Adobe Sign and 21 CFR Part 11

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Adobe Sign and 21 CFR Part 11"

Transcription

1 Adobe Sign and 21 CFR Part 11 Today, organizations of all sizes are transforming manual paper-based processes into end-to-end digital experiences speeding signature processes by 500% with legal, trusted electronic signatures. Adobe Sign enables life science organizations to digitize signing processes from document creation, collaboration, and execution to archiving and management while securely handling large volumes of e-signature processes including: Table of contents 1: Overview of 21 CFR Part 11 2: Controls for closed systems 6: Controls for open systems 6: Requirements for executing electronic signatures 10: Work with the digital document leader Managing user identities with role-based authentication Certifying document integrity Verifying e-signatures Maintaining audit trails Integrating with critical business apps and enterprise systems Adobe Sign meets or can be configured to meet compliance requirements for many industry and regulatory standards, including United States (U.S.) Federal Regulation Title 21, Chapter 1, Part 11 commonly referred to as 21 CFR Part 11. Backed by hundreds of security features, processes, and controls, Adobe Sign is compliant with rigorous security standards, including SOC 2 Type 2 (Security & Availability), ISO 27001:2013, PCI DSS, and SAFE-BioPharma. This paper presents a detailed explanation of how Adobe Sign complies with 21 CFR Part 11. For additional technical detail on applicable information system controls in place, the latest Adobe Document Cloud SOC 2 Type 2 attestation report is available upon request from your Adobe account representative. Overview of 21 CFR Part CFR Part 11 defines the requirements for electronic document and signature submissions to the U.S. Food and Drug Administration (FDA). This law specifically details FDA regulations for electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper. 21 CFR Part 11 mandates that life science organizations using electronic signatures meet three distinct categories of compliance requirements: 1. Security for closed systems 2. Security for open systems 3. Requirements for executing an electronic signature Under 21 CFR Part 11, a system is defined as either closed or open. A closed system is an environment in which system access is controlled by the individuals who are responsible for the content of the electronic records that are in the system. Conversely, an open system is an environment in which system access is not controlled by individuals who are responsible for the content of electronic records that are in the system. Adobe Sign is generally considered to be an open system; however, customers can also create a closed system for their organization where the customer administrators manage system access and individual users are responsible for the contents of the electronic records.

2 To better understand the compliance requirements of 21 CFR Part 11, the following sections provide detailed summaries of each regulatory clause and how Adobe Sign can be configured to comply with each element. Controls for closed systems Section Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: Subsection 11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern valid or altered records. Adobe Sign implements strict system-level controls combined with document-level controls to ensure that documents have not been tampered with or altered without authorization during and after signing events. All documents are digitally sealed with an Adobe Certificate to provide proof of authenticity for the document when viewed through any PDF viewer. For additional technical detail, please see the Identity and Access Management (IAM), Backup Management (BM), and Systems Monitoring (SM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. Subsection 11.10(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the FDA. Adobe Sign provides the ability for authorized users to retrieve digitally signed copies of documents for review, and also provides a system-generated digital audit history of signing events as well as a certificate of completion. The complete version history of the signing process is captured and maintained securely within encrypted storage in the service to allow complete playback of the signature transaction from initiation to completion. All documents are made available in PDF format and can be viewed with a PDF viewer. Subsection 11.10(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period. All Adobe Sign documents are encrypted and stored securely on servers in state-of-the-art data centers managed by trusted cloud service providers. A complete audit history is maintained, including dates, times, and who accessed documents. Documents can be downloaded by authorized users at any time during the retention period through a web browser. For additional technical detail, please see control activity DM in the latest Document Cloud SOC 2 Type 2 attestation report and ISO 27001:2013 annex controls A and A

