Services Providers. Ivan Soto

Size: px
Start display at page:

Download "Services Providers. Ivan Soto"

Transcription

1 SOP s for Managing Application Services Providers Ivan Soto

2 Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed Service providers Roles and Responsibilities Governance, monitoring i and oversight Service Level considerations Inspection Readiness Case Study: Promotional Materials System Implementation 2

3 Types of Managed Services Our Way Is the Way Keep process ownership, execute with supplier s people May be onsite or supplier s site (InSourcing, Offshoring) Go Away Hand everything to supplier to manage on your behalf Supplier owns processes over time (Outsourcing) Do It Their Way Move to supplier s standard processes and environment Processes common across multiple companies (SaaS) 3

4 Outsourcing Process Phase 1: Business Case Benefit & Risk Analysis Phase 2: Specification and Selection Baseline Specification Selection Contract Phase 3: Implementation Planning Implementation Transition Phase 4: Monitor Service Level and Contract Management Phase 5: Change Change Management Exit Management 4

5 Business Case Benefits Analysis Focus should be on core, value adding business activities Cost optimization Improved service portfolio and performance management Simplified organization Improved quality standards 5

6 Business Case Risk Analysis Misalignment of business objectives quality vs cost vs volume Cost optimization Loss of control and visibility of regulated services Loss of intellectual property control Improved quality standards 6

7 Specification and Selection Baseline Assessment Regulatory impact of application and assets and services to be outsourced Current quality status Current documentation and records management practices Process map for outsourced activities with associated roles and responsibilities Can be used for SLA Identify support gaps Aids identifying hidden cost 7

8 Specification and Selection Supplier Selection Considerations Cost, technical response, responsiveness, quality approach Experiences of other organizations with the supplier Supplier audit 8

9 Implementation Transition to outsource company When services, assets and applications will be migrated When resources will transition to the outsource organization When processes and procedures will transition Service disruption management Knowledge transfer 9

10 Governance Business management Contract management Service and Quality management Customer and supplier relationship management 10

11 Monitor Audits Compliance with processed and standards Performance Reporting Cost, quality and service volume metrics 11

12 Contract Change & Exit Management Evaluating needs for additional or reduction of services Service Level Agreements 12

13 Quality Expectations for Service Providers Documented processes and controls in place Training of the processes and controls to those that are expected to implement them Qualification of the individuals that are implementing the processes and controls Documented evidence of successful execution of the processes and controls Metrics, monitoring i and evaluation of the execution of the processes and controls 13

14 Quality Expectations for Service Providers (cont.) Quality Management Systems Service Delivery Application i Support Design Procurement H/W & S/W Deployment Validation/Qualification Backup, Restore Archive Security Asset Management Configuration Management Platform Maintenance Internet/Intranet Services 14

15 Quality Expectations for Service Providers (cont.) Quality Management Systems Service Management Help Desk Demand Management Service Specification Prioritization and Planning 15

16 SOP s for Service Providers SOP s will vary depending on the type of managed services SOP s should address the following: System impact assessments on patient safety, product quality, and data integrity Roles and Responsibilities Life cycle approach Risk management System Specifications Validation and Qualification System Operation and Maintenance Record and Data Management Security Management 16

17 SOP s for Service Providers SOP s will vary depending on the type of managed services SOP s should address the following: System impact assessments on patient safety, product quality, and data integrity Roles and Responsibilities Life cycle approach Risk management System Specifications Validation and Qualification System Operation and Maintenance Record and Data Management Security Management Change and Configuration Management 17

18 SOP s for Service Providers 18

19 Roles and Responsibilities The responsibility for data integrity ultimately remains with the regulated company Roles and responsibilities must be defined and clear to both parties The regulated company may leverage supplier knowledge, services and artifacts The supplier is accountable for the quality delivery of its services The regulated company is accountable for determining the ongoing suitability of services that are leveraged 19

20 Governance, Monitoring, and Oversight Identification of sensitive or critical business data Audits (frequency, focus) Access provisioning and roster reviews Privileged Access Audit trails Business Continuity / Disaster Recovery Service Level measurements 20

21 Service Level Considerations Availability and performance Change management Quality of service Security Business continuity it / Backup and Recovery Personnel Qualification 21

22 Inspection Readiness Document Management Record Retention Record Retrieval Clear response time expectations 22

23 Case Study: Promotional Material System Ivan Soto

24 Background Hosted application implemented and managed by the vendor Application allows users to plan, discuss, agree concepts and track promotional materials Vendor works with more than 100 companies and over 25,000 users across the life sciences industry 24

25 Implementation Approach Following our internal procedures we performed the following activities: Initial Regulatory Assessment Part 11 Assessment Risk Assessment Supplier Assessment 25

