whether this AI management systems standard is flexible and inclusive enough to reflect Africa's specific needs. Catherine also unpacks the concept of the Philosophy of AI - what it means, and why it matters - and shares her ‘standards journey', one inspired by her very savvy students.It's part conversation, part audio love letter to the stakeholder-driven standards process: grounded in transparency, consensus, and voluntarism, and - as Catherine argues - essential to delivering social justice in the age of AI.Find out more about the issues raised in this episodeISO/IEC 42001 – AI management systemsThe Standards Show | Revisiting ISO/IEC 42001Get involved with standardsGet in touch with The Standards Showeducation@bsigroup.comsend a voice messageFind and follow on social mediaX @StandardsShowInstagram @thestandardsshowLinkedIn | The Standards Show
Send us your feedback In this episode, Technology Partner Tom Maasland speaks with Craig Pattison, Business Strategist and COO at Capability Collective and a leading agritech advocate and advisor, about how AI is transforming the agricultural sector and driving innovation, productivity and sustainability on farms across New Zealand.[01:34] Tom and Craig discuss how AI is actively being deployed across dairy, livestock, meat processing and horticulture operations in New Zealand. From Fonterra's herd monitoring systems to quality control of kiwifruit at Zespri, AI is driving smarter farm management, boosting productivity, and delivering positive outcomes for farmers, livestock, and the communities they support.[03:47] Craig highlights Halter's smart collars, which automate herd movements and optimise grazing patterns for cows, as a standout AI innovation in this sector, noting how this AI supported innovation supports better pasture management and opens new revenue streams for farmers.[05:14] Craig talks about various AI applications in crop production, focusing on Cropsy Technologies' AI enabled crop vision system and Rockit Apples' full supply chain tracking system. These tools help meet high-value export demands and strengthen food traceability and provenance.[07:18] Tom and Craig then explore key challenges in adopting AI within the agricultural sector, beginning with issues of data transparency and ethical concerns surrounding data ownership and usage, particularly in relation to Māori land. Craig highlights promising initiatives such as Trust Alliance NZ's digital farm wallet project, ISO/TC 347's international data standards for agri-food systems, and Te Hiku Media's Māori-led data platforms, which offer potential solutions to data transparency and ethical challenges.[10:27] They address the challenge of connectivity and cost in rural areas which can hinder the adoption of AI-based technologies on farm. Craig highlights promising solutions, including the Rural Connectivity Group's partnership, which is working to establish a tower network enabling more extensive 4G coverage, Starlink satellite internet, and AgriTech NZ's 'AI on the Edge' initiatives, which support local data processing without the need for high-speed internet. Craig stresses the vital role of connectivity not just for efficient farm operations, but also for farmer safety.[12:30] Craig notes regulatory complexity as another key challenge for the adoption of AI in agriculture, stressing the need for long-term investment certainty. He points to the AIMS framework (which supports the international standard for AI management, ISO/IEC 42001:2023) as a practical tool for ethical and compliant AI use, emphasising that regulation can serve as a roadmap, rather than a roadblock, for innovation.[14:34] Tom asks about future priorities, prompting Craig to explain the importance of regulatory clarity, AI literacy, and national coordination. He emphasises the need for farmers to adopt AI strategically and for the sector to shift from volume to value production. They wrap up with a call to create a learning culture through existing farming networks.Information in this episode is accurate as at the date of recording, 6 May 2025. Please contact KFor show notes and additional resources visit minterellison.co.nz/podcasts
On this episode of SPOT Radio, Charlie Webb, CPPL, discusses the Sterile Summer Patient Safety Road Trip 2025—an outreach initiative designed to raise awareness about sterile packaging practices and awareness. Joined by his wife, Lisa Webb, General Manager of Van der Stähl Scientific, the duo will actively support the Sterile Aware initiative, engaging medical device manufacturers by distributing awareness bracelets and posters while demonstrating advanced medical device packaging machinery.Beyond their mission to promote patient safety, Charlie and Lisa are also weaving moments of vacation and exploration into their journey, striking a balance between industry advocacy and personal adventure.Tune in to hear more about this unique road trip blending education, engagement, and a bit of summer fun!About Charlie Webb CPPL: Charlie Webb CPPL is the founder and President of Van der Stahl Scientific; a medical device packaging and testing machine provider and packaging testing and calibration laboratories.He is also a certified internal auditor and is the Quality Manager for Van der Stähl Scientific's demanding ISO/IEC 17025 Laboratory accreditation. Under Charlie's quality management system his lab received the MSI Continuous Improvement Award. Charlie is a member of the IOPP Medical Device Packaging Technical Committee, he is a former co-PM in the Kiip group and voting ASTM F02 technical committee and has multiple granted and pending patents on medical device packaging machinery and pouch testers.His current patent-pending technologies include a medical device tray sealer that will integrate pouch testing within the packaging machine to provide 100% real-time seal testing. Also, in development is his patented HTIP system (human tissue isolation pouch) this disposable system is designed to help avoid packaging machine contamination.About Lisa Webb: As the General manager of Van der Stähl Scientific she has grown the company sales by double in her 15-year tenure. Her technical acumen is impressive as there is not a packaging machine in Van der Stähl Scientific's offering that she does not know every nut and bolt and its placement.Beyond understand the medical device packaging and testing machines operation and build she also understands the ISO 11607 processes for which they are held under. Lisa also oversees many of the functions in Van der Stähl Scientific's ISO/IEC 17025 medical device pouch test and calibration laboratory. She is Kaizen trained and certified and continues to improve Van der Stähl Scientific's operation from product development to market reach.Team Email: info@vanderstahl.comRoadtrip webpage: https://www.linkedin.com/in/missy-travis-b8588b45/Roadtrip Video: https://youtu.be/s58_ih8G7IM?si=Vglm3Nm60M5-3EmW Storyteller Hilt: https://www.storytelleroverland.com/pages/hilt
Rob Knake is a professional specializing in quality systems, metrology, and standards development. He is actively employed with the National Institute of Standards and Technology (NIST) and involved with NCSL International, where he contributes to training, technical exchanges, and the advancement of measurement science. With expertise in ISO/IEC 17025, measurement traceability, and laboratory accreditation, Rob frequently leads seminars and workshops aimed at enhancing metrology practices. His roles encompass coaching, public speaking, and organizational leadership, focusing on improving quality systems and fostering collaboration within the metrology community. Rob's professional endeavors are highlighted through his active participation in events like the NCSL International Technical Exchange and the MSC Annual Training Symposium. His contributions have been recognized in various capacities, including hosting sessions and delivering presentations on metrology and digitalization topics. For more detailed information about Rob Knake's professional background and contributions, you can visit his LinkedIn profile.
Artificial intelligence is moving into the mainstream of government and industry, and with it comes new responsibilities. Mapping today's AI landscape, then, means looking into the behavioural shifts it triggers, the governance frameworks it demands, and the global power dynamics it reshuffles. In this Digital Government Podcast episode we're joined by Matthew Blakemore, CEO of AI Caramba! and a leading architect behind the ISO/IEC 8183 international AI standard. Known for bridging cutting-edge innovation with public value, Blakemore has helped shape global conversations on AI data governance, ethical deployment, and public sector readiness. In preparation for his keynote at the e-Governance Conference 2025, we draw from practical frameworks and his experience advising governments and media networks to explore how to govern AI with clarity, caution, and intention. Well before algorithms outpace the institutions meant to oversee them.
AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-392
AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Show Notes: https://securityweekly.com/bsw-392
AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-392
AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Show Notes: https://securityweekly.com/bsw-392
Artificial Intelligence (AI) holds immense promise to transform lives, benefit society, and support a sustainable future. But as AI advances rapidly, it's crucial to understand what AI is—and isn't—and how it can be developed and used responsibly. In this episode, Matthew welcomes back Pauline Norstrom, CEO of AI business Anekanta, to discuss ISO/IEC 42001—the AI management systems standard. Designed to help organizations maximize the benefits of AI while ensuring responsible development, the standard also helps build public trust.Pauline shares the key features of ISO/IEC 42001, its global adaptability, and its potential to bring structure to the “wild west” of AI. She also reflects on the shifts in the global AI landscape since December 2023, including major policy moves in the US, China, Europe, and the UK - and offers insights into what's next for AI and standards development.Find out more about the issues raised in this episodeISO/IEC 42001 AI and standardsGet involved with standardsGet in touch with The Standards Showeducation@bsigroup.comsend a voice messageFind and follow on social mediaX @StandardsShowInstagram @thestandardsshowLinkedIn | The Standards Show
Patrick Jester is the visionary behind Blackthorn Consulting Group, Inc. in Baton Rouge, LA, where he delivers transformative quality management system and training solutions that convert knowledge into measurable success. As a Lead Assessor for ISO/IEC 17025 Calibration Laboratories and an ASQ Certified Quality Auditor, Patrick plays a pivotal role helping companies reach their strategic objectives. His leadership credentials include previously serving as Vice President of Quality & Corporate Compliance for a large, multiple location calibration laboratory, and as a Divisional NCSLI Vice President and contributing to various NCSLI Committees. Patrick is the current NCSLI Board of Directors Secretary and ASQ Measurement Quality Division Chair.