3 Subsection 11.10(d) Limiting access to authorized individuals. Access to the Adobe Sign service is limited to users authorized by the customer system administrator. This ensures that only individuals authorized by the system administration are able to send out and view contents of electronic records. For signers, Adobe Sign supports separate identity verification and data-access authorization scenarios. Identity verification Adobe Sign supports several different forms of identity verification. An organization s account can be set up by the system administrator to mandate the use of any one of the following types of signer identity verification. The signer is prompted to verify their identity with the specified identity-verification method before they can access the document. There are five ways to verify the signer s identity: Digital certificate Adobe Sign may be used in conjunction with any of the leading providers of PKI digital certificates. Such certificates provide the highest possible security in ensuring signer identity as well as compliance with 21 CFR Part 11. Signing password This verification option requires that the signer enter a unique password before being allowed to sign an agreement. The password is set in advance by the person sending the document, and must be communicated to the signer(s) via a different communication system (e.g., mobile phone) before they can access the document. Knowledge-based authentication (KBA) This is a higher level of authentication in which the signer is asked a number of personal questions based on records kept in conjunction with their social security number, e.g., What is your mother s maiden name? The signer must answer all questions correctly or cannot sign the agreement. This option is currently only available for signers in the United States. Adobe Sign partners with LexisNexis to provide this capability. Web identity authentication This authentication method requires the signer to verify their identity by signing in to their account through one of the following services: Facebook, Google, LinkedIn, Twitter, Yahoo, or Microsoft Live. The public profile of the signer is captured as part of the audit history of the document. Signing in to Adobe Sign This verification option requires signers to log in to Adobe Sign with their username and password before being able to view or sign an agreement. Data access authorization Access to electronic records provided through Adobe Sign can also be restricted by placing a password on all signed documents. This option protects all PDF versions of the document. Any copy of the document is encrypted and is unable to be viewed until the password is supplied. Passwords must be communicated via a different communication system (e.g., mobile phone) to all relevant parties before they can open the document. These passwords are embedded into the PDF and are separate from the passwords used to log into Adobe Sign. Adobe Sign cannot recover document passwords. For additional technical detail, please see the Identity and Access Management (IAM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. Subsection 11.10(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Any actions that result in the creation, modification, or deletion of an electronic record are audited and logged in the system. The audit information captures the date-time stamp of the action, the user ID of the person performing the action, the IP address from where the action was performed, and the geolocation (if available). The audit information is maintained in the secure system by Adobe Sign throughout the lifecycle of the documents. For additional technical detail, please see the Systems Monitoring (SM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. 3

4 Subsection 11.10(e) Record changes shall not obscure previously recorded information. All actions pertinent to electronic records are logged in the system and maintained by the system. At every step of the process where an electronic record can be potentially modified, the system maintains a snapshot of the state of the record before and after the action. This allows complete recreation of the history of the electronic record. Subsection 11.10(e) Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for FDA review and copying. Adobe Sign retains the complete audit history of the document for all transactions within the system. The audit records are maintained throughout the lifecycle of the electronic records. If records are archived, a digital audit history for each record is also available. Audit history is viewable electronically through the web browser and also available as a PDF document. The audit history is also digitally stamped with the Adobe Certificate to ensure that the history is tamper-proof. The record retention period is indefinite unless otherwise specified by the customer. For additional technical detail, please see the Systems Monitoring (SM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. Subsection 11.10(f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. The Adobe Sign service allows organizations to define business processes, including sequencing of steps and events, as appropriate for their electronic records. These steps can be enforced throughout the organization to ensure consistency and compliance. Subsection 11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. The Adobe Sign service can be accessed only by individuals authorized by the account administrator for an organization. In addition, the system can be restricted to limit signing authority for electronic records to select individuals within an organization. The identity of the signer can also be verified using one of the mechanisms supported by the service (see Subsection 11.10(d) ). An individual signer receives a secure URL link through when required to sign an agreement, and in addition to the URL link, the signer also needs to verify identity with the identity verification method required for the transaction. For additional technical detail, please see the Identity and Access Management (IAM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. 4

5 Subsection 11.10(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. No external devices can be connected directly to the Adobe Sign service. All user access to the service is through a secure web browser session. For additional control, system administrators can also define the sources of data input for electronic records. For additional technical detail, please see control activities NO and IAM in the latest Document Cloud SOC 2 Type 2 attestation report. Subsection 11.10(i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. Customers are responsible for defining the Standard Operating Procedure (SOP) for their organization and training their employees according to these defined procedures. Adobe Sign provides standard administrative and user training that can be adapted for specific organizational needs. For additional technical detail, please see control activities TA and TA in the latest Document Cloud SOC 2 Type 2 attestation report. Subsection 11.10(j) Written policies shall be established that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. Customers are responsible for defining and documenting the SOP for their organization pertaining to electronic records and signatures. Adobe Sign client success and support representatives can assist the account administrators in configuring their accounts per their defined policies to ensure that individuals actions are limited per customer needs. It is the customer s responsibility to ensure that individual employees are properly trained. Subsection 11.10(k)(1) Use of appropriate controls shall be established over systems documentation, including adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. Customers are responsible for defining and maintaining access to their SOP documentation. For service-level changes that Adobe Sign performs, such as system maintenance, upgrades, and enhancements, Adobe Sign employs strict change-control practices to ensure that existing customer configurations are maintained. For additional technical detail, please see the Change Management (CHM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. 5

6 Subsection 11.10(k)(2) Use of appropriate controls shall be established over systems documentation, including revision and change-control procedures to maintain a digital audit history that documents time-sequenced development and modification of systems documentation. Customers are responsible for defining and maintaining access to their SOP documentation. For service-level changes that Adobe Sign performs, such as system maintenance, upgrades, and enhancements, Adobe Sign maintains strict change-control practices to ensure that existing customer configurations are maintained. All system modifications are tested and validated on multiple internal systems before they get rolled out to the production environment, with pass/fail criteria defined for each stage. For additional technical detail, please see the Change Management (CHM) control activities section in the latest Document Cloud SOC 2 Type 2 attestation report. Controls for open systems Section The company shall employ procedures and controls designed to ensure the authenticity, integrity, and confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10, as appropriate and additional measures such as document encryption. In addition to all the controls highlighted in Section 11.10, Adobe Sign encrypts all electronic records at rest. All documents retrieved from Adobe Sign are protected with a tamper-evident digital seal to ensure integrity of the document. For additional technical detail, please see control activity DM in the latest Document Cloud SOC 2 Type 2 attestation report and ISO 27001:2013 annex controls A and A Requirements for executing electronic signatures Subsection 11.50(a) Signed electronic records shall contain information associated with the signing that clearly indicates the printed name of the signer, the date and time when the signature was executed, and the meaning (such as review, approval, responsibility, or authorship) associated with the signature. Every document signed with Adobe Sign automatically includes the name of the signer, the date and time of the signature, and the action performed by the user. In addition, the signature manifestation within the document includes a link to a web-based record of the complete audit trail for the electronically signed record. The audit history maintains additional information about each signer. The audit history can also be attached and included with the signed electronic record. Subsection 11.50(b) The items identified in Subsection 11.50(a) shall be subject to the same controls as those for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout). The complete audit record for an electronic transaction is available in electronic format as a PDF. The audit record is also digitally sealed with an Adobe Certificate to ensure its integrity. 6

7 Section Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. Adobe Sign maintains transactional integrity of the electronic record and the signatures associated with the electronic record. The service maintains strict operational and access controls to prevent tampering with electronic records to ensure that signatures cannot be excised, copied, or transferred. Subsection (a) Each electronic signature shall be unique to one individual and not reused by, or reassigned to, anyone else. Each user is uniquely identified within the system with their address. A signature is associated with a single user within the system. Adobe Sign can require each user to generate their own signature using a mouse (or finger) gesture to guarantee uniqueness of the signature. Subsection (b) Before an organization establishes, assigns, certifies, or otherwise sanctions the individual s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. Adobe Sign offers a variety of methods for verifying the identity of the signer prior to electronically signing the agreement. The mechanism available is listed in Subsection 11.10(d). An account can be configured to ensure that the right level of identity verification is mandated based on the organization s defined SOP. Subsection (c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the FDA that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. Prior to completing the signing process, users are presented with the terms of use and consumer disclosures, which they are required to accept before completing and electronically signing a document. The system can be configured to require users to explicitly accept and acknowledge the terms of use and consumer disclosures. For additional technical detail, please see control activity DM in the latest Document Cloud SOC 2 Type 2 attestation report. Subsection (c)(2) Persons using electronic signatures must, upon FDA request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer s handwritten signature. Adobe Sign s electronic signatures are legally binding and compliant with electronic signature regulations. Customers need to independently perform additional validations with the FDA. Adobe Sign assists customers with any additional documentation pertaining to the service as needed. Subsection (a)(1) Electronic signatures that are not based upon biometrics shall employ at least two distinct identification components such as an identification code and password. As described in Subsection 11.10(d), Adobe Sign employs a variety of methods to support identity verification of the signer. For an electronic signature, each signer receives a unique URL that includes an identification code sent to the signer s address. In addition to the unique URL, the signer must uniquely identify their identity based on the required mechanism specified for the electronic signature. 7

