FDA Issues 22 Warning Letters to Web site Operators

FDA’s Office of Criminal Investigations (OCI), in conjunction with the Center for Drug Evaluation and Research and the Office of Regulatory Affairs, Office of Enforcement, targeted 136 Web sites that appeared to be engaged in the illegal sale of unapproved or misbranded drugs to U.S. consumers.

Reason:

None of the Web sites are for pharmacies in the United States or Canada.

What did the agency issued?

The agency issued 22 warning letters to the operators of these Web sites and notified Internet service providers and domain name registrars that the Web sites were selling products in violation of U.S. law.

Guidelines for Secure Use of Social Media by Federal Departments and Agencies, v1.0

Risks

Federal Government information systems are targeted by persistent, pervasive, aggressive threats.

In order to defend against rapidly evolving social media threats, departments and agencies should include a multi-layered approach in a risk management program, including risks to the individual, risks to the department or agency, and risks to the federal infrastructure.

Social media technologies such as Wikis, Blogs, and social networks are vulnerable to the following methods/techniques of cyber attacks: Spear phishing, Social Engineering, and Web Application Attacks

The Threat

Federal Government information systems are targeted by persistent, pervasive, aggressive threats. This is well known and documented, as stated in May of 2009 by Margaret Graves, Acting CIO for the Department of Homeland Security.

Recommendations

The following are a series of strategies and recommendations for federal departments, agencies, and policy makers to minimize risk.

Policy Controls

The safe use of social media is fundamentally a behavioral issue, not a technology issue.

Policy addressing behavior associated with protecting data would likely cover current social media technologies as well as future technologies. Policies for Web 2.0 technologies, blogs, wikis, social media sites, mash-ups, cloud computing, Web 3.0, outsourced e-mail, and other new technologies will remain extensible and applicable.

Acquisition Controls

When Federal agencies use hosted information systems, such as social media websites, they must have some level of risk management, mitigation, and acceptance of residual risk.

Most social media websites have a service subscription model that provides additional capabilities, or may be able to provide federal agencies with additional capabilities for a fee. This has already been demonstrated through modifications to Terms of Service (TOS) agreements by GSA.

http://www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf

Sarbanes-Oxley Act & Section 302,404,409

The Sarbanes-Oxley Act of 2002 also known as the Public Company Accounting Reform and Investor Protection Act of 2002 is mandatory. ALL organizations, large and small, MUST comply.

Section 302

Corporate responsibility for Financial Activities

Public Company Officers must certify the accuracy of financial statements and must certify that statements fairly present the operations and financialcondition of the issuer.

It also requires material information that is used to generate reports be retained and made available to the public.

It Affects

This directly affects the IT and security departments because it is
primarily IT systems that generate these periodic reports and which control e-mail, the main method of communication within most organizations.

Section 404

Management Assessment of Internal Controls

Section 404 is the most pertinent section within SOX to issues surrounding information security. It addresses the necessity of corporate management to be fully accountable for the integrity of all data associated with their financials.

It states that management teams of public companies must establish and maintain adequate “Internal Controls” over their financial reporting systems to safeguard against unauthorized and improper use of financial information.

Internal Controls are defined as “all control methods a company uses to prevent, detect and correct errors and frauds that might get into financial statements”.

Section 409

Real Time Issuer Disclosure

Public Companies must be aware of, and declare, changes in their financial conditions or operations within 48 hours of material events.  All events which could affect a company’s finances, stock price or intellectual property (among otherthings) must be captured, documented with a process that can be audited and reported in a rapid fashion.

This includes operational risk with IT systems such as:

• Major or extended system outages
• Loss of critical data
• Security breaches
• Intellectual Property and Digital Rights Management issues
• Major computer virus and worm attacks

FDA Issues Draft Guidance on Risk Evaluation and Mitigation Strategies

The U.S. Food and Drug Administration today announced the availability of the first draft guidance for industry on Risk Evaluation and Mitigation Strategies or REMS, which are required for certain drugs or biologics.

The draft guidance for industry titled “Format and Content of Proposed Risk Evaluation and Mitigation Strategies (REMS), REMS Assessments, and Proposed REMS Modifications”:

• provides FDA’s current thinking on the format and content that industry should use for submissions of proposed REMS
• describes each potential element
• includes preliminary information on the content of assessments and proposed modifications of approved REMS
• describes REMS policies for certain regulatory situations
• informs industry about who to contact within FDA about a REMS
• indicates FDA Web sites where documents about approved REMS will be posted
• provides an example of what an approved REMS might look like for a fictitious product.

Check out for draft guidance at -

http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM184128.pdf

50 % of ISO 27001 Companies don’t care about Security Rules

Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance.

Some fiagures:

Some 47% of firms in the UK said they were compliant with the standard. But 41% of these said that they were using various non-compliant practices.

