The 2020 Quarter 1 Impact newsletter includes information on updates to standards and industry news. This issue contains articles on

  • Waupaca Foundry, Inc.’s commitment to sustainability
  • Growth at GW Plastics
  • ISO/IEC 27701

Committing to Sustainability 

With 65 years of history behind it, Waupaca Foundry, Inc. (WFI) has been committed to making high quality iron castings. What’s even more impressive is their commitment to sustainability.  
Since scrap metal is an excellent feedstock for their facilities to create new castings, the company created an initiative to use more than 90% of recycled scrap metal for operations. 

However, reducing their use of virgin metal sources isn’t their only sustainability achievement. They are improving energy, materials, and water use as well to increase overall sustainability. 

Past Foundry Sand Recycling 

The vertical green sand molding process of making iron castings requires large volumes of sand. WFI recognized an opportunity to reuse foundry sand that was no longer able to be used to make casting molds. The sand - which is continually used, reconditioned and reused in the foundry - can then be reused in a variety of applications and industries outside of the foundry setting. For over two decades, WFI has been recycling foundry sands and provides offsite reuse for over 80% of all available foundry sand and 69% of all available byproducts, including foundry slag. 

Reducing Water Reliance

Foundries rely on water to cool running machinery and run a successful foundry. Recently, WFI has concentrated on reducing its water use. With plant improvements implemented by the company over the last decade, contaminated process water that requires wastewater treatment and discharge has been completely eliminated from WFI facilities. In addition, the company invested in closed loop cooling water systems through which individual plant cooling water demands have been cut by 80% or more, and non-contact cool water discharged have been reduced to near zero. 

Energy Use

WFI has also worked to reduce energy use and carbon emissions since 2004 with significant energy use reduction activities, such as heat recovery for building/hot water heating and use of premium high efficiency motors. The company was recognized in 2009 with the Governor’s Award for Environmental Excellence at its Plant 1 facility located in Waupaca, Wis. This facility has a novel heat recovery system that recovers waste heat from the cupola melting of the iron scrap to use for heating the facility in the cold Wisconsin winters. 

WFI was also among the first companies in the United States to volunteer for the U.S. Department of Energy’s Save Energy Now Leader (later renamed Better Buildings, Better Plants) Program, which seeks a commitment to voluntarily reduce industrial energy intensity by 25% in 10 years. 

The company has implemented a formal Energy Management Program at its Plant 1 and achieved certification to ISO 50001 with DQS Inc. 

Pollution Control

The air pollution control systems at the company are considered the “best available” by the U.S. Environmental Protection Agency and the State of Wisconsin. WFI is also seeking new ways to continually reduce air emissions. A filter leak detection system has been broadly used by their facilities as an elective technology to assist with air pollution control. 

When asked what advice they’d give other companies who look to improve their sustainability efforts, they had this to say: 

“Promote the use of employee resources already within your organization and work to understand the mechanics of the process in detail.  In Waupaca’s experience, processes which have been subjected to the time, care and attention to be properly investigated are almost always fruitful in facilitating continual improvement.”

Waupaca will continue to set objectives and targets to achieve continual improvement with its sustainability efforts as a company and work to maintain their leadership presence in the area for the metalcasting industry. 

GW Plastics Growth Strategy


GW Plastics was built on a foundation of innovation, respect, dedication, and corporate social responsibility.  For over 60 years, the organization has been pioneering not just quality products, but more importantly, lasting relationships and sustainable global footprints.  

The company’s stability of ownership and leadership, as well as strong commitment to quality, has allowed GW Plastics and DQS Inc. to create a successful, long-term customer relationship.  While every company talks about quality, GW Plastics’ quality focus is driven in such a way that it challenges every employee – in every department – from office workers, to engineers, to machine operators.  Quality is truly the foundation of GW Plastics’ business.  GW Plastics has been certified by DQS since June 5, 1996 to ISO 9001, ISO 13485, and ISO/TS 16949 (IATF) and has been FDA-registered since 1979.

At this time, GW Plastics is proud to celebrate its’ company growth over the last five years – as they have significantly re-invested in almost every area of its business.  The organization has had major expansions of its’ Vermont, Arizona, Texas, and China facilities, as well as the purchase of Irish mold making company, Avenue Mould Solutions.  GW Plastics has grown to a combined 500,000 sq. ft. of environmentally-controlled, advanced manufacturing space and currently offers complete medical device contract manufacturing and mold making services on three continents.

GW Plastics began expanding their facilities in response to growing customer demand in its global medical device and drug delivery business.  Most recently, the organization completed a 14,000 sq. ft. expansion of its San Antonio, TX facilities and a 30,000 sq. ft. expansion of its Royalton, VT facilities to accommodate the additional growth of its medical device manufacturing business.  These expansions have allowed for improved process flow and future growth in their thermoplastic and Liquid Silicone Rubber manufacturing operations.