8 Subsection (a)(1)(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components. Subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. Account administrators for the Adobe Sign service can set up accounts for users within their organization that need to electronically sign records. Each user is required to set up a unique password for their account before being able to use the service to electronically sign contracts and other types of documents. When signing an agreement, each user receives a unique URL for each electronic signature transaction and is required to provide their unique Adobe Sign username and password before being able to sign an agreement. Subsection (a)(1)(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. Each signing requires users to authenticate with their unique username and password prior to signing an agreement. Subsection (a)(2) Electronic signatures that are not based upon biometrics shall be used only by their genuine owners. Each person using the system is required to have a unique username and password. Each organization is responsible for making sure that users are prevented from sharing their credentials with others. Subsection (a)(3) Electronic signatures that are not based upon biometrics shall be administered and executed to ensure that attempted use of an individual s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. Adobe Sign credentials are unique to each user, and organizational practices should prevent users from sharing their unique credentials. If business practices do require the credentials to be shared, such sharing requires collaboration between the two individuals. Establishing any security practices relevant to such sharing is the responsibility of the customer. Subsection (b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners. Adobe Sign provides biometrics through touchpad signatures. It ensures all the same controls are in place for biometric signers as for standard electronic signatures. 8

9 Section Section addresses controls for identification codes/passwords. The introductory text states: Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: Subsection (a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. Each user is uniquely identified within Adobe Sign by their address and must set a unique password for their Adobe Sign account and log in using their credentials. When signing a document, each user receives a unique URL for that particular document. This unique URL per user per document, combined with the user s credentials, ensures that no two individuals have the same combination of identification code and password. Subsection (b) Ensuring that identification code and password issuances must be periodically checked, recalled, or revised (e.g., to cover such events as password aging). Account administrators can configure the account to require users to change their password at a set regular interval. The configuration also enables minimum password lengths, a password-aging policy, and configuration of the number of failed attempts before a user s account is locked. Subsection (c) Following loss-management procedures to electronically de-authorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information. The system must issue temporary or permanent replacements using suitable, rigorous controls. It is the responsibility of the customer to develop and document loss-management policies and procedures. Customer-owned devices are outside the scope of the Adobe Sign service. Subsection (d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. Adobe Sign accounts can be configured by the account administrators to lock out users in the case of multiple unsuccessful password-entry attempts. Subsection (e) Initial and periodic testing of devices such as tokens or cards that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner. The Adobe Sign service does not provide devices that generate identification or password information. 9

10 Work with the digital document leader From the global leader in secure digital document solutions for more than 20 years, Adobe Sign is trusted and used by government agencies and Fortune 1000 companies worldwide. Backed by hundreds of security features, processes, and controls, Adobe Sign is certified compliant with rigorous security standards, including SOC 2 Type 2 (Security & Availability), ISO 27001:2013, PCI DSS, and SAFE-BioPharma. To learn more about how Adobe Sign can benefit your organization, contact your Adobe sales representative today at ADOBE. For more information Solution details: Adobe is pleased to provide information that can help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. Any information in this paper is not intended as legal advice and should not serve as a substitute for professional advice. You should consult an attorney regarding your specific legal questions. Adobe Systems Incorporated 345 Park Avenue San Jose, CA USA Adobe, the Adobe logo, and Acrobat are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners Adobe Systems Incorporated. All rights reserved. Printed in the USA. 10/17

Compliance Matrix for 21 CFR Part 11: Electronic Records

Compliance Matrix for 21 CFR Part 11: Electronic Records Compliance Matrix for 21 CFR Part 11: Electronic Records Philip E. Plantz, PhD, Applications Manager David Kremer, Senior Software Engineer Application Note SL-AN-27 Revision B Provided By: Microtrac,

