Simple Tips to know about SAAS-CLOUD

The Data Privacy Statement is a crucial document that sets out how businesses use the private data of EU citizens.


The European Parliament and the European Council have developed the General Data Protection Regulation (GDPR), a legislation aimed at protecting and securing data rights for the citizens of the European Union (EU). The GDPR applies to companies that carry out business transactions with European Union citizens. The companies’ mobile phones, their desktop applications, and websites are among the prime objects that are governed by this regulation.

The GDPR was completely reenacted, replacing the earlier law on data protection, the Data Protection Directive, on May 25, 2018. The new data protection law, the GDPR, is the extant law on this subject, replacing the Directive that was in force for about two decades.

Computer Network

It is mandatory for companies that collect or process data of EU citizens, to inform them how these personal data is collected, used, shared, secured and processed. This is the soul of the new regulation. Any company that deals with information pertaining to what is described as personal data by the EU has to show compliance with this regulation. The cost of non-compliance is exorbitant: it can attract fines of up to €20 million, or up to one-twenty fifths of the company’s total annual revenues, depending on which of the two is higher.

It is to help companies understand the core aspects of data privacy relating to 21 CFR Part 11 and SaaS-Cloud, that Compliance4All, a leading provider of professional training for all the areas of regulatory compliance, is organizing a webinar. The aim of this 90-minute learning session, which will be organized on April 11, is to help participants understand how to write a Data Privacy Statement for compliance with the GDPR regulation. The Data Privacy Statement is a crucial document that sets out how businesses use the private data of EU citizens.

To gain knowledge of how to craft this extremely vital document, the appropriateness or lack of which can be the difference between compliance and penalties, please log on to to register.

The expert at this webinar is David Nettleton, an FDA Compliance Specialist for 21 CFR Part 11, HIPAA, and Computer System Validation. David will describe just what companies need to do to be compliant with Part 11 and the European equivalent Annex 11 for local, SaaS/Cloud hosted applications. He will show the proper ways of writing a Data Privacy Statement that meets the compliance requirements set out by the GDPR.

He will explain this through an explanation of all the four primary compliance areas that this law applies to:

  • SOPs
  • Software features
  • Infrastructure qualification, and
  • Validation

The aim of this learning is to show to participants the right manner of using electronic records and signatures. Doing it in the right manner goes a long way in helping to increase productivity and in ensuring compliance.

These are the core objectives that the learning from this webinar will impart:

  • Which data and systems are subject to Part 11 and Annex 11
  • How to write a Data Privacy Statement
  • What the regulations mean, not just what they say
  • Avoid 483 and Warning Letters
  • Requirements for local, SaaS, and cloud hosting
  • Understand the current industry standard software features for security, data transfer, audit trails, and electronic signatures
  • How to use electronic signatures, ensure data integrity, and protect intellectual property
  • SOPs required for the IT infrastructure
  • Product features to look for when purchasing COTS software
  • Reduce validation resources by using easy to understand fill-in-the-blank validation documents.

This webinar on simple tips to know about SaaS-Cloud: Data Integrity Compliance with 21 CFR Part 11, SaaS-Cloud, and EU GDPR is suited for GMP, GCP, GLP, Regulatory Professionals, QA/QC, IT, Auditors, Managers and Directors, Software Vendors and Hosting Providers.


About the speaker: David Nettleton specializes in performing gap analysis, remediation plans, SOP development, vendor audits, training, and project management. He has completed more than 185 mission critical software validation projects.

His latest book, “Risk Based Software Validation – Ten easy Steps”, relates to the development, purchase, installation, operation and maintenance of computerized systems used in regulated applications.

Believe in Your VLOOKUP Function Skills but Never Stop Improving

This information could be anything from pay rates to item prices, and accounting results to manually linking to specific cells.

VLOOKUP is a wonderful feature in Microsoft Excel using which one can look up and retrieve data from an exact column in a table. A name for “vertical” lookup, VLOOKUP works when values are made to appear in the first column of the table and lookup columns are placed on the right.

VLOOKUP, along with other functions such as HLOOKUP, MATCH, and CHOOSE, is a powerful MS Excel function with which a user can develop accurate spreadsheets and look up a host of information in very quick time. This information could be anything from pay rates to item prices, and accounting results to manually linking to specific cells.

At this webinar, the speaker, David, will offer complete explanation of the situations in which to use lookup functions. He will demonstrate troubleshooting techniques as well, which will help participants deal with troubles that can come in the way of efficient and quick work.


The usefulness of this session can be gauged from the fact that David will demonstrate every technique at least twice: first, on a PowerPoint slide with numbered steps, and second, in the subscription-based Office 365 version of Excel. He will explain the differences between the current (2019) and older versions of Excel (2016, 2013, and earlier) both during the presentation and in the detailed handouts he will give to participants. He will also offer participants an Excel workbook in which most of the examples he uses during the webinar are included.