Bad Practices:

• Included use of
• Default user names and passwords,
• The granting of wider access than is necessary,
• Failure to monitor the users, and
• An ignorance around the existence of privileged users in the first place.

Who all were surveyed?

270 – European IT managers (including 45 in the UK)
Survey Conducted by – Quocirca

29% of firms in the UK rely on manual control of privileged users, who include system administrators, application service users, and privileged personal users.

Only a quarter have implemented privileged user management software, which aims to help businesses enforce and track policy. Around 20 percent plan to implement the software.

UK firms saw privileged users as a medium threat, rating them on average at 2.5 on a scale of one to five, where one meant no threat and five represented a very serious threat.

Source:

1. http://whitesock.net/index2.php?option=com_content&do_pdf=1&id=24877
2. http://www.networkworld.com/news/2009/102209-almost-half-iso-27001-compliant.html?hpg1=bn

Federal Trade Commission behind Bloggers?

What does the rule says?
The new regulations are aimed at the rapidly shifting new-media world and how advertisers are using bloggers and social media sites like Facebook and Twitter to pitch their wares.

The new rules also take aim at celebrities, who will now need to disclose any ties to companies, should they promote products on a talk show or on Twitter.

Going to be effective from Dec. 1

The FTC said that beginning Dec. 1, bloggers who review products must disclose any connection with advertisers, including, in most cases, the receipt of free products and whether or not they were paid in any way by advertisers, as occurs frequently.

Source: http://economictimes.indiatimes.com/infotech/ites/Are-you-blogging-FTC-wants-to-know-if-you-are-being-paid/articleshow/5093840.cms

Guidance: Patient-Reported Outcomes

Source:  http://www.fdanews.com/ext/files/06d-0044-gdl0001.pdf

This guidance describes how the FDA evaluates patient-reported outcome (PRO) instruments used as effectiveness endpoints in clinical trials.
It also describes our current thinking on how sponsors can develop and use study results measured by PRO instruments to support claims in approved product labeling.

PRO instruments provide a means for measuring treatment benefits by capturing concepts related to how a patient feels or functions with respect to his or her health or condition.

The concepts, events, behaviors, or feelings measured by PRO instruments can be either readily observed or verified (e.g., walking) or can be non-observable, known only to the patient and not easily verified (e.g., feeling depressed).

The (FDA) is proposing to amend its postmarket medical device reporting (MDRs) regulation

The Food and Drug Administration (FDA) is proposing to amend its postmarket medical device reporting regulation to require that manufacturers, importers, and user facilities submit mandatory reports of individual medical device adverse events, also known as medical device reports (MDRs) to the agency in an electronic format that FDA can process, review, and archive.

Benefit/ Advantage

1. Mandatory electronic reporting would improve the agency’s process for collecting and analyzing postmarket medical device adverse event information.
2. The proposed regulatory changes would provide the agency with a more efficient data entry process that would allow for timely access to medical device adverse event information and identification of emerging public health issues.

FDA is also announcing a draft guidance document that provides recommendations on how to prepare and submit electronic MDRs to FDA in a manner that satisfies the requirements of this proposed regulation.

Date to Submit:

November 19, 2009. Submit comments on information collection
issues under the Paperwork Reduction Act of 1995 (the PRA) by September 21, 2009.

Addresses to Submit:

You may submit comments, identified by Docket No. FDA–2008–N–
0393 and/or RIN number 0910–AF86, by any of the following methods

Electronic Submissions
Submit electronic comments in the following way:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments

Written Submissions

Submit written submissions in the following ways:
• FAX: 301–827–6870.
• Mail/Hand delivery/Courier (for paper, disk, or CD–ROM submissions):
Division of Dockets Management (HFA– 305), Food and Drug Administration,
5630 Fishers Lane, rm. 1061, Rockville, MD 20852

Instructions:

All submissions received must include the agency name and Docket No(s). and Regulatory Information Number (RIN) (if a RIN number has been assigned) for this rulemaking. All comments received may be posted without change to http:// www.regulations.gov, including any personal information provided.

Source: - http://edocket.access.gpo.gov/2009/pdf/E9-19683.pdf

Also I have found some webinars which are related to MDR medical device reports which can be helpful

1. Complaint Handling, MDR’s & Recalls
2. Medical Device Complaints, MDR’s and Recalls
3. Development and Audit of Complaint Handling and MDR Processes

Source:- www.complianceonline.com

Pharmaceutical conferences 2009 September

Conference Name: The British Pharmaceutical Conference
Email: alyons@health-links.co.uk
Website: http://www.bpc2009.org/
Date: 6th September 2009 – 9th September 2009
Channel- Pharmaceutical

Conference Name: I22nd Annual European Haemophilia Consortium Conference 2009
Email: aiste@balticconference.com
Website: http://www.ehc2009.eu/
Date: 11th September 2009 – 13th September 2009
Channel- Pharmaceutical

