Engineering Standards And Compliance

🚨 New OMB Report on Post-Quantum Cryptography (PQC)🚨 The Office of Management and Budget (OMB) has released a critical report detailing the strategy for migrating federal information systems to Post-Quantum Cryptography. This report is in response to the growing threat posed by the potential future capabilities of quantum computers to break existing cryptographic systems. **Key Points from the Report:** 🔑 **Start Migration Early**: The report emphasizes the need to begin migration to PQC before quantum computers capable of breaking current encryption become operational. This proactive approach is essential to mitigate risks associated with "record-now-decrypt-later" attacks. 🔑 **Focus on High-Impact Systems**: Priority should be given to high-impact systems and high-value assets. Ensuring these critical components are secure is paramount. 🔑 **Identify Early**: It's crucial to identify systems that cannot support PQC early in the process. This allows for timely planning and avoids migration delays. 🔑 **Cost Estimates**: The estimated cost for this transition is approximately $7.1 billion over the period from 2025 to 2035. This significant investment underscores the scale and importance of the task. 🔑 **Cryptographic Module Validation Program (CMVP)**: To ensure the proper implementation of PQC, the CMVP will play a vital role. This program will validate that the new cryptographic modules meet the necessary standards. The full report outlines a comprehensive strategy and underscores the federal government’s commitment to maintaining robust cybersecurity in the quantum computing era. This is a critical step in safeguarding our digital infrastructure against future threats. #Cybersecurity #PQC #QuantumComputing #FederalGovernment #Cryptography #DigitalSecurity #OMB #NIST

⚙️ Testing & Commissioning — The Final Gatekeeper of Power Projects ⚙️ ━━━━━━━━━━━━━━━━━━━━━━ 👉Every flawless substation energization has one invisible hero — the Testing & Commissioning Engineer. Before the first current flows, this team ensures every CT, VT, CB, cable, and GIS bay stands up to real-world stress. Yet, most engineers rely on scattered checklists or half-written notes during commissioning — missing key acceptance criteria, interlock tests, and safety sequences. That’s why I’m sharing this complete “Method Statement for Testing & Commissioning of Substation Equipment” — covering everything from: ✅ Current & Voltage Transformer testing (IR, Polarity, Ratio, Magnetization Curve) ✅ LV, MV & HV Switchgear verification (contact resistance, timing, interlocks) ✅ GIS Testing — SF6 gas quality, PD sensitivity, HVAC withstand checks ✅ MV & HV Cable testing — IR, sheath integrity, DC HV test procedures ✅ Acceptance criteria as per IEC standards This document isn’t theory — it’s field-proven procedure used across actual EHV projects. If you’re in commissioning, QA/QC, or substation projects, this will save you weeks of confusion and rework. 📘 Comment T&C METHOD if you want access to the PDF. Because in commissioning, you don’t get a second chance. #TestingAndCommissioning #SubstationEngineering #ProtectionEngineering #PowerSystemTesting #ElectricalEngineers #GridReliability #EHVProjects #SubstationDesign #PowerSystems

Quality isn’t expensive. Poor quality is. Most quality systems look good on paper. Reality tells a different story. ISO 13485 isn’t just another standard. It’s how you keep patients safe. Lost in the ISO maze? Here’s your practical guide through it: 1. Quality Management System (QMS) ↳ The foundation of everything you build • Design Controls  • Training management • Requirements management • Supplier Qualification • Product Record Control  • Quality Management 2. Risk-Based Thinking (RBT) ↳ Spot problems before they happen ↳ Put smart solutions in place early ↳ Stay ahead of what could go wrong 3. Design Controls ↳ Track every step with purpose ↳ Verify before moving forward ↳ Turn ideas into trusted products 4. CAPA Process ↳ Fix issues at their root ↳ Make solutions stick ↳ Learn from each problem 5. Post-Market Surveillance ↳ Your eyes in the real world ↳ Listen to what users tell you ↳ Turn feedback into improvement 6. QMS Structure ↳ Build consistency into everything ↳ Keep records that tell the story ↳ Make quality automatic 7. Implementation Best Practices ↳ Get real leadership commitment ↳ Train until it becomes natural ↳ Never stop improving 8. Smart Audit Strategy ↳ Keep internal checks honest ↳ Stay ahead of regulators ↳ Build trust through transparency These parts work together. Each one makes the others stronger. Remember: ISO 13485 builds more than compliance. It builds trust that saves lives. Which part challenges you most? ♻️ Find this valuable? Repost for your network. Follow Bastian Krapinger-Ruether expert insights on MedTech compliance and QM.

“We are ISO 27001 certified, are we DORA compliant?” Not so fast. ISO 27001 and DORA both focus on cybersecurity and risk management, but they serve very different purposes. If you're a financial institution or an ICT provider working with financial institutions in the EU, DORA compliance is mandatory, and ISO 27001 alone won’t get you there. Let’s break it down: 1. Regulatory vs. Voluntary Framework ↳ ISO 27001 – A voluntary international standard for information security management. ↳ DORA – A mandatory EU regulation for financial entities and their ICT providers, with strict oversight and penalties for non-compliance. 2. Scope and Focus ↳ ISO 27001 – Offers a customizable scope tailored to organizational needs, focusing on information security (confidentiality, integrity, availability) based on specific risk assessments and chosen controls. ↳ DORA – Enforces a standardized scope across financial entities, extending beyond security to operational resilience. It ensures institutions can withstand, respond to, and recover from ICT disruptions while maintaining service continuity. 3. Key Compliance Gaps 🔸 Incident Reporting ↳ ISO 27001 – Requires incident management but doesn’t impose strict deadlines or mandate reporting to regulators, as it is a flexible standard. ↳ DORA – 4 hours to report a major incident, 72 hours for an update, 1 month for a root cause analysis. 🔸 Security Testing ↳ ISO 27001 – Requires vulnerability management but leaves testing methods and frequency to organizational risk. ↳ DORA – Annual resilience testing, threat-led penetration testing every 3 years, continuous vulnerability scanning. 🔸 Third-Party Risk Management: ↳ ISO 27001 – Covers supplier risk but with general security controls. ↳ DORA – Enforces contractual obligations, exit strategies, and regulatory audits for ICT providers working with financial institutions. 4. How financial institutions and ICT providers can address the delta? ✅ Perform a DORA Gap Analysis – Identify missing controls beyond ISO 27001. (Hopefully, you're not still at this stage now that DORA has been mandatory since January 17, 2025.) ✅ Upgrade Incident Response – Implement real-time monitoring and reporting mechanisms to meet DORA’s deadlines. ✅ Enhance Security Testing – Introduce formalized resilience testing and threat-led penetration testing. ✅ Strengthen Third-Party Risk Management – Update contracts, prepare for regulatory audits, and ensure exit strategies comply with DORA. ✅ Improve Business Continuity Planning – Move from cybersecurity alone to full digital operational resilience. 💡 ISO 27001 is just the tip of the iceberg - beneath the surface lie significant gaps that only DORA addresses. 👇 What’s the biggest challenge in aligning with DORA? Let’s discuss. ♻️ Repost to help someone. 🔔 Follow Amine El Gzouli for more.

EN 18031 help The EU "Radio Equipment Directive" (RED) cybersecurity paragraphs 3.3d/e/f come into force as of 1 August 2025. It applies to any device to be sold in the EU with a wireless network interface ("radio"). The standard EN 18031 (in 3 versions -1, -2 and -3 depending on the type of device) describes what the vendors should do in order to comply. The EN 18031 has a format unlike I ever saw before. It looks quite complicated, lots of abbreviations and references. But the first step to do is to understand the structure of the 18031. Chapter 5 describes the general structure of all the 31 paragraphs in chapter 6. Each paragraph has a requirements section, followed by a rationale section, and lists possible mechanisms to fulfill the requirement. In the last section, you'll also find a flowchart how to do an assessment to determine whether the requirement is PASSed or FAILed. Nevertheless, really good understanding of the 18031 can still be quite some work. For example, what is exactly meant with "privacy asset" or a "network asset" ? You might have certain ideas about what an "asset" is, but is this in accordance with the 18031? Here I found the documentation provided by Zealience (on Github) very enlightening - explaining how to 'read' the 18031 jargon https://lnkd.in/ei7dnWux It also provides flowcharts and helps to set up the technical documentation. I'd advise to take a look at Zealience to assist you with any 18031 implementation. Remember that the RED comes into effect per 1 August 2025, so time is running out!

