In today’s business climate, IT managers must demonstrate cost-effective, sustainable control of the IT infrastructure to ensure a company’s profitability. With system complexity increasing exponentially, manually tracking configurations and changes is no longer an accurate, productive or cost-effective option.
Easy-to-use and deploy, Ecora Change and Configuration Management solutions have helped over 3,500 companies worldwide do more with less by automating system configuration reporting and remediation across the enterprise. Based on best practice frameworks (ITIL, COSO, COBIT), Ecora solutions deliver operational efficiencies, maximum availability, and a greater level of security.
Ecora’s Change and Configuration Management Solution Suite:
Ecora Auditor Professional is a powerful configuration and change reporting solution that collects over a million asset, security, and configuration settings from nearly every operating system, database management system, application, and network device found in an IT infrastructure. The configuration settings are stored in a centralized Configuration Management Database (CMDB) for on-demand, accurate auditing, reporting and change control. Ecora Auditor Professional eliminates the resourceintensive, error-prone manual process of managing enterprise-wide configurations and simplifies ongoing compliance with IT security standards and regulations.
Ecora Auditor Professional includes a web-accessible executive dashboard providing at-aglance validation of compliance to established IT controls, security policies, and configuration standards. The dashboard evaluates configuration information from the CMDB to generate an easy-to-understand pie graph displaying compliant and noncompliant systems as either green (compliant) or red (non-compliant). This enables IT managers to quickly identify non-compliant systems and direct the appropriate personnel to remediate any non-compliant configurations. Dozens of out-of-the-box report and policy templates are included for Sarbanes Oxley, HIPAA, GLBA, 21 CFR Part 11, VISA PCI, FISMA, and NIST IT requirements. You can also create your own reports and policies or customize existing ones.
The Ecora Auditor Professional family also includes:
Ecora Auditor Lite - A free application that collects and reports on hundreds of configuration settings from nearly every system and device in the IT infrastructure. The audit-ready documentation is generated on demand, and archived reports provide an easily accessible audit trail for effective disaster recovery, IT audits, troubleshooting, and consolidations.
Ecora Auditor Basic - An upgrade from Auditor Lite that provides additional functionality by offering dozens of ready-made fact-finding report templates for quick, simplified analysis of critical configuration data such as access rights, NTFS permissions, and password settings.
The Auditor product family supports VMware ESX servers; Microsoft Windows and Exchange servers, SQL Server databases, Active Directory, and workstations; HP-UX, AIX, Solaris, RedHat Linux, and Novell NetWare servers; Oracle databases, Citrix and IIS applications; Lotus Domino servers; and Cisco routers.
21 CFR Part 11 – An Overview
In 1997 the FDA introduced Part 11 of Title 21 Code of Federal Regulations; Electronic Signatures (21 CFR Part 11), which requires in-depth evaluation, documentation, management, and auditing around the computer systems used by FDA-regulated companies.
21 CFR Part 11 has had a significant impact on FDA-regulated companies, largely by triggering widespread confusion on how to achieve and maintain compliance. The FDA’s original intent with part 11 was to require that companies adopt policies and procedures for computer systems management to ensure ongoing data integrity. The language of part 11 – combined with a general lack of understanding on how to implement system-wide “best practices” - has left many companies struggling with how to comply.
The FDA has tried to address this issue. Since 1997, a variety of guidances have been issued relative to 21 CFR Part 11. All have been withdrawn except the August 2003 Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application.
In September 2004, another draft guidance, Guidance for Industry, Computerized Systems Used in Clinical Trials, was issued for comment purposes. It addresses a wide range of specific IT requirements and may be the beginning of a clearer IT compliance picture from FDA. (See Appendix A for an overview.)
Until that occurs, 21 CFR Part 11 and the August 2003 Guidance rather succinctly define the compliance rules.
21 CFR Part 11 is not a specific list of what is required. The August 2003 Guidance2 indicated FDA would “exercise enforcement discretion” to certain aspects of Part 11. By keeping the definition and interpretation broad, FDA places the onus for designing a compliance model on each company.
