Question regarding "Customer Property"

lorenambrose

Quality Assurance Manager
#1
Would an internet service provider regard the data that a customer sends and receives over its network as Customer Property as addressed in 8.5.3
Property Belonging to Customers or External Providers
?

My initial thought is NO as there are too many variables making up the internet that are out of your control.

Opinions?

Regards,
Loren
 
Elsmar Forum Sponsor

yodon

Leader
Super Moderator
#2
I'm not an AS guy but what's the impact if the data is lost while in your custody? What about if it's exposed from a hack?
 

lorenambrose

Quality Assurance Manager
#3
We provide internet service, a connection to the internet. We do not store data anywhere. I suppose I was just pondering about ISPs in general. In this information age, does the world of AS or ISO consider this transmitted data to be customer property that must be safeguarded?
 
#4
I understand your concern. The note following 8.5.3 includes that "customer or external provider property can include . . . intellectual property, and personal data."

Be aware that notes are to provide illumination and cannot be used to write a nonconformance. This one specifically says "can" not "shall". It provides guidance, not a requirement. It is something you may want to consider, but you are not locked into it.

In practical application I would venture to say that if you are not dealing with customer's credit cards you don't likely have anything to worry about. If you do accept payment with a credit card you should have safeguards such as immediately shredding the number after use or if it retained it is using a secure server.
 

Miner

Forum Moderator
Leader
Admin
#5
From a different perspective, consider that you run an armored car service for banks. You stop at one bank and pick up the bank's money and transport that customer's property (money) to another location and deliver it. You do not retain any of the money, but you are responsible for that money while it is in your possession. You are responsible for preventing theft, loss through negligence, etc.

Applying this analogy to an ISP, you would be responsible for ensuring the data are transmitted from point A to point B, the data are not lost or corrupted, intellectual property is not copied/stolen while en route.
 

Randall Beck

Involved In Discussions
#6
Excellent analogy Minor. If you are being paid for the data you deliver I am not sure how that could be considered anything but a service product. Many changed to AS9100:2015 were specifically added to include services as products.

In the very least, I would certainly think that ITAR and the new Department of Defense cybersecurity CMMC regulation considerations need to be investigated for ISP's.

Very small companies are being required to spend $30-100k to protect their proprietary information in their establishments on their own IT infrastructure. I can only imagine the national security risk that ISP's have to protect sensitive data transportation of government contracts or other information.
 

Randy

Super Moderator
#7
My initial thought is NO as there are too many variables making up the internet that are out of your control.
8.5.3
NOTE A customer’s or external provider’s property can include materials, components, tools and equipment, premises, intellectual property and personal data.

The bold-italics pretty much deflate your NO.
 

lorenambrose

Quality Assurance Manager
#8
Great discussion. My hesitation is the words "possession" and "control". We do neither in any form. This is why I would disagree with the Armored Car analogy. There is no possession in our case. If you send data from your home to your work via the internet and it gets corrupt or hacked, I do not think your ISP would have any liability at all. A shopping mall has a parking lot but is not if someone backs into you or breaks into your vehicle you cannot hold the shopping mall liable.
 

Miner

Forum Moderator
Leader
Admin
#10
A shopping mall has a parking lot but is not if someone backs into you or breaks into your vehicle you cannot hold the shopping mall liable.
This is from a quick internet search: "Corporate property owners are responsible for the common areas like parking lots, walkways, restrooms, elevators and escalators. Owners of shopping centers are obligated to ensure the safety of visitors from the moment they enter the parking lot".
 