Coming soon! We were catching up on a recent Hackaday hackchat with Eben Upton (https://hackaday.io/event/202122-raspberry-pi-hack-chat-with-eben-upton) and learned some fun facts: such as the DVI hack for the RP2040 was inspired by a device called the IchigoJam (https://www.hackster.io/news/ichigojam-combines-strawberry-and-raspberry-to-deliver-a-raspberry-pi-pico-powered-educational-micro-66aa5d2f6eec). We remember reading about this back when it was an LPC1114, now it uses an RP2040. Well, we're wrapping up the Metro RP2350 (https://www.adafruit.com/product/6003), and lately, we've been joking around that with DVI output and USB Host support via bit-banged PIO, you could sorta build a little stand-alone computer. Well, one pear-green-tea-fueled-afternoon later we tried our hand at designing a 'credit card sized' computer - that's 3.375" x 2.125", about the same size as a business card (https://hackaday.com/2024/05/07/the-2024-business-card-challenge-starts-now/) and turns out there's even a standard named for it: ISO/IEC 7810 ID-1 (https://www.iso.org/standard/70483.html). Anyhow, with the extra pins of the QFN-80 RP2350B, we're able to jam a ridonkulous amount of hardware into this shape: RP2350B dual 150MHz Cortex M33 w/ PicoProbe debug port, 16 MB Flash + 8 MB PSRAM, USB type C for bootloading/USB client, Micro SD card with SPI or SDIO, DVI output on the HSTX port, I2S stereo headphone + mono speaker via the TLV320DAC3100 (https://www.digikey.com/en/products/detail/texas-instruments/tlv320dac3100irhbt/2353656), 2-port USB type A hub for both keyboard and mouse or game controllers, chunky on-off switch, Stemma QT I2C + Stemma classic JST 3-pin, EYESPI for TFT displays, 5x NeoPixels, 3x tactile switches, and a 16-pin socket header with 10 A/D GPIO + 5V/3V/GND power pins. The PSRAM will help when we want to do things like run emulations that we need to store in fast RAM access, and it will also let us use the main SRAM as the DVI video buffer. When we get the PCBs back and assembled, what should we try running on this hardware? We're pretty sure it can run DOOM. Should that be first? :) We also need a name. Right now, we're just calling it Fruit Jam since it's inspired by the IchigoJam project.
Sachverstand mit Herz - WERTvoll wachsen ist DER Podcast für Existenzgründer:innen und Neulinge in der Immobilienbewertung. Immer nah am Geschehen und mit einer Prise Humor und Leichtigkeit verstehen die Hosts und Sachverständigen für Immobilienbewertung Anne Brakhoff und Patrick Beier auch komplexe Themen lebendig zu vermitteln. In den Shownotes findest Du auch immer einen Link zum Podcast-Video.
Wie funktioniert eigentlich die Verschlüsselung unserer Daten und Festplatten bzw. Storages?Viele Elemente deines Lebens spielen sich inzwischen digital ab. Deine Daten werden also immer wichtiger und somit auch sensibler. Niemand möchte, dass die eigenen Daten in falsche Hände geraten. Die eigenen Daten zu verschlüsseln ist da ein wichtiges Mittel zum Schutz dieser.Doch, wie funktioniert das ganze eigentlich, wenn man seine Laptop-Festplatte verschlüsselt? Wird jedes File einzeln verschlüsselt oder die Festplatte als Ganzes? Welche Algorithmen kommen da zum Einsatz? Wo wird eigentlich das Passwort bzw. der Verschlüsselungskey abgelegt? Wie kann ich die Integrität der Daten sicherstellen? Was ist eine Trust Zone? Was sind Evil-Maid- und Cold-Boot-Attacken? Und entschlüssel ich die Daten meines Storage-Devices eigentlich, wenn gar keine Tastatur zur Verfügung steht? Wie es z.B. bei IoT-Geräten der Fall ist?Das alles besprechen wir mit unserem Gast David Gstir.Bonus: Nerds in den Bergen.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:
GB 18030—2022 两年三次征求意见后,于 9 月 30 日公布了《第 1 号修改单》。本期节目,我们将结合公开资料解读修改单的相关内容,管窥标准化工作幕后的曲折。 参考链接 “The Monotype Collection”,英国科学博物馆在线上展出馆藏 FontCreator 于今年 9 月首次推出 macOS 版 字谈字畅 184:十七年等一回 GB 18030—2022《信息技术 中文编码字符集》 《中华人民共和国国家标准公告 2024 年第 23 号》公告了 GB 18030—2022《第 1 号修改单》 「中文信息技术标准化」微信公众号发布 GB 18030—2022《第 1 号修改单》的内容解读 国际标准 ISO/IEC 10646:2020 《信息技术 通用编码字符集(UCS)》也于 2023 年发布了《第一号修改单》 表意文字研究组(IRG) (ISO/IEC JTC 1/SC 2/WG 2/IRG) Unicode 平面(plane) CJK 统一汉字扩充 I;Unicode 16.0 内附有该区段的字符集合及码位表 2022年《国家市场监督管理总局令第 59 号》公布了《国家标准管理办法》 Windows 11 Insider Preview Build 22635.4300 新增了 Simsun-ExtG 字体,可支持位于 Unicode 扩充 G、H、I 的 9753 个汉字 主播 Eric:字体排印研究者,译者,The Type 执行编辑 蒸鱼:设计师,The Type 编辑 欢迎与我们交流或反馈,来信请致 podcast@thetype.com。如果你喜爱本期节目,也欢迎用支付宝向我们捐赠:hello@thetype.com。
rWotD Episode 2656: ITIL security management Welcome to Random Wiki of the Day, your journey through Wikipedia’s vast and varied content, one random article at a time.The random article for Sunday, 11 August 2024 is ITIL security management.ITIL security management describes the structured fitting of security into an organization. ITIL security management is based on the ISO 27001 standard. "ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties."A basic concept of security management is information security. The primary goal of information security is to control access to information. The value of the information is what must be protected. These values include confidentiality, integrity and availability. Inferred aspects are privacy, anonymity and verifiability.The goal of security management comes in two parts:Security requirements defined in service level agreements (SLA) and other external requirements that are specified in underpinning contracts, legislation and possible internal or external imposed policies.Basic security that guarantees management continuity. This is necessary to achieve simplified service-level management for information security.SLAs define security requirements, along with legislation (if applicable) and other contracts. These requirements can act as key performance indicators (KPIs) that can be used for process management and for interpreting the results of the security management process.The security management process relates to other ITIL-processes. However, in this particular section the most obvious relations are the relations to the service level management, incident management and change management processes.This recording reflects the Wikipedia text as of 00:22 UTC on Sunday, 11 August 2024.For the full current version of the article, see ITIL security management on Wikipedia.This podcast uses content from Wikipedia under the Creative Commons Attribution-ShareAlike License.Visit our archives at wikioftheday.com and subscribe to stay updated on new episodes.Follow us on Mastodon at @wikioftheday@masto.ai.Also check out Curmudgeon's Corner, a current events podcast.Until next time, I'm standard Joanna.
