Good Manufacturing Practice
Good
Manufacturing Practice
(good manufacturing practices)
(good manufacturing practices)
Introduction to Good Manufacturing Practices - GMPs
 |
| Good Manufacturing Practice, pharmavoicebd24, |
Purpose
An overview of
Good Manufacturing Practices, targeted to those participating in research and
development, is essential to the process of late-stage development of any
critical material that is intended for use in an in vitro diagnostic, a
pharmaceutical, a medical device, or any of an entire host of other
applications that are regulated by the U.S. Food and Drug Administration (FDA).(gmp guidelines)
While most of
the Code of Federal Regulations (CFR) and the Points to Consider provide
guidance for the finished diagnostic kit (or finished pharmaceutical, etc.),
It is necessary
to begin detailed record-keeping and other practices in the latter stage of
research and development in order to meet the increasingly strict regulations
for historical development information and traceability to the source of such
critical materials.
This document
is not intended to be a comprehensive discussion of the requirements, but
rather to highlight those practices necessary to ensure that, on an ongoing
basis, the level of control and record-keeping that will be needed for
licensure of such products begins during the research phase for critical
materials.
Key Points
Controls must
be in place for process and production. These controls help to prevent any
errors that threaten the product's integrity. Error prevention must be built
into the procedures which support manufacturing. A section of the GMPs is
devoted to these controls and states: specifications and processing procedures
must be in writing and must be controlled such that the product (or material)
being made conforms to its original design or any approved changes in that
design.
Record-keeping
(gmp manufacturing, gmp compliance)
(gmp manufacturing, gmp compliance)
The first and
most basic form of control is recording what is done such that it can be read
and understood well into the future. Documentation, when properly done, will
show exactly what was done, when and by whom, should questions arise.
It cannot be
stressed enough that this is the cornerstone to any and all work that is
undertaken, whether it is in support of production or laboratory work not
governed by the GMPs. Each and every entry on a log, each lab notebook page, or
any document used in production should be dated and signed (or initialed),
reviewed by a senior person knowledgeable in the subject matter and his/her
signature (and date) added. This ensures adequate traceability and
accountability for the work undertaken.
If an error is
made during record-keeping, you must line through the error (with a single
line), date and initial the error, and then record the accurate information.
You must not obliterate the error by scratching it out, writing over it, or
using correction fluid (white-out).
When using
reagents, buffers, materials that will contact the product, and testing kits to
assure activity, sterility, physical parameters, and other pertinent
information to the critical material, it is essential that the vendor name,
catalog number, lot number and expiration date be recorded, along with the
experimental design and results of such testing.
This enables
third-party review of work conducted with assurance that the parameters are in
control and that the work can be, or has been, reproduced.This document is in
no way intended to be a comprehensive checklist of the controls that must be
place during late-stage research and development of critical raw materials that
will eventually find their way into finished diagnostics, devices, or
pharmaceuticals.It is, rather, a starting point toward understanding that
regulatory requirements for control are being pushed further and further back
up the "pipeline" toward the research and development phase.
Client
requirements have become increasingly stringent because the FDA has required
that when the finished device or pharmaceutical is licensed, these historical
references to developmental work are in place and under control.Janet Neeley
has more than 20 years of experience in the biologics, device/diagnostics and
pharmaceuticals fields with recognized expertise in the management of CGMP operations.
She has been directly responsible for overseeing the manufacture of cancer
therapeutics and imaging agents, including the validation of systems,
equipment, and processes for cleanroom operation. Experienced in contract
pharmaceutical goods/services oversight.Neeley has developed numerous
procedures and quality agreement formats to ensure the adherence to FDA
regulations by domestic and international contractors.
Current Good Manufacturing Practices for Pharmaceuticals
Current good
manufacturing practices for pharmaceutical include all practices those are
required to conform the guidelines recommended by agencies which authorize and
license the manufacture and sale of drug products. These guidelines provide
minimum requirements that must be met by pharmaceutical companies in order to
provide high quality products that will pose no risk to the consumer or the
public at large.
Good
manufacturing practices (GMP) is that part of quality management that ensures
that products are produced and controlled according to the quality standards.
GMP regulates almost every aspect of a pharmaceutical company including
sanitation and hygiene, the premises, documentation, the materials used,
production and equipment.
