Category Archives: Technology

14Jun/06

Are Post-it Notes Security's Worst Enemy?

By Daniel R. Matlis

In his recent InformationWeek article entitled “Let The UBS Trial Be A Warning To You” Mitch Wagner covers the trial against a former UBS employee charged with hacking the company’s networks. The article also addresses some of the embarrassing failures in UBS’s security and disaster preparedness.

According to testimony from a UBS IT manager, some 40 systems administrators at the company shared the same ‘root’ password to login. There they had free rein to install software or make any changes they wished. It was not unusual for systems administrators to get up from their desks and wander off while still logged in as ‘root’.

It is a fact that companies often spend millions implementing the latest and greatest security technology. The rationale is that technology will keep us secure.

The reality is that the best security technology is not worth a dime if people find a way around it. People must me trained and reminded of proper security procedure. For example don’t share passwords, it’s like giving your ATM card and PIN to anyone who asks, delete default passwords, remember Oracle’s Scott/Tiger and most everyone else’s Admin/Admin.

But in my experience, Post-it® notes are security’s worst enemy.  I cannot tell you how many times I walk up to someone’s desk and stuck to the monitor is a Post-it® notes with a list of system names and their respective passwords.

The path to security begins with people. Let’s not confiscate all Post-it® notes in the company. Instead, let’s train our people on proper security procedures.

Post-it® is a trademark of 3M

14Jun/06

BearingPoint Joins SAFE’s Vendor Partner Program

By Daniel R. Matlis

BearingPoint announced today that it will provide services to help pharmaceutical and healthcare organizations implement SAFE (“Signatures and Authentication For Everyone”)

SAFE is a network of recognized trusted healthcare professionals and an identity management standard and associated operating rules that deliver unique identity keys for regulatory compliant and legally enforceable digital signatures.

SAFE is designed for the purpose of simplifying, securing, and streamlining business-to-business and business-to-regulator information exchange. The SAFE standard consists of policies, procedures, guidelines, technical specifications and a legal and liability risk management framework for ensuring the validity of the electronic signatures used for information exchange and electronic submissions to regulators.

The SAFE standard promotes interoperability and integration among researchers, vendors, regulators, clinicians and other pharmaceutical and healthcare stakeholders.  It provides a secure, enforceable, and regulatory compliant way to verify the identities of parties involved in business-to-business and business-to-regulator electronic transactions.

As one of the world’s largest management and technology consulting firms, BearingPoint will add significant momentum to the SAFE initiative. After all, if there is one thing big consulting firms can do it’s to sell technology.

13Jun/06

FDA Task Force Report Recommends e-Pedigree in Distribution and Addresses RFID Issues

by Daniel R. Matlis

In a long awaited move, the FDA announced on Friday June 9th, that it will fully implement regulations related to the Prescription Drug Marketing Act of 1987, which requires drug distributors to provide documentation of the chain of custody of drug products — “pedigree” — throughout the distribution system.

Consistent with recommendations from the FDA Counterfeit Drug Task Force, the agency also announced that its enforcement of the pedigree regulations will focus on products most susceptible to counterfeiting and diversion.

FDA also announced the availability of a Draft Compliance Policy Guide for public comment describing this enforcement approach. By providing guidance on the types of drugs that are currently of greatest concern to FDA, the agency intends to give wholesale distributors a better idea on where and how to focus their initial energies to come into complete compliance with the regulations (21 CFR Part 203) for all the prescription drugs they distribute.

Additional subjects discussed in the Task Force’s report include the following key issues related to electronic track-and-trace that are in need of resolution:
 

  • Technical aspects of the mass serialization of marketed drugs by assigning a unique identifier or serial number to each drug package as the initial step in development of track and trace technology.
  • Importance of a nationwide universal drug pedigree with uniform information in preference to state laws imposing different pedigree requirements.
  • Protection of consumer privacy to prevent unauthorized disclosure of information stored in RFID tags when RFID-tagged drug products are dispensed to consumers.
  • Consumer education about RFID and the labeling of RFID-tagged drug products, to disclose to consumers when they are receiving RFID-tagged products and to inform consumers of the benefits of RFID technology and how consumers’ privacy is being protected.

The FDA has been busy providing guidance and direction on these important topics, now its time for the industry to move implementation into high gear.

 

19May/06

Want to Buy a Bridge? The Promise of Service-Oriented Architecture

By Daniel R. Matlis  

This is an excerpt of my recently published article in Medical Product Outsourcing

Medical device companies have been implementing manufacturing information systems for more than 30 years. These systems were often part of automated manufacturing initiatives aimed at increasing product quality and lowering manufacturing costs.  For many years, device manufacturers have desired the ability to make production information, processes and resources more transparent. Companies have often looked for ways to unlock operational data to empower decision makers—from operators to plant managers and corporate executives—to make informed, timely decisions.

This level of integration has eluded companies…until now. Today, software manufacturers are moving away from proprietary systems and interfaces and are working together to develop open standards. These connectivity standards have lead to the development of a new class of software, known as middleware. This standards-based software enables the collection, analysis and presentation of critical, real-time data to decision makers throughout an organization. Known as Service-Oriented Architecture (SOA), this technology provides a bridge that allows for the connection of data islands in an efficient and effective manner.  Read the complete article    

12May/06

Don’t forget the Process in PAT

By Daniel R. Matlis  

Do an internet search on Process Analytical Technology and you will be bombarded with sites for companies selling sensors, software and systems claiming to meet FDA’s PAT requirements.
I’m an engineer, and I like gadgets as much as the next person, but technology ought to enable change, not drive it.
Today I see companies following two distinct paths to PAT; one is technological, the other philosophical.

The technological approach to PAT, calls for the implementation of dedicated PAT systems.  This approach generally revolves around a specific technology or set of technology products and relies on a “silver bullet” to achieve the benefits of PAT. This is often driven by sensing or process analysis tools such as SPC, process modeling and process optimization.

This approach often involves the implementation of dedicated data acquisition tools and historians to gather and analyze the data in an information-only, non-validated environment.

The second and more holistic approach requires the development of a PAT philosophy and process across the enterprise. This approach sees technology as a tool to achieving process excellence as opposed to the end goal.

It is founded on mining the vast amounts of underutilized data currently available in automation manufacturing systems, such as SCADA, CIM, Historian, Batch, EBR and MES, It also looks to systems such as LIMS and ERP to correlate process and market data to identify key performance indicators and key process parameters based on historical information. This approach mines the vast amount of existing raw data and transforms it into actionable information through deep process understanding and data modeling.

To achieve the benefits of PAT, Life-Science companies need to design, analyze and control manufacturing through timely measurements of critical quality and performance attributes of raw and in-process materials and processes with the goal of ensuring final product quality. 

Implementing technology before achieving process understanding is like putting the cart in front of the horse.