26 Implementation Approach (cont.) Initial Regulatory Assessment: Based on GxP requirements Identifies GxP applicability Identifies applicable regulatory requirements Identifies systems that require validation Identifies the need to implement procedure controls (SOP ) 26

27 Implementation Approach (cont.) Part 11Assessment: Identifies applicable Part 11 requirements Close or Open System E-signatures requirements Electronic records requirements Hybrid or fully electronic system 27

28 Implementation Approach (cont.) Risk Assessment: Identifies whether the application is High, Medium or low risk Validation effort is based on the risk level Procedure controls are based on risk level 28

29 Implementation Approach (cont.) Supplier Assessment: Suppliers QMS System Development Life Cycle Design Controls Security & Data Integrity (Cloud Environments) 29

30 Implementation Approach Assessment Results: GxP impact Low risk Vendor met supplier assessment criteria 30

31 Implementation Approach Leverage vendor created validation documents Perform User Acceptance Testing No on-site vendor audit Leverage vendor SOP s Create SOP s for user access, software administration and business process 31

32 Implementation Approach Vendors SOP s: Business Continuity Client charter Code of Conduct Complaints Procedure Contract t- Software Licensing i Agreement Employee Confidentiality Agreement Employee Training Records Risk Management SOP Approval Process Training SOP Network / Server access Procedure IT Security Policy Internal System Inventory Hardware asset records Security Incident Management Data Backup Plan Intrusion Detection Policy User Registration and Privilege Policy Development SDLC policy Development SDLC template documents Development tchange Control policy Security / Vulnerability Identification Procedure CFR Part 11 Compliance 32

33 Summary Cloud Technical Overview Security & Data Integrity Change Management Risk Based Validation Approach Periodic Review and Assessment 33

34 Summary During this session, we covered the following concepts: Types of Managed Services Outsourcing process Quality expectations for Managed Service providers Roles and Responsibilities Governance, monitoring and oversight Service Level considerations Inspection Readiness Case Study: Promotional Materials System Implementation 34

35 Questions? 35

Validating Enterprise Systems: A Practical Guide

Validating Enterprise Systems: A Practical Guide Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

CONTENTS. List of Tables List of Figures

CONTENTS. List of Tables List of Figures Prelims 13/3/06 9:11 pm Page iii CONTENTS List of Tables List of Figures ix xi 1 Introduction 1 1.1 The Need for Guidance on ERP System Validation 1 1.2 The Need to Validate ERP Systems 3 1.3 The ERP Implementation

More information

Pharma CloudAdoption. and Qualification Trends

Pharma CloudAdoption. and Qualification Trends Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A Best Practices for Validation of a Software as a Service (SaaS) Customer Relationship Management (CRM) Solution Presented By: Gregg Mauriello Validation Manager Elise Miner Associate Validation Manager

More information

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of

More information

Validating Cloud. June 2012 Merry Danley

Validating Cloud. June 2012 Merry Danley Validating Cloud June 2012 Merry Danley Agenda Validation of Cloud Introduction Environments Definitions Manage Risk by Designation of Systems Why Go Cloud Success Dependencies Validation Personal Experience

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

3 rd Party Vendor Risk Management

3 rd Party Vendor Risk Management 3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced

More information

Cloud Computing and SaaS Environments

Cloud Computing and SaaS Environments Regulatory Considerations for Use of Cloud Computing and SaaS Environments Institute of Validation Technology Conference Qualifying and Validating Cloud and Virtualized IT Infrastructure Philadelphia PA

More information

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium Using SharePoint 2013 for Managing Regulated Content in the Life Sciences Presented by Paul Fenton President and CEO, Montrium Overview Informative Webinar that aims to provide an overview of how SharePoint

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

San Francisco Chapter. Information Systems Operations

San Francisco Chapter. Information Systems Operations Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Service Availability Metrics

Service Availability Metrics 2014 Service Availability Benchmark Survey Published by Executive Summary This benchmark survey presents service availability metrics that allow IT infrastructure, business continuity, and disaster recovery

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind

More information

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS

More information

Testing Automated Manufacturing Processes

Testing Automated Manufacturing Processes Testing Automated Manufacturing Processes (PLC based architecture) 1 ❶ Introduction. ❷ Regulations. ❸ CSV Automated Manufacturing Systems. ❹ PLCs Validation Methodology / Approach. ❺ Testing. ❻ Controls

More information

Cloud Vendor Evaluation

Cloud Vendor Evaluation Cloud Vendor Evaluation Checklist Life Sciences in the Cloud Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business

More information

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Qualification Guideline

Qualification Guideline Qualification Guideline June 2013 Disclaimer: This document is meant as a reference to Life Science companies in regards to the Microsoft O365 platform. Montrium does not warrant that the use of the recommendations

