Risk Management

Savvy Compliance Strategy Part II – Checking Compliance

June 10, 2010 By Sal Lucido 1 Comment

Sal Lucido, VP Enterprise Solutions, AssurX

In Part I, we took a high-level look at a process for automating regulatory compliance management. The closed-loop process starts with Documenting your processes followed by Monitoring or Checking that your processes are being followed. Next you provide a means of Logging or Tracking any problems that may arise and then take actions to Improve. This improvement should then result in a revision to the Documented process followed by notifying or training those affected by the process improvement. This closed-loop process, which I call the Circle of Compliance, should be used to automate the process of complying with regulatory standards.

The Circle of Compliance

Now lets take a closer look at the Check step. The goal of this step is to eliminate the need to manually audit a process in order to determine its effectiveness. One way to do this is by defining a Key Performance Indicator (KPI). That’s a measure of performance that is used to help an organization monitor progress to goals. For example, a company may decide to improve responsiveness by reducing the number of late tasks. A company might also set a goal for reducing violations or incidents to improve conformance to regulations or standards. You can see an example dashboard showing these two KPI’s in the diagram shown below.

Key Performance Indicators for monitoring late tasks and monthly incidents. Traffic Light indicators provide a method for quickly showing progress to goals

Key Performance Indicators for monitoring late tasks and monthly incidents. Traffic Light indicators provide a method for quickly showing progress to goals.

Let’s take a closer look at this KPI dashboard. Both measurements are listed: Late Projects and Monthly Incidents. Notice that the date the measurement was made along with the actual performance data are displayed. We can see that for the month of May there were two late projects and five incidents. Then on the right we see a trend arrow (more on this below) and a traffic light, which give us a quick indication of performance to goal. Green is good and red is bad. Of course in order to set the traffic light to the correct state (green, yellow or red) we need some goals.

For example if there are less than two late projects each month the light will be green. If there are between two and four late projects we would consider that a yellow light (or caution). And if there were more than four late projects in a given month we would set the light to red.

When implemented properly, KPI’s monitor performance over a given time period (day, week, month, etc.) and provide a visual indication (traffic light, flag, etc.) of performance to goal. So let’s dig a bit deeper to better understand how to do it right.

Since a KPI measures performance over a given time period there must be historical data, trends and state changes. Let’s start with historical data. By clicking on the KPI dashboard we can see past measurements (shown below).

A report of historical KPI data shows an improving trend. An email is automatically sent in May when the light changes state.

We can see from the historical data that the trend is moving from bad to good and that in May there was a state change to red and yellow respectively. This system is set up to automatically send an email to the KPI Owner whenever there is a state change.

Emails are automatically sent when the light changes state. This shows a notification indicated that a things are getting worse given the light changed from green to yellow.

Emails are automatically sent when the light changes state. This shows a notification indicated that things are getting worse given the light changed from green to yellow.

Also if you look back at the KPI Dashboard you see the Trend arrow is green and down. Down indicates that we have fewer late projects than in the previous reporting period. The arrow is green, which indicates that this is a ‘good’ or desirable trend.

In summary, setting up Key Performance Indicators that monitor your performance to goals is a good way to ‘Check’ that your processes are working properly. It also eliminates the need to perform manual audits of
a given operation reducing labor costs. The next step in this closed-loop process is ‘Tracking Problems’.

Next time: We’ll take an in depth look at the ‘Tracking Problems’ step.

Read Read Part I, III and IV.

Sal Lucido is Vice President, Enterprise Solutions at AssurX, Inc. You can follow him at http://twitter.com/ComplianceTips

Filed Under: Electric Reliability, FDA Regulated, Regulatory, Risk Management, Sal Lucido Tagged With: Electric Reliability, FDA, GMP, NERC, Regulatory Compliance, Risk Management

The Top 10 FERC Enforceable Standards in 2009

April 21, 2010 By Tamar June 4 Comments

We knew it was coming. FERC enforcement actions picked up significantly in 2009. But what surprised us most was the eye-popping 214 violations for PRC-005-1.

