When I worked at an FDA-regulated commercial biologics manufacturing facility, access to data was limited to authorized individuals; 21 CFR Part 11 (10d) specifically calls for this control so that the authenticity, integrity, and, when appropriate, the confidentiality of electronic records are assured.
Needless to say, those who operate under cGMP regulations are worried about compliance with Part 11 have concerns with software that is trying to democratize the data.
Fair enough.
It turns out that you can have cake and eat it too. That is, you can have an easy-to-use, web-based interface for your trend data AND you can limit the access to authorized individuals.
Within Internet Information Services (IIS), the web-server on which ZOOMS runs, the default setting is to enable Anonymous Login and to disable everything else.
The way to secure ZOOMS is go to click on the website under which ZOOMS is installed and select the Authentication Feature:
When you double-click on IIS Authentication, you get a setting for how you want this web-server to be secured. There are 4 options to enable/disable. The way to ensure unauthorized access is not granted is to set Anonymous Authentication Status to Disabled.
And if you happen to be running Windows Active Directory and you want to use that as the method to control access, set Windows Authentication Status to Enabled.
Assuming that you're in an environment with Active Directory, you can use Active Directory credentials to control access to ZOOMS.
Now when I attempt to access ZOOMS, here's what I get:
(I'm on a Mac using Safari to access a Windows IIS server running ZOOMS)
And only when I input valid Windows credentials am I granted access to ZOOMS. At this point, access to ZOOMS has been limited from everyone with network access to everyone with a valid domain account.
If you want further restrictions, you simply need to set up ASP.NET URL Authorization where you specify the exact role that you want to allow access.
If you want to create an Active Directory group for just your users, you can do so. If you want to grant access to an existing Active Directory group, you can do so.
The key here is to Allow first, Deny last.
The point in all this is that you don't have to sacrifice the freedom of your information for the sake of security.
For more questions, contact Zymergi Technical Support at 650-646-4996.
See also:
Needless to say, those who operate under cGMP regulations are worried about compliance with Part 11 have concerns with software that is trying to democratize the data.
Fair enough.
It turns out that you can have cake and eat it too. That is, you can have an easy-to-use, web-based interface for your trend data AND you can limit the access to authorized individuals.
Within Internet Information Services (IIS), the web-server on which ZOOMS runs, the default setting is to enable Anonymous Login and to disable everything else.
The way to secure ZOOMS is go to click on the website under which ZOOMS is installed and select the Authentication Feature:
When you double-click on IIS Authentication, you get a setting for how you want this web-server to be secured. There are 4 options to enable/disable. The way to ensure unauthorized access is not granted is to set Anonymous Authentication Status to Disabled.
And if you happen to be running Windows Active Directory and you want to use that as the method to control access, set Windows Authentication Status to Enabled.
Assuming that you're in an environment with Active Directory, you can use Active Directory credentials to control access to ZOOMS.
Now when I attempt to access ZOOMS, here's what I get:
(I'm on a Mac using Safari to access a Windows IIS server running ZOOMS)
And only when I input valid Windows credentials am I granted access to ZOOMS. At this point, access to ZOOMS has been limited from everyone with network access to everyone with a valid domain account.
If you want further restrictions, you simply need to set up ASP.NET URL Authorization where you specify the exact role that you want to allow access.
If you want to create an Active Directory group for just your users, you can do so. If you want to grant access to an existing Active Directory group, you can do so.
The key here is to Allow first, Deny last.
The point in all this is that you don't have to sacrifice the freedom of your information for the sake of security.
For more questions, contact Zymergi Technical Support at 650-646-4996.
No comments:
Post a Comment