We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJailyn Slawson
Modified about 1 year ago
11 June 2004© 2004 Wimmer Systems, Inc. 1 Cryptography Facilitates Record Security and Integrity Presented By Derek Wimmer President Wimmer Systems, Inc. P.O. Box 739 Liberty, Missouri 64069
© 2004 Wimmer Systems, Inc.2 11 June 2004 Presenter Background Derek Wimmer Microbiologist and Quality Assurance Auditor in the Pharmaceutical Industry Software vendor specializing in 21 CFR 11 solutions present DaCS™ First commercial Part 11 solution specifically for Microsoft® Excel In production use since 2001 Used by major pharmaceutical companies worldwide Utilizes cryptographic methods to help ensure electronic record security and integrity
© 2004 Wimmer Systems, Inc.3 11 June 2004 Topic of Presentation What requirements would preserve record security and integrity and ensure that records are suitable for inspection, review, and copying by the agency?
© 2004 Wimmer Systems, Inc.4 11 June 2004 Preserving Record Security and Integrity Preservation During use period (within the electronic record system) During retention period (within archives and outside the system) During submission period (outside owner’s control) USAGE RETENTIONSUBMISSION
© 2004 Wimmer Systems, Inc.5 11 June 2004 Preserving Record Security and Integrity Security - preventing alteration Active controls Limiting access to record Limiting ability to alter Relies on physical or computerized controls Passive controls Ability to detect alteration Threat of repercussions Relies on psychological controls (deterrence)
© 2004 Wimmer Systems, Inc.6 11 June 2004 Integrity - means of ensuring fidelity (detecting alteration) Reference Compare to “master” copy Master copy must be available Fingerprinting Compare to mathematical transformation or cryptographic method Method must be available to do so Preserving Record Security and Integrity
© 2004 Wimmer Systems, Inc.7 11 June 2004 DaCS™ Integrity Check Methodology PASSFAIL A0-13-C4-DE B6-09-FF-01A0-13-C4-DE = 1. Generate secure digital signature of file data. 2. Embed digital signature in file. 3. Later, excise signature and generate new signature of file data. 4. Compare new signature to embedded signature.
© 2004 Wimmer Systems, Inc.8 11 June 2004 Suitable for Inspection, Review, and Copying by the Agency Must be able to remove the record from the system You can’t rely on system’s controls to provide security and integrity May require conversion of the record to different and unknown formats Record is out of the owner’s control
© 2004 Wimmer Systems, Inc.9 11 June 2004 Why Cryptographic Fingerprinting Methods Meet Requirements Preservation Fingerprint can be archived or transmitted with record Does not require control system to maintain Security Deters record alteration by virtue of being able to detect alteration Secure cryptographic methods are available Integrity Allows verification of record fidelity Suitability for Inspection Activities Independent of control system Allows for portability of records
© 2004 Wimmer Systems, Inc June 2004 Burden of Requirement Technological burden is LOW Secure algorithms and methods are publicly available ...are already built into commercial operating systems ...can be used for no licensing cost …have been commonly used in multiple applications …infrastructure for some applications already built Implementation burden is REASONABLE Must put resources into applying methods to records May require implementing new or existing infrastructure Burden is LESS THAN no requirement Clarifies acceptable methods Reduces need for resource-intensive controls Burden can be REDUCED by Application of public/free methodologies Use of commercial systems Spreading burden over large number of systems
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
How to Validate a Vendor Purchased Application Presented by: Lisa Morton, Matt Ferdock DataCeutics, Inc. Presented for: Oracle Clinical User Group 4th.
Differences in Agreement States Implementation of Regulations Equivalent to 10 CFR 31.6 Sean C. Chapel, President The 53rd Annual Meeting of the Health.
E-Procurement for Improving Governance Session 5: Integrity Protection of eProcurement systems A World Bank live e-learning event addressing the design.
Distributed Computing Dr. Eng. Ahmed Moustafa Elmahalawy Computer Science and Engineering Department.
©2011 Team Quality International Inc. PO Box , Simi Valley, CA 93094, USA Tel:
Logical IT Security By Prashant Mali.
PHARMA QUALITY EUROPE / / Quality Information Technology Pharmaceuticals PQE A Road Map to COTS CSV, HPLC 1 A Road Map to.
1 PCI Compliance Training University of Nevada, Reno Presented by The Controllers Office.
Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007.
Engaging repository policy with preservation Steve Hitchcock and Neil Jefferies* Preserv 2 Project School of Electronics and Computer Science (ECS), Southampton.
Virtual Private Networks (VPNs) VPNs allow secure, remote, connections… but they don’t protect you from a compromised remote PC.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
1 Aggregating with GeoscienceWorld (GSW) Whats in it for us?
Software Reuse and Component-Based Software Engineering CIS 376 Bruce R. Maxim UM-Dearborn.
MLAN Maguire Local Area Network Version 2.0, May 1998.
Records Preservation: Past, Present and Future By JoAnn Constantini, MS, CRM June 11, 2013.
File Concept A file is a named collection of related information that is recorded on secondary storage. A file has a define structure, which we must know.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
Recovering,Examining and Presenting Computer Forensic Evidence in Court By malack Amenya.
Unit-V -SOFTWARE QUALITY. To develop and deliver robust system, we need a high level of confidence that Each component will behave correctly Collective.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Long-term Digital Metadata Curation Arif Shaon University of Reading 16 April 2014.
PLANNING THE AUDIT Individual audits must be properly planned to ensure: Appropriate and sufficient evidence is obtained to support the auditors opinion;
National Safety Compliance, Inc. …because safety is never an accident… Presentation works best if displayed on a computer with an active internet connection.
Introduction to Telecommunication Equipment: PBX, ACD, IVR, CMS, CAS and Workforce Management or How to Select Telephone Systems & Services to Fit Your.
Learning Objectives 13.1 Explain how businesses benefit from the use of information technology (IT) Describe the components that enable IT– networks,
© 2016 SlidePlayer.com Inc. All rights reserved.