News reports of data breaches, hacks, and other system intrusions continue on a regular basis. It is critical that software designers build secure databases that are highly resistant to hackers and meet information security standards. Both CFR 21 part 11 and ISO/IEC 27001 establish requirements for secure information systems and electronic records.
CFR 21 part 11 is part of the Code of Federal Regulations that establishes the US Food and Drug Administration (FDA) electronic records and electronic signatures requirements.
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within your organization.
SBS essentially offers two levels of databases. While security is critical, cost and connectivity important factors. SBS standalone databases require username and password entry to access the user interface. However, the underlying data tables are open so that users may create custom reporting utilities. This strategy provides the greatest value to the customer, but does not provide the greatest information security.
The Q-Med and T-Med Databases were designed with security in mind. They are also CFR 21 part 11 compliant and part of a successful ISO 27001 strategy.
The Q-Med and T-Med Databases are fully compliant with CFR 21 part 11. The compliant electronic data features include:
- username and password required to activate predefined user privileges
- username and password required for electronic signatures
- 64-bit password encryption
- minimum password requirements (configurable)
- configurable password expiration
- account locks after failed number of login attempts (configurable)
- automatic logout after inactivity timer is triggered (configurable)
- dual audit trail logs: SQL-based log as well as proprietary activity log within the user interface.
When configured properly, the Q-Med and T-Med Databases can be important components of a ISO 27001:2013 certified organization. Since our databases are built on Microsoft SQL technology, there are several different ways for your database administrator to optimize the database security in compliance with ISO 27001.
We do not store sensitive information about users that would be governed or restricted by HIPAA requirements. User information is limited to name, department, and email address.
If information that is entered as part of a corrective action is of a sensitive nature, our standard username and password security limits access and ensures data security.