FDA警告信—桌面安全

beiwei5du

FDA Warning Letter - Secure Desktop


ObservationDate: 25 April 11
Link FDA Warning Letter (New Window)
4. Your firm has failed to exercise appropriate controls over computer or related systems to assure that changes in master production and control records, or other records, are instituted only by authorized personnel [21 C.F.R 211.68(b)].

For example, your firm lacks control of the (b)(4) computer system which monitors equipment, room differential pressure, room humidity, and stability chambers. Although the system is password protected for temperature and humidity set points, all employees have access to the room where the (b)(4) computer system is located and the external hard drive is not password protected（其实怎么说呢？？像一般的控制间，比如系统服务器存放间，还是应该设置相应的人员限制进入的规定）. During the inspection we observed that an employee was able to alter or delete data without a password and save the changed file.

In your response, your firm states that additional controls were implemented including validating the remote access to the (b)(4) computer, password protecting the room where the computer is stored, and limiting the (b)(4) control room to authorized personnel only（设置相应的门禁系统）. Although your corrective actions may adequately address the protection of the (b)(4) computer from non-traceable changes, your firm has not taken a global approach to this deficiency. It is our expectation that your other manufacturing and laboratory computerized systems will be reviewed to ensure similar deficiencies do not exist. （这个就是preventive action了）

Comment
This warning letter is a common observation relating to the security control of a computerised system, which can include Automation and Laboratory Systems. There are a number of ways controls can be established to ensure a secure environment and stop users having access to the computer hard drive either internal or external.

Generally computerised systems used to interface with users (including Automation Systems, SCADA, Monitoring Systems and Laboratory)  are rarely configured to secure the operating system.  The configuration must be configured to secure data and records stored on it. A standard Windows desktop allows the user to access the internal and external hard drives, USB drives and networked drives.（这个如何理解呢？？？@石头968 @hoover ）

This FDA warning letter could have been cited against FDA 21 CFR Part 11 as the concern is to the integrity of data and records stored on the computerised system. It is a regulatory requirement that data generated by computerised systems are secure and the integrity of the data is maintained.

Computer Settings
Windows can be configured to lockdown the desktop(锁屏设置，这个在最近的CFDA《药品数据管理规范》中也有提及，但是具体的“规定时间自动退出和锁屏”如何把握，毕竟很多时候，频繁的自动锁屏或退出会影响到生产执行行为）. The secure environment can be established using Group Policy and Windows Registry settings to ensure that users have access to the application. However this has configuration difficulties and requires significant effort to verify the settings.（如何理解？？？）

Secure Desktop
A third party application such as Visual Automations Secure Desktop can provide a simple desktop tool that can be configured to ensure that users only have access to applications they are authorised to use. The application is simple to configure and performs the windows registry edits simply from the selection. It is capable of only delivering the applications that are required by the user (remove access to windows explorer, etc.) to provide a secure environment.

The application also allows for the configuration of access to USB ports and combined key strokes.

Using a Secure Desktop (such as Visual Automations Secure Desktop) can reduce the development time for locking down the Windows XP / Windows 7 environment. In addition with well-defined installation procedures will reduce the validation effort. The configuration of the Secure Desktop application can be verified to demonstrate that the system provides the required functionality and then the deployment controlled via approved installation and configuration documentation (Standard operating Procedure / Works Instruction).

In the FDA warning letter it was stated that

Although your corrective actions may adequately address the protection of the (b)(4) computer from non-traceable changes, your firm has not taken a global approach to this deficiency. It is our expectation that your other manufacturing and laboratory computerized systems will be reviewed to ensure similar deficiencies do not exist.

The use of third party applications with common configuration can provide a cost effective solution to demonstrate that the controls have been implemented and that a common approach has been adopted.

Note
The author is not affiliated in any way to Visual Automation and the application is provided as an example of using third party applications to secure the Windows Desktop of a computerised system used within the pharmaceutical environment to improve the security and compliance (of the computerised system). （开始澄清了，不要过分敏感啊！！）

Comments on other available tools or solutions for securing the Windows Desktop for use in a pharmaceutical environment are welcome.