More information

21 CFR PART 11 COMPLIANCE

21 CFR PART 11 COMPLIANCE 21 CFR PART 11 COMPLIANCE PRODUCT OVERVIEW ADD-ONS & INDIVIDUAL SOLUTIONS PLA SUPPORT CONTRACT TRAINING CONSULTING 21 CFR PART 11 COMPLIANCE PLA 3.0 Software For Biostatistical Analysis PLA 3.0 21 CFR

More information

COMPLIANCE. associates VALIDATOR WHITE PAPER. Addressing 21 cfr Part 11

COMPLIANCE. associates VALIDATOR WHITE PAPER. Addressing 21 cfr Part 11 VALIDATOR WHITE PAPER Addressing 21 cfr Part 11 Compliance Associates 1 1 INTRODUCTION 21 CFR Part 11 has been become a very large concern in the pharmaceutical industry as of late due to pressure from

More information

OpenLAB ELN Supporting 21 CFR Part 11 Compliance

OpenLAB ELN Supporting 21 CFR Part 11 Compliance OpenLAB ELN Supporting 21 CFR Part 11 Compliance White Paper Overview Part 11 in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting electronic records

More information

WHITE PAPER AGILOFT COMPLIANCE WITH CFR 21 PART 11

WHITE PAPER AGILOFT COMPLIANCE WITH CFR 21 PART 11 WHITE PAPER AGILOFT COMPLIANCE WITH CFR 21 PART 11 with CFR 21 Part 11 Table of Contents with CFR 21 Part 11 3 Overview 3 Verifiable Support for End-User Requirements 3 Electronic Signature Support 3 Precise

More information

NucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11)

NucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11) NucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11) A ChemoMetec A/S White Paper March 2014 ChemoMetec

More information

REGULATION ASPECTS 21 CFR PART11. 57, av. Général de Croutte TOULOUSE (FRANCE) (0) Fax +33 (0)

REGULATION ASPECTS 21 CFR PART11. 57, av. Général de Croutte TOULOUSE (FRANCE) (0) Fax +33 (0) REGULATION ASPECTS 21 CFR PART11 57, av. Général de Croutte - 31100 TOULOUSE (FRANCE) - +33 (0)5 34 47 40 00 - Fax +33 (0)5 34 47 43 01 Trademarks All names identified by are registered trademarks of the

More information

The Impact of 21 CFR Part 11 on Product Development

The Impact of 21 CFR Part 11 on Product Development The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical

More information

21 CFR Part 11 FAQ (Frequently Asked Questions)

21 CFR Part 11 FAQ (Frequently Asked Questions) 21 CFR Part 11 FAQ (Frequently Asked Questions) and Roles and Responsibilities for Assessment of METTLER TOLEDO STAR e Software Version 16.00, including: - 21 CFR 11 Compliance software option for Compliance

More information

Sparta Systems TrackWise Solution

Sparta Systems TrackWise Solution Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA

More information

Electronic Data Processing 21 CFR Part 11

Electronic Data Processing 21 CFR Part 11 Live Webinar on How Does Compliance with 21 CFR Part 11 Ensure Data Integrity & Subject Safety in Clinical Research Wednesday, 19 June 2013 at 10:00 AM PST / 01:00 PM EST ByCharles H. Pierce, MD, PhD,

More information

21 CFR Part 11 LIMS Requirements Electronic signatures and records

21 CFR Part 11 LIMS Requirements Electronic signatures and records 21 CFR Part 11 LIMS Requirements Electronic signatures and records Compiled by Perry W. Burton Version 1.0, 16 August 2014 Table of contents 1. Purpose of this document... 1 1.1 Notes to version 1.0...