SANITATION AND HYGIENE:
A high level of
sanitation should be maintained in the production of medicine. This includes
sanitation of both the personnel, premises, equipment and production materials
and apparatus. Some of the guidelines on sanitation include the following:
a) All
personnel should undergo health examinations before being employed to ensure
that they will contaminate any materials and products. The health tests should
also be conducted regular during the employment period. For operators who
conduct visual inspection, regular eye checks should be performed.
b) Personnel
should wear appropriate clothing while in the factory. Clean body covering
including hair coverings and masks should be used while particularly in the
production areas.
c) Smoking,
eating drinking or wearing any jewellery is not permitted in the production or
storage areas in order to avoid any contamination.
d) The clean
clothing that is worn in the production areas should be stored separately from
other clothes in closed containers.
e) Personal
hygiene procedures should apply to all people entering production areas
including visitors, full time or part employees.
PREMISES:
The premises
are required to be designed, located and constructed in a way that will promote
production of quality pharmaceutical products. These include:
a) The general
layout and design should minimize any risk of errors. It should also promote
easy cleaning and maintenance to avoid cross contamination. It should also
ensure logical flow of both people and materials.
b) The
manufacturing company should be located far away from residential areas or any
environment that may pose risk to the materials or final product
c) The premises
should be well maintained and any repair and construction should be done in
such a way that it does not affect material or product quality.
d) The premises
should be cleaned and disinfected thoroughly according to the standard
operating procedures.
e) Electricity
supply and lighting should be adequate and appropriate. Temperature and
humidity should be controlled so that they do not affect directly or indirectly
product quality.
f) Premises
should be designed in a way that prevents insects, birds or other animals from
entering the premises.
g) Restrooms
and refreshment areas should be located separately from the manufacturing
areas.
h) Storage
areas should have a sufficient capacity for storage of both the raw materials
and finished products.
They should
also be dry, clean it well and temperature and humidity controlled in
acceptable limits. Highly active, narcotics, radioactive or dangerous products
should be stored separately.
I) A separate
area should be constructed for the production of certain sensitive products
such a penicillin or biological preparations such as microorganisms.
These products
and other highly active products such as hormones some antibiotics and
cytotoxics should not be produced in the same facility as the other regular
products.
QUALITY CONTROL:
This is the
department in a pharmaceutical company that ensures various tests are conducted
on both the raw material and the final product. It is ensures quality of the
product.
a) The quality
control department should be located separately from the production area.
b) It should be
designed and built in such a way to suit its operations for example there
should be adequate space to avoid any mix ups.
c) The
electricity, temperature and humidity should be in acceptable limits.
EQUIPMENT:
Includes all
the machines that are used to manufacture the product, whether directly or
indirectly.
a) They should
be installed in a way that avoids any risk of cross contamination.
b) Any pipe
work should be clearly labeled and direction of flow indicated.
c) Balances and
other measuring equipment should be regularly calibrated
d) Defective
equipment should be removed from the production area, if this is not possible
then they should be clearly labelled as defective.
MATERIALS:
a) Starting
materials should be purchased only from approved suppliers.
b) All incoming
materials should be checked for integrity before being taken to the storage
area.
c) Only
materials that have been approved by the quality control department should be
released for production purposes.
d) Intermediate
materials should be kept in a hygienic and controlled environment.
e) Finished
products should be stored in a quarantined area until they are released by the
quality control department.
f) Any rejected
materials and products should be labelled as such and stored in a separate
area.
DOCUMENTATION:
Good
documentation is an essential part of GMP. It aims at defining the
specifications and any procedures for materials and the manufacturing process.
It also ensures
the existence of documented evidence and traceability. Documents include
standard operating procedures, labels, batch records and master formula.
a) Documents
should be designed, prepared reviewed with care and comply with manufacturing
specifications.
b) They should
be approved and signed by the responsible persons.
c) They should
be clear and unambiguous. The format should also be orderly.
d) They must be
regularly verified and kept up to date.
Good
manufacturing practices (GMP) for pharmaceutical involves all the activities
those promote the production of a quality drug or medicine.
It prevents
cross contamination and any risk of errors during the production process.
Personnel should also be well trained on good manufacturing practices. These
guidelines should be followed by all pharmaceutical companies in order to be
licensed by the relevant bodies.
