RE: SUS server
From: richard boswell (richardboswell@hotmail.com)
Date: 04/09/03
- Previous message: Michael Turner: "RE: VPN and ISA server"
- Maybe in reply to: mhunt: "SUS server"
- Next in thread: Depp, Dennis M.: "RE: SUS server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "richard boswell" <richardboswell@hotmail.com> To: focus-ms@securityfocus.com Date: Wed, 09 Apr 2003 18:26:09 +0000
Since the topic of HIPAA and 21 CFR Part 11 has come up, does anyone know of
a good reference with respect to security for both topics? I have looked in
some places, maybe the incorrect ones, but I haven't discerned anything that
seems applicable to my particular company (which is Healthcare, so you would
think that I would have to find something somewhere). Any help is
appreciated.
Richard Boswell
Corporare Network Manager
Symbion Healthcare
>From: "Brian W. Spolarich" <bspolarich@nephrostherapeutics.com>
>To: "Evan Mann" <emann@pinnaclefinancial.com>,<focus-ms@securityfocus.com>
>Subject: RE: SUS server
>Date: Tue, 8 Apr 2003 11:14:12 -0400
>
>Evan Mann wrote:
> > I've read the 21 CFR Part 11 spec and no where in the documents I've
> > read does it make indications as to what controls you need on your
> > systems in terms of updates to your OS and OS related files. 21CFR
> > Part 11 is all about document control and/or electronic signatures on
> > resources related to your medical business, not what can or cannot be
> > done to the operating system itself.
>
> Typically the issue arises in controlled and regulated environment where
>systems and applications that fall under regulatory scope (21 CFR Part 11
>and GxP in particular) need to be validated for their intended use. This
>typically requires a qualification process for the systems that the
>applications are deployed on (Installation Qualification, Operational
>Qualification, and Performance Qualification [IQ/OQ/PQ]), both server and
>client depending on the architecture, and a detailed and documented
>validation of the applications themselves.
>
> If you apply OS patches in an uncontrolled manner, you wind up with
>validation exposures. e.g. "How do you KNOW the application continues to
>behave as expected after you applied the patch? Did you test it?" So in
>these environments patches tend to be applied less often an usually en
>masse. I suspect many folks use the Service Pack releases as the
>opportunity to do that, and only deploy critical interim patches when
>absolutely necessary.
>
> In those environments, the very incremental approach that SUS takes is
>probably not a Good Thing.
>
> -bws
>
>----------------------------------------------------------------------
>Block Spam, Smut & Viruses
>SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
>technology including filtering embedded and attached file content. Rid your
>enterprise of unwanted content.
>http://www.securityfocus.com/SurfControl-focus-ms2
>Download your free fully functional trial, complete with 30-days of free
>technical support.
>----------------------------------------------------------------------
>
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
- Previous message: Michael Turner: "RE: VPN and ISA server"
- Maybe in reply to: mhunt: "SUS server"
- Next in thread: Depp, Dennis M.: "RE: SUS server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