When Loads Move Faster Than the Grid Can Think NERC’s latest white paper doesn’t speculate. It documents. Emerging large loads, data centres, AI clusters, hydrogen, crypto, aren’t just big. They’re fast, invisible, and operating on their own timelines. ➤ A 450 MW data centre ramped down to 40 MW in 36 seconds. No fault. No command. No visibility. Just software doing what it was programmed to do. ➤ A 1,500 MW load drop in the Eastern Interconnection wasn’t a breaker trip. It was data centres transferring to backup after multiple voltage dips. The substations didn’t trip. The load simply left the grid. NERC’s Language Is Clear: • “System operators cannot account for the load response or create accurate forecasts.” • “Ramp rates of 1.9 p.u./sec over 250 ms.” • “Load ramping now challenges frequency regulation and reserve sufficiency.” Beyond Planning: The Real Risk Is Loss of Control This isn’t just about planning. It’s about control. And right now, control is slipping. The grid still assumes load is passive. It’s not. It’s power electronic, programmable, and often strategically opaque. The consequence? • Frequency spikes from loss of load, not generation. • Oscillations triggered by AI training cycles. • Generator instability from sudden reactive changes. • Load behaviour that mimics uncoordinated inverter-based generation. • UFLS failing, not because it tripped too late, but because the load was already gone. And We Haven’t Even Mentioned Restoration: Blackstart strategies now face an unmodeled threat 1) Large loads that reconnect too fast, or demand more than the island can handle. 2) Restoration isn’t just harder, it’s being shaped by load behaviour no one controls. Why the Old Interconnection Framework Doesn’t Hold Up: We’ve built interconnection frameworks around static MW thresholds. But none of them account for ramp speed, backup transfer logic hidden behind the meter, or autonomous disconnection outside system visibility. Yet these are now determining how the system fails, and how it recovers. Planning Means Nothing If Visibility Comes Too Late: i) Planning adequacy means nothing if a 300 MW electrolyser ramps to zero in 2 seconds because its own logic deems the voltage “unstable.” ii) Frequency control is irrelevant if the load that tripped wasn’t visible to begin with. iii) Restoration is compromised if blackstart islands can’t segment large loads in time. This is not a future scenario. It’s happening now. Quietly. Repeatedly. Systemically. #GridResilience #LargeLoads #NERC #DataCenters #AIInfrastructure #Hydrogen #FrequencyControl #VoltageStability #RampRates #DynamicLoads #InverterDominatedGrids #PowerSystemStability 

I receive the email newsletter from the HSE/Building Safety Regulator, and in the latest one, there are videos from Philip White, the Chief Inspector of Building Safety. He talks through the Gateway 2 process and some of the challenges the BSR has been facing. Until watching these videos, I had the view that the BSR was under-resourced and struggling to cope with the volume of applications, and possibly rejecting submissions on minor issues to buy themselves time. While Philip White acknowledged that the BSR has had challenges, I now don't think it is all down to them. He explained that some applications have been rejected because they lacked the detail required to assess the design. This struck a chord with me. The industry has been saying it needs more clarity from the BSR about what’s required for a Gateway 2 submission. All that is needed is information to demonstrate compliance with all relevant standards and, in particular, provide evidence that the building will be safe, especially in terms of fire strategy. Listening to the reasons for rejection, it seems that in some cases, the missing detail is fundamental compliance information. This has made me reflect on our current procurement processes. I believe it can make it difficult to define specifications early in the design. Commercial pressures during tendering can delay key decisions that are needed for the BSR to be confident the design is compliant. A simple example is typically sprinkler design or fire stopping is left to subcontractors and the detail is rarely know until the start on site. It also exposed a potential skills gap in the industry. Many design teams are unfamiliar with what a truly comprehensive Gateway 2 submission looks like. There’s often a lack of appreciation for what needs to be included. For example, assessing fire safety requires every wall, partition, and fire barrier to be specified rather than merely a performance specification.1 From watching the videos, it’s clear the BSR is under pressure to process Gateway 2 applications efficiently, but they can only do so when the information provided is sufficiently detailed. If the industry wants faster approvals, it needs to submit complete and coordinated information. If you’re unsure what’s required, just look at RIBA Plan of Work Stage 4, it sets it out clearly. The problem, in my view, is that many applications barely meet Stage 3. Designers aren’t used to producing fully detailed and specified packages before work starts on site, information that’s often only finalised deep into Stage 5. So I wonder: is the real issue not the BSR, but the industry itself? Designers may lack the knowledge and confidence to produce what’s needed, and procurement models make early delivery of this information incredibly difficult. I’d be really interested to hear others’ views on this.

