A Systematic Approach to Implementing Statistical Methodologies

In Guidance for Industry Process Validation: General Principle and Practices, process validation is defined as, “”…the collection and evaluation of data, from the process design stage through commercial production..” The guidance further delineates the ‘process design stage through commercial production’ into three distinct stages of the product lifecycle:

Stage 1: Process Design: The commercial manufacturing process is defined during this stage based on knowledge gained through development and scale-up activities.

Stage 2: Process Qualification: During this stage, the process design is evaluated to determine if the process is capable of reproducible commercial manufacturing.

Stage 3: Continued Process Verification: Ongoing assurance is gained during routine production that the process remains in a state of control.

The first stage of process validation is process design. The Process Validation guidance document states, “A successful validation program depends on information and knowledge from product and process development. This knowledge and understanding is the basis for establishing an approach to control of a manufacturing process that results in products with desired quality attributes:

Manufactures should:

• Understand the sources of variation
• Detect the presence and degree of variation
• Understand the impact of variation on the process and ultimately on product attributes
• Control the variation in a manner commensurate with the risk it represents to the process and product.”

The second stage of process validation is process qualification. Although stage 2 has two elements, this course will focus on recommendations for the second element, PPQ. PPQ “combines the actual facility, utilities, equipment (each now qualified), and the trained personnel with the commercial manufacturing process, control procedures, and components to produce commercial batches.” Additionally, the process validation guidance document that “Each manufacturer should judge whether it has gained sufficient understanding to provide a high degree of assurance in its manufacturing process to justify commercial distribution of the product. Focusing exclusively on qualification efforts without understanding the manufacturing process and associated variations may not lead to adequate assurance of quality.”

The third stage of process validation is continued process verification. The process validation guidance document defines the need for this stage: “After establishing and confirming the process, manufacturers must maintain the process in a state of control over the life of the process, even as materials, equipment, production environment, personnel, and manufacturing procedures change.” Manufacturers should use ongoing programs to collect and analyze product and process data to evaluate the state of control of the process. These programs may identify process or product problems or opportunities for process improvements that can be evaluated and implemented through some of the activities described in Stages 1 and 2.”

This course focuses on how to establish a systematic approach to implementing statistical methodologies into a process validation program consistent with the FDA guidance. It begins with a primer on statistics, focusing on methods that will be applied in each remaining chapter. Next, it teaches the application of statistics for setting specifications and assessing measurement systems (assays), two foundational requirements for process validation. Lastly, the course applies statistic through the three stages of process validation defined by requirements in the process validation regulatory guidance documents. Methods taught through all three stages are recommended by regulatory guidance documents; references to the specific citations in the guidance documents are provided.

Areas covered by the Instructor:

• Apply statistics to set specifications and validate measurement systems (assays)
• Develop appropriate sample plans based on confidence and power
• Implement suitable statistical methods into a process validation program for each of the three stages
• Stage 1, Process Design: utilize risk management tools to identify and prioritize potential critical process parameters; and define critical process parameters and operating spaces for the commercial manufacturing process using design of experiments (DOE)
• Stage 2, Process Qualification: assess scale effects while incorporating large (pilot and/or commercial) scale data; develop process performance qualification (PPQ) acceptance criteria by characterizing intra and inter-batch variability using process design data and batch homogeneity studies; and develop an appropriate sampling plan for PPQ
• Stage 3, Continued Process Verification: develop a control plan as part of a risk management strategy; collect and analyze product and process data; and ensure your process is in (statistical) control and capable.

Who will benefit by this:

• Process Scientist/Engineer
• Design Engineer
• Product Development Engineer
• Regulatory/Compliance Professional
• Design Controls Engineer
• Six Sigma Green Belt
• Six Sigma Black Belt
• Continuous Improvement Manager

Click and register for 2 day seminar

Want An Easy Fix For Your Good Laboratory Practices? Read This!

Good Laboratory Practices (GLPs), 21 CFR part 58 are not set of guidelines but they are regulations for conducting nonclinical laboratory studies that support or are intended to support applications for research or marketing permits for products such as food and color additives, human and animal drugs, medical devices for human use, biological products and electronic products that are regulated by the FDA.

GLPs are enforceable by law. They do not include manufacturing of product. GLPS are for non-clinical laboratory studies in which tests article are studied in test system under laboratory conditions to determine their safety. This does not include studies utilizing human subjects, or clinical studies, or field trials on animals.

What are the Learning Objectives:

• What are Good Laboratory Practices
• Why were they created
• What is the objective of GLPs and how are they associated with GMPs and SOPs
• Statistical procedures for data evaluation
• Instrumentation validation
• Analytical and laboratory certification
• Documentation and maintenance of records
• Consequences of noncompliance
• Disqualification and reinstatement

Who will Benefit:

• Quality Assurance Personnel
• Quality Control Personnel
• Research and Development Personnel
• Regulatory Affairs Personnel
• Project Managers
• Manufacturing Managers
• Validation Engineers
• Internal Auditing Personnel
• Microbiology Personnel
• Auditors

Please Continue for Complete Details

21 CFR PART 11: Complete Manual for Compliance Success

FDA inspectors are ever increasing the number of inspections where they include Part 11 as a part of the scope or THE scope of the inspection. The trends and reports are showing that the FDA inspectors are focusing on electronic signatures and electronic records as more and more companies are implementing systems and technologies to support these activities.

The number of warning letters is increasing proportionally and we as quality and other professionals utilizing the technology and systems to support our businesses are not ready – we are not ready to prepare and host FDA inspections when Part 11 is in scope, we are unsure how to best use and implement Audit Trails and certainly we have challenges with internal and external auditing for Part 11 compliance. This webinar address all these topics and provides you with plenty HOW TO we as auditors and inspectors increase our comfort level with the regulation, with its elements and compliance and practically implement audit system and audit trails – especially since Audit Trails play major role in Part 11 compliance – they can be your best friends and/or worst enemies at the same time.

Areas Covered in the Seminar:

• How to Prepare and Host FDA Inspections (will cover elements and details of preparation for the inspection as well as elements of the successful practices of hosting an FDA inspection when Part 11 is in scope or the scope of the inspection. We will also cover some commonly asked questions by the inspectors and benefits of being compliant)
• Internal and External Auditing for Part 11 Compliance (this subtopic includes all aspects of auditing for Part 11 compliance- starting at the audit program level and then going down on how to prepare for an audit to how to successfully execute the audit and follow up on the completed audit. This subtopic also includes CAPA and responses for the audit findings related to Part 11 – what to expect and handle the difference between “regular” audits and Part 11 audits. We include some of the common audit findings and common pitfalls as well as tools for a successful planning and execution of the audit.)
• Audit Trails (includes types of audit trails, strategies for implementing complaint audit trails, proms and cons of audit trails, how to use audit trails as an audit tool during the internal and external audit as well as during the FDA inspection visit, some examples of “should” and “shouldn’t” when it comes to the audit trails and commonly asked questions related to audit trails.)
• Overview and Understanding of the Regulation (covers topics such as introduction and development of the regulation, what to expect in the future when it comes to the regulation, options for (non)compliance, “what ifs”, as well as most impactful sections and subsections of the regulations.)
• How Part 11 Regulation Relates to Other Regulations (this subtopic compares the Part 11 regulation with other regulations focusing on commonalities so that you and your organization can see how easy/hard is to identify gaps as well as how harvest the low hanging fruits when striving to comply with Part 11 regulation. We cover comparison with 3-4 other regulations quoting the exact subsections of each.)
• Sample Audit Questions (throughout the material, we ensure that we present you and prepare you to deal with some commonly asked audit and inspection questions. These questions are ready-made for you to use when you and your team are conducting internal and/or external audits, but they are also ready-made for you and your team to use as you prepare to/and host FDA inspection when Part 11 in scope of the inspection. We include some of the questions in the material presentation and in addition to that we provide you with additional 30+ commonly asked questions document which you can use for your references and training purposes.)
• Trends; Warning Letter Examples; Advantages and Challenges of the Regulation (we conducted research to bring you and your team results of inspections and audits that have been conducted in past several years. We include trends and graphs showing how and where Part 11 regulations impacts you the most, but will also show examples of the warning letters that have been issued in last several years due to lack of compliance with the Part 11 regulation. Finally, we cover and include some examples of advantages and challenges you may be benefiting from or facing to address while striving to be Part 11 compliant.)
• More (we talk about the importance and significance of the regulation regardless if it (currently) applies to you or not. We provide examples and HOW TO so that you and your team can get most out of the materials and presentation – and to be able to use it immediately after attending this training/webinar.)