More information

Guidelines for applying FactoryTalk View SE in a 21 CFR Part 11 environment

Guidelines for applying FactoryTalk View SE in a 21 CFR Part 11 environment FactoryTalk View Site Edition (SE) Complying with 21 CFR Part 11: Electronic Records & Signatures Guidelines for applying FactoryTalk View SE in a 21 CFR Part 11 environment Doc ID FTALK-WP003C-EN-E Page

More information

Using Chromeleon 7 Chromatography Data System to Comply with 21 CFR Part 11

Using Chromeleon 7 Chromatography Data System to Comply with 21 CFR Part 11 WHITE PAPER 80078 Using Chromeleon 7 Chromatography Data System to Comply with 21 CFR Part 11 Author Shaun Quinn, Marketing Manager Informatics and Chromatography Software, Thermo Fisher Scientific Keywords

More information

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11 Technical Note 54 Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11 The Electronic Records and Signatures Rule 1, known as 21 CFR Part 11, was established by the U.S. Food

More information

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11 Page 1 /16 System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11 System: Touch Control for Titrando (Software version 5.840.0150) Page 2 /16 1 Procedures

More information

Meeting regulatory compliance guidelines with Agilent ICP-MS MassHunter and OpenLAB Server

Meeting regulatory compliance guidelines with Agilent ICP-MS MassHunter and OpenLAB Server Meeting regulatory compliance guidelines with Agilent ICP-MS MassHunter and OpenLAB Server White Paper Overview The United States Pharmacopoeia (USP) and the International Council for Harmonisation of

More information

Guidance for a 21 CFR Part 11 implementation on Microsoft Office SharePoint Server 2007

Guidance for a 21 CFR Part 11 implementation on Microsoft Office SharePoint Server 2007 Guidance for a 21 CFR Part 11 implementation on Microsoft Office SharePoint Server 2007 May 2007 Microsoft Health and Life Sciences Microsoft Consulting Services Table of Contents Introduction... 3 Table

More information

OM-MICROLITE-8 AND OM- MICROLITE-16 DATA LOGGERS AND OM-MICROLAB

OM-MICROLITE-8 AND OM- MICROLITE-16 DATA LOGGERS AND OM-MICROLAB User s Guide Shop online at omega.com e-mail: info@omega.com For latest product manuals: omegamanual.info OM-MICROLITE-8 AND OM- MICROLITE-16 DATA LOGGERS AND OM-MICROLAB And DatPass Administration Software

More information

Electronic and digital signatures in Adobe Sign for government.

Electronic and digital signatures in Adobe Sign for government. Electronic and digital signatures in Adobe Sign for government. Adobe Sign lets you comply with local and international regulations using one scalable signature solution. A White Paper September 2017 TABLE

More information

AlphaTrust PRONTO - Transaction Processing Overview

AlphaTrust PRONTO - Transaction Processing Overview AlphaTrust PRONTO - Transaction Processing Overview 1 / 16 Table of contents Transaction Processing Overview... 3 Product Overview... 4 Transaction Processing... 6 Commentary... 8 Document Format Requirements...

More information

CERTIFICATE POLICY CIGNA PKI Certificates

CERTIFICATE POLICY CIGNA PKI Certificates CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...

More information

Complying with FDA's 21 CFR Part 11 Regulation

Complying with FDA's 21 CFR Part 11 Regulation Complying with FDA's 21 CFR Part 11 Regulation A Secure Time Management Primer This report was prepared by the Washington Bureau of Larstan Business Reports, an independent editorial firm based in Washington,

More information

ABB Limited. Table of Content. Executive Summary

ABB Limited. Table of Content. Executive Summary 21 CFR Part 11 Electronic Records; Electronic Signatures Guidance for Industry Scope of Application Position Paper: A Summary and Interpretation of the Guidance Note: This document has been prepared based

More information

Virtual Machine Encryption Security & Compliance in the Cloud

Virtual Machine Encryption Security & Compliance in the Cloud Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture

More information

SAFE-BioPharma RAS Privacy Policy

SAFE-BioPharma RAS Privacy Policy SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what

More information

Adobe Document Cloud esign Services. for Salesforce Version 17 Upgrade Guide

Adobe Document Cloud esign Services. for Salesforce Version 17 Upgrade Guide Adobe Document Cloud esign Services for Salesforce Version 17 Upgrade Guide 2015 Adobe Systems Incorporated. All Rights Reserved. Last Updated: August 25, 2015 Table of Contents Upgrading from a previous

More information

21 CFR Part 11 Fundamentals

21 CFR Part 11 Fundamentals 21 CFR Part 11 Fundamentals By Praxis Life Sciences 1925 West Field Court, Suite 125, Lake Forest, IL 60045 praxislifesciences.com +1(847) 295-7160 validationcenter.com 21 CFR Part 11 Fundamentals Copyright

