Phone: 650-474-0955
Email: Info@galaxyconsulting.net

Compliance

Feb 1

Information - Governance, Risk and Compliance – GRC - Part 3

Information - Governance, Risk and Compliance – GRC - Part 3 In part 1 and 2 of my post about governance, risk, and compliance, I have described why information governance is important, where to begin with the information governance, and I started to describe what needs to be considered in information governance polices. In this my post I will describe information governance policies as they relate to for crisis management and e-discovery, and list general information governance control.   Information Governance for Crisis Management   Crisis management is set of procedures for unplanned situation that would prevent you from doing critical functions on your job. Read more
Add CommentViews: 5007
Jan 30

Information - Governance, Risk and Compliance – GRC - Part 2

Information - Governance, Risk and Compliance – GRC - Part 2 In my last post about governance, risk, and compliance, I have described why information governance is important and where to begin with the information governance. Today, I will describe what needs to be considered in information governance polices and will give some recommendations.   What needs to be considered in information governance polices?   Government mandates - If you are in a regulated industry, you need to consider first and foremost government mandates such as GMP/GxP, ISO 9001. You need to make sure that your documents management and IT are compliant with these requirements.   Proliferation of content - there has been explosive growth in the creation and collection of content by organization and individuals. Content is stored in CMS, data warehouses, physical warehouses, desktop computers, file shares, back-up archives, mobile devices, cloud services, employees personal computers and other devices such as tablets, smart phones, etc. To complicate matters this information is also geographically disbursed. Read more
Add CommentViews: 4867
Jan 28

Information - Governance, Risk and Compliance – GRC - Part 1

Information - Governance, Risk and Compliance – GRC - Part 1 Governance is about securing the information and also about using information for greater value. People don’t talk much about value of information but information is strategic asset of a company.   What makes a company great among other things is the ability to take information and use it as an asset. Information is what drives an organization, whether it is through development of new drugs, new products, looking into new geographic regions to expand to, etc.   Governance is like an insurance policy that you feel like you are paying for nothing, until you need it. You don’t know when and if an “accident” will happen and you don’t know how big it will be, but when it does happen, you are very happy that you have that insurance policy. Until then you resent having to pay for it. Governance which is controls is your insurance policy. Read more
Add CommentViews: 2874
Feb 16

Change Control in the Regulated Industries

Change Control in the Regulated Industries In my last post, I described change control process in general and I mentioned that in the regulated industries, manufactures are required to use a change control procedure. I am going to describe this change control procedure in this post.   A change control procedure is usually one of standard operating procedures (SOP's). It usually includes a change control form. Some companies also use change request forms for suggested changes. This procedure usually includes the following components:   Identification   The identification of the changed device, assembly, component, labeling, packaging, software, process, procedure, manufacturing material, and any other related item or document. The change control form has blank spaces for recording this data. Read more
Add CommentViews: 3176
Feb 15

Change Control

Change Control Change control within quality management systems (QMS) and information technology (IT) systems is a formal process used to ensure that changes to a product or system are introduced in a controlled and coordinated manner. It reduces the possibility that unnecessary changes will be introduced to a system without analysis, introducing faults into the system or undoing changes made by other users of software.   The goals of a change control procedure include minimal disruption to services, reduction in back-out activities, and cost-effective utilization of resources involved in implementing a change.   Change control is used in a wide variety of products and systems. For Information Technology (IT), it is a major aspect of the broader discipline of change management. Typical examples from the computer and network environments are patches to software products, installation of new operating systems, upgrades to network routing tables, or changes to the electrical power systems supporting such infrastructure. Read more
Add CommentViews: 3043