Summary In this episode Marc Schein is chattin' with Jeremy Boerger, an IT Asset Management (ITAM) expert. Jeremy recounts his entry into ITAM during the Y2K era, where he was tasked with managing compliance systems for a manufacturing firm. This experience sparked his interest in ITAM, which revolves around optimizing an organization's hardware and software investments for maximum value. He emphasizes ITAM's focus on cost-consciousness and usability, highlighting its role in efficient product and service utilization. The discussion dives deeper into the essence of ITAM, explaining its significance in the cybersecurity realm. Jeremy stresses the importance of collaboration between ITAM and cybersecurity teams, citing industry standards like those recommended by NIST and the Department of Defense. He suggests that ITAM's asset management functions, such as inventory tracking and usage monitoring, are integral to bolstering organizational security measures. Jeremy acknowledges the historical challenges in establishing ITAM best practices but mentions ISO/IEC 19770 as a leading framework. He also links ITAM's principles to new cybersecurity regulations, particularly those proposed by the SEC. These regulations emphasize managing end-of-life assets, data disposal, and leveraging returns from decommissioned hardware and software, areas where ITAM plays a crucial role. As the conversation wraps up, Marc and Jeremy discuss avenues for further engagement and collaboration. Jeremy directs interested parties to his website and LinkedIn profile, where he shares insights on ITAM and cybersecurity integration. The dialogue underscores the evolving landscape of ITAM, its symbiotic relationship with cybersecurity practices, and the potential for synergistic collaboration to enhance organizational resilience and security posture. Key Takeaways IT Asset Management (ITAM) helps organizations manage their hardware and software assets to get the most value and utility out of them. It helps control costs and track assets. ITAM and cybersecurity should work together. Knowing what devices and software are in the environment helps cybersecurity track potential threats. Best practices for ITAM can be found in ISO standards, ITIL, and NIST frameworks. Organizations like the ISO are bringing ITAM and cybersecurity together. The SEC is encouraging more asset management to track hardware, software, and data, especially at end of life. This helps control cyber risks. ITAM can notify cybersecurity when hardware and software changes, so they can update their threat models. Collaboration between the teams is important. Key Quotes 00:51 - "If you remember back in Y2K, back at the turn of the century […] I had been brought into a small manufacturing firm to help with their Y2K results, a lot of it being swapping out old systems for compliance systems and the like." 03:35 - "What I have seen from the other side of the fence is that cybersecurity professionals tend to look at their work in […] silo [as a] very separate activity when there's all of this wonderful data and technique and knowledge that probably doesn't get tapped into as well as it should have." 06:09 - "Where is the hardware and software and most importantly, the data that is sitting inside that hardware and software? What do you do with it at the end of its lifecycle? And that's been typically something that cybersecurity folks don't really pay much attention to." 06:37 - "Well, asset management is very concerned about that endgame because there's money to be had. There are services to be had. If you're not going to reuse that device or reissue those licenses, then what kind of return cash can you bring into the organization to then fund another investiture?" "But I also encourage folks to reach out on LinkedIn as well. We've got a very active newsletter community speak on a great length about some of the new initiatives, licensing schemes,
On today's episode we have Tony Hamilton, here is a little more information on Tony: Tony Hamilton has more than 20 years of experience in the metrology field. He received his technical training in the U.S. Navy as a nuclear qualified electronics technician. During his six-year stint, he served four years on the USS Dwight D. Eisenhower (CVN 69), qualifying as a reactor operator, shutdown reactor operator, and reactor technician. After leaving the Navy in 1997, Tony worked as a nuclear instrument technician at the Surry Power Station in Virginia. In the summer of 2000, he accepted a position as a process instrument technician for Eli Lilly and Company. With a strong background in physics and math, Tony was asked to assist in the Company's primary calibration laboratory during a restructuring, which began in the summer of 2002. This position became permanent by the end of that year. In 2006, he became the primary metrologist over pressure and vacuum measurement systems, and in 2008 he was promoted to the position of engineer. Tony has calibration experience in many types of water chemistry, electromagnetics – dc/low frequency, mechanical, and thermodynamic measurements. As a metrologist, he was also responsible for the validation, work instruction, maintenance, and training. Tony has more than 16 years of experience using the Guide to the Expression of Uncertainty (GUM) in the development of complex uncertainty budgets. As of June 2021, Tony accepted a quality engineer role as the quality assurance representative for the Company's primary calibration lab, which has been accredited by the ISO/IEC 17025 since 2008. In addition to his accomplishments at Lilly, Tony is a Senior Member of the American Society for Quality (ASQ) since 2010, as well as a member of its Measurement Quality Division. He is qualified as an ASQ Certified Calibration Technician and Certified Quality Auditor and is a contributing author to the ASQ Metrology Handbook, 3rd Edition, as well as the 5th Edition of the NCSLI RP - 6, Recommended Practice for Calibration Quality Systems for the Healthcare Industries (2022). Tony earned his Bachelor of Science in business management from Indiana Wesleyan University in 2005. Tony was accepted and trained as a calibration assessor in 2018, becoming a lead assessor the following year. He is qualified to assess calibration facilities to the ISO/IEC 17025:2017, ANSI/NCSL Z540-1-1994 (R2002), and ANSI/NCSL Z540.3-2006 (R2013), as well as ISO 15195 and its dependent standards, ISO 15193, 15194, 17511, and 18153.
"Be curious, maintain an open mind, and maintain your high standards." - Lee Bainbrigge Our water treatment community is a close-knit brotherhood and sisterhood, regardless of where we live. We face similar challenges and share a common goal: to grow and learn from each other. Our latest podcast episode features a conversation that delves into the differences and similarities in Legionella control practices and regulations between the United States and the United Kingdom. This insightful episode features Lee Bainbrigge, Chief Sales and Marketing Officer of SMS Environmental Ltd as our charming lab partner. Key Insights from Lee Bainbrigge on Legionella Control: Differences in Legionella Management and Documentation In both countries, the primary Legionella control methods are keeping water moving and using temperature control. However, the UK places a stronger emphasis on documentation and compliance systems to record control measures. "The types of control you are using, you need to record it, you need to write it down in a compliance system," Lee explained. If a system tests positive for Legionella, it is crucial to effectively and clearly communicate to the client, "There's Legionella in the system. Let's look at doing something about it." In the UK, these communications are meticulously documented and kept as digital records for future reference. Crafting Effective Legionella Legislation When discussing what lawmakers should consider when writing Legionella legislation, Lee advised caution and balance. He noted that the guidance in the USA is relatively proportionate and effective when in the right hands. "Effectively, the guidance you've got in the USA is relatively proportionate... In the right hands, you're going to do a good job with the guidance that you've got," he noted. In contrast, the UK's approach can sometimes be overly prescriptive. Lee suggests a middle ground, advocating for guidance that is neither too relaxed nor too stringent, ensuring efforts and resources truly reduce risk. "I think the most reasonable guidance you could come up with is somewhere in between the two. There are pros and cons on both sides," Lee mentioned. ASHRAE 188 and Its Direction in the USA Lee affirmed that the USA is on the right track with ASHRAE 188 for Legionella control. "Yes, absolutely!" he responded when asked if the US is heading in the right direction. He highlighted the importance of competent professionals conducting Legionella risk assessments to ensure effective control measures. "Make sure that the people that are carrying out your Legionella risk assessment are competent and you're actually getting good advice at the beginning of your control scheme," he advised. Challenges and Technology Opportunities in the UK In the UK, current challenges include maintaining competency and training within the industry, adapting to novel systems like heat pumps, and dealing with reduced water flow in buildings. Lee mentioned the potential of new technologies, such as the Internet of Things (IoT) and remote monitoring, which could revolutionize Legionella control, although current guidance has yet to fully incorporate these advancements. "We have got challenges with... new novel systems coming into our domestic hot and cold water systems. The use of heat pumps and different ways of sourcing energy and reducing water flow are all having an impact on Legionella control," Lee explained. Building a Global Culture of Learning Lee is a strong advocate for collaboration within the industry. He believes in learning from each other and sharing best practices, which can greatly benefit organizations and improve public health protection. "I'm a big believer of us being collaborative in this industry," Lee shared. "When we see what somebody else is doing and establish what's working for organizations, that is just so great to see." Professional Standards and Certifications Lee discussed the significance of the Certified Water Technologist (CWT) certification. SMS Environmental Ltd. values high standards and depth of knowledge within its team, which is why they are strong proponents of the CWT certification. "We don't have in the UK an equivalent qualification specific to water treatment," Lee explained. "We've certainly looked at the CWT and gone, 'this does really what people that have been involved in the organization in the industry far longer than me tell me was very much the way the sector was born.'" Advice for Water Professionals Lee's best advice to water professionals is to "Be curious, maintain an open mind, and maintain your high standards." This approach has helped SMS Environmental Ltd. build strong, honest relationships with their customers and maintain their status as a leading independent company in the industry. Tune In to Scale UP Your Legionella Knowledge We encourage you to listen to the full interview with Lee Bainbrigge on the Scaling UP! H2O podcast. You'll gain deeper insights into Legionella control practices and regulatory approaches in the USA and the UK, learn about new technologies and challenges, and hear expert advice for water professionals. Stay curious, keep an open mind, and always strive for excellence. Connect with Lee Bainbrigge Email: l.bainbrigge@sms-environmental.co.uk Website: https://sms-environmental.co.uk/ LinkedIn: linkedin.com/in/lbainbrigge/ linkedin.com/company/sms-environmental-ltd/ Read or Download Lee Bainbrigge's Press Release HERE Links Mentioned The Hang July 11, 2024, free networking event for water professionals 203 The One With Our Across The Pond Legionella Expert, John Sandford Scaling UP! H2O's Legionella Resources Page The Water Management Society (WMSoc) Legionella Control Association Certified Water Technologist (CWT) certificate Video Prep Course UKAS Legionella Risk Assessment and ISO/IEC 17020 The Rising Tide Mastermind Scaling UP! H2O Academy video courses Submit a Show Idea AWT (Association of Water Technologies) Books Mentioned Traction: Get a Grip on Your Business by Gino Wickman Paddle Your Own Canoe by Nick Offerman Drop By Drop with James In today's segment, I'm thinking about your family and friends. You head off to work to save the world with your industrial water treatment skills each day. Do your family and friends have any idea what you do? Have you ever shown them your test kit? Have you ever tested water in front of them? Have you ever shown them your service reports? Have you ever shared the types of customers you have? Have you ever described the operations and processes you get to see? You may be an industrial water treatment superhero, but you don't have to have a secret identity, too. Let the world around you know what you do. 2024 Events for Water Professionals Check out our Scaling UP! H2O Events Calendar where we've listed every event Water Treaters should be aware of by clicking HERE.