The Ten Basic Rules of GMP
1. Get the facility design right from the
start
2. Validate processes
3. Write good procedures and follow them
4. Identify who does what
5. Keep good records
6. Train and develop staff
7. Practice good hygiene
8. Maintain facilities and equipment
9. Build quality into the whole product
lifecycle
10. Perform regular audits
Selection of a Plant Location
A Guide For The
Plant Location
One recent and
most talked about example of the problem related to "Plant Location.":
Tata's Nano
Singur plant, has come under fire from farmers and villagers for forceful
acquisition of agricultural land . This plant was established in Singur but due
to opposition by a political party , they suspended work at Singur plant - in
which they invested $350m and shifted their whole plant to Sanand, Gujrat.
Tata Motors,
such a huge company, faced a problem regarding its plant location. It has a
huge capital base and such a reputation that they can purchase any land
anywhere so have you ever thought that why they first picked SINGUR for their
factory and now Sanand? And why actually they faced the problem ?
So following is the explanation for the same……….
Plant location
is the location where an industry wants to start its operations. It is the
selection of suitable location or site .Various types of industries needs to
consider various factors in this respect. If the industry is engaged in
"heavy manufacturing " i.e. these are the industries which are
relatively large and requires a lot of space.
And as a
result, they are expensive to construct. Important factors in the location
decision for these plants are construction cost, modes of transportation ,
means of waste disposal and labour availability.
And if it is a
"light industry" i.e. the industry which is engaged in producing
electronic equipment and components, parts etc .These type of industry doesn't
require large storage capacity, so for them proximity to customer is important.
And if the industry is warehouse or distribution centre , then they just
require huge space .in addition to all the defined factors.
So we can summarize their selection criteria in following
ways
1. Government regulations (Excise duties,
taxes )
2. Labour (availability , cost and unions)
3. Proximity to customers
4. Construction cost
5. Availability of land
6. Environmental regulations
7. Climate
8. Raw material availability
9. Transportation cost
10. Topography of land (i.e. basic
characteristic of land)
In addition to
all these factors, if companies tries to locate a industry beyond national
borders, then they have to consider following factors also i.e.
1. Government stability
2. Political and Economic systems
3. Exchange rates
4. Culture
5. Export and import regulations
6. Available technology
But for the
selection of one of the most favorable location for the plant, a search team is
hired for site selection for different facilities and this evaluation process
requires large amount of data and information relative to different location
factors. Various location analysis techniques have been established for the
selection of location. Following are the cost oriented location analysis
techniques that can be used for identifying the plant site from the available
set of sites
1. Dimensional analysis : In this
technique, relative merit of different cost are considered for identifying the facility location.
2. Brown and Gibson model : This model
considers critical, objective and subjective factors for the evaluation of
sites.
3. Factor rating method : This method is
the most commonly used method. It involves factor rating and location rating .
4. Point rating method :This method
consider to give the rating to each factor on the basis of favourable , average
and unfavourable .
5. Break even analysis : It is a graphical
representation that shows relationship between cost and revenue.So, after
taking all these factors in relation to various sites and by the application of
various methods by the experts, a selection of a site is being done.
Pharmaceutical Factory Layout Design & Construction
(cgmp manufacturing, gmp practices)
(cgmp manufacturing, gmp practices)
Pharmaceutical Facility Design
(a) Any
building or buildings used in the manufacture, processin (a) Any building or
buildings used in the manufacture, processing, packing, or holding of a drug
product shall be of packing, or holding of a drug product shall be of suitable
size suitable size, construction and location to faci construction and location
to facilitate cleaning, maintenance, a litate cleaning, maintenance, and proper
operations.
(b) Any such
building shall have (b) Any such building shall have adequate space adequate
space for the orderly for the orderly placement of equipment and materi
placement of equipment and materials to prevent mixups between als to prevent
mixups between different components, drug produc different components, drug
product containers, closures, labelin t containers, closures, labeling,
inprocess materials, or drug products, and to prevent process materials, or
drug products, and to prevent contamination.
The flow of
components, drug product containers, closures, The flow of components, drug
product containers, closures, labeling, in labeling, in-process materials, and
drug products through the process materials, and drug products through the
building or buildings shall be building or buildings shall be designed to
prevent designed to prevent contamination.
(c) Operations
shall be performed within specifically defined within specifically defined
areas of areas of adequate size adequate size.