Conference Name: 38th Annual Meeting of the American College of Clinical Pharmacology
Email: SUE@ACCP1.org
Website: http://www.accp1.org/cgi-bin/htmlos.cgi/001395.1.3318652372234802535/accp2007/subpage.html
Date: 13th September 2009 – 15th September 2009
Channel- Pharmaceutical

Conference Name: Twelfth Annual Land O’Lakes Conference on Drug Metabolism/Applied Pharmacokinetics
Email: jedemuth@pharmacy.wisc.edu
Website: http://www.pharmacy.wisc.edu/esp/drugmetabolismconference
Date: 14th September 2009 – 18th September 2009
Channel- Pharmaceutical

Conference Name: Computational Systems Biology and Dose Response Modeling Workshop
Email: jgalbo@thehamner.org
Website: http://www.thehamner.org/education-and-training/current-course-offerings.html
Date: 14th September 2009 – 18th September 2009
Channel- Pharmaceutical

Conference Name: 2009 PDA/FDA Joint Regulatory Conference
Email: neal@pda.org
Website: http://www.pda.org/pdafda2009
Date: 16th September 2009 – 18th September 2009
Channel- Pharmaceutical

Conference Name: Rosenšn Meeting 2009: DMPK Aspects of Drug Combinations
Email: jenny.hagberg@lakemedelsakademin.se
Website: http://www.swepharm.se/rosenon2009
Date: 17th September 2009 – 19th September 2009
Channel- Pharmaceutical

Conference Name: 8th Congress of the Baltic Association of Dermatovenereologists
Email: info@badv2009.com
Website: http://www.badv2009.com/home
Date: 17th September 2009 – 19th September 2009
Channel- Pharmaceutical

Conference Name: PDA Discussion Forum: Implementing Rapid Microbiology Methods
Email: info@pda.org
Website: http://www.pda.org/MainMenuCategory/GlobalEventCalendarandRegistration/European-Events/PDA-Discussion-Forum-Implementing-Rapid-Microbiology-Methods.aspx
Date: 21st September 2009
Channel- Pharmaceutical

Conference Name: Workshops on Concepts and Applications of Population based In Vitro – In Vivo Extrapolation of ADME Properties
Email: events@simcyp.com
Website: http://www.simcyp.com/ProductServices/Workshops/
Date: 21st September 2009 – 25th September 2009
Channel- Pharmaceutical

Conference Name: Handling Failures in Sterile Manufacturing
Email: stuermer@concept-heidelberg.de
Website: http://www.gmp-compliance.org/eca_seminar_6106.html
Date: 22nd September 2009 – 23rd September 2009
Channel- Pharmaceutical

Conference Name: Recent Developments in Wound Management: Intelligent Biomaterials to Novel Antimicrobials
Email: events@rpsgb.org
Website: http://www.rpsgb.org/pdfs/sciconf090924.pdf
Date: 24th September 2009
Channel- Pharmaceutical

Conference Name: GMP and FDA Compliance in Pharmaceutical Development and IMP Manufacturing
Email: bach@concept-heidelberg.de
Website: http://www.gmp-compliance.org/eca_seminar_6014.html
Date: 24th September 2009 – 25th September 2009
Channel- Pharmaceutical

Conference Name: Together! Cultural Connections for Quality Care at the End of Life
Email: conference@conlog.com.au
Website: http://www.conlog.com.au/palliativecare2009
Date: 24th September 2009 – 27th September 2009
Channel- Pharmaceutical

Conference Name: 1st World Conference on Physico-Chemical Methods in Drug Discovery and Development
Email: office@iapchem.org
Website: http://www.iapchem.org/
Date: 27th September 2009 – 1st October 2009
Channel- Pharmaceutical

Conference Name: Supporting Pharmacists in Delivering Enhanced Services
Email: events@rpsgb.org
Website: http://www.rpsgb.org/pdfs/sciconf090928.pdf
Date: 28th September 2009
Channel- Pharmaceutical

Conference Name: Property Measurement and Testing of Powders for Pharmaceutical/Neutraceutical Production
Email: wolfson-enquiries@gre.ac.uk
Website: http://www.gre.ac.uk/wolfsoncentre/events/pharmaconference
Date: 29th September 2009
Channel- Pharmaceutical

Conference Name: The QbD/PAT Conference 2009
Email: weidemaier@concept-heidelberg.de
Website: http://www.pat-conference.org/
Date: 29th September 2009 – 1st October 2009
Channel- Pharmaceutical

Conference Name: ICH Q7 Auditor Training Course
Email: ludwig@concept-heidelberg.de
Website: http://www.ichq7-week.org/
Date: 30th September 2009 – 2nd October 2009
Channel- Pharmaceutical

Computer System Validation

CSV Audit Presentation

View more presentations from Robert Ruemer.