Top 10 FERC Enforceable Standards of 2009

So, what exactly is PRC-005-1?

Simply put, the NERC PRC-005-1 standard says (but is not limited to the following – see below for link/download of standard):

Owners of generation Protection Systems shall have a maintenance and testing program for all protection devices that affect the reliability of the Bulk Electric System (BES).
The program must include a maintenance and testing interval for each type of device and the basis used for determining that interval.
The owner must provide documentation of its system maintenance and testing program and the implementation of that program to its Regional Reliability Organization on request within 30 calendar days.
The program must provide the evidence that each Protection System device was maintained and tested within the defined intervals including the last tested/maintained date.

You can download the NERC PRC-005-1 Standard here.

Why has complying with PRC-005-1 been such a challenge to utilities?

The legacy of the unregulated past of both small and large utilities has left them with islands of disconnected data related to physical devices and assets that have an affect on the BES. This data consists primarily of work orders, maintenance activities, test results and supporting evidentiary documentation. Unfortunately, all of this data tends to reside in disparate systems such as ERP, spreadsheets, hard copies, custom databases, test systems, etc., and are typically spread across various departments and facilities in the enterprise. If a utility is found in non-compliance with the NERC Standard during an audit, it can result in fines from the tens to hundreds of thousands of dollars.

Achieving compliance with PRC-005-1

As daunting a challenge this might sound, there is a cost effective and simple solution that provides a central hub for real-time visual compliance to NERC PRC Standards. CATSWeb ER seamlessly integrates data from dozens of differing sources into a single repository and creates logical relationships amongst this data to perform measurements and analytics in real-time dashboards. This provides a visual status of PRC compliance of all devices and assets across the enterprise. Users also get real-time alerts and notifications as trends towards non-compliance occur, well before a state of non-compliance happens. The system also maintains a complete auditable history that’s ready for an audit of all devices, issues and actions in maintaining control and compliance.

Visit the NERC website to view enforcement actions, settlements and penalties.

Filed Under: Electric Reliability, Regulatory, Risk Management, Tamar June Tagged With: Electric Reliability, FERC, NERC, Regulatory Compliance, Risk Management, Tamar June

FDA Lifts Curtain on Inspection Process, Rationale

March 25, 2010 By Michael Causey 2 Comments

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Gotta give the FDA some credit here. In addition to its transparency initiative we’ve talk about before, the agency is also trying to remove some of the mystery about how it handles inspections and other inner workings at the FDA. From where I sit, it appears to be a sincere effort and I believe it is helping outsiders better understand what the FDA is trying to do – and how it is trying to do it.

For example, at the second in a new series of monthly online webinars, FDA’s Michael C. Rogers, deputy director, Office of Regional Operations, said today (March 25, 2010) tried to outline how an FDA inspection tends to work, and what drives inspectors before, during and after an inspection.

As an aside, Rogers also said that the agency currently has about 1,800 total inspectors across its full portfolio, though food gets the bulk of the bodies. He also said there will be more foreign inspections this year, and that the number should continue to grow.

Inspections are based on risk, Rogers said. In other words, the riskier the potential drug, device or food item, the more likely they will be inspected.

Most inspections are unannounced, Rogers said. Before they go on-site, the inspector on inspection team will look at previous inspection reports and identify what corrective actions were promised during prior inspections. They also prepare inspection tool kits with sampling equipment, info to drive inspection based on guidance documents and the Investigation Operations Manual. They also carry a camera to document evidence.

They also conduct “for cause” inspections driven by consumer complaints or other outside activity.

Typically, the inspection begins with a discussion with management to explain the purpose of the inspection, and they try to learn about the corporate structure and any changes made since last inspection. They also ask about complaints, positive tests or returns. Answers to those questions help FDA inspectors focus their on-site efforts.