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective

More information

PayThankYou LLC Privacy Policy

PayThankYou LLC Privacy Policy PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the

More information

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative

More information

MySign Electronic Signature

MySign Electronic Signature MySign Electronic Signature Advisory Circular Compliance Matrix FAA AC 120 78A Dated 06/22/16 1 Table of Contents Table of Contents 2 Purpose 3 FAA Acceptance 3 Non Requirement for Approval 3 2-2 Electronic

More information

FPKIPA CPWG Antecedent, In-Person Task Group

FPKIPA CPWG Antecedent, In-Person Task Group FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

Table of Contents. PCI Information Security Policy

Table of Contents. PCI Information Security Policy PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology

More information

Implementing Electronic Signature Solutions 11/10/2015

Implementing Electronic Signature Solutions 11/10/2015 Implementing Electronic Signature Solutions 11/10/2015 Agenda Methodology, Framework & Approach: High-Level Overarching Parameters Regarding Electronic Service Delivery Business Analysis & Risk Assessment

More information

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4 Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision

More information

Secure Government Computing Initiatives & SecureZIP

Secure Government Computing Initiatives & SecureZIP Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS

More information

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Multi-factor authentication enrollment guide for Deloitte client or business partner user Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte client or business partner user What is multi-factor authentication (MFA) and how

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016 Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

IBM i Version 7.2. Security Digital Certificate Manager IBM

IBM i Version 7.2. Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information

More information

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup

More information

Security Policies and Procedures Principles and Practices

Security Policies and Procedures Principles and Practices Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability

More information

GUESTBOOK REWARDS, INC. Privacy Policy

GUESTBOOK REWARDS, INC. Privacy Policy GUESTBOOK REWARDS, INC. Privacy Policy Welcome to The Guestbook and Gopher, the online and mobile services of Guestbook Rewards, Inc. ( The Guestbook, we, or us ). Our Privacy Policy explains how we collect,

More information

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary

More information

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Data Processing Amendment to Google Apps Enterprise Agreement

Data Processing Amendment to Google Apps Enterprise Agreement Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.18 Effective Date: August 16, 2017 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

GM Information Security Controls

GM Information Security Controls : Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5

More information

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced

More information

Workday s Robust Privacy Program

Workday s Robust Privacy Program Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

Records Management and Retention

Records Management and Retention Records Management and Retention Category: Governance Number: Audience: University employees and Board members Last Revised: January 29, 2017 Owner: Secretary to the Board Approved by: Board of Governors

More information

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers AN IPSWITCH WHITEPAPER 7 Steps to Compliance with GDPR How the General Data Protection Regulation Applies to External File Transfers Introduction Stolen personal data drives a thriving black market for

More information

Baseline Information Security and Privacy Requirements for Suppliers

Baseline Information Security and Privacy Requirements for Suppliers Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

Information Security Management Criteria for Our Business Partners

Information Security Management Criteria for Our Business Partners Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Single Sign-On. Introduction

Single Sign-On. Introduction Introduction DeliverySlip seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single

More information

An Easy to Understand Guide 21 CFR Part 11

An Easy to Understand Guide 21 CFR Part 11 An Easy to Understand Guide 21 CFR Part 11 The Validation Specialists askaboutvalidation Connecting the Lifesciences An Easy to Understand Guide 21 CFR Part 11 Published by Premier Validation 21 CFR Part

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has

More information

IBM. Security Digital Certificate Manager. IBM i 7.1

IBM. Security Digital Certificate Manager. IBM i 7.1 IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in

More information

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate  Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Password Standard Version 2.0 October 2006

Password Standard Version 2.0 October 2006 Password Standard Version 2.0 October 2006 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 POLICY 4 3.2 PROTECTION 4 3.3 LENGTH 4 3.4 SELECTIONS 4 3.5 EXPIRATION 5 3.6

More information

HIPAA Compliance Checklist

HIPAA Compliance Checklist HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.