Posted by Barry Tedstone    No comments:   

Labels: FDA Warning Letters

juanx

玻璃杯 发表于 2016-11-18 12:50
我总有一种感觉，中国的制药就是被外国给带坏了，人家总是一个一个的给我们挖坑，让我们一个一个去研究， ...

咱们已经没路可走了。国内靠的是关系，大家为什么争着过FDA，过欧盟，都是想出去转转。
鼓励新人们好好学英语！

亦心

给十一也不休息的楼主点赞

路_转角

楼主的链接都打不开啊

石头968

安全操作系统，就是你只有键盘和显示器，你只能工作，操作系统、存储系统……都在别的地方，你不需要别的外设，也不能删除任何东西……。
保证相对的“绝对安全”

hoover

大约猜测一下作者的意图啊。
Generally computerised systems used to interface with users (including Automation Systems, SCADA, Monitoring Systems and Laboratory)  are rarely configured to secure the operating system.  The configuration must be configured to secure data and records stored on it. A standard Windows desktop allows the user to access the internal and external hard drives, USB drives and networked drives

常见的计算机化系统都有人机交互界面，就是指客户端之类的东西，这些东西呢，可以通过配置的方式来实现一定的安全性（包括数据、系统之类的）。但是标准的windows系统又没有这么好的管理，任何登录windows的人都可以访问硬盘（闪存、网盘等）。
所以你的安全出问题了。

Windows can be configured to lockdown the desktop(锁屏设置，这个在最近的CFDA《药品数据管理规范》中也有提及，但是具体的“规定时间自动退出和锁屏”如何把握，毕竟很多时候，频繁的自动锁屏或退出会影响到生产执行行为）. The secure environment can be established using Group Policy and Windows Registry settings to ensure that users have access to the application. However this has configuration difficulties and requires significant effort to verify the settings.
是说，如果你没有加域的话，windows设置这么多的组策略之类的东西是很化时间的。

Visual Automations Secure Desktop就是个虚拟桌面，很老的IT技术了。

总之，此文是个软文，先吓唬，再说你常规的技术成本高，最后推出“新”技术。不过，他的切入点不错，赶上好时候了。
我10年前，也试图在临床实验计算机系统引入虚拟化解决监管问题，还与审评中心、临床基地一起开过会，最后因为成本高而放弃了。现在法规有要求了，应该成本不是问题了，这个技术应该能推开了。

cgc717

hoover 发表于 2016-10-8 15:43
大约猜测一下作者的意图啊。
Generally computerised systems used to interface with users (including A ...

第一个限制登录WINDOWS的人删除硬盘上数据的问题，现在在WIN7系统上是可以实现的（论坛已有网友介绍过），但在XP系统中无法实现。

锁屏操作在在单机版上理论上也可以实现，就是需要登录WINDOWS和应用软件均需要设置用户帐号和密码（但现在更多的好像是共用windows的用户名和密码；至于网络版的，通过设置域用户是完全可以做到的。

关于虚拟技术现在应不是问题。

安捷伦

瘦机可能是未来的发展趋势

akylq110

路过，眼花了

ztzhang

FDA警告信中没提任何安全桌面的话题吧。。。只是说对于计算机化系统，不光要有逻辑安全措施（用户名密码，权限配置等），也要有物理安全措施（门禁，锁等）防止未授权用户接触到硬件（尤其是硬盘什么储存电子记录的东西）。
个人对于安全桌面的理解是：是个好东西，但有没有必要用，还得看实际情况。比如说有些软件，对于储存在本地电脑上的数据无法在windows层面进行访问限制，那可能用这个Visual Automation就会好一些。

juanx

英文不好，在制药界混不下去呀！内容不熟，英文不好，打个酱油！

玻璃杯

juanx 发表于 2016-11-18 12:37
英文不好，在制药界混不下去呀！内容不熟，英文不好，打个酱油！

我总有一种感觉，中国的制药就是被外国给带坏了，人家总是一个一个的给我们挖坑，让我们一个一个去研究，其实没啥实质作用，都是做一些类似 ....假如A，实得A ....的题目，各国的国情不一样，没意义照搬国外的，不跟随，走自己的路，才是最好的最适合自己的。

beiwei5du

ztzhang 发表于 2016-11-18 12:18
FDA警告信中没提任何安全桌面的话题吧。。。只是说对于计算机化系统，不光要有逻辑安全措施（用户名密码， ...