Next, they go to the physical manufacturing area. They try to observe and understand the on-site process. They ask about acceptance criteria and want specifics on failures, especially the reasons.

Inspectors also draw a diagram of the facility showing the manufacturing process from start to finish. They’re looking for problems in the system and looking to identify critical control points in the manufacturing process.

FDA inspectors then identify procedures in place and assess if company is actually following them. They also look for controls in place to mitigate any contaminated products.

They also look at training and cleaning programs. They also watch employees while they are actually making the product.

If they find evidence of an adulterated product, they collect evidence based on inspector observations and collect samples to prepare their case for possible legal action in court.

At conclusion of inspection, the FDA team meets again with management. They then inform the top company official what is in the official Form 483. That form documents observations during the inspection but does not include final recommendations. They also ask for the firms corrective actions planned or in place to get into compliance.

These corrective actions are taken into account as agency formulates official recommendations.

After the inspection at the firm, the inspector develops a report back at the home office. It includes evidence collected and what the firm has already agreed to do about any shortcomings.

In some cases firms can offer voluntary corrections. But sometimes the agency decides it needs enforcement action such as a warning letter, and can also impose civil and/or monetary penalties.

The webinar was extremely popular. In fact, it “sold out” so many who tried to join it could not get in to the live event. There will be a recording available on Monday March 29.

UPDATE: Slides are now available from this event here in PDF format.

Filed Under: FDA Regulated, Food, Medical Devices, Michael Causey, Pharma/Biotech, Regulatory, Risk Management, Uncategorized, Warning Letters/Recalls Tagged With: CAPA, Complaint Handling, Corrective Action, FDA, Food Safety, Pharma, Quality Management, Regulatory Compliance, Risk Management

FDA Challenges Food Industry to Improve Risk Management, Quality Control

March 8, 2010 By Michael Causey 3 Comments

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

The FDA continues to signal that food enforcement is back in fashion.

Last week at a press-only briefing the agency tried to demonstrate its proactive side, saying it was “taking steps to protect the public following the early identification of Salmonella Tennessee in one company’s supply of hydrolyzed vegetable protein (HVP) and again last week the agency issued an open letter to the food industry calling for more transparent product labels.

So what’s it all mean?

We spoke recently with Kim Egan, partner in the law firm DLA Piper’s Product Liability practice, and a regular source for us on these and other FDA-related matters.

“The food industry is facing a “perfect storm” — high-profile food-borne illnesses continue to plague the global supply chain, prompting President Obama to create the Food Safety Working Group, and the First Lady has declared war on childhood obesity, including a focus on food industry marketing to children, “junk” food in public schools, and the nutritional content of school lunches,” Kim points out.

I happened to see the harrowing film “A Perfect Storm” at my sister’s house last week and if I am an official in the food industry, an expert like Kim using “Perfect Storm” and “Food Industry” in the same sentence would get my attention.

Kim notes that President Obama said in a March 2009 weekly radio address that “At a bare minimum, we should be able to count on our government keeping our kids safe when they eat peanut butter. That’s what Sasha eats for lunch.”

The Executive Memorandum announcing the First Lady’s Let’s Move campaign said that “[n]early one third of children in America are overweight or obese — a rate that has tripled in adolescents and more than doubled in younger children since 1980. “Taken together, the new Administration’s focus on food has in turn pushed FDA to renew efforts to improve food safety and more aggressively enforce existing food labeling regulations,” Kim adds.

It’s all part of a more active FDA across the board, Kim notes.

“FDA has stepped up enforcement of existing regulations. In August 2009, FDA reorganized its food oversight function and moved the Office of Foods into the Office of the Commissioner, giving food safety and food manufacturing enforcement greater visibility. FDA appears to be focusing particularly on health claims made by food manufacturers, such as its recent warning letter to General Mills that it had no scientific evidence to support cholesterol claims on Cheerios cereal,” Kim adds.