In this session, at which you will learn to believe in your VLOOKUP function skills but never stop improving, David will help you learn how to future-proof VLOOKUP by using Excel’s Table feature versus referencing static ranges, how to improve the integrity of your spreadsheets with Excel’s VLOOKUP function, and the ways by which to apply the VLOOKUP and HLOOKUP functions. He will offer an understanding of how to use the MATCH worksheet function to identify differences between two lists.

Specifically, he will explain the features of MS Excel VLOOKUP with emphasis on:

  • Removing the Table feature from a worksheet if it’s no longer needed
  • Using the MATCH function to find the position of an item in a list
  • Using VLOOKUP to perform approximate matches
  • Utilizing Excel’s IFERROR function to display alternate values when VLOOKUP returns an error
  • Contrasting the INDEX and MATCH combination to VLOOKUP or HLOOKUP
  • Performing dual lookups, which allow you to look across columns and down rows to cross-reference the data you need
  • Future-proofing VLOOKUP by using Excel’s Table feature versus referencing static ranges
  • Improving the integrity of spreadsheets with Excel’s VLOOKUP function
  • Identifying situations where VLOOKUP may return #N/A instead of a value
  • Comparing HLOOKUP to VLOOKUP for performing horizontal matches versus vertical matches
  • Employing the SUMIF function to sum values related to multiple instances of criteria you specify.


About the speaker:

David Ringstrom is a CPA and an author and nationally recognized instructor who delivers dozens of webinars each year. His Excel courses are based on over 25 years of consulting and teaching experience. David focuses on what he sees users don’t, but should, know about Microsoft Excel. His goal is to empower users to use Excel more effectively.

3-Hour Boot Camp for the Detection of Microbial Pathogens in Foods and Feeds

The session then describes how to confirm that results obtained by commercially-available kit, are comparable to or exceed those obtained using the reference method.

All methodologies described in this presentation are also used by FDA labs. FDA applies them to education, inspections, data collections, standard setting, investigation of outbreaks and enforcement actions.

This presentation uses the latest FDA thinking and guidance documents to assist you in re-establishing those requirements that need to be fulfilled in the evaluation for microbial methods used in your testing laboratories. It also re-establishes performance evaluation (verification & validation) criteria, necessary for the use of commercially-available diagnostic test kits and platforms.

The presentation further describes evaluation criteria for methods to detect, identify and quantify all microbial analytes that may now be, or have the potential to be associated with foods and feeds, i.e. any microbiological organism of interest (target organism) or the genetic material i.e. DNA, RNA, toxins, antigens or any other product of these organisms.

Session #: 1
Duration: 1 hour
Learning Objectives: This section sets the context for the overall presentation and then provides validation criteria and guidance for all FVM-developed or any existing method(s) that has been significantly modified.

  • Purpose & Scope
  • Administrative Authority & Responsibilities
  • General Responsibilities of the Originating Laboratory
  • Method Validation Definition
  • Applicability
  • Requirements

Criteria and Guidance for the Validation of FDA-Related Methods

  • Validation Definitions
    • The Reference Method
    • The Alternate Method
    • The Originating Laboratory
    • The Collaborating Laboratory
  • The Method Validation Process
    • Emergency Use
    • Non-Emergency Use
  • Validation Criteria
    • Validation Criteria for Qualitative Methods to Detect Conventional Microbial Food-borne Pathogens
    • Validation Criteria for Identification Methods
    • Validation Criteria for Quantifiable Methods to Detect
    • Conventional Microbial Food-borne Pathogens
  • Method Validation Operational Aspects
    • General Considerations
    • Assessment of Validation Results

Session #: 2
Duration: 1 hour
Learning Objectives: This session describes guidelines intended to support method validation efforts for developers of molecular-based assays e.g. PCR, to be used to confirm the identity of exclusion of isolated colonies. Methodologies from this session can be used for either conventional or real time PCR assays.

The session then describes how to confirm that results obtained by commercially-available kit, are comparable to or exceed those obtained using the reference method.

Criteria and Guidance for the Validation of FDA-related molecular Based Assays

  • Inclusivity & Exclusivity
  • Target Genes & Controls
  • Comparison to the Reference Method

Criteria and Guidance for the Validation and Verification of Commercially Availbale Microbiological Diagnostic Kits and Platforms

  • Definitions
    • Validation of an Alternative Method
    • Verification
  • Criteria
    • Commercially-available Microbiological Diagnostic Kits Whose Performance Parameters Have been Fully Validated in a Multi- Laboratory Collaborative Study Monitored and Evaluated by an Independent Accrediting Body e.g. AOAC-OMA, AFNOR, etc.
    • Commercially-available Microbiological Diagnostic Kits Whose Performance Parameters are Supported by Data Obtained Through an Independent Laboratory Validation Protocol and Evaluated by an Independent Accrediting Body e.g. AOAC-RI

Is your Cyber security Incident Response team trained to respond in an Incident?