Pharmaceutical Facility Design
 |
| Good Manufacturing Practice, pharmavoicebd24, |
There shall be
There shall be separate or defined areas for the firm's separate or defined
areas for the firm's operations to prevent contamination or mixups operations
to prevent contamination or mixups during:
(1) Receipt,
identification, storage, and withholding from use o (1) Receipt,
identification, storage, and withholding from use of components, drug product
contai components, drug product containers, closures, and labeling, ners,
closures, and labeling, pending the appropriate sampling, testing, or
examination by the pending the appropriate sampling, testing, or examination by
the quality control unit before release for manufacturing or quality control
unit before release for manufacturing or packaging.
(2) Holding
rejected components, drug product containers, closur (2) Holding rejected
components, drug product containers, closures, and labeling before disposition:
and labeling before disposition:
(3) Storage of
released components, drug product containers, (3) Storage of released
components, drug product containers, closures, and labeling; closures, and
labeling;
(4) Storage of
in -process materials; process materials;
(5)
Manufacturing and processing operations.
(6) Packaging
and labeling operations.
(7) Quarantine
storage before release of drug products;
(8) Storage of
drug products after release.
(9) Control and
laboratory operations.
(10) Aseptic
processing, which includes as appropriate:
(i) Floors,
walls, and ceilings of smooth, hard surfaces that are easily cleanable; easily
cleanable;
(ii)
Temperature and humidity controls
(iii) An air
supply filtered through high efficiency particulate air efficiency particulate
air filters under positive pressure, regardless of whether flow is l filters
under positive pressure, regardless of whether flow is laminar or nonlaminar.
(iv) A system for monitoring environmental
conditions;
(v) A system
for cleaning and disinfecting the room and equipmen (v) A system for cleaning
and disinfecting the room and equipment to produce aseptic conditions.
(vi) A system
for maintaining any equipment used to control they equipment used to control
the aseptic conditions.
(d) Operations
relating to the manufacture, processing, and pack manufacture, processing, and
packing of penicillin shall be performed in facilities separate from tho of
penicillin shall be performed in facilities separate from those used for other
drug products for human use used for other drug products for human use.
What does FDA look for in a facility?
 |
| Good Manufacturing Practice, pharmavoicebd24, |
Buildings and
Facilities Buildings and Facilities
1) Is the
facility suitable for the operations being carried Is the facility suitable for
the operations being carriedout?
2) Is the
facility readily cleanable? Is the facility readily cleanable?
3) Are there
proper controls against cross Are there proper controls against
cross-contamination?
4) Is there
adequate ventilation while still keeping out Is there adequate ventilation
while still keeping outsources of contamination?
5) Are there
adequate sanitary facilities? Are there adequate sanitary facilities?
6) Are there
operational areas separate to prevent mix Are there operational areas separate
to prevent mixups and cross ups and cross-contamination? contamination?
7) What is the
source of the water supply? What is the source of the water supply?
8) Are there
adequate systems for the handling and Are there adequate systems for the
handling and disposal of waste?
Materials handling and storage Materials handling and
storage
1) Is there
proper segregation between incoming and Is there proper segregation between
incoming and released components?
2) Are
environmental factors, such as temperature and Are environmental factors, such
as temperature and humidity, monitored and controlled properly?
3) Is there
adequate storage space under the required Is there adequate storage space under
the required environmental conditions?
4) Are
in-process materials properly stored? process materials properly stored?
5) Are
containers suitable for raw materials and Are containers suitable for raw
materials and intermediate product?
Equipment
1) Is the
facility equipment suitable for its intended Is the facility equipment suitable
for its intended use?
2) Is equipment
designed to facilitate cleaning?
3) Are there
proper filtration systems adequately Are there proper filtration systems adequately designed and properly functioning? Does equipment design prevent contamination from external sources?
4) Is equipment
clearly and uniquely identified?
Utilities & Services
Utilities and
Energy is one of those business domains that hasn't been known to be very open
to experiment with the scope of its outsourcing arm in general. While
businesses in this domain do outsource some processes, they typically associate
it only with the value addition aspect of the business - collection, dispute
resolution, retention etc. This also hasn't allowed them to fully use the
leverage of outbound calling.
-Water
-Steam
-Gases
-Electricity
-Cleaning
-Fire &
Safety
-Drainage &
Control
-Transportation
Conventionally
utilities have also viewed CRM as being need based, demand driven or event
specific. They have however, not often considered CRM as a requisite throughout
the customer lifecycle.
