"OWASP" 是什么?

OWASP is a (开放Web 应用安全项目组-OpenWebApplicationSecurityProject) 每隔数年会更新10个最关键的Web应用安全问题清单,即OWASPTOP10。

2013年OWASP TOP 10版本在2010年版本中新添加了一类风险,以涵盖更普遍、更重要的安全漏洞;并基于最新的流行程度数据,对一些风险重新排序。另外,该版本通过一类特定风险而引入了“组件安全”风险,并移除了2010年版中的A6“安全配置错误”风险。

Title 21 CFR Part 11 Requirement

Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration(FDA) regulations on electronic records and electronic signatures (ERES). Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records (Title 21 CFR Part 11 Section 11.1 (a)).

Practically speaking, Part 11 applies to drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions. It requires that they implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules require them to maintain. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. [1]

read more


1. 上网行为管理:

1.1 在办公时间内滥用互联网现象,主要分为以下几类:

1.1.1  获取与工作无关的资讯活动,如浏览新闻、看小说、看图片、收看收听视频和音频等。

1.1.2  从互联网下载与工作内容无关的数据,如音乐、电影、程序及其他资料等。

1.1.3  从事获取个人收益的活动,如网上购物、炒股、兼职、发布广告等。

1.1.4  进行虚拟世界的沟通活动,如上网聊天、BBS论坛、博客、收发私人邮件等。

read more

The General Business Principles

Underpinning the company commitment to responsible corporate citizenship and the pursuit of a sustainable future – economic, social and environmental – the General Business Principles set out guiding principles on integrity and ethics in business conduct. They govern The company’ business decisions and actions throughout the world and apply equally to corporate actions and to the behavior of individual employees in conducting the company business. They are subject to applicable laws.
The General Business Principles are not all-encompassing, but formulate minimum requirements of behavior. They leave product divisions and country management free to specify further local rules of business conduct. To drive the practical deployment of the General Business Principles, a set of GBP Directives have been published, which are applicable to all employees. There are also separate Directives, which apply to specific categories of employees, such as the Financial Code of Ethics and the Purchasing Code of Ethics. The GBP Directives and the category-specific Directives form an integral part of the General Business Principles (jointly be referred to as ‘GBP’). The General Business Principles, which have been adopted by the Board of Management and approved by its Supervisory Board, are reviewed on a regular basis and revised if necessary.

read more

Information Security Plan

1           Introduction

1.1             General

To realize the business strategy plan of Company, ICT will play, as enabler, an important role. As described hereafter ICT will contribute in the primary, secondary and managed operations processes by enabling global connectivity, integration of business systems and standardization of business processes. The changing business processes will have consequences for the ICT environment. The ICT programdescribes the steps, which are needed to support the business processes as they are being developed in the years to come. In this information plan an overview is given of the expected business processes and the required information architecture in a global environment. It is obvious that changes in the business strategy of Company will have to be reflected in this information plan.

read more

General Requirement of using Computer workstation

1.         Background and Definitions

Under the Occupational Safety and Health (Display Screen Equipment DSE) Regulation (Cap.509B) in Hong Kong, as an employer and person responsible for workplace, the company has a duty to ensure that a safe, healthy Workstation is made available to Users. The following definitions are assigned to the capitalised terms in this summary.

IT Security implementation within Factory

1           Information

This document is a collection of standards, procedures, and ways of working as used at the present time within Company that are being used to uphold the level of security as far as this is implemented.

Security is necessary for everyone and everything that is working with confidential information and should therefore also be everyone’s responsibility.

This document has been written as an attempt to shed some light on these responsibilities and to point out to people what responsibility they have regarding security.

read more