Thread starter Similar threads Forum Replies Date
D Question regarding customer feedback process ISO 13485:2016 - Medical Device Quality Management Systems 3
J Question regarding classification of custom made device EU Medical Device Regulations 5
S Question regarding AQL - ISO 3951 Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
D Question regarding PCR workstation Fume Hood upon first use ISO 13485:2016 - Medical Device Quality Management Systems 0
D ISO 13485--Question regarding performing calibrations in house. ISO 13485:2016 - Medical Device Quality Management Systems 13
T Noob question regarding sample size Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
Ron Rompen Question regarding CMM probe damage General Measurement Device and Calibration Topics 4
D Question regarding where "validations" fit according to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
lanley liao Question regarding the calibration of monitoring and measure equipment. Oil and Gas Industry Standards and Regulations 3
D Question regarding "storage and distribution" ISO 13485:2016 - Medical Device Quality Management Systems 1
D Question regarding ECO process, specifically for Life Science products and defining form fit and function ISO 13485:2016 - Medical Device Quality Management Systems 1
F ISO 13485 8.2.3 Reporting to regulatory authorities: Question regarding a procedure for this clause. ISO 13485:2016 - Medical Device Quality Management Systems 4
C Question regarding Quality Manual Content and Specificity ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
optomist1 Generic question regarding Two Way ANOVA Results Statistical Analysis Tools, Techniques and SPC 8
apestate Question on wording in DOD RFQ regarding ISO 9000 Various Other Specifications, Standards, and related Requirements 7
N ASME B89.1.13 question regarding Resolution and Maximum Permissible Error General Measurement Device and Calibration Topics 3
B Question regarding Mandatory Procedures and Manual AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
P Question in auditing regarding CAR (Corrective Action) Logs Internal Auditing 7
S Supplier Development Process failed - Question regarding sub-suppiler audits IATF 16949 - Automotive Quality Systems Standard 4
Q Question regarding O-ring application for water proofing a device Design and Development of Products and Processes 2
J Question regarding Device Master Records & Specification Developers 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
J Question regarding supplier approvals ISO 13485:2016 - Medical Device Quality Management Systems 12
J Cancellation of Specifications - Question regarding cancelled specifications Various Other Specifications, Standards, and related Requirements 3
ScottK ASME B&PVC Section VIII Div 1 question regarding "Seal" Various Other Specifications, Standards, and related Requirements 0
K Auditor's Question Regarding TS16949 Clause 7.5.2 - How vague can an auditor be IATF 16949 - Automotive Quality Systems Standard 18
S Question regarding document control - Control EVERY version of the same graphic? Document Control Systems, Procedures, Forms and Templates 5
A Question regarding TS16949 auditor rules 3.3 - Different auditors IATF 16949 - Automotive Quality Systems Standard 4
C Question Regarding MSA (Measurement Systems Analysis) - Pass / Fail Criteria tests Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 11
E Question Regarding OHSAS 18001 Occupational Health & Safety Management Standards 3
T Aircraft GAPP Software Testing Compliance Question AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
sonflowerinwales Quick question M3 screw plug gauge AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B FDA regulations medical device prescription fulfillment DME question US Medical Device Regulations 0
M An interesting question about import company Other Medical Device Regulations World-Wide 5
Sam.F Question about training Training - Internal, External, Online and Distance Learning 17
B Labeling question about different manufacturers on a single label Manufacturing and Related Processes 4
Sam.F Question about granite surface plates out of spec AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
Ed Panek MDR question - Meaning of Stability CE Marking (Conformité Européene) / CB Scheme 6
B GD&T Question, True Position Confusion Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
D Initial Importer question Other US Medical Device Regulations 1
Ed Panek Calibration question Manufacturing and Related Processes 4
M Class Exempt Medical Device Recall Question US Food and Drug Administration (FDA) 3
sonflowerinwales Metric or Imperial; that is the question... After Work and Weekend Discussion Topics 6
M Can someone help me with this CMM programming question? Manufacturing and Related Processes 2
A A strange question about predicate device selected in 510(k) submission Medical Device and FDA Regulations and Standards News 8
D Document Control Question involving DocuSign US Food and Drug Administration (FDA) 6
JoeRandom11 Question about Customer Supplied Equipment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485: 2016 Lot numbering question ISO 13485:2016 - Medical Device Quality Management Systems 4
S Nadcap - Heat Treatment Proof of Verification question for Digital results AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
JoeRandom11 Question of Calibration Cycles AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
D Software Validation Question ISO 13485:2016 - Medical Device Quality Management Systems 10

Similar threads

Top Bottom