However, with
time, the sector has realized that apart from better customer care, support and
sales, the outbound communications have an exceptionally high potential to help
avoid the higher retention costs and customer contact. Some of the applications
in no particular order that can yield such benefits to utilities are:
The goal of the
energy and utility sector should be managing the expectations of the end - user
along with preemptive communication and to provider support and services not
just on a need-to-serve basis but throughout their lifecycle with your
business. Let us look how the above help in the same.
At the
beginning of an end - user's relationship with the utility service provider,
welcome calls make sense. A lot of banks do this to know if the debit card and
the welcome kit were informative enough and if the client was happy with them.
The same can
also apply within this industry. Similarly, it is also relieving to know that
the money the consumer paid has reached the right place. I know they have the
credit card / bank statement to verify the same, but have a human say this is
far better.
Account Status (Activation / Deactivation)
Once the
account is activated, the sooner your user knows, the earlier they start using
it. Now, while they are already aware of the tentative dates, again it helps to
check if they've realized it.
It creates a
professional image of the service provider when the customer is informed that
their account has been activated. This helps more in cases of deactivation
because then they know that they are not being charged for the service that
they opted out of (for whatever reason).
Rate/Tariff
Notifications, Payment / overdue reminders
If you pre -
inform your clients about the rates and tariff notifications and / or the
payment reminders or overdue notices, this is both revenue generating as well
as business empowering. This enables them to express their dissatisfaction (if
it is felt) and / or make payments in time, sometimes even instantaneously.
Crew Mobilization and Outage / Restoration Notifications
Similarly when
you proactively update your client about any sort of crew mobilizations or
outages / restorations it helps your business. They are thus better prepared
for the crisis or change and they trust you better because they appreciate
knowing it in advance. So, in other words, customer empowerment leads to
business empowerment for you.
Retention /
satisfaction surveys
The last stage
of any customer lifecycle is when they decide to discontinue the business with
you. At this stage you try to retain them and / or help them close their
account easily and smoothly. This means that satisfaction surveys of an
outbound nature will help you get feedback and feedback is always valuable.
HVAC System
An Introduction
to HVAC Systems and How They Work
Understanding
HVAC systems
The heating,
ventilation and air conditioning (HVAC) system is the respiratory system of any
building. Its main purpose is to provide conditioned air i.e. air which is
clean and odorless to breathe in a safe and comfortable environment.
The HVAC system
controls the quality, movement and temperature of the air and ensures that it
is at a comfortable range.
According to
their use, HVACs can be categorized into three types namely commercial HVACs,
residential HVACs, and industrial HVACs. A better understanding of the HVAC
system makes you realize the significance of regular maintenance to ensure its
long-lasting performance and full benefits.
How Does Your HVAC System Work?
The HVAC system
behaves in a repetitive cycle to fulfill its responsibility to provide heated
or cooled air as needed. How does it do that? Consider the function of its
components below.
Ventilation Systems
Ventilation
systems are of three types - supply, exhaust, and balanced. The exhaust
ventilation system makes use of exhaust fans for pulling air out of the home.
It reduces pressure of the air inside and allows the natural flow of air
outside.
The supply
ventilation system does it the other way round - it pumps air into the building
in order to make the old, stale air leak out. The balanced ventilation system
makes use of both supply and exhaust fans to push out old air and allow fresh
air to come in.
Air Conditioning
The air
conditioning system usually consists of two units, the inside unit known as the
evaporator and the outside unit known as the condenser. The condenser is in the
high pressure side of the system.
The compressor
spins the refrigerant into a high pressure gas and sends it to the compressor.
It loses its heat and turns into a liquid. This liquid goes into the evaporator
which is the low pressure side of the unit.
As the pressure
suddenly drops here, the refrigerant vaporizes and is transformed into
low-temperature, low-pressure gas.
As the air is
circulated through the many tubes in the system, the heat is absorbed and cool
air is circulated through the ventilation system. The repeated cycle provides
continuous cool air.
Heating
Your HVAC
system consists of a furnace and a ductwork that are connected together to
provide a heat exchange. The system usually has a fan attached to pull the heat
from the ventilation system and allow it to circulate in the building.
A heat pump may
be used to supplement the furnace as well but for central heat systems, it is
essential. The pump moves heat from outside air into the evaporator and then,
it is pumped into the ventilation system.