Who Will Benefit:

• Quality Managers
• Quality Engineers
• Manufacturing engineers
• CAPA investigators
• Inspectors
• Six Sigma specialists
• Consultants

Speaker Profile

Jasmin NUHIC serves a major medical devices OEM as a Sr. Compliance Quality Engineer and 21 CFR Part 11 Subject Matter Expert. He also served ASQ section as a chair for two consecutive terms, has taught quality certification exam prep course, completed numerous software validations and obtained over 25 different certifications in leadership, quality, software validations, and more. Jasmin NUHIC has conducted Webinars on this and other topics with high attendance and appreciation.

Click Here to Continue Learning

How to be Efficient and Compliant with Part 11, Validation, and SaaS/Cloud

Course “How to be Efficient and Compliant with Part 11, Validation, and SaaS/Cloud” has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

• This interactive two-day course explores proven techniques for reducing costs associated with implementing, using, and maintaining computer systems in regulated environments.
• Many companies are outsourcing IT resources and getting involved with Software as a Service (SaaS) and cloud computing. These vendors are not regulated and therefore regulated companies must ensure compliance for both infrastructure qualification and computer system validation. It is the regulated company that wants to avoid FDA form 483s and warning letters. The seminar is intended for regulated companies, software vendors, and SaaS/Cloud providers.
• The instructor addresses the latest computer system industry standards for data security, data transfer, audit trails, electronic records and signatures, software validation, and computer system validation.
• Today the FDA performs both GxP and Part 11 inspections, the Europeans have released an updated Annex 11 regulation that expands Part 11 requirements and companies must update their systems and processes to maintain compliance.
• This seminar will help you understand the specific requirements associated with local and SaaS/cloud hosting solutions.
• Nearly every computerized system used in laboratory, clinical, manufacturing settings and in the quality process has to be validated.
• Participants learn how to decrease software implementation times and lower costs using a 10-step risk-based approach to computer system validation.
• Finally, the instructor reviews recent FDA inspection trends and discusses how to streamline document authoring, revision, review, and approval.
• This course benefits anyone that uses computer systems to perform their job functions and is ideal for regulatory, clinical, and IT professionals working in the health care, clinical trial, biopharmaceutical, and medical device sectors. It is essential for software vendors, auditors, and quality staff involved in GxP applications.

---

Course Objectives:

• Understand what is expected in 21 CFR Part 11 and Annex 11 inspections
• Avoid 483 and Warning Letters
• Learn how to buy COTS software and qualify vendors.
• Implement a computer system using risk-based validation to gain maximum productivity and reduce cost by as much as two thirds
• Requirements for local, SaaS, and cloud hosting
• How to select resources and manage validation projects
• “Right size” change control methods that allows quick and safe system evolution
• Minimize the validation documentation to reduce costs without increasing regulatory or business risk
• Write test cases that trace to elements of risk management
• Protect intellectual property and keep electronic records safe

  Day 1 Schedule

  ---

  Day 1 (8am to 5pm; 0.5 registration, 1.0 lunch, 0.5 (2-15min) breaks, 7.0 class = 9.0)
  8:00am to 8:30am registration
  8:30am class starts

  ---

  Lecture 1:
  Introduction to the FDA (1:30) {1:30}

  • How the regulations help your company to be successful
  • Which data and systems are subject to Part 11

  ---

  Lecture 2:
  21 CFR Part 11/Annex 11 – Compliance for Electronic Records and Signatures (4:00) {5:30}

  • What Part 11 means to you, not just what it says in the regulations
  • Avoid 483 and Warning Letters
  • Explore the three primary areas of Part 11 compliance: SOPs, software product features, and validation documentation
  • How SaaS/cloud computing changes qualification and validation
  • Ensure data integrity, security, and protect intellectual property
  • Understand the current computer system industry standards for security, data transfer, and audit trails
  • Electronic signatures, digital pens, and biometric signatures
  • SOPs required for the IT infrastructure
  • Product features to look for when purchasing COTS software
  • Reduce validation resources by using easy to understand fill-in-the-blank validation documents