More information

ecare Vault, Inc. Privacy Policy

ecare Vault, Inc. Privacy Policy ecare Vault, Inc. Privacy Policy This document was last updated on May 18, 2017. ecare Vault, Inc. owns and operates the website www.ecarevault.com ( the Site ). ecare Vault also develops, operates and

More information

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber IBM Compliance Offerings For Verse and S1 Cloud 01 June 2017 Presented by: Chuck Stauber IBM Connections & Verse Email and collaboration platform designed to help you work better Empower people Teams are

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

Enterprise Income Verification (EIV) System User Access Authorization Form

Enterprise Income Verification (EIV) System User Access Authorization Form Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be

More information

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that

More information

Management: A Guide For Harvard Administrators

Management: A Guide For Harvard Administrators E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered

More information

Information Privacy Statement

Information Privacy Statement Information Privacy Statement Commitment to Privacy The University of Florida values individuals' privacy and actively seeks to preserve the privacy rights of those who share information with us. Your

More information

User Authentication Best Practices for E-Signatures Wednesday February 25, 2015

User Authentication Best Practices for E-Signatures Wednesday February 25, 2015 User Authentication Best Practices for E-Signatures Wednesday February 25, 2015 Agenda E-Signature Overview Legality, Authentication & Best Practices Role of authentication in e-signing Options and applications

More information

Executive Order 13556

Executive Order 13556 Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program

More information

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

Digi-Sign Certification Services Limited Certification Practice Statement (OID: ) Digi-Sign Certification Services Limited Certification Practice Statement (OID: 1.3.6.1.4.1.8420.1.3.6) In support of Digi-Sign CA as a Recognized Certification Authority December 2015 Copyright and Patent

More information

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

EU GDPR and  . The complete text of the EU GDPR can be found at  What is GDPR? EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing

More information

Technical Trust Policy

Technical Trust Policy Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality

More information

Adobe Document Cloud esign Services. for Salesforce Version 17 Installation and Customization Guide

Adobe Document Cloud esign Services. for Salesforce Version 17 Installation and Customization Guide Adobe Document Cloud esign Services for Salesforce Version 17 Installation and Customization Guide 2015 Adobe Systems Incorporated. All rights reserved. Last Updated: August 28, 2015 Table of Contents

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

The Honest Advantage

The Honest Advantage The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents

More information

Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY II. GENERAL PRIVACY GUIDELINES

Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY II. GENERAL PRIVACY GUIDELINES Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY Cookeville Communications Media is committed to maintaining robust privacy protections for its users. Our privacy policy is designed to help you

More information

VIEVU Solution Whitepaper

VIEVU Solution Whitepaper VIEVU Solution Whitepaper Introduction VIEVU Solution is the next generation, fully-hosted, cloud evidence management system. This whitepaper describes details about the system, settings, and functionality.

More information

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate

More information

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of

More information

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS INTRODUCTION: Before the California State Teachers Retirement System (hereinafter "CalSTRS," "We," or "Us") will provide services found at mycalstrs.com (the

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

SureClose Product Line

SureClose Product Line SureClose Product Line Release Notes 3.7 June 21, 2013 SureClose 3.7 Release Notes June 2013 1 Table of Contents Overview... 4 Post-Installation Considerations... 4 Features and Functionality... 6 New

More information

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS APPLICATION & INFRASTRUCTURE SECURITY CONTROLS ON THE KINVEY PLATFORM APPLICATION KINVEY PLATFORM SERVICES END-TO-END APPLICATION & INFRASTRUCTURE SERCURITY CONTROLS ENTERPRISE DATA & IDENTITY 2015 Kinvey,

More information

IT ACCEPTABLE USE POLICY

IT ACCEPTABLE USE POLICY CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan

More information

HIPAA Regulatory Compliance

HIPAA Regulatory Compliance Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health

More information

Server Security Checklist

Server Security Checklist Server identification and location: Completed by (please print): Date: Signature: Manager s signature: Next scheduled review date: Date: Secure Network and Physical Environment 1. Server is secured in

More information

3 rd Party Certification of Compliance with MA: 201 CMR 17.00

3 rd Party Certification of Compliance with MA: 201 CMR 17.00 3 rd Party Certification of Compliance with MA: 201 CMR 17.00 The purpose of this document is to certify the compliance of Strategic Information Resources with 201 CMR 17.00. This law protects the sensitive

More information