2021 Quarter 2 Impact Newsletter

Together for Sustainability

Want to be considered as a supplier to some of the biggest chemical companies in the world? Maybe TfS is right for you…

In 2011, six major players of the chemical industry banded together to try to help improve the world!

BASF, Bayer, Evonik, Henkel, Lanxess, and Solvay originally formed a joint initiative with a purpose of improving sustainability practices within the supply chains of the chemical industry.

Now in 2021, the initiative, known as TfS (Together for Sustainability), has grown to thirty-one members of the global chemical community.

The member companies of TfS have joined to establish a set of criteria that includes management, environment, health & safety, labor & human rights, and governance issues.

So how does it work?

TfS member companies invite potential suppliers to participate in the Together for Sustainability data sharing process. The potential supplier would embark on a two-part process. First, they complete an online questionnaire tailored to the specificities of the chemical industry, recognizing that suppliers can be involved an ANY industry. The online questionnaire was developed with input from the TfS members, collaborating with EcoVadis, who specializes in business sustainability ratings. This is followed by a third party audit. The results are then shared among all TfS member companies. The overall concept, simply stated, is “an audit for one is an audit for all”.

What will this do for me?

This concept, “an audit for one is an audit for all”, speaks for itself. Wouldn’t it be great to have one audit, and based on the strength of that, have it satisfy the needs of multiple customers?

Not only that, but TfS members and their partners are visibly demonstrating their commitment to sustainability and providing transparency of their sustainability performance. This initiative is found to result in reduced effort and cost and improved use of resources. TfS member and partners enjoy enhanced and strengthened long-term customer relationships. The standardized criteria ensures that all suppliers who go through a TfS audit are held to the same high standards.

Potential suppliers are also free to share their audit results with non-member customers as a means of demonstrating commitment to sustainability.

What does it cover?

Each TfS Audit covers a supplier business location such as a production site or a warehouse. During a TfS Audit, the supplier’s sustainability performance is verified against a set of audit criteria on management, environment, health & safety, labor & human rights, and governance issues.

Management criteria ensures that the suppliers’ top-level management is involved and active in sustainability efforts. Commitment is demonstrated through policy and continual improvement, allocating resources and training, and establishing partnerships with contractors and third parties who are aware of, and share, the same basic philosophies.

Environmental compliance is critical to assuring that suppliers are embodying the principles of sustainable management and forms the next part of the evaluation. The evaluation will ensure that the supplier has methods for safe handling, movement, storage, recycling, reuse or management of waste, air emission and wastewater discharge. The company is expected to establish and follow procedures for emission prevention, measurement and control, use natural resources in an economical way, and minimize or eliminate negative impacts on the environment and climate. The supplier is also expected to have processes for energy consumption measurement and improvement, and methods for assessing the potential impacts of site operation on designated protected areas or the ecosystem.

The health and safety portion of the organization covers not only process safety, but also product safety, and refers to the physical health & safety of the workers, employees, and users. Emergency preparedness and response scenarios and procedures are reviewed for mitigation, responding to and recovering from emergencies. Security precautions are also a part of this segment. The evaluation further evaluates labor and human rights, including child labor policies. Criteria is based largely on the ILO Convention no 139 of 1973 and the UN Convention on the Rights of the Child.

The evaluation will ensure that the supplier abides by local, national, and international law when establishing working hours and wage policies. Other topics evaluated include discrimination and harassment policies, freedom of associated practices, special work contracts, and facilities.

The final segment of the evaluation focuses on governance, where the auditor looks at topics such as business integrity, any special risk areas, privacy and intellectual property, fair competition, and disciplinary and complaint procedures. Pretty comprehensive, right?

DQS is proud to be a third party auditing firm approved to conduct TfS audits. Many of the TfS member companies partner with DQS in the maintenance of their sustainability and quality management systems. Let us know if you think a TfS audit might benefit you as a supplier.

For more information on TfS audits, please visit https://dqsus.com/standard/together-forsustainability-tfs/ or contact Candace.orbaugh@ dqsus.com.

New Sanctioned Interpretations from IATF

In February 2021, the IATF issued Sanctioned Interpretations # 26, 27 and 28. These interpretations may affect any client that has an IATF OEM as a customer. The OEM customers are BMW, Mercedes, FCA, Ford, General Motors, PSA, Renault, Volkswagen and the recently added Geely Group.

These new interpretations may directly impact the number of audit days on-site.