Industrial Talk is onsite at OMG, Q1 Meeting and talking to Bill Curtis, Executive Director with the Consortium for Information and Software Quality about "ISO 5055 - Software quality standards to positively impacting industry". The conversation centered around the importance of prioritizing software quality to improve productivity and reduce costs. The speakers highlighted the significant financial costs associated with software quality issues and emphasized the need for implementing and applying software security standards in the industry. They also discussed automated source code quality measures and the importance of software quality standards and certification, with one speaker expressing a preference for free and open-source software and the other emphasizing the need for a certification exam to test developers' knowledge of ISO 5055. Action Items [ ] Update ISO/IEC 5055 to include new measures around data protection and resource sustainability. [ ] Submit annexes to ISO/IEC 5055 covering the new measures. [ ] Develop a certification exam on ISO/IEC 5055 through OMG for developers and quality assurance professionals. [ ] Connect with Bill Curtis via ACM.org or LinkedIn for more information on software quality standards and initiatives. Outline Software quality, technical debt, and cost of poor quality software. Dr. Bill Curtis, leading expert on capability maturity model, discusses software bombs and cybersecurity. Bill discusses the high cost of poor quality software, citing a report that estimates $1.5 trillion in annual costs. Bill emphasizes the importance of executive management in protecting the development team from unnecessary requirements and technical debt. Software quality issues and their costs in the billions. Bill: Technical debt costs in the 9-10 digits, with estimates reaching $175 million pounds. Bill: Quantifying technical debt is challenging, but public sources provide reasonably based estimates. Expert panel identified 75 serious weaknesses in software systems. Software security weaknesses and how to address them using static analysis technology. OMG developed a standard for software security, ISO approved it in 2021. Bill: Setting thresholds for software weaknesses in contracts with suppliers. Bill: Static analysis technology helps evaluate existing systems for security vulnerabilities. Bill: System-level weaknesses require prioritization, not just code-level fixes. Companies work with partners for security weakness identification and remediation. Software quality standards and ISO 5055. Bill discusses the importance of keeping ISO standards up-to-date, citing examples of expanded weaknesses and sustainability issues. OMG team is responsible for updating the ISO standard, relying on submitters to keep it current, and adding new annexes for data protection and resource sustainability. Bill discusses submitting additional measures to improve software quality, while Scott promotes connecting with Bill Curtis for expertise on software quality standards. If interested in being on the Industrial Talk show, simply contact us and let's have a quick conversation. Finally, get your exclusive free access to the
Curious about how OCI Container Engine for Kubernetes (OKE) can transform the way your development team builds, deploys, and manages cloud-native applications? Listen to hosts Lois Houston and Nikita Abraham explore OKE's key features and benefits with senior OCI instructor Mahendra Mehra. Mahendra breaks down complex concepts into digestible bits, making it easy for you to understand the magic behind OKE. OCI Container Engine for Kubernetes Specialist: https://mylearn.oracle.com/ou/course/oci-container-engine-for-kubernetes-specialist/134971/210836 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X (formerly Twitter): https://twitter.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Nikita: Hello and welcome to the Oracle University Podcast. I'm Nikita Abraham, Principal Technical Editor with Oracle University, and with me is Lois Houston, Director of Innovation Programs. Lois: Hi there! If you've been listening to us these last few weeks, you'll know we've been discussing containerization, the Oracle Cloud Infrastructure Registry, and the basics of Kubernetes. Today, we'll dive into the world of OCI Container Engine for Kubernetes, also referred to as OKE. Nikita: We're joined by Mahendra Mehra, a senior OCI instructor with Oracle University, who will take us through the key features and benefits of OKE and also talk about working with managed nodes. Hi Mahendra! Thanks for joining us today. 01:09 Lois: So, Mahendra, what is OKE exactly? Mahendra: Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that empowers you to effortlessly deploy your containerized applications to the cloud. But that's just the beginning. OKE can transform the way you and your development team build, deploy, and manage cloud native applications. 01:36 Nikita: What would you say are some of its most defining features? Mahendra: One of the defining features of OKE is the flexibility it offers. You can specify whether you want to run your applications on virtual nodes or opt for managed nodes. Regardless of your choice, Container Engine for Kubernetes will efficiently provision them within your existing OCI tenancy on Oracle Cloud Infrastructure. Creating OKE cluster is a breeze, and you have a couple of fantastic tools at your disposal-- the console and the rest API. These make it super easy to get started. OKE relies on Kubernetes, which is an open-source system that simplifies the deployment, scaling, and management of containerized applications across clusters of hosts. Kubernetes is an incredible system that groups containers into logical units known as pods. And these pods make managing and discovering your applications very simple. Not to mention, Container Engine for Kubernetes uses Kubernetes versions that are certified as conformant by the Cloud Native Computing Foundation, also abbreviated as CNCF. And here's the icing on the cake. Container Engine for Kubernetes is ISO-compliant. The other two ISO-IEC standards—27001, 27017, and 27018. That's your guarantee of a secure and reliable platform. 03:08 Lois: That's great. But how do you access all this power? Mahendra: You can define and create your Kubernetes cluster using the intuitive console and the robust rest API. Once your clusters are up and running, you can manage them using the Kubernetes command line, also known as kubectl, the user-friendly Kubernetes dashboard, and the powerful Kubernetes API. 03:32 Nikita: I love the idea of an intuitive console and being able to manage everything from a centralized place. Lois: Yeah, that's fantastic! Mahendra, can you talk us through the magic that happens behind the scenes? What's Oracle's role in all this? Mahendra: All the master nodes or control plane nodes are managed by Oracle. This includes components like etcd, the API server, and the controller manager among others. To ensure reliability, we make sure multiple copies of these master components are distributed across different availability domains. And we don't stop there. We also manage the Kubernetes dashboard and even handle the self-healing mechanism of both the cluster and the worker nodes. All of these are meticulously created and managed within your Oracle tenancy. 04:19 Lois: And what happens at the user's end? What is their responsibility? Mahendra: At your end, you have the power to manage your worker nodes. Using different compute shapes, you can create and control them in your own user tenancy. So, as you can see, it's a perfect blend of Oracle's expertise and your control. 04:38 Nikita: So, in your opinion, why should users consider OKE their go-to solution for all things Kubernetes? Mahendra: Imagine a world where building and maintaining Kubernetes environments, be it master nodes or worker nodes, is no longer complex, costly, or even time-consuming. OKE is here to make your life easier by seamlessly integrating Kubernetes with various container life cycle management products, which includes container registries, CI/CD frameworks, networking solutions, storage options, and top-notch security features. And speaking of security, OKE gives you the tools you need to manage and control team access to production clusters, ensuring granular access to Kubernetes cluster in a straightforward process. It empowers developers to deploy containers quickly, provides devops teams with visibility and control for seamless Kubernetes management, and brings together Kubernetes container orchestration with Oracle's advanced cloud infrastructure. This results in robust control, top tier security, IAM, and consistent performance. 