  ---

  Lecture 3:
  The Five Keys to COTS Computer System Validation (0:30) {6:30}

  • The Who, What, Where, When, and Why of CSV

  ---

  Lecture 4:
  The Validation Team (0:30) {7:00}

  • How to select team members
  • How to facilitate a validation project

  Day 2 Schedule

  ---

  Day 2 (9am to 3:30pm; 1.0 lunch, 0.5 (2-15min) breaks, 5.00 class = 6.5)

  ---

  Lecture 5:
  Ten-Step Process for COTS Risk-Based Computer System Validation (1:00) {1:00}

  • Learn which documents the FDA expects to audit.
  • How to use the risk-based validation approach to lower costs.
  • How to link requirements, specifications, risk management, and testing.
  • Document a computer system validation project using easy to understand fill-in-the-blank templates.
  • Based on: “Risk-Based Software Validation – Ten Easy Steps” (Davis Horwood International and PDA – http://www.pda.org, 2006).

  ---

  Lecture 6:
  How to Write Requirements and Specifications (0:30) {1:30}

  • Workshop for writing requirements and then expanding them for specifications

  ---

  Lecture 7:
  How to Conduct a Hazard Analysis/Risk Assessment-Exercise (0:30) {2:00}

  • Step-by-step instructions for performing and documenting a risk assessment, and how to use the results to reduce validation documentation.

  ---

  Lecture 8:
  Software Testing (1:00) {3:00}

  • Reduce testing by writing test cases that trace to elements of risk management.
  • How to write efficient test cases

  ---

  Lecture 9:
  System Change Control (0:30) {3:30}

  • How to manage a validated system with minimal documentation

  ---

  Lecture 10:
  Purchasing COTS Software (0:30) {4:00}

  • How to purchase COTS software and evaluate software vendors.

  ---

  Lecture 11:
  Cost Reduction Without Increasing Regulatory or Business Risk (1:00) {5:00}

  • How to save money
  • How to increase quality
  • How to increase compliance with less documentation
    

    Carolyn Troiano

    Consultant, BrainStorm Central Consulting

    Carolyn (McKillop) Troiano has more than 35 years of experience in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe, developing and executing compliance strategies and programs. Carolyn is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area.

    During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA’s electronic record/electronic signature regulation.

   

  Click Here to Continue Learning

How to choose a supply chain management solution

Any business that opts for a supply chain management solution has to have clarity on how to choose a supply chain management solution. This is because the supply chain management solution is expected to carry out a number of very important functions. Choosing the wrong or inappropriate one can backfire on the business and derail and impede, rather than ease its work.

Businesses have to take a few important factors into consideration when they have to choose a supply chain management solution. For the supply chain management solution to perform its function of facilitating the supply chain for the business, it needs to perform its functions smoothly without causing hiccups to the business. This is where the decision-making ability of the business owner comes into picture.

So, what factors need to be taken into consideration when a business has to choose a supply chain management solution? Try considering these:

1. Choose by industryThis is obviously a no brainer, but it is an important first consideration nevertheless in choosing a supply chain management solution. Many supply chain management solution providers sell the idea that these are one-size-fits-all solutions that work across a number of industries since the core functions are essentially the same.

This may be true to an extent, but while a number of functionalities are common across a few industries; it is important to get down to the one that is built for your business. A supply chain management solution that works best for retail, for example, may not be as effective for an automobile store. Getting down to the details and dissecting the functionality that the supply chain management solution performs for your particular industry is an important first step in choosing a supply chain management solution.

2. Define your needThis is the next important consideration when choosing a supply chain management solution. A number of supply chain management solutions are available in the market. Choose the one that suits your need the best. In order to do this, the business has to define its need to the fullest extent. It could take a few factors such as this into consideration:

3. Understand the integration function of the supply chain management solutionIntegration is, well, the very soul of a supply chain management solution. The business should have clarity on what functions need to be integrated into the supply chain management solution. The reason for which the integration function is built into a supply chain management solution is to facilitate synchronization of the whole chain. This makes it one of the core factors that determined how to choose a supply chain management solution.

4. Insist on the visibility featureVisibility is a great means for the business to have control over its sales, inventory, logistics, and a host of other functions. The supply chain management solution has to offer visibility on all these functions.