Table top exercises, full Red Team Blue team training. Playing the role of an attacker can make your team better at defense.

The best way forward is an efficient Incident Response Program that allows an organization to respond with speed and agility, while empowering businesses to maintain continuous operations. Such a solution also reduces revenue loss, reduces fines and lawsuits and protects brand reputation.

Information Security, Governance & Risk, are all critical aspects of planning and execution of the Information Security Plan. Who in your organization has key responsibility to develop an information security governance program.

review existing Information Security policies and standards to ascertain their adequacy in coverage scope against industry best practices, and update them asappropriate, taking into account compliance recommendations?

Establish Key Performance Indicators (KPI) to determine if your Information Systems Incident Response program meets business objectives and operational metrics for ongoing process improvement.

Learn how to develop a CSIRT Policies, Program, Plan, Playbook, Training and Exercises

Are you willing to risk your Business Reputation on their training?

Coordination of incident handling stops duplication of effort. Training should concentrate not only on the capability to react to incidents but the ability to utilize the resources to alert and inform its stakeholders.

We will cover table top tests, table top exercises, full Red Team Blue team training. Playing the role of an attacker can make your team better at defense.

Many companies exercises do not using formal blue teams. This is an effective way to have a more realistic idea of their true defensive capabilities. Exercises do not have to be expensive. There are so many types of tests.

  • Adopting a systematic approach to risk tracking to enhance the effectiveness of the Cyber Incident Program
  • utlining the critical actions to take if an event affects the company or its partners
  • Understanding an organizations’ susceptibility to a Cyber Attack
  • Cyber Incident Response: Getting started, research, training, testing and maintaining
  • Standards and Best Practice: ISO 27001, ISO 27035, ISO 27005, ISO 22316 NIST, FFIEC, HIPPA AND HITRUST

Don’t skip this with out reading the details

Virtual Seminar on In-Depth Computer System Validation [FDA Compliance]

You should know the key areas most scrutinized by FDA during inspection to prepare for future audits.

How to apply the System Development Life Cycle (SDLC) Methodology when validating computer systems subject to FDA regulations, and You’ll learn about the various computer system.

validation deliverables and how to document them through the entire process, also learn about what must be done to ensure the system remains in a validated state.

We will also review recent trends in FDA enforcement and highlight key areas of CSV that are being scrutinized most heavily.

This will help you understand in detail Computer System Validation (CSV) and how to apply the System Development Life Cycle (SDLC) Methodology when validating computer systems subject to FDA regulations.

This is critical in order to develop the appropriate validation strategy and achieve the thoroughness required to prove that a system does what it purports to do.

It also ensures that a system is maintained in a validated state throughout its entire life cycle, from conception through retirement. We will discuss the phases within the SDLC, and how these form the basis for any CSV project. The importance of the sequence of steps will also be covered.

You should also attend to learn the key areas most scrutinized by FDA during inspection to prepare for future audits.

  • Computer System Validation (CSV)
  • System Development Life Cycle (SDLC) Methodology
  • Good “variable” Practice (GxP) (Good Manufacturing Practice (GMP), Good Laboratory Practice, Good Clinical Practice (GCP)
  • Validation Planning
  • GAMP 5 System Classification
  • Risk Assessment
  • Functional Requirements Specification
  • Configuration and Custom Coded Solutions
  • Installation Qualification (IQ) Testing
  • Operational Qualification (OQ) Testing
  • Performance Qualification (PQ) Testing (User Acceptance Testing/UAT
  • Validation Summary Report
  • Operational Maintenance for Validated Systems
  • Policies and Procedures
  • Training
  • Organizational Change Management (OCM)
  • Periodic System Review
  • Disaster Recovery and Business Continuity Planning
  • System Retirement
  • FDA Recent Inspection Trends and Key Areas of Focus

GMP Training Specialists

QbD Development Process Evaluating Critical Steps

The selection of robust process parameters for Quality designs, and how to establish criteria to measure and discernable observances.

  • How to Build quality, safety, and efficacy into the manufacture of drug product
  • The ICH guidelines for pharmaceutical manufacturing
  • Risk-based, modern pharmaceutical manufacturing
  • Understanding Target Quality Profile, Critical Quality Attributes
  • Process parameters and design experiments
  • Regulatory concerns FDA and EMA on QbD

To establish a procedure for the proper assessment of product and process design, Also, to align evaluation of product quality standards for chemistry manufacturing and controls (CMC) review and to maintain quality standards per Office of Pharmaceutical Science (OPS)

It should be noted that OPS is responsible for assuring that the quality of drug products for the entire pharmaceutical industry follow uniform policy and review processes during drug product development (the manufacture and formulation).