05:50 Nikita: OK…a lot of benefits! Mahendra, I know there have been ongoing enhancements to the OKE service. So, when creating a new cluster with Container Engine for Kubernetes, what is the cluster type we should specify? Mahendra: The first type is the basic clusters. Basic clusters support all the core functionality provided by Kubernetes and Container Engine for Kubernetes. Basic clusters come with a service-level objective, but not a financially backed service level agreement. This means that Oracle guarantees a certain level of availability for the basic cluster, but there is no monetary compensation if that level is not met. On the other hand, we have the enhanced clusters. Enhanced clusters support all available features, including features not supported by basic clusters. 06:38 Lois: OK. So, can you tell us more about the features supported by enhanced clusters? Mahendra: As we move towards a more digitized world, the demand for infrastructure continues to rise. However, with virtual nodes, managing the infrastructure of your cluster becomes much simpler. The burden of manually scaling, upgrading, or troubleshooting worker nodes is removed, giving you more time to focus on your applications rather than the underlying infrastructure. Virtual nodes provide a great solution for managing large clusters with a high number of nodes that require frequent updates or scaling. With this feature, you can easily simplify the management of your cluster and focus on what really matters, that is your applications. Managing cluster add-ons can be a daunting task. But with enhanced clusters, you can now deploy and configure them in a more granular way. This means that you can manage both essential add-ons like CoreDNS and kube-proxy as well as a growing portfolio of optional add-ons like the Kubernetes Dashboard. With enhanced clusters, you have complete control over the add-ons you install or disable, the ability to select specific add-on versions, and the option to opt-in or opt-out of automatic updates by Oracle. You can also manage add-on specific customizations to tailor your cluster to meet the needs of your application. 08:05 Lois: Do users need to worry about deploying add-ons themselves? Mahendra: Oracle manages the lifecycle of add-ons so that you don't have to worry about deploying them yourself. This level of control over add-ons gives you the flexibility to customize your cluster to meet the unique needs of your applications, making managing your cluster a breeze. 08:25 Lois: What about scaling? Mahendra: Scaling your clusters to meet the demands of your workload can be a challenging task. However, with enhanced clusters, you can now provision more worker nodes in a single cluster, allowing you to deploy larger workloads on the same cluster which can lead to better resource utilization and lower operational overhead. Having fewer larger environments to secure, monitor, upgrade, and manage is generally more efficient and can help you save on cost. Remember, there are limits to the number of worker nodes supported on an enhanced cluster, so you should review the Container Engine for Kubernetes limits documentation and consider the additional considerations when defining enhanced clusters with large number of managed nodes. 09:09 Nikita: Ensuring the security of my cluster would be of utmost importance to me, right? How would I do that with enhanced clusters? Mahendra: With enhanced clusters, you can now strengthen cluster security through the use of workload identity. Workload identity enables you to define OCI IAM policies that authorize specific pods to make OCI API calls and access OCI resources. By scoping the policies to Kubernetes service account associated with application pods, you can now allow the applications running inside those pods to directly access the API based on the permissions provided by the policies. 09:48 Nikita: Mahendra, what type of uptime and server availability benefits do enhanced clusters provide? Mahendra: You can now rely on a financially backed service level agreement tied to Kubernetes API server uptime and availability. This means that you can expect a certain level of uptime and availability for your Kubernetes API server, and if it degrades below the stated SLA, you'll receive compensation. This provides an extra level of assurance and helps ensure that your cluster is highly available and performant. 10:20 Lois: Mahendra, do you have any tips for us to remember when creating basic and enhanced clusters? Mahendra: When using the console to create a cluster, a new cluster is created as an enhanced cluster by default unless you explicitly choose to create a basic cluster. If you don't select any enhanced features during cluster creation, you have the option to create the new cluster as a basic cluster. When using CLI or API to create a cluster, you can specify whether to create a basic cluster or an enhanced cluster. If you don't explicitly specify the type of cluster to create, a new cluster is created as a basic cluster by default. Creating a new cluster as an enhanced cluster enables you to easily add enhanced features later even if you didn't select any enhanced features initially. If you do choose to create a new cluster as a basic cluster, you can still choose to upgrade the basic cluster to an enhanced cluster later on. However, you cannot downgrade an enhanced cluster to a basic cluster. These points are really important while you consider selection of a basic cluster or an enhanced cluster for your usage. 11:34 Do you want to stay ahead of the curve in the ever-evolving AI landscape? Look no further than our brand-new OCI Generative AI Professional course and certification. For a limited time only, we're offering both the course and certification for free! So, don't miss out on this exclusive opportunity to get certified on Generative AI at no cost. Act fast because this offer is valid only until July 31, 2024. Visit https://education.oracle.com/genai to get started. That's https://education.oracle.com/genai. 12:13 Nikita: Welcome back! I want to move on to serverless Kubernetes with virtual nodes. But I think before we do that, we first need to have a basic understanding of what managed nodes are. Mahendra: Managed nodes run on compute instances within your tenancy, and are at least partly managed by you. In the context of Kubernetes, a node is a compute host that can be either a virtual machine or a bare metal host. As you are responsible for managing managed nodes, you have the flexibility to configure them to meet your specific requirements. You are responsible for upgrading Kubernetes on managed nodes and for managing cluster capacity. Nodes are responsible for running a collection of pods or containers, and they are comprised of two system components: the kubelet, which is the host brain, and the container runtime such as CRI-O, or containerd. 13:07 Nikita: Ok… so what are virtual nodes, then? Mahendra: Virtual nodes are fully managed and highly available nodes that look and act like real nodes to Kubernetes. They are built using the open source CNCF Virtual Kubelet Project, which provides the translation layer between OCI and Kubernetes. 13:25 Lois: So, what makes Oracle's managed virtual Kubernetes product different? Mahendra: OCI is the first major cloud provider to offer a fully managed virtual Kubelet product that provides a serverless Kubernetes experience through virtual nodes. Virtual nodes are configured by customers and are located within a single availability and fault domain within OCI. Virtual nodes have two main components: port management and container instance management. Virtual nodes delegates all the responsibility of managing the lifecycle of pods to virtual Kubernetes while on a managed node, the kubelet is responsible for managing all the lifecycle state. The key distinction of virtual nodes is that they support up to a 1,000 pods per virtual node with the expectation of supporting more in the future. 14:15 Nikita: What are the other benefits of virtual nodes? Mahendra: Virtual nodes offer a fully managed experience where customers don't have to worry about managing the underlying infrastructure of their containerized applications. Virtual nodes simplifies scaling patterns for customers. Customers can scale their containerized application up or down quickly without worrying about the underlying infrastructure, and they can focus solely on their applications. With virtual nodes, customers only pay for the resources that their containerized application use. This allows customers to optimize their costs and ensures that they are not paying for any unused resources. Virtual nodes can support over 10 times the number of pods that a normal node can. This means that customer can run more containerized applications on virtual nodes, which reduces operational burden and makes it easier to scale applications. Customers can leverage container instances in serverless offering from OCI to take advantage of many OCI functionalities natively. These functionalities include strong isolation and ultimate elasticity with respect to compute capacity. 