5. Customer relationship management (CRM)A supply chain management solution is incomplete if it does not come equipped with a strong CRM feature. The CRM is the determinant in helping to establish a good relationship with the customer. The CRM feature should enable the business to completely understand the nature of the orders and their status, plus, more importantly, help in customer query responses and other important customer-related features.

 

Click to Continue Reading

200+ followers. WOWWWWWW…

Hello Everyone,

Today we have the pleasure of celebrating the fact that we have reached the milestone of 200+ followers on WordPress. Since we started this blog, we have had such a great time connecting with everyone.  we never expected to actually to connect with other people in the blogging community.

we are so incredibly thankful for each and every one of you who follows and comments on my blog posts. Please know that!

we would continue our blogging in these areas FDA Regulation, Medical Devices, Drugs and Biologics, Healthcare Compliance, Biotechnology, Clinical Research, Laboratory Compliance, Quality Management ,HIPAA Compliance ,OSHA Compliance, Risk Management, Trade and Logistics Compliance ,Banking and Financial Services, Auditing/Accounting & Tax, Packaging and Labeling, SOX Compliance, Environmental Compliance, Microsoft Excel Spreadsheet, Geology and Mining, Human Resources Compliance, Food Safety Compliance and etc.

Get more article – https://www.globalcompliancepanel.com/freeresources/resource-directory

Please follow us on

Facebook – https://www.facebook.com/TrainingsAtGlobalCompliancePanel

Twitter – https://twitter.com/gcpanel

LinkedIn – https://www.linkedin.com/company/10519587/admin/updates/

What are the potential areas of risk management?

 

The most critical aspect of risk management is the identification of potential areas of risk management. This helps the organization to stay focused on the areas in which it could possibly face risks, rather than taking an aimless view and shooting about in the dark.

In a very broad sense, the potential areas of risk management include all areas of a business, because simply no area of the business is exempt from a risk. Talk about finance, and it comes with a risk. What about manufacturing? And what about operations or marketing? How about human resources? In this very expansive sense, every area or activity of the business is among the potential areas of risk management.

Potential areas of risk management could lie simply anywhere

On top of these potential areas of risk management that each part of the business is prone to; there are also the other industry-related risks that inhere into any business. The risks of running, say, a firecracker business, are much higher than running a grocery store. So, potential areas of risk management should ideally include a very broad discussion on every aspect of risk management.

However, when one takes an overview of the potential areas of risk management instead of trying to break down the elements of each function in which there are potential areas of risk management; one can classify these among them:

Generic risks: As we have been discussing, any business, absolutely any business, comes with some degree of risk. And, each business comes with its own generic risk, such as falling short of funding at crunch times, core people leaving the organization at important times, logistics failures at critical times, and so on.

Product specific risks: As the title suggests, this kind of risk is specific to the product that the business deals with. Some products come with their unique risks, and hence, this kind of risk counts among the potential areas of risk management.

People-specific risks: These can happen in a business in which much depends on a few important people. The inefficiency or departure of such people could be among the potential areas of risk management for businesses or projects that are dependent on people.

Financial risks: Obviously among the top potential areas of risk management; financial risks come into play when the organization is not able to meet its bottom lines due to a variety of factors. Not getting funds on time, not getting payments from customers on time, not being able to service debts are some of the factors of financial risks.

Technology risks: Technology is a high area of risk, because it keeps changing at a breakneck speed. If organizations don’t keep up with the pace, technology risks could count among potential areas of risk management.

Market risks: Market risks are yet another of the potential areas of risk management because most businesses are run on the assumption or speculation that a market is going to grow at a certain rate or pace. If the estimate of this market goes wrong, it affects the business negatively.

Customer risks: The ultimate decider of the business is the customer. If a customer gets irate at a bad product or service and issues bad press, it could become one of the biggest of the potential areas of risk management.

Real estate risks: For some businesses, especially retail, the location of the business is a major factor. In many instances, the choice of location could often decide the fate of the business. Imagine setting up a high end retail store in the vicinity of a slum. Does that make sense? Yet, even if a business chooses the right location, it could sometimes be forced to relocate due to factors such as legal issues of the property, making this among the potential areas of risk management.

