16.11.2022 Views

MASS UK Industry Conduct Principles and Code of Practice 2022 (V6)

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

6.1.4 Information about product safety will be shared with customers <strong>and</strong> within the <strong>Industry</strong> <strong>and</strong> it will try to learn from<br />

anything about the performance <strong>and</strong> use <strong>of</strong> products that can be used to improve safety.<br />

6.1.5 Everyone within the industry should be aware <strong>of</strong> the product safety implications <strong>of</strong> their role <strong>and</strong> ensure that operations<br />

are in full compliance both with the law <strong>and</strong> with each company’s safety policies <strong>and</strong> processes. Any concerns<br />

regarding the safety <strong>of</strong> a product, or the application <strong>of</strong> policies <strong>and</strong> processes, should be raised immediately.<br />

Assuranc<br />

INDUSTRY PRINCIPLE 4 – CUSTOMER INFORMATION<br />

Users <strong>of</strong> this <strong>Code</strong> will h<strong>and</strong>le customer protectively marked <strong>and</strong> commercially sensitive information<br />

confidentially <strong>and</strong>, as a minimum, in accordance with appropriate regulations, policies <strong>and</strong> processes.<br />

6.1.6 The <strong>MASS</strong> industry will ensure that it employs Suitably Qualified <strong>and</strong> Experienced Personnel (SQEP) in the<br />

design <strong>and</strong> construction <strong>of</strong> its systems. It will source good quality, traceable, consistent materials <strong>and</strong> components<br />

<strong>and</strong> use appropriate design, build <strong>and</strong> test st<strong>and</strong>ards where applicable to ensure quality, safe <strong>and</strong> predictable<br />

products are delivered to customers.<br />

6.2 CYBER SAFETY AND SECURITY<br />

8<br />

Assurance Certification<br />

<strong>and</strong> Authorisation for use<br />

6.2.1 All aspects <strong>of</strong> Cyber Safety <strong>and</strong> Security should be embedded in the initial design <strong>of</strong> all s<strong>of</strong>tware <strong>and</strong> hardware<br />

in <strong>MASS</strong>. The integration <strong>of</strong> these systems needs to be considered throughout the design process. Consequent<br />

updates <strong>and</strong> patches could have unforeseen, undesirable adverse effects on the functions <strong>and</strong> security integrity<br />

<strong>of</strong> the whole system.<br />

INDUSTRY PRINCIPLE 3 – PRODUCT SAFETY DESIGN AND CONSTRUCTION<br />

Users <strong>of</strong> this <strong>Code</strong> will work with each customer to agree the level <strong>of</strong> safety required for a specific<br />

operational situation <strong>of</strong> each product through its life. They will suggest designs or modifications to<br />

mitigate, where possible, any identified or perceived risks.<br />

8.1 PROCEDURES<br />

8.1.1 The <strong>MASS</strong> industry recognises the critical importance <strong>of</strong> Assurance, Certification <strong>and</strong> Authorisation for the use<br />

<strong>of</strong> all <strong>MASS</strong>, including Cyber Security. It will incorporate existing st<strong>and</strong>ards, where appropriate, <strong>Industry</strong> wide: a<br />

common agreed Risk Assessment Based Assurance Framework; an agreed Certification process using a Testing<br />

<strong>and</strong> Evaluation Roadmap; <strong>and</strong> an appropriate process to issue a Certified Clearance for Use for <strong>MASS</strong>.<br />

8.1.2 Manufacturers <strong>and</strong> operators that hold correct ISO9001:2015 certification will have rigorous quality systems in<br />

place that ensure high <strong>and</strong> consistent design, test, build <strong>and</strong> operational st<strong>and</strong>ards. ISO 27001 gives details <strong>of</strong> the<br />

International St<strong>and</strong>ard that lays out the specifications for implementing an information security management system.<br />

8.1.3 The industry recognises that achieving international st<strong>and</strong>ardisation will take time. However, it will participate fully<br />

in its development <strong>and</strong> will ensure that it adopts its own best practice complementary to achieving the end state.<br />

7<br />

Customer Information<br />

INDUSTRY PRINCIPLE 5 – ASSURANCE AND AUTHORISATION<br />

Users <strong>of</strong> this <strong>Code</strong> are fully committed to developing <strong>and</strong> applying agreed Assurance, Certification<br />

<strong>and</strong> Clearance for Use processes to enable demonstrable confidence in its products <strong>and</strong> systems <strong>and</strong><br />

compliance with existing regulations<br />

7.1 PROTECTIVE MARKING<br />

7.1.1 Improper or unauthorised h<strong>and</strong>ling <strong>of</strong> protectively marked <strong>and</strong> commercially sensitive information may damage<br />

the national security <strong>of</strong> the countries in which business is done. It also damages the <strong>Industry</strong> <strong>and</strong> may harm the<br />

operational <strong>and</strong> financial performance <strong>of</strong> companies within the industry.<br />

7.1.2 The <strong>MASS</strong> industry has responsibility to:<br />

9<br />

Trade Restrictions <strong>and</strong> Export Controls<br />

n H<strong>and</strong>le Classified <strong>and</strong>/or Protectively marked information in accordance with all applicable laws <strong>and</strong> local procedures.<br />

n Refrain from discussing or working with classified information in a public area where the conversation may<br />

be overheard, or information compromised.<br />

n Not discuss classified information with anyone unless it is confirmed that they have a need to know <strong>and</strong> the<br />

appropriate clearance.<br />

9.1 RESTRICTIONS<br />

9.1.1 The <strong>MASS</strong> industry will be involved with International, cross-border business <strong>and</strong> as such must be familiar with<br />

the appropriate national policies <strong>and</strong> procedures for h<strong>and</strong>ling goods, technology <strong>and</strong> data or providing services<br />

which may come into or go outside <strong>of</strong> a country.<br />

12<br />

<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6 <strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6 13

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!