15:26 Lois: When creating a cluster using Container Engine for Kubernetes, we have the flexibility to customize the worker nodes within the cluster, right? Could you tell us more about this customization? Mahendra: This customization includes specifying two key elements. Firstly, you can select the operating system image to be used for worker nodes. This image serves as a template for the worker node's virtual hard drive, and determines the operating system and other software installed. Secondly, you can choose the shape for your worker nodes. The shape defines the number of CPUs and the amount of memory allocated to each instance, ensuring it meets your specific requirements. This customization empowers you to tailor your OKE cluster to your exact needs. It is important to note that you can define and create OKE clusters using both the console and the REST API. This level of control is specially valuable for your development team when building, deploying, and managing cloud native applications. You have the option to specify whether applications should run on virtual nodes or managed nodes. And Container Engine for Kubernetes efficiently provisions them on Oracle Cloud Infrastructure within your existing OCI tenancy. This flexibility ensures that you can adapt your OKE cluster to suit the specific requirements of your projects and workloads. 16:56 Lois: Thank you so much, Mahendra, for giving us your time today. For more on the topics we discussed, visit mylearn.oracle.com and look for the OCI Container Engine for Kubernetes Specialist course. Join us next week as we dive deeper into working with OKE virtual nodes. Until then, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 17:18 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governance requirements are: GDPR, ISO/IEC 27001:2022 The internal policies pertaining to gathering data, processing data, storing date, and disposal of data storing data, and disposal of data are a concern of information security. These polices also affect but also asset management, It governs who can access what kinds of data and what kinds of data are under governance. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-176
Fredrik snackar jq och fq med Mattias Wadman. Och vad betyder det då? jq är är ett verktyg och ett helt språk för att bearbeta och omvandla data i JSON-format. fq är i sin tur jq, fast för en hel uppsättning binärformat. Mattias ger oss en grundlig genomgång i vad jq är och hur det fungerar, både som rent verktyg i kommandoraden och som språk anpassat för att bearbeta JSON-data på väldigt genomtänkta sätt. Därefter berättar han om fq och alla saker det gör enklare. Bara som exempel: ett helt DSL för att jobba med binärdata. Ett stort tack till Cloudnet som sponsrar vår VPS! Har du kommentarer, frågor eller tips? Vi är @kodsnack, @thieta, @krig, och @bjoreman på Mastodon, har en sida på Facebook och epostas på info@kodsnack.se om du vill skriva längre. Vi läser allt som skickas. Gillar du Kodsnack får du hemskt gärna recensera oss i iTunes! Du kan också stödja podden genom att ge oss en kaffe (eller två!) på Ko-fi, eller handla något i vår butik. Länkar Mattias jq jq-manualen JSON fq fq - jq for binary formats presentation av Mattias om fq från FOSDEM 2023 SQL sed AWK grep Slurp mode i jq “Pure” - rent funktionella språk Generatorer Yield i Javascript eller Python Special forms i Lisp Stephen Dolan - skapare av jq Ocaml Första jq-commiten: jq i Haskell! Committen som bytte till C Korutiner MP4 aka ISOBMFF aka ISO/IEC 14496-12 aka MPEG-4 Part 12 mp4dump Ffmpeg DSL fq på Github Fredriks MP3-kapitel-app gojq Matroska ELF Sqlite Kaitai Struct Bonuslänkar från Mattias jq-FAQ jq-kokboken jq-språkbeskrivning jqplay - jq-lekplats Awesome jq jq-lsp - jq language server vscode-jq JSON streaming (JSONL etc) jq implementerat i jq jq-genomgång av DJ Adams (qmacro) Fler presentationar av Mattias jq 1.7-release notes Titlar Stora filer in och många små filer ut jq med vänner SQL-liknande fast för trädstrukturer Sed för JSON Komponera ihop en pipeline Trevligt för ad hoc-programmering Allting är generatorer Senare i pipelinen I en loop hela tiden Sökningar över ett träd Var i inputen är du just nu .. någonting Någon fick tag på Stefan Binärfiler som input Det bara råkar vara samma typer JSON-kompatibelt träd Polymorfisk JSON
On this episode of the SPOT® Radio Podcast Charlie Webb CPPL speaks on the topic of medical device packaging system innovation. Charlie asks the question, can we do better as innovators in sterile device packaging?About Charlie Webb CPPL: Charlie Webb CPPL is the founder and President of Van der Stahl Scientific; a medical device packaging and testing machine provider and packaging testing and calibration laboratories. He also hosts the popular Podcast "SPOT Radio" (sterile packaging on track) www.spotradiopodcast.com Charlie was recognized in the Rode Podcast awards as the top 100 ‘Highly Commended Podcasts for his Podcast "Antidote to Despair" Charlie earned his BS degree in Management at the University of Redlands and completed the medical device development program at the Andersen graduate school of management at UCLA. Charlie is a “lifetime” certified packaging professional “CPPL” certified through the institute of Packaging Professionals as well as a “Six Sigma Master Black Belt”. As a member of a scientific review board, he co-developed micro-surgical devices that broke away from the conservative innovation models. Charlie has been in sterile device packaging for 26 years and has been involved in numerous FDA and ISO audits as a regulatory advisor.He is also a certified internal auditor and is the Quality Manager for Van der Stähl Scientific's demanding ISO/IEC 17025 Laboratory accreditation. Under Charlie's quality management system, his lab received the MSI Continuous Improvement Award. Charlie is a member of the IOPP Medical Device Packaging Technical Committee, the Kiip group, and the ASTM F02 technical committee and has multiple granted and pending patents on medical device packaging machinery and pouch testing systems.His current patent-pending technologies include a medical device tray sealer that will integrate pouch testing within the packaging machine to provide 100% real-time seal testing. Also, in development is his patented HTIP system (human tissue isolation pouch) this disposable system is designed to help avoid packaging machine contamination. His patented seal-through HTIP system isolates the donor tissue during the packaging process to help thwart cross-contamination between donor events. This system will help prevent machine contamination and increase packaging machine component life cycles, saving money while managing infection risks to donor recipients.His company was also recently awarded a federal contract as a medical device packaging machine provider for the VA Hospital group and his laboratory client list includes NASA and the CDC (center for disease control). He continues to grow his company's new product development program with the aim of reaching more users of their equipment in order to better manage healthcare packaging failures. E-mail: Charlie@vanderstahl.comWebsite: www.vanderstal.comPTT-500-AV Video: https://vanderstahl.com/wp-content/uploads/2024/02/PTT-500-AV.webm
Perry Johnson Laboratory Accreditation, Inc™, a private third-party accreditation body based in the United States that validates the competency of testing and calibration laboratories, inspection bodies, reference material producers and sampling organizations through the use of international and national standards.PJLA offers ISO/IEC 17025 Lab Accreditation to fit the needs of various types of laboratories. If this is something that peaks your interest, be sure to visit the website at www.pjlabs.com or follow them on IG @pjla_inc to learn more how you can get legit with Perry Johnson Laboratory Accreditation, Inc™. Cannabis Talk 101, “The World's #1 Source For Everything Cannabis”, made global history by becoming the first cannabis show to partner with iHeartMedia, on 4/20/2020. Thank you for listening & watching Cannabis Talk 101 with Christopher Wright, aka "Blue" the CEO and creator of Cannabis Talk 101 and the Cannabis Talk Network. & Joe Grande, former Co-Host on Big Boy's Neighborhood on Power 106 FM, On-Air with Ryan Seacrest on 102.7 KIIS FM in Los Angeles and The Dog House in the Bay Area on WILD 94.9 KYLD. Toking with the Stars with Chuckie & Marty, & Financial Fridays with Tony Kassaei, The Inside Investor, on YouTube, IHeartRadio App, Spotify, & Apple Podcasts. Check out the Cannabis Talk Magazine (HERE).Call us anytime: 1-800-420-1980FOLLOW US on all Social Media: Linkedin: @CannabisTalk101Instagram: @CannabisTalk101 Tik Tok @CannabisTalk101: Facebook: / CannabisTalk101 Twitter: / CannabisTalk101 @BLUE @JoeGrande@Tony Kassaei The Insider Investor@CHUCKIE FUEGO@MARTY GRIMES See omnystudio.com/listener for privacy information.