There are
exhaust ducts, supply ducts and return ducts in the HVAC system. Each needs to
be installed properly for the system to function efficiently. Regular
maintenance of your HVAC system can help prevent poor ventilation and save you
on long-term costs.
Contact your
local expert Contractor to get quality maintenance services or to inquire
further about your HVAC system.
Effluent Treatment Plant (ETP)
 |
| Good Manufacturing Practice, pharmavoicebd24, |
Our Effluent
treatment Plants provide effective solutions to effluent odor control, BOD
reduction, aeration, clarification, phosphorous and nitrogen removal and more.
Our process experts work with the design team to learn the various factors that
contribute to a plant’s design, including effluent requirements, land
availability, energy, labor and disposal costs.
We then apply
our extensive process knowledge and product expertise, analyzing the efficiency
of each process, their interaction with other components, while optimizing the
overall efficiency of the entire system from start to finish.
BK Chemicals
good practice guide deals with improving the performance of effluent treatment
plant to reduce operating costs and reduce environmental pollution.
Most companies
operate effluent treatment plants to reduce the potential for pollution of
receiving waters and to comply with discharge consent conditions. Effective
management and control of the processes used for effluent treatment will help
you to:
• Reduce your
operating costs and thus increase profits.
• Achieve more
effective compliance with legislation.
• Improve your
company's public image.
NEED OF ETP (Effluent Treatment Plant)
• Water is basic necessity of life used
for many purposes one of which is industrial use.
• Industries generally take water from
rivers or lakes but they have to pay heavy taxes for that.
• So it’s necessary for them to recycle
that to reduce cost and also conserve it.
• Main function of our ETP is to clean
industry effluent and recycle it for further use.
OUR ETP Will Suitable For:
We supply the
effluent treatment plants for following industries:
• Metal finishing / Automobile / Steel
mills / Electroplating
• Dying /Bleaching
processes/tanneries/laundry-Textile Industry
• Acid-Alkali treatment- chemical
industry/recovery of chemical
• Paper & pulp Industry, Leather
Industry
• Oily waste water- automobile
/refineries
• Pharmaceutical & food industry
• Conventional ETP
• Thermal power / Rubber industry /
Fertilizers
Security & Control.
Top 10
Information Systems Security Controls in the Enterprise
The modern
Enterprise IT Infrastructure as we know it today has evolved over the years,
from the huge computers in the mid 1940s, which could not even do what our
small calculators can do today, to the years of mainframes. We now have high
processor computers with lots of storage space and high speeds that are easily
affordable. We have seen a shift of focus from centralized to decentralized,
distributed, network computing within enterprises.
All these
developments have been great, as they have eased the way we do business, but
also brought myriad of enterprise security issues.
In this article
we look at the top 10 enterprise security controls that we could deploy to
reduce on the effect of known enterprise infrastructure security issues.
1. Take a holistic approach to security
Successful
enterprise security requires good planning and a holistic security strategy
that considers everything in the organizations, from business processes to the
people, on an ongoing basis. Many at times enterprises consider costly
technical solutions, as a reaction to security breaches.
2. Develop an Enterprise security program / policy
Organizations
need to develop security programs that outline the Roles, policy, procedures,
standards and guidelines for the Enterprise security.
Roles: Outline
who is responsible for what e.g. Chief Information security officer (ISO) could
be responsible for ensuring a good security posture for the organization.
Policies: These
are general organization wide statements that set out the mandatory requirements
to ensure a minimum security level. Examples include: Acceptable E-mail Use
Policy, Internet use policy, Mobile devices use policy etc...
Standards:
these are derived from policies, laying out specific steps or processes
required to meet a certain requirement. For example a requirement that all
email communication be encrypted.
3. Manage Risk - On a continuous basis
Risk management
is the process of identifying risk, assessing risk, and taking steps to reduce
risk to an acceptable level. This involves identifying the assets in the
organization that you need to secure; these could include human resources,
technology, trade secrets, patents, copyrights etc...
Then identify
all possible risks that could affect the availability, confidentiality and
integrity of these assets. Management can then decide what to do with the
identified risks; risks can either be mitigated or transferred to a third party
like an insurance company.
4. Refine Business Processes: Adopt Industry best Practices
Beyond the need
to manage Enterprise IT technology, is the need to establish and employ best
practices and processes to optimize IT services. A number of internationally
recognized frameworks have been developed already to describe effective ICT
infrastructure management processes. Hence there is no need to re-invent the
wheel.