As Kim explains, FDA said that the General Mills claims that Cheerios reduced cholesterol meant that General Mills was advertising Cheerios as a drug, an unapproved one at that. FDA has also been focusing on health claims made by dietary supplements, the most notable examples of late being dietary supplement products that purported to be effective against the HINI virus. There is an effort underway to improve front-of-label nutrition information for all food packages, and Senator McCain introduced legislation in February 2010 to strengthen FDA authority to regulate dietary supplements.

Congress has had food safety legislation in the works for a couple of years now. Highlights of that bill include:

The Food Safety Modernization Act that is now making its way through Congress will require foreign suppliers to use “risk-based reasonably appropriate preventative controls” to prevent adulteration and reduce hazards.

FDA would be required to implement new food safety regulations within a year of enactment. FDA would also have two years from enactment to “expand the technical, scientific and regulatory capacity of foreign governments,” which could include multilateral agreements and international harmonization of the Codex Alimentarius. FDA would also be required to expend resources on foreign inspections.

Having said that, however, the majority of food-borne illness outbreaks since 2006 have been caused by domestic products or other products from North America , including fresh spinach, peanuts, jalapeno peppers, and tomatoes.

“In short, we can expect further pressure on food manufacturers to improve quality control,” Kim says. “We can also expect continued pressure on food manufacturers to adhere strictly to promotional and nutritional labeling requirements, and we can expect those requirements to change in some possibly meaningful respects in the coming years.”

For more information, request “The New FDA Drive for Food Safety” paper here:

Filed Under: FDA Regulated, Food, Michael Causey, Quality Management, Risk Management Tagged With: FDA, Food Safety, Michael Causey, Quality Management, Regulatory Compliance, Risk Management

UPDATE: FDA Signals Renewed Commitment to Risk Management

February 17, 2010 By assurx Leave a Comment

In Washington, D.C., experts tracking the political shifting sands often advise you to watch what someone does, not what they say. Applying that to the FDA suggests the agency is starting to take risk management enforcement a bit more seriously.

Here’s a good example. Earlier this week (Feb. 16) the agency approved a risk management program to inform healthcare providers and their patients about the risks of a class of drugs called Erythropoiesis-Stimulating Agents (ESAs) manufactured by Amgen Inc. The company’s risk management program or Risk Evaluation and Mitigation Strategy (REMS), requires health care professionals to provide their patients receiving an ESA with a Medication Guide that contains information for patients on how to safely use a drug.

And earlier this month, the agency requested a 23% hike in its budget to help it more aggressively pursue food, drug and device safety (plus its new tobacco initiative).

More action and more dollars could add up to a more active FDA in 2010.

Make sure to read our previous post: Risk Management Matures Beyond the Spreadsheet

Filed Under: FDA Regulated, Regulatory, Tamar June Tagged With: FDA, Regulatory Compliance, Risk Management

Tobacco, Food, eMDR, Transparency, More Staff Add Up to a Big 2009 for FDA – and 2010 Looks Even Bigger

December 22, 2009 By Tamar June Leave a Comment

The early part of the 21st century was a tough time for the FDA. Its budget was curtailed, it lost some important personnel, and the word “acting” kept appearing on people’s business cards.

But 2009 just might be going down in history as the Year of the FDA Turnaround.

In October, the agency announced a long-overdue hiring binge that signals an even stronger FDA is on tap for 2010.

Watch for the agency to get a bigger budget in the coming years – though much of that emphasis will be on the food side and perhaps less on the drug and device side. For FY 2010, the FDA requested a total budget of $3.2 billion. This amount is $511 million more than FY 2009 and represents a 19 percent increase — the largest ever in FDA history. They won’t get it all, but they’ll probably come close.

