Skip to content Skip to footer
About UsContact Us

Search

Our Policies

Tech Image

ISO 9001-2015 Registration

This Quality Management System (QMS) standard requires a design, manufacturing, and service company to identify, document, implement, and monitor its processes and procedures affecting the quality of its products and services. It was designed as a world quality standard for international trade and to establish consistent quality practices.

Our Quality Management System has been ISO 9001 registered since 1998. We accomplished our certification without the use of external consultants, though we did use the resources of the ISO Consortium sponsored by the State of Maryland. Our registrar, Intertek Testing Services, audits our Quality Management System annually to ensure compliance.

Download our certificate of registration

ISO 13485:2016 Compliance

ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.

The primary objective of ISO 13485:2016 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes specific requirements for medical devices and excludes certain ISO 9001 requirements that are not appropriate as regulatory requirements. ISO9001 is focused on continual improvement, whereas ISO13485 is more focused on risk management and the effectiveness of procedures, standards, etc.

All requirements of ISO 13485:2016 are specific to organizations providing medical devices, regardless of the type or size of the organization.

If regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulations can provide alternative arrangements that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity with ISO 13485:2016 reflect the exclusion of design and development controls.

Quality Policy

Tristate is committed to manufacturing consistent quality products here in the United States. It is essential for all levels of our organization to strive for excellence and continual improvement in quality to maintain our competitive edge.

To accomplish this Tristate will:

  • Manufacture products in accordance with our customers’ expectations, specifications, and
    documented procedures,
  • Involve, empower, and train all employees continually to improve quality,
  • Maintain the effectiveness of the Quality Management System,
  • Fully commit to and ensure compliance with applicable regulatory requirements.

Tristate’s Quality Policy is fully endorsed by top management to ensure that it is communicated, understood, implemented, and maintained at all levels of our organization.

To measure our progress in achieving the quality policy goals and objectives, Tristate will continually utilize the following indicators:

  • On-Time Delivery,
  • Defect Data (in-house and RMA),
  • First Piece Sample (internal) and First Article Inspection (customer) acceptance data,
  • Specific customer and regulatory data required for contract manufacturing of electronic assemblies and products for use in medical devices.

In addition, we will seek and utilize relevant customer ratings and feedback that will measure the customer’s view of our efforts.

Cybersecurity Policy

At Tristate, we are committed to safeguarding Controlled Unclassified Information (CUI)
and maintaining high standards of cyber security in support of our customers’ data and
supporting national security objectives. We align our information security practices with the
requirements of the Cyber Security Maturity Model (CMMC) framework established by the
U.S. Department of Defense. Tristate maintains a documented System Security Plan (SSP)
and Plan of Action and Milestones (POA&M). Our security measures meet applicable
controls consistent with CMMC Level 2, including those derived from the National Institute of
Standards and Technology Special Publication (NIST SP 800-171 ).

Our cybersecurity program includes: Controlled handling and storage of CUI, secure
system and network configurations, implementation of access controls to protect sensitive
data, continuous monitoring and risk assessment processes, incident response,
reporting procedures, and employee cybersecurity awareness training.

We undergo regular internal assessments and, where required, third-party evaluations to
validate compliance. “Critical” handlers of CUI will need a third-party assessment by a
CMMC Third Party Assessment Organization (C3PAO) for CMMC certification every three
years.

ITAR Policy

International Traffic In Arms Regulations (ITAR)

Management is fully committed to ensuring Tristate Electronic Manufacturing, Inc. will comply fully with all applicable U.S export control laws and regulations. This includes the Arms Export Control Act (AECA) and International Traffic in Arms Regulations (ITAR).

Conflict Minerals Policy

It is the policy of Tristate Electronic Manufacturing to support the legislation of the Dodd-Frank Wall Street Reform Act, Section 1502. We will not knowingly incorporate Conflict Minerals into our finished product. This is accomplished according to our internal procedures, and also through the survey of our vendors in regard to their compliance and support of the above-mentioned legislation.

Tristate Electronic Manufacturing will supply supporting documentation only upon specific request in an effort to reduce the impact of these requirements upon small businesses.