5. Streamline physical / environmental security
Physical and
environmental security is vital in protection of information assets and ICT
Infrastructure in the Enterprise. Physical security should look at issue like,
monitoring and detection e.g. security guards, alarms, CCTV.
Access control
and deterrent solutions e.g locks, fencing, lighting, mantraps, Biometrics etc.
Environmental control and design, server room temperature, humidity, air conditioning,
static electricity, fire suppression and detection, Power generation and
backup, all these should be well streamlined.
6. Deploy content filtering / inspection solutions.
As content,
(email, internet traffic etc...) moves in and out of the enterprise, there is
need for it to be managed well to avoid any security breaches and attacks.
Controls could include:
-Web filters to
enforce organizational Internet usage policies through content filtering,
application blocking, and best-of-breed spyware protection.
- Spam filters
/ Firewalls to protect your email server from spam, virus, spoofing, phishing
and spyware attacks.
- Unified
Threat management solutions(UTM): Several organization choose to deploy UTM
solutions that offer industry leading functionalities within one package
including Intrusion Prevention System; Antivirus with Antispam; Web Filtering;
Antispam; Firewall; SSL - VPN; Traffic Shaping and many more.
7. Manage the inside of the Corporate Network
We have already
seen that there are increased security breaches that come from within the
enterprise; therefore it's vital to manage the inside of the enterprise network
very well. Some of the steps we could take include the following:
- Taking an
inventory of all authorized and unauthorized software and devices on the network.
- Maintenance,
Monitoring, and Analysis of Audit Logs
- Continuous
Vulnerability Assessment, patch management and Remediation
- Limitation
and Control of Network Ports, Protocols, and Services
8. Have an Identity and Rights Management System
Identity
management is very vital and important to avoid user rights violation and
excessive rights issue. Put in place procedures, guideline and a system for
Identity management, which involves creation of users, change of user rights,
removal of rights, resetting lost user password. This also calls for Controlled
Use of Administrative Privileges.
Is access in
the Enterprise based on a need to know basis? For example should everyone in
the organization have access to the payroll database?!
9. Put emphasis on Data Loss Prevention (DLP).
Data loss
prevention puts into consideration the security of data, both in motion and
static. With the advent of portable devices and memory sticks that have lots of
storage space, it very easy for someone to copy lots of corporate data on a
removable media in just a matter of seconds.
I have heard of
stories of disgruntled employees selling clients databases to the competition.
Data loss prevention (DLP) encompasses the tools that prevent accidental data
leakage, including device and port control, encryption (both hard-drive and
removable media encryption).
Also how does
your organization handle hard disks that have sensitive information and need
disposing off? How about paper documents? I bet one could get lots of
information by just dumpster diving into corporate trash bins (am told some
investigative journalists use this method to "snoop"). .
There is no
excuse for organization not to shred sensitive paper documents, given all the
shredders available on the market; some can even shred plastic and CD media.
Securing
information assets is becoming more vital every day; unfortunately many
organizations do not consider it important until a breach has actually
happened.
You can imagine
the direct cost of not being proactive as far as information security is
concerned, which could include, the cost to recover data lost or altered during
an incident, cost to notify customers of breaches, fines for non-compliance and
indirect costs e.g., lost customers, lost productivity, time spent
investigating/resolving breaches and hoaxes, and so many. Therefore it's
crucial to seek for external assistance from an external firm or consultant if
need be, to assist in areas like:
- Carrying out
an IT audit and Penetration Tests a.k.a "Ethical hacking" on your own infrastructure.
- Assisting
with Information security awareness training for your staff etc...
It's important
to note that securing information assets in an enterprise is not just an event,
but is a continued process that requires an ongoing effort and support of the
top management, this is because the threats to information systems continues to
evolve and change daily.
Keyword
good
manufacturing practices
gmp
gmp
guidelines
gmp
manufacturing
gmp
compliance
cgmp
cgmp
guidelines
gmp
good manufacturing practice
gmp
standards
gmp
facility
cgmp
standards
gmps
fda
gmp
gmp
in pharmaceutical industry
good
manufacturing practices guidelines
gmp
regulations
gmp
pharmaceuticals
cgmp
regulations
cgmp
manufacturing
gmp
practices
cgmp
compliance
good
manufacturing process
good
manufacturing practices food
gmp
requirements