Over the years, GW Plastics’ healthcare manufacturing business has continued to grow at such a rapid rate, that the company is already looking at further expansions in 2020 in the U.S., Ireland, and Mexico for its thermoplastic and silicone molding and contract manufacturing business, as well as possible expansion of standards, such as MDSAP for their AZ and VT plants, and ISO 13485 for China and Ireland, in the future. 

“GW Plastics has implemented a deliberate and strategic growth strategy,” says Brenan Riehl, GW Plastics President and CEO. “Our company has enjoyed ongoing year-over-year record revenue, and we are committed to supporting this growth by continuing to invest for our customers, worldwide.”

GW Plastics is one of the few healthcare manufacturing companies that provide a wide array of advanced in-house tooling, molding, and contract assembly capabilities on a highly standardized, global scale. This provides a tremendous competitive advantage to GW Plastics’ customers. 

“Everything stems back to our people, technology, and willingness to consistently invest for our customers. As a 65-year-old company, GW has a defined and predictable culture of success that resonates with our customers,” says Riehl. “Our ability to develop lasting relationships with our customers, partner early in the development process, and leverage our world-class engineering, tooling, and highly-standardized global production capabilities allows us to offer innovative, high-quality, and cost-effective solutions.”

We would like to thank GW Plastics as one of DQS Inc.’s valued customers and congratulate them, as they complete their final re-certification assessments this quarter as well as a successful completion of an FDA audit with no non-conformances and for the continued success of their business over the years.

ISO/IEC 27701 Certification for GDPR Compliance


Traditionally, data privacy have been part of overall information security management system.  It was known that International standards on Information Security focused mostly on data security not so much on data privacy.  

ISO attempted to fill in this gap by releasing Data Privacy Framework and Principle (ISO/IEC 29100) in 2011. In 2014, ISO released ISO/IEC 27018 to provide guideline to implement ISO 27001 controls for protection of Personally Identifiable Information (PII) in public cloud. ISO /IEC 27018 includes the security principles defined in ISO/IEC 29100. That was the first attempt from ISO to expand scope of Information Security with equal emphasis on privacy.

Ever since GDPR (General Data Protection Regulation) came into effect in May 2018, attention to data privacy has gained paramount importance. Any organization doing business with EU member states are required to comply with GDPR. Following lead from EU, state of California has introduced California Consumer Privacy Act (CCPA) which has become effective from January 1 2020. It is expected that other states will soon introduce similar privacy regulations.  None of these regulations are certifiable standard although GDPR article 42 requires member states to introduce some certification scheme to show compliance to GDPR. Article 43 requires establishment of a national accreditation body to manage this certification program.  This is exact same governance structure of ISO certification program.  EU member states had to decide whether to establish new certification scheme or utilize the ISO certification scheme. A GDPR equivalent ISO certification standard was required to meet articles 42 and 43 requirement.  ISO responded quickly by fast track release of ISO/IEC 27701 in August 2019. This is world’s first Privacy Information Management System (PIMS) standard. 

ISO/IEC 27701 includes principles and requirements from ISO/IEC 29100, ISO/IEC 27018, ISO/IEC 29151, and GDPR

The title of ISO/IEC 27701 says ”Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines”.  This makes it clear that this standard has to be used in conjunction with the ISO/IEC 27001 and ISO IEC 27002.  As shown in the diagram, any organization seeking registration has to be audited against the requirements and applicable controls from both standards.

ISO/IEC 27701 is unique in a way that it provides both guidelines and requirements.  Section 5 provides PIMS specific requirements to be added to the requirements of clause 4 to 10 of ISO/IEC 27001. A Notable addition is to include a privacy risk assessment in the scope of the overall risk assessment. The statement of applicability (SOA) should contain applicable controls from annex-A of ISO/IEC 27001 and annex-A and/or annex-B of ISO/IEC 27701.
Section 6 provides PIMS specific guidelines for implementing Annex-A control of ISO/IEC 27001. 

ISO/IEC 27701 provides additional privacy related controls in two separates annexes. 

  • Annex-A: PIMS specific reference control objectives and controls for PII controllers – 31 controls
  • Annex-B: PIMS specific reference control objectives and controls for PII processors – 18 controls

PII controllers are custodians of personal data. They may in turn engage 3rd parties to process. Hence, PII controllers have to implement a lot more controls than outsourced service providers. Organization have to select appropriate controls from these two annexes based on their role. Non-applicable controls can be excluded from SOA with business justification. The audit process is expected to follow the same approach as ISO/IEC 27001. The accreditation program is being defined by ANAB. DQS is among the first few certification bodies that submitted intent to become accredited to ISO/IEC 27701.

Sara Gulo

Sara Gulo is the Marketing Specialist for DQS Inc. in the USA. She's been with DQS for 10 years in various roles, including Verification and Customer Service Professional.