debian and 21 CFR Part 11

To: debian-med@lists.debian.org
Subject: debian and 21 CFR Part 11
From: "George Georgalis" <george@galis.org>
Date: Mon, 11 Oct 2004 19:32:37 -0400
Message-id: <[🔎] 20041011233237.GC9260@trot.local>

Hi Folks,

I've been lurking on this list for a while but now need some guidance
you all may be able to provide. I'm developing a computer network for
a 21 CFR Part 11 regulated business. I'm looking for something that
describes the Debian auditing process so support the notion that it is
viable for managing pharmaceutical industry data.

I've seen the Debian Social Contract, the Debian Policy Manual and the
"Security Information" but I don't see anything that describes the
update auditing process, or the vulnerability notification process (other
than subscribe to the list).

So for our operational documents I'm thinking we must follow some third
party notification such as OVAL-ID and CVE Name and compare with Debian
updates. (Maybe should be done in any event) But what I'm not seeing is
a description of the process for updates to go to distribution. There
must be a procedure beyond somebody submits a patch and... but I cannot
find any description of that procedure.

I'll probably have to write debian-security, but since my concern is
primarily for 21 CFR Part 11 regulation I thought this list might provide
some useful info. For general interest, I'm posting some policy related
documents below.

Thanks,
// George

http://www.debian.org/doc/debian-policy/
Debian Policy Manual

http://www.debian.org/social_contract
Debian Social Contract

http://www.debian.org/security/
Security Information

http://www.secinf.net/policy_and_standards/Building_Implementing_Security_Policy1228.html
Building and Implementing a Successful Information Security Policy --
one of the most comprehensive guides on the design and implementation of
an effective security policy for your company.

http://www.securitydocs.com/thread/280
Information Security as a Process, By: Mitchell Rowton

http://www.securitydocs.com/
http://www.securitydocs.com/Security_Policies/Sample_Policies
or follow links...  Security Policies > Sample Policies

http://www.wiretrip.net/rfp/policy.html
Full Disclosure Policy (RFPolicy) v2.0

http://www.sans.org/resources/policies/
The SANS Security Policy Project


-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org

Reply to:

Follow-Ups:
- Re: debian and 21 CFR Part 11
  - From: Andreas Tille <tillea@rki.de>

Next by Date: Re: debian and 21 CFR Part 11
Next by thread: Re: debian and 21 CFR Part 11
Index(es):
- Date
- Thread