For a special in-person recording, today Laura and Kevin sit down with Raj Chandrasekar, the Chief Technology and Innovation Officer of Consilio. We talk all things AI including Consilio's Complete AI Suite, retrieval-augmented generation (RAG), if hallucinations will slow eDiscovery's adoption of GenAI and whether its a good idea to use ChatGPT to write your love poems. You don't want to miss this pod!Raj Chandrasekar is Chief Technology and Innovation Officer of Consilio where he oversees Consilio's technology and innovation functions – merging Development and Engineering, Infrastructure, Security, Product Management, Business Intelligence, and Corporate Services functions. In his role, Raj frequently interfaces with clients to understand and accommodate processing, security and uptime needs and is also responsible for the day-to-day operations along with day-to-day operations of our industry-leading eDiscovery and legal industry software solutions. He joined Consilio from First Advantage, where he held the position of Chief Information Officer. Raj has over 25 years of experience in the field of Software Development and Infrastructure Management and has held technology leadership positions in various large corporations.Consilio stands as the global leader in eDiscovery, document review, flexible legal talent, and legal advisory & transformation consulting services. With its Consilio Complete suite of capabilities, the company empowers multinational law firms and corporations using innovative software, cost-effective managed services, and deep legal and regulatory industry expertise. Renowned for its expertise in litigation, HSR second requests, internal and regulatory investigations, eDiscovery, document review, information governance, compliance risk assessments, cybersecurity, law department management, and contracts management, Consilio also excels in legal staffing and recruitment through its Lawyers On Demand division. Consilio globally employs leading professionals in the industry, applying defensible workflows with patented and industry-proven technology across all phases of the eDiscovery and risk management lifecycle. ISOIEC 27001:2013 certified, the company operates offices, document review, and data centers across Europe, Asia, and North America. Discover more about Consilio's commitment to legal excellence and innovation at www.consilio.com
Guest: Dr. Ann Cavoukian, Executive Director of the Global Privacy and Security by Design CentreWebsite | https://gpsbydesign.org/On LinkedIn | https://www.linkedin.com/in/ann-cavoukian-ph-d-3a78809/On Twitter | https://twitter.com/anncavoukianWikipedia | https://en.wikipedia.org/wiki/Ann_CavoukianHost: Dr. Rebecca WynnOn ITSPmagazine
In the course of the talk I'll discuss current authentication challenges, the looming problem with cracking public key encryption, and short and medium term recommendations to help folks stay secure. About the speaker: Bill helps clients achieve an effective information security posture spanning endpoints, networks, servers, cloud, and the Internet of Things. This involves technology, policy, and procedures, and impacts acquisition/development through deployment, operations, maintenance, and replacement or retirement. During his five-decade IT career, Bill has worked as an application programmer with the John Hancock Insurance company; an OS developer, tester, and planner with IBM; a research director and manager at Gartner for the Information Security Strategies service and the Application Integration and Middleware service, and served as CTO of Waveset, an identity management vendor acquired by Sun. At Trend Micro, Bill provided research and analysis of the current state and future trends in information security. He participates in the ISO/IEC 62443 standards body and the CISA ICSJWG on ICT security. He runs his own consulting business providing information security, disaster recovery, identity management, and enterprise solution architecture services. Bill has over 180 publications and has spoken at numerous events worldwide. Bill attended MIT, majoring in Mathematics. He is a member of CT InfraGard and ISACA.
The SSI Orbit Podcast – Self-Sovereign Identity, Decentralization and Web3
Daniel Bachenheimer is Accenture's Digital Identity Innovations Technical Lead and has been designing and delivering solutions for various clients for over 30 years. For the past 20 years, Dan has focused on Border Management and Identity Management solutions and has been involved in large-scale Identity systems including US-VISIT and UIDAI, Trusted Traveler Programs, Multimodal Biometric systems integration, RFID implementations, along with Identity, Credential and Access Management solutions. Dan participates in biometrics standards (INCITS, ISO/IEC SC37), blockchain standards (ISO TC307), ID Cards and Wallets (INCITS, ISO/IEC 17, is an IEEE Certified Biometrics Professional, is a Biometrics Institute Director and Privacy Expert Group contributing member, is Co-Chair of INATBA's Identity Working Group is the Vice Chair of IATA's Identity Management Working Group, is an ID2020 Technical Advisory Committee contributing member, participates in ToIP, DIACC, WTTC, WEF, and Turing Institute Digital Identity working groups, and has contributed to World Economic Forum and World Bank reports related to Identity. About Podcast Episode Read more about the episode by heading to https://northernblock.io/podcasts/the-digital-travel-credential-dtc-with-daniel-bachenheimer The full list of topics discussed between Daniel and Mathieu in this podcast episode include: Governance of International Air Travel: Inquiry about the organization responsible for developing international standards and specifications for smooth airport experiences across different countries. ICAO's Role and Dynamics: Exploration of ICAO's governance and business interactions with countries like the United States and Canada. Discussion on the creation and alignment of passports through ICAO's collaboration with various countries. Machine Authentication and Passport Digitization: Examination of the trend towards machine authentication at airports and its impact on the digitization of physical passports. Biometrics in International Travel: Inquiry about the alignment of biometric standards and technologies across countries for travel purposes. Photo Accuracy in Travel Documents: Discussion on the accuracy of photos in travel documents and their comparison across different locations. Integrity of Various Travel Documents: Comparison of the integrity and standards of images in passports, visas, and driver's licenses for biometric assessments. Digital Travel Credential (DTC): Introduction to the concept of the digital travel credential and its relation to current travel processes. Exploration of the benefits of moving towards a digital travel credential. Discussion on the standards and application integration of digital travel credentials. Benefits of DTC for Travelers: Analysis of how DTCs could streamline travel processes and their comparison to existing programs like Clear and Nexus. Future of DTC Adoption: Inquiry into the current state of DTC pilot projects and predictions for future adoption trends. Integration of DTCs in Wallets and Applications: Consideration of the logical placement of DTCs in digital wallets and applications, and their potential impact on travel efficiency. Where to find Daniel? LinkedIn: https://www.linkedin.com/in/daniel-bachenheimer-2632202/ Follow Mathieu Glaude X: https://twitter.com/mathieu_glaude LinkedIn: https://www.linkedin.com/in/mathieuglaude/ Website: https://northernblock.io/
Artificial Intelligence (AI) has huge potential for changing lives and being a force for good. Yet, as AI technology develops at an ever-increasing pace, clarity is needed on what AI is, what it's not, and how it can be developed in a responsible and trustworthy way.In this episode, Matthew speaks to Pauline Norstrom, CEO of AI business Anekanta, about ISO/IEC 42001 – AI management system, ahead of its formal publication.The standard is designed to help organizations and society get the most benefit from AI and reassure stakeholders that their systems are being developed responsibly. As a standards-maker, Pauline has been involved in the development of ISO/IEC 42001. She describes why the standard has been developed, how organizations will use it, and the difference it will make to them and society.Find out moreISO/IEC 42001AI and standardsART/1Get involved with standardsFind and follow The Standards Show on social mediaX @standardsshowInstagram @thestandardsshow Get in touch with The Standards ShowSend a voice messageeducation@bsigroup.comSubscribe wherever you get your podcastsSubscribe to The Standards ShowCheck out the websitethe-standards-show
We are joined by AASHTO re:source Quality Manager, Tracy Barnhart to cover some of the basics of conducting an internal audit and how the process is valuable to individuals and organizations. Related InformationFebruary 2023 Webinar - Internal Audits: What's the Point?S3 E7: Internal Audits - Back to BasicsS3 E3: Internal Audit Awareness Month - Who Can Perform Internal Audits?S2 E24: Taken from TechEx: Internal Audits: The Focus on ImprovementS2 E12: Conducting Effective Internal AuditsS1 E39: FAQ - Policy for New Lab Internal Audits and Management ReviewsS1 E28: Management Review Extended Q & AInternal Auditing: Just the Facts, Ma'am!AASHTO re:source ISO/IEC 17025 Assessment: What to Expect and Tips to Prepare
In part two of this introduction to quality assurance, Mary Buday continues her conversation with Johnna Gueorguieva PhD, ICE-CCP, CAE, and Todd Galati, CAE about their definitions of quality assurance, how its shaped for their programs and key considerations if your program holds an accreditation to the NCCA Standards or ISO/IEC 17024. Speakers: Mary Buday, National Board for Certification in Hearing Instrument Sciences Todd Galati, CAE, American Council on Exercise Johnna Gueorguieva ICE-CCP, PhD, CAE, Dental Assisting National Board Series Description: Credentialing Insights: An I.C.E. Podcast dives in to thought-provoking discussions with subject matter experts on the topics that matter most to the credentialing community.
Mary Buday, director of certification from the National Board for Certification in Hearing Instrument Sciences, discusses quality assurance with Johnna Gueorguieva PhD, ICE-CCP, CAE, and Todd Galati, CAE. Over the course of two conversations, they define quality assurance and what it looks like in their program. They also discuss considerations if your program holds an accreditation to the NCCA Standards or ISO/IEC 17024 and tips for starting a quality assurance program. Speakers: Mary Buday, National Board for Certification in Hearing Instrument Sciences Todd Galati, CAE, American Council on Exercise Johnna Gueorguieva ICE-CCP, PhD, CAE, Dental Assisting National Board Series Description: Credentialing Insights: An I.C.E. Podcast dives in to thought-provoking discussions with subject matter experts on the topics that matter most to the credentialing community.