Here are some other FDA highlights in a big year:

FDA Finally Gets Tobacco

It took years of lobbying and a new President, but in June 2009 the FDA was given the power to regulate tobacco products. This is a huge victory for the agency. It remains to be seen how the FDA will use this new power, but its surge of activity in the second half of 2009 suggests they want to seize the initiative.

Lawrence Deyton, M.S.P.H., M.D., joined the U.S. Food and Drug Administration (FDA) on Sept. 14, 2009, as director of the agency’s new Center for Tobacco Products. He hit the ground running.

“Our objective is to use the best available science to develop and put into action effective public health strategies to reduce the enormous toll of illness and death caused by tobacco products,” Deyton said .

Deyton was also asked how the tobacco regulation differs from FDA’s regulation of drugs or medical devices?

“FDA’s regulatory role for drugs and medical devices is usually based on a safety and effectiveness standard. The tobacco act establishes a new standard: to regulate tobacco products based on a public health and population health standard.

Deyton noted that when FDA gets an application for a new drug to treat a disease, the agency normally considers studies of patients who have the disease. ”But when we get an application for a new tobacco product, the law tells us we have to consider whether permitting the product’s marketing protects the public health and we have to evaluate the effects of the product on the population as a whole. We’re directed to consider both users and nonusers, and whether our action might encourage people who don’t use tobacco products to begin using them, or encourage people who might otherwise quit to continue using them.”

Bottom-line: It was a huge turf battle victory for the FDA and increases the agency’s overall regulatory clout.

Risk Communications

The agency also took big strides forward in how it gets the word out to industry and the public regarding risk. In its Strategic Plan the agency spelled out its perceived role in communicating the risks of regulated product use, defining risk communication anew for a 21st century in which evolving technologies have enabled increased patient and consumer involvement in managing their health and well-being. The document defines the three key areas (science, capacity, and policy) in which strategic actions, in collaboration with relevant domestic and international stakeholders, can improve the generation, dissemination, and regulation of risk communication about regulated products. It also identifies and details 14 specific strategies.

“FDA is showing its commitment to the goals of the plan not just by identifying the strategies it will implement, but also by identifying over 70 actions the agency plans to take within the next few years to improve risk communication,” it says in the Strategic Plan. The document also identifies 14 of those actions that FDA plans to accomplish within the next 12 months.

Clearing Up Transparency

Echoing an Obama campaign promise to make government more open and accountable to taxpayers, the FDA also walked the walked and talked the talk with its new “transparency” initiative with public meetings in June and November. The agency also opened a blog that, so far, has had a fair amount of uncensored comment both pro and con about agency performance.

Here (Finally) Comes the eMDR Guidance

In August, the FDA unveiled their proposed guidance for ultimately mandating electronic submission of mandatory adverse event reports. It took a long time to come to fruition, and some are lobbying the agency to push it back another year or two, but the simple fact that it was released was a big deal in 2009.

Guidance on Presenting Risk Info

Before unveiling the eMDR rule, the agency also issued in May the important draft Guidance for Industry: Presenting Risk Information in Prescription Drug and Medical Device Promotion. The guidance is important on several levels, but perhaps the most important is that it addresses factors the FDA considers when evaluating ads and promotional labeling for prescription drugs, ads for restricted medical devices, and promotional labeling for all medical devices for their compliance with the Federal Food, Drug, and Cosmetic Act and relevant regulations.

In doing so, it cleared up a lot of confusion in the industry and signaled a revitalized FDA that was on the way back.

Putting The ‘Food’ Back In Food & Drug Administration

Responding in part to pressure from Congress and consumer groups over beef and other food contamination recalls, the FDA also revitalized its food enforcement in 2009, and this is also an area where the smart money says they’ll be even more active in 2010. In September, the agency capped a number of new food initiatives by unveiling a new reporting system that gives the agency new enforcement teeth when it comes to the food chain.

Here’s a prediction: FDA historians of the future are probably going to see 2009 as the year the agency picked itself up off the ground and started to flex its regulatory muscle again.