More information

1 Why should monitoring and measuring be used when trying to improve services?

1 Why should monitoring and measuring be used when trying to improve services? 1 Why should monitoring and measuring be used when trying to improve services? a) To validate, direct, justify and intervene b) To validate, measure, monitor and change c) To validate, plan, act and improve

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

REACH FOR THE CLOUD. Learn How Advisors Are Embracing Technology To Better Run Their Practice

REACH FOR THE CLOUD. Learn How Advisors Are Embracing Technology To Better Run Their Practice REACH FOR THE CLOUD Learn How Advisors Are Embracing Technology To Better Run Their Practice Today s Presentation Introductions The evolution of technology past, present & future Top drivers of cloud adoption

More information

How To Run A Cloud Based Data Centre

How To Run A Cloud Based Data Centre CAPA in the Cloud Keith Williams CEO GXPi 12 th June 2013 Controlling Pharma data in the Cloud- Overview Example of a CAPA from 3 years ago (2010) Example of a CAPA today (2013) Example of CAPA in Azure(2014)

More information

Audit Report 2015-A-0001 December 23, 2014 Redacted

Audit Report 2015-A-0001 December 23, 2014 Redacted PALM BEACH COUNTY John A. Carey Inspector General Enhancing Public Trust in Government Audit Report 2015-A-0001 December 23, 2014 Redacted Provide leadership in the promotion of accountability and integrity

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

This interpretation of the revised Annex

This interpretation of the revised Annex Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation

More information

GAMP 4 to GAMP 5 Summary

GAMP 4 to GAMP 5 Summary GAMP 4 to GAMP 5 Summary Introduction This document provides summary information on the GAMP 5 Guide and provides a mapping to the previous version, GAMP 4. It specifically provides: 1. Summary of Need

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Ubertas Cloud Services: Service Definition

Ubertas Cloud Services: Service Definition Ubertas Cloud Services: Service Definition February 2013 Innovation. Power. Trust. Contents 1. About Ubertas... 2 Our Company... 2 Our Approach to Service Delivery... 2 Our Partner Network & the UK Cloud

More information

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Information Shield Solution Matrix for CIP Security Standards

Information Shield Solution Matrix for CIP Security Standards Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability

More information

Auditing Cloud Computing and Outsourced Operations

Auditing Cloud Computing and Outsourced Operations Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls

More information

Retention & Disposition in the Cloud Do you really have control?

Retention & Disposition in the Cloud Do you really have control? InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October

More information

BUSINESS MANAGEMENT SUPPORT

BUSINESS MANAGEMENT SUPPORT BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

pavcloud PaaS IaaS VaaS DCaaS For orders and information call 01273 834 000 or email: info@pav.co.uk FEATURES: BENEFITS: DCaaS VaaS IaaS PaaS

pavcloud PaaS IaaS VaaS DCaaS For orders and information call 01273 834 000 or email: info@pav.co.uk FEATURES: BENEFITS: DCaaS VaaS IaaS PaaS Factsheet : pavcloud For orders and information With increased focus on maximising the financial resources of your IT department along with improving service agility, flexibility and availability, many

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Guardian365. Managed IT Support Services Suite

Guardian365. Managed IT Support Services Suite Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities September 2, 2003 Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities Purpose This document provides a summary of the requirements relating to use of computer-based systems in activities

More information

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs What We ll Cover Foundations of Records and Information Management Creating a Defensible Retention Schedule Paper v. Electronic Records Organization and Retrieval of Records and Information Records Management

More information

Team A SaaS Strategy

Team A SaaS Strategy Team A SaaS Strategy What is a strategy? Strategy is the direction and scope of an organization over the long-term term: : which achieves advantages for the organization through its configuration of resources

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT

ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT MALACAÑANG PALACE MANILA BY THE PRESIDENT OF THE PHILIPPINES ADMINISTRATIVE ORDER NO. ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT WHEREAS, Section 24,

More information

Managed Services. Business Intelligence Solutions

Managed Services. Business Intelligence Solutions Managed Services Business Intelligence Solutions Business Intelligence Solutions provides an array of strategic technology services for life science companies and healthcare providers. Our Managed Services

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups

More information

An ITIL Perspective for Storage Resource Management

An ITIL Perspective for Storage Resource Management An ITIL Perspective for Storage Resource Management BJ Klingenberg, IBM Greg Van Hise, IBM Abstract Providing an ITIL perspective to storage resource management supports the consistent integration of storage

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the

This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the HIPAA Security rule: Contingency planning and evaluation.