这些均是从warning letter中剪切过来的




4.    Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

For example, the computer in your quality unit area did not have controls to restrict access and prevent unauthorized changes to data files and folders. All employees had access to your Annual Product Review (APR) spreadsheet. The desktop computer containing the APR was not locked.

In your response, you committed to “reassessing the GMP” requirements for computer-based systems; you stated the systems would be “evaluated, checked and validated.” You did not include a timeline or specify a plan to review released batches and determine the impact of the deficiency.




2.    Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 C.F.R. §211.68(b)).

Your firm failed to have adequate procedures for the use of computerized systems in the quality control (QC) laboratory. Our inspection team found that current computer users in the laboratory were able to delete data from analyses. Notably, we also found that the audit trail function for the gas chromatograph (GC) and the X-Ray Diffraction (XRD) systems was disabled at the time of the inspection. Therefore, your firm lacks records for the acquisition, or modification, of laboratory data.

Moreover, greater than (b)(4) QC laboratory personnel shared (b)(4) login IDs for (b)(4) high performance liquid chromatographs (HPLC) units. In addition, your laboratory staff shared one login ID for the XRD unit.  Analysts also shared the username and password for the Windows operating system for the (b)(4) GC workstations and no computer lock mechanism had been configured to prevent unauthorized access to the operating systems. Additionally, there was no procedure for the backup and protection of data on the GC standalone workstations.

4.    Failure to implement access controls and audit trails for laboratory computer systems.

At both Aarti facilities (FEI 3009688205 and FEI 3006418686):

For example, your firm failed to have adequate procedures for the use of computerized systems used in the QC laboratory.  At the time of the inspections, your QC laboratory personnel shared the same username and password for the operating systems and analytical software on each workstation in the QC laboratory.  In addition, no computer lock mechanism had been configured to prevent unauthorized access to the operating system.  The investigator noticed that the current QC computer users are able to delete data acquired. In addition, the investigator found that there is no audit trail or trace in the operating system to document deletions.

yc20160802

请楼主将警告信全文传上来。

ztzhang

beiwei5du 发表于 2018-3-4 16:58
这些均是从warning letter中剪切过来的

你贴出来的这些警告信段落，说的都是一个问题--windows层面的逻辑安全措施，就是说操作系统也要配置独立的用户名和密码，防止未授权的登陆和修改里面存在的GMP数据。
你的话题是安全桌面，可是之前列举的很多警告信例子并不是用安全桌面就能解决的啊，或者不用安全桌面也能解决。
这种软件只是保证数据安全的其中一个可采取的措施，不是用了这个软件就万事大吉了。

入不了门者

操那些心干啥，就这么几个供应商，买新的软件应该都能合规吧

beiwei5du

ztzhang 发表于 2018-3-13 14:28
你贴出来的这些警告信段落，说的都是一个问题--windows层面的逻辑安全措施，就是说操作系统也要配置独立 ...

你说的个人认为比较在理！

beiwei5du

ztzhang 发表于 2018-3-13 14:28
你贴出来的这些警告信段落，说的都是一个问题--windows层面的逻辑安全措施，就是说操作系统也要配置独立 ...

这里有一定的提及到，这个通过云桌面应该很好的进行设置吧。
https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070266.pdf

ztzhang

beiwei5du 发表于 2019-3-24 22:11
这里有一定的提及到，这个通过云桌面应该很好的进行设置吧。
https://www.fda.gov/downloads/Drugs/Guid ...

软件自动登出或者自动锁屏的要求一直都有，很多情况下，windows的屏幕保护功能就能够满足了。而且很多软件现在也有自动登出的功能。

小金库

谢谢分享。