Therefore, it is incumbent on all personnel involved with the preparation of documentation for subsequent submission to the regulatory authority recognize the importance of creating and maintaining a clear scientific and sound approach for all products.

  • Quality target product profile (QTPP) forms the basis for design and the development of the product. Considerations for the Quality Target Product Profile (ICH guideline Q8 R2)
  • Critical quality attributes (CQA) is a physical, chemical, biological, or microbiological property or characteristic that should be within an appropriate limit, range, or distribution to ensure the desired product quality
  • Process Analytical Technology (PAT) which is a Framework for Innovative Pharmaceutical Development, Manufacturing and Quality Assurance
  • Risk Assessment (RA)one can recognizing critical attributes that are going to affect final quality of product

Process Evaluating Critical Steps

Want to Have a More Appealing FDA CFR 21 Part 11? Read This!

The most important ones among these are Computer System Validation, data security, and data backup.

Title 21 CFR Part 11 is one of the sections of the FDA that inspires both awe and respect. Commonly known as 21 CFR Part 11, this section deals with and establishes the criteria for the FDA’s requirements relating to electronic records and electronic signatures (ER/ES). All the requirements which the FDA expects for electronic records and electronic signatures to be considered trustworthy, reliable and equivalent to paper records are set out in this section.

For the FDA to consider electronic records, electronic signatures and handwritten signatures to be on par with handwritten ones and proven for their safety, trustworthiness and authenticity; companies in the designated industries governed by FDA regulations have to meet conditions set out in 21 CFR Part 11. It is only when these conditions are met that the FDA considers these records to have the same effect or worthiness of an actual paper record.

As paper made way for electronic versions with the advent of technology; FDA 21 CFR Part 11 regulations evolved with the intention of helping to overcome some of the obvious drawbacks of paper records:

  • Their potential to be manipulated or forged
  • Their destructibility
  • Lack of authenticity.

FDA 21 CFR Part 11 regulations came into being to give electronic signatures the same effect as those of paper ones. These regulations seek to make the electronic signatures as authentic as the paper records they replace through a set of well-defined scientific means. FDA 21 CFR Part 11 is designed to give regulatory authorities the confidence and scientific validation for this authenticity.

The core areas of 21 CFR Part 11 implementation

21 CFR Part 11 regulations compliance covers three core areas:

Standard Operating Procedures

There are nearly 12 Standard Operating Procedures prescribed in the 21 CFR Part 11 regulations for addressing the company’s IT infrastructure. The most important ones among these are Computer System Validation, data security, and data backup.

System features

21 CFR Part 11 regulations require close to 50 industry-related features that organizations need to implement into their computer systems to be compliant with the regulations.

Computer System Validation

The core of 21 CFR Part 11 regulations is Computer System Validation. The purpose of implementing CSV is to ensure that the FDA has documented evidence that each computer system in the organization carries out exactly what it is expected to and helps users detect and identify errors.

How to make your 21 CFR Part 11 effective

Since implementation of 21 CFR Part 11 is mandatory in the industries for which it is stipulated; it is necessary to those who work in these industries to get a proper and thorough idea of how to properly implement the provisions of this regulation.

Adapt a risk-based approach. This is the foundation to 21 CFR Part 11 implementation 

The basis to effective implementation of 21 CFR Part 11 is to take a risk-based approach to implementation. A risk-based approach should take all the possibilities of risk into the area of electronic signatures and work on ways of countering them. Understanding the risks is the foundation to implementing 21 CFR Part 11 effectively, as it helps to identify areas from which risk could arise to the electronic signatures.

The risk-based approach is not only a very solid means to ensuring the effectiveness of 21 CFR Part 11 regulations; it also prevents the organization from being cited by the FDA, since this is the method the FDA itself suggests and welcomes. It is also extremely useful in making the organization’s computer systems more effective and inexpensive over time.

Train your staff

The key to effective and proper 21 CFR Part 11 implementation is for the organization to let its employees know the importance of this regulation. It is only when employees, as stakeholders in the organization’s growth, are enlightened about the importance of critical regulations such as 21 CFR Part 11 that they understand why they need to implement, what benefit they get out of implementing it, and what they stand to accrue in terms of penalties for lack of implementation that they take a keen interest in its implementation.

Again, training too, is a core FDA requirement. The FDA has laid out clear-cut guidelines of how to train employees for 21 CFR Part 11 implementation and the ways of documenting the training. Organizations that comply with these requirements are less likely to invite FDA actions.