Achieving Regulatory Compliance
How does Document Management Software help with Compliance?
This document explains how health sciences entities such as biotechnology firms, pharmaceutical research organizations, doctors, clinics, hospitals, HMOs and pharmacies can utilize document management software such as KnowledgeTree to maintain GMP and achieve compliance with regulations such as FDA 21 CFR part 11.
Regulatory compliance certification is usually undertaken by the user organization and not the software vendor. Regulatory compliance is a function of both the technologies used and, very importantly, the processes put in place around the technologies.
Functionality and Open Source
KnowledgeTree provides the user and document security, and activity audit trail, that will support accountability, non-repudiation and appropriate access controls required by GMP and FDA 21 CFR part 11 compliance. Additionally, KnowledgeTree’s open source nature ensures that your organization can easily audit the application source code and be secure in the knowledge that no vendor security bugs or back doors are present.
General Security
You should familiarize yourself with general security best practices for your document management system, operating system platform and the MySQL and Apache Web Server. KnowledgeTree Document Management is shipped with a default secure configuration. It is however important in FDA 21 CFR part 11 and GMP environments to appropriately secure, and keep secure, your operating system and other elements of the KnowledgeTree/operating system platform as new technology risks in all software are identified regularly.
Authentication and Authorization Policy
In a FDA 21 CFR part 11 regulatory compliance and GMP scenario we recommend that your document management system is configured to utilize a centralized LDAP or Microsoft ActiveDirectory Directory Server to manage corporate authentication and authorization. The Directory Server should implement well thought out policies that reflect best practice for password complexity and aging.
Encryption and Signing
FDA 21 CFR part 11 and GMP require that patient data is appropriately secured. You may also elect to utilize encryption for your document management system server drives to ensure that should the drives be stolen or incorrectly decommissioned the drive contents are not available:
http://www.truecrypt.org
We would also recommend that you bolster your digital signing and non-repudiation of documents with a tool such as GPG:
http://www.gnupg.org
Learn more about KnowledgeTree's document management features and how they support compliance.