Finally, what needs to be said is that the list above is by no means a comprehensive one. The potential areas of risk management, as we have discussed at the beginning, are simply too many and too fluid and subjective. They could vary from market to market, product to product and business to business. A business that is perceptive about the market has to make the right assessment of the potential areas of risk management before it starts one. It should also be ready to face the potential areas of risk management if it is up against any factor that lies beyond its reach or forecast.

 

click to continue reading

Orkambi Reduces Main Biomarker of CF, Vertex Says in Updated Results on Four Therapies

Orkambi (lumacaftor/ivacaftor) reduced levels of the main biomarker of the lung disease cystic fibrosis and improved the nutritional status of children with the condition, according to a Phase 3 clinical trial.

The results were part of a recent update that Vertex Pharmaceuticals provided on Orkambi and three of its other CF therapies, Kalydeco (ivacaftor), tezacaftor (VX-661) and VX-371.

Vertex conducted the Phase 3 trial (NCT02797132) of Orkambi to evaluate its effectiveness and safety in preschoolers with two copies of the CFTR gene’s F508del mutation. The 60 children were aged 2 to 5. Mutations of the gene cause CF by producing faulty versions of the CFTR protein.

An indication of Orkambi’s effectiveness in the trial was that it reduced the production of the children’s sweat chloride and improved their nutritional status.

A sweat test is the gold standard for diagnosing CF because people with the disease have more chloride in their sweat than those who don’t. As for nutrition, the thick mucus that CF produces in the digestive system can prevent patients from absorbing nutrients and fat properly, leading to difficulty gaining weight and slower growth. CF also produces the mucus in lungs and other organs.

The Phase 3 trial also showed that Orkambi was safe and that the children tolerated it well. Researchers reported no adverse events besides those seen in studies of patients aged 6 to 11.

Based on the promising results of the trial, Vertex plans to submit a New Drug Application on Orkambi to the U.S. Food and Drug Administration during the first quarter of 2018. It will also ask the European Medicines Agency to extend the therapy’s availability to very young children.

Another Phase 3 trial (NCT02412111) that Vertex conducted evaluated a combination of tezacaftor and Kalydeco’s ability to reduce respiratory problems in patients more than 12 years old.

The study included 151 participants at 68 sites in the United States, Canada, Australia, and the European Union. The patients had one copy of the F508del mutation and one copy of another CFTR mutation.

Eight weeks of treatment with the combo led to a negligible improvement in a measure of patients’ lung function known as forced expiratory volume in one second, or FEV1. This is the amount of air that people can forcefully blow out of their lungs in one second.

The combo did lead to a reduction in sweat chloride that was larger than Kalydeco generated alone, however.

Given the results, Vertex has decided not to continue pursuing regulatory approval for the combo. One reason is that most patients older than 12 are eligible to receive Kalydeco by itself.

The FDA is expected to make a decision by February 2018 on a related New Drug Application that Vertex has filed. That application involves using the tezacaftor-Kalydeco combo to treat patients aged 12 or older who carry two copies of an F508del mutation or one copy of an F508del mutation plus another mutation. The FDA is giving the request priority review.

European regulators are expected to decide whether to approve the combo therapy in the second half of 2018.

Vertex has completed enrolling children 12 to 24 months for another Phase 3 trial (NCT03277196) of Kalydeco. It will evaluate the therapy’s safety in children less than 2 years old with a CFTR gating mutation and an R117H mutation.

To continue reading

Eight deaths due to ‘seasonal flu’ in Oman, health guidance issued

Muscat: The number of Influenza cases has dropped by almost a quarter compared to 2016, but the Ministry of Health has warned residents to

be vigilant as flu season approaches.

According to the latest report by the MoH, deaths as a result of influenza have reduced over the past three years, with 2017 season seeing eight cases of deaths so far compared to 2015 which recorded 25 deaths.

As a semi-tropical country, seasonal influenza viruses continue to appear throughout the year in the sultanate. The virus starts in early September and can continue until mid-May.

ADVERTISING

inRead invented by Teads

“In 2017, there were 952 cases until the tenth of October of influenza while 2016 saw 1492 cases of influenza,” the ministry said in a statement.