Filed Under: FDA Regulated, Regulatory, Tamar June Tagged With: Electronic Medical Device Reporting, eMDR, FDA, Food Safety, Medical Devices, Pharma, Regulatory Compliance, Risk Management

Risk Management Matures Beyond the Spreadsheet

December 17, 2009 By Michael Causey 4 Comments

RiskMgmt150 Risk management is one of those terms that is often used a bit too loosely, warns AssurX’s Sal Lucido. “People say ‘risk management’ but it can mean very different things to people working at different parts of a company.”

For example, the finance and accounting department focuses on documenting and managing risks associated with business financial transactions and reporting as governed by Sarbanes-Oxley (SOX). The information technology group (IT) focuses on cyber security risks, which involves processes such as identity and access management, threat and vulnerability management, and configuration control. The regulatory compliance group is concerned with meeting government regulations, laws and standards applicable to their industry. For example medical device companies must meet regulations imposed by the FDA regarding such activities as quality and incident management. Energy companies must abide by national and state mandated regulations established by NERC, FERC and their respective regions. Noncompliance can lead to fines that sometimes total in the millions.

Across these industries “the Federal Government is actively auditing and levying large fines for those companies found to be out of compliance. The bar is being set higher each year and the penalties are becoming more severe.”

“Having a risk management system that is managed on paper and spreadsheets is just not going to cut it anymore.”

Sal has helped dozens of regulated companies in industries ranging from utilities to medical device manufacturers to better manage their corporate risk data and processes. And he’s observed that they have a lot in common when it comes to handling risk management. Based on his years of experience with many different firms working to address risk, he has some valuable observations and advice.

Across the board, “what we’ve been finding is that information associated with risk management is rarely made available to the departments that need access to it. For example, if the audit department had access to the identified risks and their risk levels, they could use this information to plan their audit activities aiming audits at those that pose the greatest liability to the company. ”

Companies are now looking for tools that “allow for secure collaboration” so that the risk information and data is readily available for all those who need to access it.

”Because each of these departments already have their own processes” companies are looking for applications that allow each group to maintain their own forms and workflows. “It’s critical to have an application that provides processes unique to each group while harmonizing the underlying data” so that each group can access what it needs, when it needs it.

Dashboards and Metrics in CATSWeb The other trend we are seeing is that companies are looking to move beyond just documenting risks and listing mitigation efforts. They are looking for enterprise applications that can manage the associated business processes. For example, risk assessment and mitigation efforts are tasks that need to be assigned to individuals or teams, with due dates and status updates. In order to ensure projects stay on track there is a need for escalation functionality that automatically emails the appropriate personnel when tasks become due and go late. These activities also have associated workflows and approval routings that need to be managed via software. Of course this type functionality goes well beyond the capabilities of simple risk tracking software and spreadsheets.

The other need we are seeing is related to reports and dashboards. Department and process managers are looking for reports that show risk levels, heat maps, late reports and so forth. The executive staff is looking for enterprise dashboards that report on the state of compliance throughout the organization using easy to read traffic light and gauge or thermometer formats.

Finally the solution should also be flexible enough to integrate with data and systems that are already being used within the company. For example, if a system is already being used to document the status of key risk indicators (KRI’s) such as violations or incidents, “that data should be reported within (and accessible from) the risk management system.”

In conclusion, managing risk across the corporation means something different to each department yet it requires the entire organization to work together. It involves documenting and sharing risk data across the enterprise, managing workflows and tasks, while handling escalation and reporting. Yes, risk management has matured beyond the spreadsheet.

Sal Lucido is VP of Enterprise Solutions at AssurX, Inc.

Filed Under: Electric Reliability, Featured, Regulatory, Risk Management, Sal Lucido Tagged With: Regulatory Compliance, Risk Management, Sal Lucido

How Secure is Your Data in a SaaS Environment?