Sanctioned Interpretation # 26: If a client does not meet the IATF OEM Quality and/or delivery targets specified in the IATF OEM Scorecard(s), the certification body shall increase the total audit days in the table listed based on employee counts.

For example, if the client has less than 500 employees and has 2 OEM customers, the audit duration may be increased by 4 hours.

The main reason for the change is that the IATF believes that to support a risk-based audit day calculation, this would allow the certification body to focus more on performance issues that are a risk to the customer.

Each IATF client will be asked for planning information well in advance of the audit in order to generate the Audit Plan. Included in this information will be the latest OEM scorecard results. If the scorecard(s) do not meet the OEM’s expectations for quality and/or delivery, the client should expect extra time added to the audit.

This requirement went in to effect June 30, 2021.

Combined Audit Report Application

Beginning January 1, 2021 the IATF mandated the use of the Common Audit Report Application (CARA) for all IATF Audits. This new reporting database is used by all certification bodies. The overall layout of the report contents are different that any used previously by DQS Inc. All the information and content is transferred to the IATF Database. The goal is for all certification bodies to have a consistent method to communicate the results of the audits.

The client will be responsible for nonconformity management. The lead auditor will make sure the client is able to access and understand their responsibility to respond to any nonconformities in the CARA Database platform.

Information and tutorials on the use of CARA are available with the following link: https://infosysc.atlassian.net/wiki/spaces/CARA/ overview

Customer access to the CARA database for nonconformity management may be reached from this link:

https://nc-cara.iatfglobaloversight.org/

Please feel free to contact me with any questions, comments or concerns.

Best Regards, Charles Blair

Update on CMMC and DQS CSI

As you may recall from our Q1 newsletter, the Department of Defense (DoD) has rolled out a new requirement known as the Cybersecurity Maturity Model Certification (or CMMC). CMMC is designed to provide increased assurance to the DoD that a Defense Industrial Base (DIB) contractor can adequately protect Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multitier supply chain.

As the DoD has set a goal to certify the entire supply chain (~450,000) by 2025. With that, there is a tremendous amount of activity that is happening with the CMMC-Accreditation Board (CMMC-AB). To help with communication, alignment and transparency – the CMMC-AB has established the Market Place. In the Market Place, information regarding status, providers, and even Frequently Asked Questions (FAQ) are available. Each month the CMMC-AB holds a Town Hall meeting to provide updates on the structural developments as well as the roll out. If you are interested in staying in tune with the latest updates – you may do so by going to the Market Place and selecting the links to Town Hall Videos: https://cmmcab. org/#townhall

As of the April Town Hall – the CMMC-AB is in the process of bringing on professionals to staff, develop protocols and procedures and is continuing working through the list of applications for C3PAO Organizations, Training Organizations, Training Materials, and Certification Exam Materials.

As with any new standard – it may be helpful to share the details of our journey. DQS began our journey for CMMC back in the late 2020 and is continuing to achieve our project milestones each month to our project plan including our application submission in January of this year.

Our journey began with that all important gap assessment. Like many companies – the first review may be high level. However, the second time through – as you pull more of the layers back – you begin to notice additional things. And then, notice a common thread on like issues that begin to provide a bigger picture. Much like working on a mosaic art piece. One may work on a section and see its details, however – it is always critical to take time to step back and see how that piece fits within the overall piece. Hence, the same with an Information Security Management System.

Our journey has led us to a cadence that provides structure at the IT Core Team level, with weekly IT Directional Meetings including Top Management cover critical updates, direction, and essentially mini Management Review Meetings. Then monthly, an Overall CMMC Project Meeting that provides detailed updates on the CMMC Program itself as well as the current status of achieving CMMC Level 3 which is required for all Certification Bodies.

DQS Inc. and DQS CSI are continuing to communicate with our existing clients and those that have approached us for CMMC Certification needs by holding webinars in 2020. Our goal is to continue to provide updates through webinars on cyber security topics throughout 2021.

As mentioned in our Q1 Newsletter, DQS sent out a Survey that consists of 15 quick questions (which can be taken at https://dqsus.az1.qualtrics.com/jfe/form/ SV_3qPXYQvLvMdKmRU). The goal is to be in a position by Q3 2021 to fully support our clients’ certification needs and the DoD goals for CMMC as well as other Information Security needs. Let us know how we can help you along your CMMC journey.

For additional information – contact Ravi Maewall at Ravi.Maewall@dqsus.com .