FDA Issues Draft Guidance on Risk Evaluation and Mitigation Strategies

October 27, 2009

The U.S. Food and Drug Administration today announced the availability of the first draft guidance for industry on Risk Evaluation and Mitigation Strategies or REMS, which are required for certain drugs or biologics.

The draft guidance for industry titled “Format and Content of Proposed Risk Evaluation and Mitigation Strategies (REMS), REMS Assessments, and Proposed REMS Modifications”:

  • provides FDA’s current thinking on the format and content that industry should use for submissions of proposed REMS
  • describes each potential element
  • includes preliminary information on the content of assessments and proposed modifications of approved REMS
  • describes REMS policies for certain regulatory situations
  • informs industry about who to contact within FDA about a REMS
  • indicates FDA Web sites where documents about approved REMS will be posted
  • provides an example of what an approved REMS might look like for a fictitious product.

Check out for draft guidance at –


50 % of ISO 27001 Companies don’t care about Security Rules

October 23, 2009

Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance.

Some fiagures:

Some 47% of firms in the UK said they were compliant with the standard. But 41% of these said that they were using various non-compliant practices.

Bad Practices:

  • Included use of
  • Default user names and passwords,
  • The granting of wider access than is necessary,
  • Failure to monitor the users, and
  • An ignorance around the existence of privileged users in the first place.

Who all were surveyed?

270 – European IT managers (including 45 in the UK)
Survey Conducted by – Quocirca

29% of firms in the UK rely on manual control of privileged users, who include system administrators, application service users, and privileged personal users.

Only a quarter have implemented privileged user management software, which aims to help businesses enforce and track policy. Around 20 percent plan to implement the software.

UK firms saw privileged users as a medium threat, rating them on average at 2.5 on a scale of one to five, where one meant no threat and five represented a very serious threat.


  1. http://whitesock.net/index2.php?option=com_content&do_pdf=1&id=24877
  2. http://www.networkworld.com/news/2009/102209-almost-half-iso-27001-compliant.html?hpg1=bn

IT outsourcing poses risks

October 23, 2009

Now the question comes why firms outsource ?

Client firms outsource their information technology (IT) needs in order to capture a variety of benefits.

Skill acquisition

Businesses of all sizes and in all sectors now have an online presence and at minimum use databases for human resources and sales. Firms increasingly contract with outside providers to acquire needed skills in areas such as:

  • software development;
  • network audits to determine vulnerabilities; and
  • encryption services and access controls.

Time zones

Many IT functions must be maintained on a constant basis. A number of timely functions are commonly outsourced to vendors in different time zones, including:

  • intrusion detection services;
  • firewall upkeep and management; and
  • remote network management.

Leading destinations:

Offshoring of IT services is projected to experience a 40% compound annual growth rate over the next decade. The leading destinations for such investment can be divided into three tiers:

  • Tier one consists of industry-leader India, with over 150,000 IT professionals.
  • Tier two features Canada, Ireland, China, and the Philippines. Each of these countries claims 20,000 to 50,000 IT professionals.
  • Tier three consists of Israel, Russia, Mexico, and South Africa, with less than 20,000 IT workers each.

Uneven performance:

Recent studies suggest too much enthusiasm and too little caution in mainstream depictions of the industry:

  • A survey of Fortune 500 companies found that 50% of companies reported that they regularly encountered multiple problems per month.
  • A different survey found that 25% of all offshore outsourcing ventures failed to generate expected costs savings; another 25% actually led to increased costs relative to comparable in-house performance. Fully 30% of ventures were eventually judged failures and the contracts either cancelled or not renewed.

Risks factors IT offshoring risks fall into three broad areas:

1. Operations -: As in any contractual relationship, there is quality-of-service risk. Many offshore sites are characterised by high rates of employee turnover. Vendors may also take advantage of poorly worded contracts or lack of technical knowledge at the client firm.

2. Cost– : IT offshoring may entail hidden costs, including international travel expenses, monitoring and investigation, and developing infrastructure to support off-site operations.

3. Security-: Intellectual property theft and data security constitute serious risks. In surveys of clients, these are ranked as top factors when selecting an outsourcing vendor, higher even than terrorism and cost overruns.

International laws: The bulwark of international protections is proving inadequate:

  • WIPO: The World Intellectual Property Organization (WIPO) was created in 1970 to enforce international property rights relating to inventions, patents, trademarks, and designs. It became a specialised UN agency in 1974 and currently has 181 signatory nations.
  • TRIPS: Further regulation is provided through the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), negotiated during the Uruguay Round of trade talks (1986-94).

Click here to read more – Oxford Analytica

Congress NCP leads in Maharashtra

October 22, 2009

Congress-Nationalist Congress Party alliance in Maharashtra are all set to retain the power again. Where did other parties went wrong?


Looking for companies information before Interview?

October 20, 2009

Almost everyone does the research about the company before you for interview, and its always good also. By doing research about the company you can get well prepared in advance and prepare yourself how you are going to add the value to the company after you join.

  1. Google
  2. Linkedin
  3. Business Wire
  4. WetFeet.com
  5. Hoover’s Online
  6. Annual Reports Library
  7. Forbes Lists of Best Companies
  8. Thomas Register
  9. Wright Research Center
  10. EarningsWhispers.com

Elements of PCI DSS

October 14, 2009

The core elements of PCI DSS are:

– Build and maintain a secure network
– Protect Cardholder Data
– Maintain a Vulnerability Management Programme
– Implement Strong Access Control Measures
– Regularly Monitor and Test Networks
– Maintain an Information Security Policy

Federal Trade Commission behind Bloggers?

October 6, 2009

What does the rule says?
The new regulations are aimed at the rapidly shifting new-media world and how advertisers are using bloggers and social media sites like Facebook and Twitter to pitch their wares.

The new rules also take aim at celebrities, who will now need to disclose any ties to companies, should they promote products on a talk show or on Twitter.

Going to be effective from Dec. 1

The FTC said that beginning Dec. 1, bloggers who review products must disclose any connection with advertisers, including, in most cases, the receipt of free products and whether or not they were paid in any way by advertisers, as occurs frequently.

Source: http://economictimes.indiatimes.com/infotech/ites/Are-you-blogging-FTC-wants-to-know-if-you-are-being-paid/articleshow/5093840.cms