April 15, 2009 By Karl Kleinkauf 1 Comment

In the IT world, there is ever that security pendulum that either seems to move toward ease of use or toward restrictive control. Users typically tend towards the “ease of use” end of the spectrum because who wants to remember yet another password? And who wants to install complicated VPN software or jump through extra authentication hoops? Conversely, IT folks (like me) tend to believe in restrictive control, in complicated passwords as possible, extra authentication hoops and logging everything that happens over an established connection.

With the advent of SaaS (Software as a Service), security becomes all the more critical in terms of both the user of the service and the administrator of the environment providing that service. The beautiful thing about SaaS offerings like CATSWeb is that they are completely web based through HTML. This makes life much easier for all parties. From the user side, CATSWeb requires no special VPN software, nothing downloaded to the client computer and no local certificate store to verify a user’s identity only a web address and a password. From the IT standpoint, all machines involved in providing CATSWeb SaaS are completely locked down to two ports of traffic; an IT dream come true. Users will either be coming into a hosted CATSWeb environment via HTTP (port 80) or HTTPS (port 443). For securing a server to the world, only having to deal with two ports is about as simple a scenario as exists in the IT industry.

Because CATSWeb traffic is only on two ports, our servers are locked down completely, with those two ports being monitored constantly through the firewall, protected by live scanning anti-virus solutions and safeguarded by managed IDS (Intrusion Detection) systems. Add to that all web traffic is logged from start to finish and you’ve got as bulletproof a server system as can be found. And then we get to CATSWeb itself.

Within CATSWeb, AssurX has included additional security tools to ensure that your data is safe. First, each customer company has their own unique, individual database not shared by anyone else. If a customer chooses to require SSL for accessing their CATSWeb database, this ensures that all traffic to and from that database is encrypted. System access is automatically logged for easy review, including the IP address from where the traffic originated.

The rest we leave up to users. I guess that’s where CATSWeb SaaS becomes a two-pendulum system. The “server security pendulum” we’ve chosen to swing as far toward restrictive control as possible. The “user access pendulum” we leave to the users of CATSWeb. An administrator in a CATSWeb system can set their own requirements for passwords for their users, establish their own session parameters such as session length and inactivity timeouts and much, much more. This will allow any given SaaS CATSWeb system to have security anywhere along the user access pendulum, from easy to restrictive, based on what your requirements are.

Filed Under: Featured, Karl Kleinkauf, Risk Management, SaaS & Cloud Computing, Security Tagged With: AssurX, CATSWeb, Karl Kleinkauf, Pharma/Biotech, Risk Management, SaaS, Security

How Secure is Your Data in a SaaS Environment?

March 17, 2009 By Karl Kleinkauf Leave a Comment

Filed Under: Featured, Karl Kleinkauf, Risk Management, SaaS & Cloud Computing, Security Tagged With: AssurX, CATSWeb, Risk Management, SaaS, Security

Savvy Compliance Strategy Part II – Checking Compliance

The Top 10 FERC Enforceable Standards in 2009

FDA Lifts Curtain on Inspection Process, Rationale

FDA Challenges Food Industry to Improve Risk Management, Quality Control

UPDATE: FDA Signals Renewed Commitment to Risk Management

Tobacco, Food, eMDR, Transparency, More Staff Add Up to a Big 2009 for FDA – and 2010 Looks Even Bigger

Risk Management Matures Beyond the Spreadsheet

How Secure is Your Data in a SaaS Environment?

How Secure is Your Data in a SaaS Environment?

News and Updates

Recent Posts

Webcasts and Events

AssurX Related Sites

AssurX Twitter Feed

AssurX Categories

AssurX Archive

Site Admin

Useful Links

AssurX

Other Links

Copyright

News and Updates

Recent Posts

Webcasts and Events

AssurX Related Sites

AssurX Twitter Feed

Tags

AssurX Categories

AssurX Archive

Site Admin

Useful Links

AssurX

Other Links

Copyright