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Evaluating SaaS Vendors

Evaluating SaaS Vendors Evaluating SaaS Vendors Make no mistake: all cloud-based services are not created equal. While there are best practices and certifications within the industry, it will require some due diligence to fully

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet: Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described

More information

Hosting JDE EnterpriseOne in the Cloud Hear how one company went to the cloud

Hosting JDE EnterpriseOne in the Cloud Hear how one company went to the cloud Hosting JDE EnterpriseOne in the Cloud Hear how one company went to the cloud October 2015 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T Agenda Organizational

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Program Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI).

Program Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI). Overview Certified in Data Protection (CDP) is a comprehensive global training and certification program which leverages international security standards and privacy laws to teach candidates on how to

More information

<Project Name> Configuration Management Plan

<Project Name> Configuration Management Plan Version [Note: The following template is provided for use with the Rational Unified Process. Text enclosed in square brackets and displayed in blue italics (style=infoblue) is included

More information

Connecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom

Connecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom Connecting Your Business to the Cloud Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom Agenda What is the Cloud? Top Cloud Apps How Do I Get Started? Examples Business Benefits Migration

More information

How To Manage Security On A Networked Computer System

How To Manage Security On A Networked Computer System Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies By Rob Sims, Director, Life Science, UL EduNeering When a Life Science

More information

Cloud Computing in GxP Environment

Cloud Computing in GxP Environment Cloud Computing in GxP Environment Kathy Gniecko Hoffmann LaRoche 3rd April 2014, Stevenage 1 Introductions 18 years Experience in Pharma across all aspects of CSV. Prior to CSV experience in Pharma Research,

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Email Archiving Benefits

Email Archiving Benefits www.sonasoft.com INTRODUCTION In this digital age, small and medium businesses (SMBs) continue to rely heavily on e mail as their primary form of business communications. This has led to a proliferation

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

CLOUD SERVICES (INFRASTRUCTURE) SERVICE TERMS PART C - INFRASTRUCTURE CONTENTS

CLOUD SERVICES (INFRASTRUCTURE) SERVICE TERMS PART C - INFRASTRUCTURE CONTENTS CONTENTS 1 ABOUT THIS PART... 2 2 GENERAL... 2 3 CLOUD INFRASTRUCTURE... 2 4 TAILORED INFRASTRUCTURE... 3 5 COMPUTE... 3 6 SECURITY... 9 TELSTRA GLOBAL. Cloud Services (Infrastructure) Part C updated as

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

KMS Implementation Roadmap

KMS Implementation Roadmap KMS Implementation Roadmap Sample Excerpt Prepared by: The Knowledge Compass, Inc. TABLE OF CONTENTS 1. EXECUTIVE SUMMARY 5 1.1 Overview 5 1.2 Project Goals & Objectives 5 1.3 Implementation Approach 5

More information

Virtual Infrastructure Security

Virtual Infrastructure Security Virtual Infrastructure Security 2 The virtual server is a perfect alternative to using multiple physical servers: several virtual servers are hosted on one physical server and each of them functions both

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................

More information

Using the Cloud to fill the void between the business and the IT Department

Using the Cloud to fill the void between the business and the IT Department Using the Cloud to fill the void between the business and the IT Department David Bennett IT Consultant david.bennett@changeharbour.com Agenda The legal services market Business demands on the IT Department

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS Nick Harrahill PayPal Global Security Operations AGENDA Inception of an engagement The legal agreement Assessing the risk Customer call

More information

A Managed Storage Service on a Hybrid Cloud

A Managed Storage Service on a Hybrid Cloud A Managed Storage on a Hybrid Cloud Business Context Sustainability Improve procurement & contract management Embrace and optimise advances in technology Environmental improvement & carbon reduction Global

More information

Governance of Outsourced IT Services. Donna Hutcheson, CISA Information Technology Audit Director Energy Future Holdings Corp.

Governance of Outsourced IT Services. Donna Hutcheson, CISA Information Technology Audit Director Energy Future Holdings Corp. Governance of Outsourced IT Services Donna Hutcheson, CISA Information Technology Audit Director Energy Future Holdings Corp. Topics Covered in This Session Common failures in governing outsourced IT services

More information

4/7/2012. Software (and data) accessed via the internet; not on your local computer

4/7/2012. Software (and data) accessed via the internet; not on your local computer Presented By: Lauren Nathanson Extra Space Storage What does Cloud mean? Benefits and challenges of cloud applications Case study: Extra Space Storage s NetDocuments implementation Tips on how to protect

More information

Confidence in the Cloud Five Ways to Capitalize with Symantec

Confidence in the Cloud Five Ways to Capitalize with Symantec Five Ways to Capitalize with Symantec Solution Brief: Confidence in the Cloud Confidence in the Cloud Contents Overview...............................................................................................

More information