"OWASP" 是什么?

OWASP is a (开放Web 应用安全项目组-OpenWebApplicationSecurityProject) 每隔数年会更新10个最关键的Web应用安全问题清单,即OWASPTOP10。

2013年OWASP TOP 10版本在2010年版本中新添加了一类风险,以涵盖更普遍、更重要的安全漏洞;并基于最新的流行程度数据,对一些风险重新排序。另外,该版本通过一类特定风险而引入了“组件安全”风险,并移除了2010年版中的A6“安全配置错误”风险。

OWASP

Title 21 CFR Part 11 Requirement

Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration(FDA) regulations on electronic records and electronic signatures (ERES). Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records (Title 21 CFR Part 11 Section 11.1 (a)).

Practically speaking, Part 11 applies to drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions. It requires that they implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules require them to maintain. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. [1]

The rule also applies to submissions made to the FDA in electronic format (e.g., a New Drug Application) but not to paper submissions by electronic methods (i.e., faxes). It specifically does not require the 21CFR11 requirement for record retention for tracebacks by food manufacturers. Most food manufacturers are not otherwise explicitly required to keep detailed records, but electronic documentation kept for HACCP and similar requirements must meet these requirements.

As of 2007, broad sections of the regulation have been challenged as excessive[who?], and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced.[citation needed] The “predicate rules” that required organizations to keep records the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted, manufacturers are still subject to those requirements.

If a regulated firm keeps “hard copies” of all required records, those paper documents can be considered the authoritative document for regulatory purposes, and the computer system is not in scope for electronic records requirements—though systems that control processes subject to predicate rules still require validation.[citation needed] Firms should be careful to make a claim that “hard copies” of required records are authoritative document. For the “hard copy” produced from electronic source to be the authoritative document, the “hard copy” must be a complete and accurate copy of the electronic source. The manufacturer must use the hard copy (rather than electronic versions stored in the system) of the records for regulated activities. The current technical architecture of computer systems increasingly makes the burden of proof for the complete and accurate copy requirement extremely high.[2]

Information Source: https://en.wikipedia.org/wiki/Title_21_CFR_Part_11

新入职员工保密协议 – 样板

甲方(员工):××××身份证号码:×××××

乙方(企业):××××公司

鉴于甲方在乙方任职,并将获得乙方支付的相应报酬,双方当事人就甲方在任职期间及离职以后保守乙方技术秘密和其他商业秘密的有关事项,订定下列条款共同遵守: Read More

电脑内网安全权限管理提纲

1. 上网行为管理:

1.1 在办公时间内滥用互联网现象,主要分为以下几类:

1.1.1  获取与工作无关的资讯活动,如浏览新闻、看小说、看图片、收看收听视频和音频等。

1.1.2  从互联网下载与工作内容无关的数据,如音乐、电影、程序及其他资料等。

1.1.3  从事获取个人收益的活动,如网上购物、炒股、兼职、发布广告等。

1.1.4  进行虚拟世界的沟通活动,如上网聊天、BBS论坛、博客、收发私人邮件等。 Read More

The General Business Principles

Introduction
Underpinning the company commitment to responsible corporate citizenship and the pursuit of a sustainable future – economic, social and environmental – the General Business Principles set out guiding principles on integrity and ethics in business conduct. They govern The company’ business decisions and actions throughout the world and apply equally to corporate actions and to the behavior of individual employees in conducting the company business. They are subject to applicable laws.
The General Business Principles are not all-encompassing, but formulate minimum requirements of behavior. They leave product divisions and country management free to specify further local rules of business conduct. To drive the practical deployment of the General Business Principles, a set of GBP Directives have been published, which are applicable to all employees. There are also separate Directives, which apply to specific categories of employees, such as the Financial Code of Ethics and the Purchasing Code of Ethics. The GBP Directives and the category-specific Directives form an integral part of the General Business Principles (jointly be referred to as ‘GBP’). The General Business Principles, which have been adopted by the Board of Management and approved by its Supervisory Board, are reviewed on a regular basis and revised if necessary. Read More

Information Security Plan

1           Introduction

1.1             General

To realize the business strategy plan of Company, ICT will play, as enabler, an important role. As described hereafter ICT will contribute in the primary, secondary and managed operations processes by enabling global connectivity, integration of business systems and standardization of business processes. The changing business processes will have consequences for the ICT environment. The ICT programdescribes the steps, which are needed to support the business processes as they are being developed in the years to come. In this information plan an overview is given of the expected business processes and the required information architecture in a global environment. It is obvious that changes in the business strategy of Company will have to be reflected in this information plan. Read More

General Requirement of using Computer workstation

1.         Background and Definitions

Under the Occupational Safety and Health (Display Screen Equipment DSE) Regulation (Cap.509B) in Hong Kong, as an employer and person responsible for workplace, the company has a duty to ensure that a safe, healthy Workstation is made available to Users. The following definitions are assigned to the capitalised terms in this summary. Read More

IT Security implementation within Factory

1           Information

This document is a collection of standards, procedures, and ways of working as used at the present time within Company that are being used to uphold the level of security as far as this is implemented.

Security is necessary for everyone and everything that is working with confidential information and should therefore also be everyone’s responsibility.

This document has been written as an attempt to shed some light on these responsibilities and to point out to people what responsibility they have regarding security. Read More