GD&T (Geometric Dimensioning and Tolerancing) is a symbolic language used on engineering drawings and models to describe the size, form, orientation, and location of features on a part. It ensures that parts are manufactured within specified limits while maintaining functional performance. Key Concepts: 1. Symbols: GD&T uses specific symbols to represent geometric features (e.g., flatness, straightness, circularity, etc.). 2. Datums: Reference points, lines, or planes from which measurements are made. 3. Tolerance: Specifies the allowable variation in dimensions and geometry. 4. Modifiers: Indicate additional requirements like maximum material condition (MMC), least material condition (LMC), or regardless of feature size (RFS). 5. Functional Fittings: GD&T ensures that parts fit and function as intended even if they are slightly different from the nominal dimensions. It is widely used in industries like aerospace, automotive, and manufacturing to communicate precise requirements, improve consistency, and minimize errors in part fabrication. In conclusion, Geometric Dimensioning and Tolerancing (GD&T) is a crucial system in modern engineering that provides a clear and standardized way to define and control the geometry of parts. By using symbols and annotations, GD&T ensures precise manufacturing, reduces ambiguity, and improves the functionality and interchangeability of components. It enables designers and manufacturers to communicate complex design intent, minimize errors, and maintain consistent quality, which ultimately enhances the efficiency of production processes and product performance. Its application across industries such as automotive, aerospace, and manufacturing highlights its importance in achieving high precision and reliability in engineering designs.

Fireproofing of LPG Tanks Fireproofing is used on structural steel, supporting piping, and pressure vessels in process units (i.e. I-beams and skirts) to minimize the escalation of a fire that would occur with the failure of structural steel supporting piping and pressure vessels. Fireproofing is designed to extend the time it takes for structural steel from reaching 538 °C and allow more time for site personnel to extinguish the fire. At 538 °C, the tensile strength of carbon steel is reduced to roughly 50% of its room temperature value and impacts the load-bearing ability of these components. The premature failure of these structural supports could add significant fuel to the fire as the tanks or piping collapse can result in loss of containment of other flammable fluids.  ☂️ What is fireproofing? Fireproofing is the process of making a material or structure fire-resistant. This can be done by applying a fire-resistant material, such as mortar, cement, or fireproof paint. Fireproofing is often used on steel structures and concrete to make them more resistant to fire. 🔥 Effect of Heat on Structural Steel The effect of heat exposure on structural steel is of concern during and after the fire. Steel loses strength if exposed to increased temperatures. During a fire, if structural steel is hot enough for an adequate time period, it can weaken and lose its ability to support its load. Fireproofing tests simulating hydrocarbon fire conditions are designed to reach 1093°C in 5 minutes to represent fire exposure temperature(UL 1709). Some steels’ internal structure can change when heated and cooled, resulting in the possibility of post-fire concerns. This concern normally involves alloy steels, but not mild steel used for structures. Concerns during fire exposure increase as the temperature increases. Standardized tests use 538°C as the “failure” point. The strength of a typical structural steel as it is heated; it loses about one-half of its strength at 538°C. LPG Storage Spheres Within a Fire-Scenario API 2510 provides specific recommendations for fireproofing of LPG vessels. For the vessel itself, fireproofing should be considered for potentially impinged portions of the tank identified in the fire-scenario, if there is no fixed firewater protection. A fire-resistance rating of 11⁄2 hours protection under UL 1709 conditions is cited. Structural supports should be fireproofed to the same fire resistance for all above ground portions of the structure required to support the static load of the full vessel. Fireproofing should be provided on horizontal vessel saddles where the distance between the bottom of the vessel and the top of the support structure is more than 300 mm. #oil #refinery #LPG #tank #storage #vessel #piping #structure #fireproofing #processsafety #safedesing #learning #API2510 #API2510a #NFPA58 #engineering #firefighting #emergency #fire #explosion #bleve #uvce #poolfire