• Guidelines, standards, and resources to address Remote Auditing•The purpose of auditing includes verifying the conformance of an organization's processes and management system to defined requirements. It depends on the type of audit and the objective, the stated criteria, which can vary. The standard/s which an audit may be conducted could be an organization's own internal procedures or work instructions, a management systems standard such as ISO 9001, AS9100, or International Automotive Task Force (IATF) 16949; ISO 22000, “Food Safety Management Systems (FSMS) customer-specified requirements; or government regulations such as FAA/Nadcap, NRC, etc...• Remote auditing has been a hot topic the last year, given the circumstances surrounding the COVID-19 pandemic over the last year. However, remote auditing has been around for over a decade. Its popularity now is being spurred by advances in technology and globalization. There has been a considerable increase in multi-site companies with operations scattered across the globe and more companies engaging in international supply chains that require auditing.• Regardless, proper planning is key for contingency and understanding the kind of risks to achieve audit objectives based upon the scope/criteria, and the most suitable and available technology, as well as the auditor and auditee's complete understanding of the (ICT) Information and Communications Technology, platform/s to be used.• Companies, Registrars, and Accreditation Organizations are now and must continue to reinvent and adapt to the “new normal” regarding “Remote Auditing” and figure out ways to achieve a balance in assuring Quality Management System conformance versus not auditing at all and maintaining the rigor and respect of a QMS and/or Accreditation program as we move forward.• ISO 19011-Annex A.1-option and A.16 for remote and virtual auditing and the ISO/IEC 17021 has recognized remote auditing since 2011. Considerations of the International Accreditation Forum (IAF) Mandatory Documents -MD4 and MD5-2019, Guidance ID3 are available, and links are included.• There are still limitations when considering issues like initial audits and/or critical processes and highly classified facilities and proprietary processes or problematic non-conforming systems previously audited.• Remote Auditing Practices and Resources *Remote Auditing: A Quick and Easy Guide for Management System Auditors Paperback –2020-Denise RobitailleLinks to relevant sourceshttps://www.iaf.nu/articles/Mandatory_Documents_/38•IAF MD4:2018, ICT is the use of technology for gathering, storing, retrieving, processing, analyzing, and transmitting information. It includes software and hardware such as smartphones, handheld devices, laptop computers, desktop computers, drones, video cameras, wearable technology, artificial intelligence, and others. The use of ICT may be appropriate for auditing/assessment both locally and remotely. • ISO 9001 Auditing Practices Group Guidance on: REMOTE AUDITS, provides for:* BACKGROUND INFORMATION ON ISO 19011:2018 AND IAF MD 4 *GENERAL RECOMMENDATIONS FOR REMOTE AUDITING *AUDIT PROGRAM *AUDIT PLANNING *AUDIT REALIZATION *AUDIT CONCLUSION**Annex: Example of identification of Risks and Opportunities for using remote auditing.https://committee.iso.org/files/live/sites/tc176/files/documents/ISO%209001%20Auditing%20Practices%20Group%20docs/Auditing%20General/APG-Remote_Audits.pdf• Remote Auditing aSupport the show
On this short episode of the Spot Radio Podcast Charlie Webb CPPL speaks about his visit to the HSPA (healthcare sterile processing association) conference in Nashville Tennessee. Charlie also looks ahead to upcoming discussions on spot radio...Host bio:Charlie A. Webb CPPL | Founder & CEO of Van der Stähl ScientificCharlie Webb CPPL is the founder and President of Van der Stahl Scientific; a medical device packaging and testing machine provider and packaging testing and calibration laboratories. He also hosts the popular Podcast "SPOT Radio" (sterile packaging on track) www.spotradiopodcast.com Charlie was recognized in the Rode Podcast awards as the top 100 ‘Highly Commended Podcast for his Podcast "Antidote to Despair" Charlie earned his BS degree in Management at University of Redlands and completed the medical device development program at the Andersen graduate school of management at UCLA. Charlie is a “lifetime” certified packaging professional “CPPL” certified through the institute of packaging professionals as well as a “Six Sigma Master Black Belt”. As a member of a scientific review board, he co-developed micro-surgical devices that broke away from the conservative innovation models. Charlie has been in sterile device packaging for 26 years and has been involved in numerous FDA and ISO audits as a regulatory advisor.He is also a certified internal auditor and is the Quality Manager for Van der Stähl Scientific's demanding ISO/IEC 17025 Laboratory accreditation. Under Charlie's quality management system his lab received the MSI Continuous Improvement Award. Charlie is a member of the IOPP Medical Device Packaging Technical Committee, he is a co-PM in the Kiip group and the ASTM F02 technical committee and has multiple granted and pending patents on medical device packaging machinery and pouch testing systems.His current patent-pending technologies include a medical device tray sealer that will integrate pouch testing within the packaging machine to provide 100% real-time seal testing. Also, in development is his patented HTIP system (human tissue isolation pouch) this disposable system is designed to help avoid packaging machine contamination. His patented seal-through HTIP system isolates the donor tissue during packaging process to help thwart cross-contamination between donor events. This system will help prevent machine contamination and increases packaging machine component life cycles, saving money while managing infection risks to donor recipients.His company was also recently awarded a federal contract as a medical device packaging machine provider for the VA Hospital group and his laboratory client list includes NASA and the CDC (center for disease control). He continues to grow his company's new product development program with the aim of reaching more users of their equipment in order to better manage healthcare packaging failures.E-mail:Charlie@vanderstahl.comWebsite:www.vanderstahl.comwww.spotradiopodcast.com
David Stauss, Partner at Husch Blackwell, (and author at the Byte Back blog) is our feature interview this week, interviewed by Douglas Brush. News from Casa Bonita, The Fort, Atom Computing, RADICL Defense, Red Canary, Lares, Strata and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Casa Bonita Jobs in Colorado Waugh! The Fort Celebrates Sixty Years of Old West Wonder Not your grandpa's apprenticeships: Colorado invests in paid training as a way into the workforce Tired of fighting robots for concert tickets? This Colorado bill aims to help. How close are we to quantum computing? A Boulder company will partner with the DOD to find out. In State of the State Address, Governor Polis Channels Nerds and Geeks Boulder cybersecurity startup looks to add 491 workers Red Canary: Detecting credential access without losing cred Lares Research Highlights Top 5 Penetration Test Findings From 2022 Boulder identity orchestration startup hopes to become a market leader with $26M raise Job Openings: Noodles Co - IT Security Administrator Sierra Space - Cybersecurity Analyst III University of Colorado - Information Security Officer Terumo BCT - Product Security Engineer Maximum - Application Security Administrator City & County of Denver - Information Security Architect Prologis - IT Governance, Risk & Compliance Manager Western Union - Group Leader, Cyber Security Engineering Marathon Petroleum Corporation - Internal Auditor RTD - Senior Cybersecurity Engineer, Access Management Upcoming Events: This Week and Next: ISSA Denver - February Meetings (lunch and evening) Transitioning to ISO/IEC 27001:2022 - 2/8 ASIS Denver - Biometric Access Trends - 2/15 ISACA Denver - February Meeting (In Person with IIA) - 2/16 CSA Colorado - February Meeting - 2/21 ISC2 Pikes Peak - February Meeting - 2/22 ASIS Denver - COFFEE CHAT WITH MISTY SHEPHARD - 2/23 Let's Talk Software Security - Vulnerability Tracking and Reporting - 2/24 OWASP Colorado - SNOWFROC - 3/2 Colorado Springs - Cybersecurity First Friday - 3/3 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Adam Firestone is our featured guest for Episode 78 of Underserved. A recovering attorney and platoon leader, Adam believes as Robert Heinlein does: Humans are not meant for specialization. We should be capable in many realms. In Adam's professional life, this means understanding security holistically, architecture natively, and cryptography as a tool, not an end in and of itself. We discuss first aid as a hobby, foiling the magic cookie thieves, and the BFJT. Adam on LinkedIn: https://www.linkedin.com/in/adamfirestone/ CyLogic: http://www.cylogic.com/ Benzi Box: https://www.facebook.com/480735395379220/posts/pfbid026d2JX6hC3oRXJiSTbVtGquwRyqee6zY6pcebtrmNnFBmkHpwv2F4zAPbAYtooTzml/ Tanks and Searchlights: https://www.quora.com/US-Army-tanks-seem-to-have-a-large-spotlight-on-the-turret-What-is-this/answer/Michael-D-Settles?ch=15&oid=75963238&share=7d19973b&srid=up2jTh&target_type=answer Culinary Happiness: https://suebeehomemaker.com/pan-seared-sea-bass/ ISO Standard for Systems Engineering: https://en.m.wikipedia.org/wiki/ISO/IEC_15288