“The Sultanate has recorded 25 cases of deaths in 2015, six cases of deaths in 2016, and eight deaths in 2017, all linked to the flu and most of those cases were among the groups most at risk of high risk of complications of influenza. Despite the high number of cases, it is still within the normal range compared to previous years,” added the ministry.

 

Read More: http://snip.ly/d2kxu#http://timesofoman.com/article/119152/Oman/Omanisation/Eight-deaths-due-to-%27seasonal-flu%27-in-Oman-health-guidance-issued

8 Tough Questions Every CISO Should Be Ready to Answer

When a major security incident, such as the recent massive Equifax data breach, grabs headlines, CEOs start asking more questions about data security.

See Also: Addressing the Identity Risk Factor in the Age of ‘Need It Now’

CISOs need to be thinking about their answers to critical questions the CEO is likely to pose.

Information Security Media Group asked seven security experts what questions they believe CEOs should be asking CISOs, and what information CISOs should arm themselves with to be prepared to provide answers. Following are eight questions and the experts’ suggested responses.

We have been investing in cybersecurity for a few years now. Would you say our organization is secure?

Israel Bryski, vice president, technology risk, Goldman Sachs: To pre-empt this question, the CISO should have a conversation early on with the CEO to determine the organization’s risk appetite. This will allow the CISO to align and prioritize security initiatives accordingly.

We are in the business of information and technology risk management, so the “Are we secure?” question is somewhat misguided. The question should be: “Are we managing risk according to our risk profile?” To answer this, the CISO should be able to easily demonstrate, based on a recent risk assessment, how the various cybersecurity initiatives and projects are in fact reducing risk, shrinking the attack surface of the organization and aligning the security program with the firm’s overall risk profile.

We have a board meeting next week. Can you talk about cybersecurity in a way they will understand?

Mischel Kwon, former director of US-CERT and deputy CISO for the Department of Justice; currently CEO of MKACyber: CISOs should be able to confidently say “absolutely” to this question. They should be able to speak with the board in a very businesslike way and articulate what they are doing with the company’s money and how they are protecting the company and its assets.

The key to being able to speak to the board is to base their program on a business-focused model. That business model shows their capability founded on their maturity, and that maturity is based on the probability of detecting specific types of attacks. These are the type of attacks that are most likely to happen to them, and this is the risk to the business, its goals and its reputation that these attacks bring.

Do you have enough money to do what you need to do?

Tim Youngblood, CISO, McDonald’s: Depending on where CISO sits, this can be a hairy topic. That can be a difficult conversation to say “I’m not getting enough.” It’s not easy if the CIO is in the room.

The best way to answer that is, “We may have current risks we are really well-funded to address, but there may be future risks we’ll need to fund and we still have some work to figure that piece out.”

A CEO is not going to write you a blank check. The CEO is going to look at the CFO and CIO and say, “The CISO needs money. You take it out of your budget and make it happen.” There is not an extra pot of money waiting for anyone, so making the clear case for why it is needed is key.

Is this really worth the investment?

Heath Renfrow, CISO at U.S. Army Medicine: The best thing a CISO can do when asked this question is have multiple options they can present to the CEO. Explain to them: Here’s the full issue. This is the total cost to fix this issue. This is what we believe the cost will be if this issue doesn’t go away and how much it will be should the vulnerability be exploited.

As an example, we didn’t know not know where our protected health Information and personal identifying information resided across all systems when I first got to Army Medicine. It would be a huge HIPAA concern if we got hit on that, or if there was a leak or a violation. It could have cost millions of dollars and many jobs. I tied in the overall cost and broke it down to how much it would be per end-user device to address it and it came out to be an about $3.43 per end-user device. Then I tied in all the results of HIPAA violations in the past few years and the fines associated with them. You get your senior leaders attention real quick with that approach.

Rick Howard, CSO, Palo Alto Networks, adds: Questions like this are sure to arise as corporate leadership attempts to understand the business risk associated with a cyberattack. As a result, CIO/CISOs should be prepared to explain the total cost of a potential breach. Everything from business disruption and loss of customers to consequential legal fees and remediation can rack up the bill more quickly than leadership may realize.

Read More: http://snip.ly/q0zie#https://www.bankinfosecurity.com/8-tough-questions-every-ciso-should-be-ready-to-answer-a-10357