Actual - Legal

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with

According to USFDA, a combination product is one composed of any combination of a drug and device; biological product and device; drug and biological product

federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CF

; or drug, device, and biological product and fixed dose combination would include two or more combinations of drug.

Examples of combination products may in

are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information s

lude drug-coated devices, drugs packaged with delivery devices in medical kits, and drugs and devices packaged separately but intended to be used together.

curity policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated inciden

here is enormous increase in the number of combination products entering the market in the recent years. Combination products have proven advantages but fixe

response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corpo

d dose combinations are still in the process of convincing regulatory authority on their advantages over the single ingredient formulations.

Combination pro

ation. In fact, Gartner Research went so far as to call the Act “the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression.” Since the bulk of information in most companies is created, stored, transmitted and

ucts have become life saving products for the pharmaceutical companies who doesn’t have many innovative molecules in their product pipeline and have been inc

aintained electronically, one could logically conclude that IT shoulders the lion’s share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees

easingly used in the product life cycle management. Even the companies having product patents are trying to extend their product life cycle through the combi

at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

nation products and maximize the revenues. But the companies involved in this practice are overlooking that they are burdening the patients both economically

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial re

and physically. They need to rightly judge the benefits of the combination products and they have to even look at the risks involved when combining the produ

orts;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulate

ts. Some of the combination products were well accepted by physicians while others suffered. Companies involved in development of combination products are fi

enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual as

ding difficulty in defining their combination products and facing various challenges from selecting a combination to marketing it.

Following aspects would a

essment of the internal control structure’s effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step

dd to the challenges in developing combination products:

Which markets to tap where the combination products can do fairly well?
Which combination prod

in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises

cts are meaningful and rational?
Which therapeutic categories to select?
Which Combinations can address unmet needs of the patients?
Do combin

ust install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must ad

tions increase the patient compliance?
What would be the developing cost?
How to tackle the risks encountered during combination product developmen

dress all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of e

t?

As combination products don't fit into the traditional categories of drugs, medical devices, or biological products, the USFDA is in the process of devel

ail, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal c

ping new procedures for reviewing their safety, efficacy and quality.

Professional from academic institutions, pharmaceutical industries, health care indust

ntrols;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized user

y and representatives from various regulatory agencies are working out to design the regulatory requirements for manufacture and sale of combination products

;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT

.

As there is an increasing trend of the combination products companies manufacturing such products should be able to tackle the problems involved in the de

epartment to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. Cipher

elopment. They need to be wiser in analyzing the market trends and the regulatory requirements.

Companies that provide selfless information through particip

rust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance

tion in industry events and feedback to regulatory authorities would be able to face the challenges and will be successful in developing combination products

HTTP = HTML link (for blogs, profiles,phorums):
<a href="http://www.actual.org.ua/article/131335/actual-SarbanesOxley-A-CrossIndustry-Email-Compliance-Challenge.html">Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge</a>

BB link (for phorums):
[url=http://www.actual.org.ua/article/131335/actual-SarbanesOxley-A-CrossIndustry-Email-Compliance-Challenge.html]Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge[/url]

Meetings can be a waste of time. Find out how to make better use of your time as a participant or manager of meetings. The 80/20 rule is described to great effect with five helpful tips for designing and running more effective and rewarding meetings.

Undecided if database marketing is right for your small business? Unlike many of the marketing recommendations we make, database marketing really isn't a good fit for every small business. But we can suggest a book that can help you decide.

All mobile car wash companies and auto detailing firms should consider doing business with rental agencies, which rent both cars and trucks. It is fairly easy money and most vehicle rental companies need both the interior and exterior cleaned.

Tags

Links

Actual - Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Related Articles: