Rescop

News & Events
  • 0 FDA’s transformation towards CSA

    • by Bob Verhoeff
    • 13-11-2020
    5.00 of 2 votes

      The pharmaceutical industry is currently undergoing an exciting transformation areas. Medical and biotechnological innovations happen very fast, research and development processes are under constant investigation for improvement and business and sales models are changing.  In this array of changes, existing validation and verification processes and practices are also being challenged. What validation specialists and experts have known and believed about Computerized Systems Validation (CSV), software validation and 21 CFR Part 11 compliance, is about to change noticeably. By the end of this year, the FDA plans to release an updated guidance on the transition from the traditional framework of Computerized System Validation to Computerized System Assurance (CSA) for Manufacturing, Operations and Quality System Software. Somewhere in the middle of the Covid-19 outbreak (May 2020), our Rescop colleague Adriaan Wanner has already written a blog about the future of Computerized System Validation (you can find this blog here).   FDA’s draft guidance on Computer Software Assurance has emphasized ‘critical thinking’ to be a crucial asset while implementing automated systems. In brief, it is a paradigm shift from document oriented computerized system validation practices to critical thinking focused assurance practices. The FDA is driving this shift towards Computer Software Assurance. The pharmaceutical industry should take notice of this change and be prepared to adapt it.   In a rapidly changing digital landscape, the guidance on Computerized System Validation is already dating back to 2003 and is lagging behind to catch up with the latest technologies. This makes it no longer clear in terms of effectiveness and efficiency of the validation effort, how much testing is enough and where to focus on testing.   The FDA believes the use of innovative thinking, automation methods, Information Technology and Data solutions throughout the product life cycle can provide significant benefits to enhance quality and patient safety. These substantial benefits in increasing quality, is shown in other industries utilizing thorough innovative automation but also embracing risk-based approaches and solutions for cloud computing.   At this moment, CSV has become more and more an obstacle in the process to move to an automated environment. This is evident due to the required extensive testing and comprehensive documentation to prove the validated state of the computerized system.  To support the use of these new technologies, FDA is drafting a new guideline for Computer Software Assurance (CSA) that will tackle the issues life-science manufacturers have at the moment with CSV.    The new guidance will provide clarity on the process to be used to determine what is marked as high-risk and therefore what should be verified more thoroughly to eliminate flaws and failures earlier. The intent is to improve quality, reduce validation and verification costs and time, decrease testing issues and deliver value faster.   This approach includes a shift from the emphasis on compliance, allowing manufacturers to focus on enhancing quality and patient safety. Furthermore, implementing automated systems and new technologies faster and more vastly. A risk-based approach is not new and is used for decades in many principles and frameworks for product and IT system development within pharma industry. The risk determination of software remains focused on the following principles: Does the software impact patient safety? Does this software impact product quality? How does the software impact the system’s data integrity?    The above approach remains applicable to all regulated organizations.  No doubt about that. But what exactly does the shift to CSA mean? The CSA approach will contain elements of:   Critical Thinking: Contained risk assessment for each software product feature High Assurance: Demonstrate the functionality or feature is working as desired Testing Activities: Define and leverage from different test methods like formal (hence scripted) testing and informal (unscripted) testing Below figure explains in brief the differences between CSV and CSA:       “Focus on creating documentary records for compliance” versus “Focus on testing for higher confidence in system performance”;   “Validating everything with the chance to miss higher risk ranked functionality” versus “Risk-based assurance, applying the right level of risk to patient safety and/or product quality and data integrity”;   “Avoiding previous assurance activities and/or related risk controls” versus “Taking prior assurance activities into account and pre-assessed risk controls”.   The new FDA guidance intends to focus on more direct and tangible system testing and considerably less documentation generation. Having introduced the above three CSA principles, let us zoom in more closely by explaining the last principle of informal or unscripted testing. This is a type of software (product) testing in which the validation engineer (hence software developer/tester) has relatively degree of freedom to select any possible methodology to test the software.   As per the typical definition of informal, unscripted testing, software developers, testers and end user stakeholders use their skills and abilities to test the software developed by themselves with less predefined and detailed scenarios and techniques such as error guessing and exploratory testing. Let’s take an example of scripted and unscripted testing: When considering for example a learning management system environment and applying the critical thinking principle, one can outline that:   A training requirement generation as part of a curriculum can be considered as unscripted testing. The scenario where a production specialist is working in a critical area, but has failed to renew his/her certification. In this scenario the individual should automatically barred from entering the production area. Since this has an impact on product quality, we need to classify this feature as high risk including a proper test script and testing evidence. This scenario will be considered as scripted testing.   To support unscripted testing, FDA is also considering proposing the adoption of the smarter techniques in software delivery. Research firms like Gartner predicts that by 2024, low-code application development will be responsible for more than 65% of application development activity. Low-code development entails a development platform that support the efficient use of code by high programmed command’s for system code writing.   Together with the Critical Thinking and High Assurance principles, life-science manufacturers should take notice of CSA as the FDA is releasing an updated guidance for computerized validation and verification practices. And they can apply and share the experiences of the CSA principles to build up the learning curve in effective product development and enhancing the life cycle of their products.     Please contact us for more information via info@rescop.com ______________________________________________________   References   FDA Computer System & Software Validation - What you’ve known for 20+ years is changing, By Jon Speer, December 2, 2018 , in FDA Regulations and Software Validation and Computer System Validation   Data Integrity and Compliance with Drug CGMP Questions and Answers Guidance for Industry - Guidance for Industry, April 2016, (FDA-2018-D-3984)          

  • 0 Agile Computer System Validation

    • by Bas Michielsen
    • 20-10-2020
    0.00 of 0 votes

      Introduction Agile Computer System Validation (CSV) and Software Life Cycle Management Introducing a validated (software) system in the Life Sciences and Health Care Industry (e.g., regulated projects) can be a very demanding, challenging, and time-consuming task. In this article, we will discuss the following topics: What is Agile? What is Agile software development methodology? What is Agile (computerized system) validation? Benefits of Agile software development / Agile validation Industry standards & best practices What is Agile? What is the Agile software development methodology? Agile is the collective name for any non-linear software development method. Agile software development methodologies are centered round the idea of iterative development, where requirements and solutions evolve through collaboration between self-organizing cross-functional project teams. Agile is a method of developing software solutions, that focuses on delivering high-quality working software frequently and consistently, while minimizing project overhead and increasing business value Agile was introduced with the purpose to improve the limitations in traditional development methodologies by concentrating on continuous improvement and conducting tests in smaller iterations without compromising on the overall development quality of the product. Agile software development is flexible, fast, and aims for continuous improvements in quality.   Agile methodology key elements & tools:       What is the Agile Manifesto? Agile development refers to any development process that is aligned with the concepts of the Agile Manifesto. The Manifesto was developed by leading figures in the software industry and reflects their experience of what approaches do and do not work for software development. Read more about the Agile Manifesto. Core values of Agile Software Development Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan   What is Agile (computerized system) validation? Agile validation, also called Agile GxP, comes with the help of the methodology based on Scrum (the most commonly used  flavor) to combine the world with requirements for the Life Science and Pharmaceutical industry. In Agile practice, validation becomes integral component to development, rather than an afterthought. Through continuous verification and validation activities throughout the software lifecycle, Agile catches defects earlier, reducing rework and enable faster system go-live. Agile validation in GxP projects requires the same type of deliverables that are needed for traditional validation processes, but the way in which these deliverables are created is different. Sometimes the deliverables will have different name.   What are the benefits of Agile software development and Agile computerized system validation?    Agile is a powerful tool for software development and computerized system validation. Examples of benefits of Agile software development are: Improved product quality Focus on high-quality development, testing and (customer) collaboration Continuous Risk management Finding and fixing defects quickly Deliver solutions on time and with a higher degree of client and customer satisfaction (delivering the right product) Manage change more effectively Allows for change; New or changed requirements can be planned and incorporated during development Focus on business stakeholder’s engagement Delivering strategic business value what is aligned with business stakeholders’ expectations Deliver features that provide the most business value to the identified business stakeholders Product features are defined on the need of the real users. Agile software development provides a unique change for stakeholders (e.g., clients, customers) to be involved throughout the whole project   Increased productivity Agile makes better use of the available resources With work broken into iterations, there are always milestones and deadlines   Improved transparency Everyone from stakeholders to the development team knows what is getting done, what is not and who is making decisions. When the entire team understands the big picture, projects tend to move forward faster.   Standards and best practices   Standard Organization Website GAMP 5 Guide: Compliant GxP Computerized Systems   The International Society for Pharmaceutical Engineering is the world's largest not-for-profit association serving its Members by leading scientific, technical, and regulatory advancement throughout the entire pharmaceutical lifecycle. ISPE IEC626604/82304   The International Organization for Standardization is an independent, non-governmental organization, the members of which are the standards organizations of the 164 member countries. It is the world's largest developer of voluntary international standards and it facilitates world trade by providing common standards among nations. More than twenty thousand standards have been set, covering everything from manufactured products and technology to food safety, agriculture, and healthcare. ISO Technical Information Report TIR45  The Association for the Advancement of Medical Instrumentation(AAMI) Standards Board has published a Technical Information Report TIR45 which provides recommendations for complying with international standards, and U.S. Food and Drug Administration (FDA) regulations and  guidance documents when using Agile practices to develop medical device software. AAMI         Rescop Academy Online Training!! VALIDATION USING AGILE Rescop Academy can help you with the method and tools to make this imagination become reality; instead of validating your system during the full development and implementation, Rescop Academy’s Agile Validation method will help you to validate parts of a system in an early stage.  Rescop provides Agile Validation using training on various levels: Foundation and Practitioner. Both training levels combine the theory from the Agile (SCRUM) / SAFe, ISPE GAMP® 5 Guide: Compliant GxP Computerized Systems and the AAMI TIR45 guidelines with exercises to simulate the practical implementation.      For more information contact us!                                                          

  • 0 Getting started with Data Security & Data Integrity

    • by Bas Michielsen
    • 08-10-2020
    0.00 of 0 votes

      (Reading time: 5 minutes)   Introduction Learn more about data integrity and how to implement and maintain data integrity within your organization. In this article, we will discuss the following topics: What is data security? What is data integrity? Data integrity is not data security Data integrity is not data quality Why are data security and data integrity important for every company? Data integrity violations and the possible risks associated with it What are examples of data integrity violations? What is a definition of data? What is a definition of a record? Data security & data integrity solutions   What is data security? Data security refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. It includes the protection of data from both intentional and accidental alteration or loss over its entire life cycle across all applications and platforms. Data security technologies and processes There are many data security technologies and processes available to support your organization’s productivity while safeguarding the data. Examples of data security controls include: Access control. Backups & recovery. Date encryption. Data masking. Data resilience. Data erasure. Data security is also known as information security (IS) or computer security.   What is data integrity? Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. Integrity is doing the right thing, even when no one is watching. (C.S. Lewis). Integrity (noun) [U] (HONESTY) ... The quality of being honest and having strong moral principles that you refuse to change. (Cambridge dictionary).     Data integrity is not data security Data security contains all measures taken to keep data from getting corrupted. Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of data over its entire life cycle   Data integrity is not data quality Data quality is all about creating trustworthy records from the moment raw data is entered, stored, transferred, and archived.   Why are data security and data integrity important for every company? All organizations today deal with data. From international operating companies dealing in massive volumes of personal data to a small business-owner archiving the contact details of his customers on a piece of paper, data is integrated in organizations both large and small. When an organization collects any kind of personnel data, it instantly becomes known as a data processor. Data security and data integrity are important for every organization. For instance: Ensure compliance. Safeguards all valuable information. Reputation & brand protection. Protection of intellectual capital. Controlling critical infrastructures.   Data integrity violations and the possible risks associated with it Prevention of data integrity violations is important for every company because the risks associated with it will be high when compared to prevention of data integrity. Potential impact of poor data security and data integrity violations: Revenue loss. Damage to brand reputation and the image of the company. Loose the creditability from stakeholders. Loss of intellectual property. Hidden costs. Impact on organization goals.   What are examples of data integrity violations? The data integrity violations come in many different forms. Deletion or manipulation of data Backdating, Fabricating data Aborted sample analysis without justification Invalidated OOS results without justification Destruction or loss of data Missing, altered or raw data not being recorded Failure to document work contemporaneously Uncontrolled documentation Lack of audit trail, or no documented change control Unauthorized access or changes to data Not following company procedures Sharing passwords Copying existing data as new data Disposing the original hard copies Not reporting of failures and deviations Releasing the failing product Hiding/obscuring critical information Mismatch between reported data and actual data     What is a definition of data? Data is a representation of facts, concepts, or instructions in a manner suitable for communication, interpretation, or processing by humans or by automatic means.   What is a definition of a record? Records provides evidence of various actions taken to demonstrate compliance with instructions, in either electronic or paper format. Records include raw data.   Are you experiencing challenges related to data integrity? Rescop has experts in data security & data integrity practices who can offer the tools and training employees need to maintain data compliance. Contact us now!    

  • 0 BCF Career Event

    • by Rescop
    • 18-09-2020
    0.00 of 0 votes

      BCF Career Event Netherlands 2020 29 September - Online | 30 September - Utrecht   Rescop will take place again at the largest career event for the Life Sciences in the Netherlands. This year, BCF Career Event will be spread over two days, with an online and an in-person event. We are looking forward to meet everyone who is or wants to be active in Bio/Life Sciences, Chemistry, Food or Pharma. More information can be found here.                

  • 0 What is computer system paperless validation (CSV) for Pharma, Medical Devices and Biotech companies?

    • by Bas Michielsen
    • 02-09-2020
    0.00 of 0 votes

      Computer System Validation (CSV)/Paperless Validation is the process of ensuring that any technology component (software or hardware) is fulfilling its purpose to ensure compliance with GMP guidelines and to help organizations maintain consistent quality. The validation is an important assessment and necessity in Life Science. Avoid reinventing the wheel and ensure optimization and efficiency in the validation process Paperless validation software completely takes away the pitfalls in the usage of a paper-based validation process where more effort & cost involved in doing the activities related to printing, distribution, and storage.   What are the benefits of paperless validation software solutions? Paperless validation software solutions provides: Data integrity, consistency, accuracy and control across the organization; Aligned requirements, design and test documents; Electronically review and approval of documents including signatures; Real time validation status, real time metrics, and extensive reporting; User accessibility anytime, anywhere across multiple devices (web, smartphone, tablet);   Paperless validation software improves: Productivity and reduce time-to-market, changeover and cycle-times; Global collaboration and communication; Paperless validation software facilitates: Teamwork and ensures the progress of activities and be audit ready, anytime; Online execution of testing and deviations; Automated management of change management, document tracking and periodic review; Streamlined review / approval process;   Paperless validation software reduces: Cycle time for validation activities and saving costs; Costs of purchasing paper itself, costs related to shipping via authorized couries, security of the storage of paper records; Paperless validation software enables: The visibility of validation tasks and provides management up-to-date information to monitor and control to improve the processes; Reuse of content. What are important business benefits for management when using a paperless validation software approach? The retention of knowledge and easy access to data from the project phase, leveraging of work done across projects Built in quality and compliance in the business process and overall reduction in business risk – quality, safety and operational.   Key considerations when selecting a paperless validation software solution: The key considerations when selecting a paperless validation software solution that works for all systems is the scope or intended use, the process, and the cost. Costs can add up when dealing with software licensing, support, training, and maintenance. Most importantly, it is importance to understand the process prior to selecting a solution. Then, it is useful to think global even if an organization plans to implement locally and to plan for change. Conclusion: Paperless validation for Life Science companies is fast becoming essential for survivability, strategic advantage, and overall compliance.   Rescop paperless validation software solutions Our all-in-one Validation Lifecycle Management System (VLMS) software comes equipped with a suite of specially designed solutions, each developed and customized to serve the particular requirements of any computer system validation(CSV) lifecycle process. Rescop computer system validation enables our customers to implement paperless validations and fulfill FDA CFR 21 Part 11 compliance.

  • 0 ECA -Academy Computer Validation Seminar

    • by Maurice Kerens
    • 03-08-2020
    0.00 of 0 votes

        We are proud to announce that we will be a part of ECA – Academy conference on 27 & 28 - 30 October 2020 as a speaker.   Highlights Regulatory Update Leveraging Suppliers - Managing Quality - Leveraging Test Activities - Supplier Assessment Good Validation Practices Scalability of Validation Advanced Risk Management IT Governance Data Integrity Change Control Management Upcoming Challenges in IT Learning by doing: up to 10 Workshops Interactive sessions   For more information check the ECA Website : https://www.gmp-compliance.org/training/gmp-course-conference/computer-validation-leveraging-suppliers      

  • 0 Data Integrity - Online training

    • by Rescop
    • 18-06-2020
    0.00 of 0 votes

    Rescop Turnkey Projects & Advisory - Data_Integrity   Rescop has a standard data integrity toolbox available, developed based on 21CFRPart11, Eudralex Annex 11, the GAMP Guide and Rescop’s experiences in practice. Possibility of deployment of onsite project team that has experience with data integrity projects and FDA / EU inspections is key for knowledge sharing and teamwork!   Our Rescop Academy Services provides free Online training for Data Integrity: Will be present by Richard Mulders and Rafal Buczek - 25 June 2020 / 4-5 PM For Registration : https://rescop.com/webinars.php    

  • 0 VALIDATION USING AGILE

    • by Rescop
    • 08-06-2020
    5.00 of 1 votes

        Although Agile and Validation feel like a contradiction, Agile development can help you to efficiently validate your systems. Just imagine that during development/implementation of a system the components which are already completed can be used but are also validated for their intended usage.     Rescop Academy can help you with the method and tools to make this imagination become reality; instead of validating your system during the full development and implementation, Rescop Academy’s Agile Validation method will help you to validate parts of a system in an early stage.     Rescop provides Agile Validation using training on various levels: Foundation and Practitioner. Both training levels combine the theory from the Agile (SCRUM) / SAFe, ISPE GAMP® 5 Guide: Compliant GxP Computerized Systems and the AAMI TIR45 guidelines with exercises to simulate the practical implementation.   Validation using Agile Foundation The Foundation level training is suitable for people who need to be aware of what Agile and Scrum is and how it can be used in a regulatory environment. The training includes practical examples on how to do it.   During this training you will learn: • How the benefits of Agile development methods can be leveraged within the strict world of compliance        (validation)• How to implement Agile development methods in practice• Differences between small and large projects / programs when using Agile development methods• Focus on product / system quality instead of on validation documentation to validate• How to apply Rescop Academy’s Agile Validation method to help you to validate parts of the system in an early stage   You can get a small impression of the training.  Register free for our next coming Agile validation webinar.  Free registration      

  • 0 Rescop free demos of our validation lifecycle management and quality management software

    • by Maurice Kerens
    • 26-05-2020
    5.00 of 1 votes

    Rescop free demos of our validation lifecycle management and quality management software   Coming up Software Demo RC - Deviation - 17 Jun 2020 / 14:00 -15:00 - Click for registration RC - SLM - 24 Jun 2020 / 14:00 -15:30 - Click for registration

  • 0 White Paper - Rescop Quality Management Suite (RC-QMS) - Security and GDPR

    • by Jan Bloo
    • 26-05-2020
    0.00 of 0 votes

    Rescop Quality Management Suite (RC-QMS) - Security and GDPR PUBLIC and the revision date 13-MAY-2020 •    Rescop meets the most extensive compliance standards.•    Rescop utilizes Microsoft's Azure secure cloud services.•    Rescop's platform and infrastructure are monitored continuously. •    Rescop complies with GDPR as a data processor in the provision of Rescop’s services to its customers. An Industry StandardRescop is the digital paperless pioneer in a GxP Compliance world. Founded in 2005, Rescop Quality Management Suite (RC-QMS) is used by companies worldwide, spanning all industries, platforms and sizes.Hosting and Infrastructure Rescop RC-QMS Software-as-a-Service (SaaS) solution is available for private clouds utilizing top-tier secure cloud services provided by Microsoft Azure.Microsoft AzureIn a world where data breaches are daily occurrences and regulatory requirements for protecting data are increasing, it's essential for organizations to choose a cloud service provider that makes every effort to protect customer data. Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our broad suite of cloud products and services are all built from the ground up to address the most rigorous security and privacy demands of our customers.To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider.For more information:  https://www.microsoft.com/en-us/trustcenter/complianceCompliance Rescop is ISO 27001:2013 certified for Information Security and ISO 9001:2015 certified for Quality Management.Penetration Tests and Monitoring Rescop’s front and back-end applications, as well as its IT infrastructure undergo frequently pen-tests. This is done in addition to Microsoft’s own independent tests, periodic internal tests, and 27/4 monitoring of security-related events.  Certifications and Accreditations ISO 27001 Information Security Certification Rescop received the International Organization for Standardization Certification for Information Security (ISO 27001:2013). The audit evaluated Rescop's Information Security Management System from product, infrastructure and organizational aspects, and verified that Rescop has the necessary information security controls in place to ensure the confidentiality, integrity and availability of valuable data and information assets.Rescop's alignment (as verified by an independent third-party audit agency) with this internationally recognized code of practice demonstrates Rescop's commitment to the privacy and protection of customers' content. By following the standards of ISO/IEC 27001, Rescop demonstrates that its policies and procedures are robust and in line with its high codes of practice, namely:•    Rescop customers know where their data is stored.•    Customer data won’t be used for marketing or advertising without explicit consent.•    Rescop customers know what’s happening with their Privacy data.•    Rescop will comply only with legally binding requests for disclosure of customer data.ISO 27032 Guidelines for CybersecurityRescop is ISO/IEC 27032 complying to guidelines for Cybersecurity. ISO/IEC 27032:2012 provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on information security, network security, internet security, and critical information infrastructure protection (CIIP) domains. By complying, Rescop facilitates a secure and reliable collaboration that protects the privacy of our customers and helps to prepare, detect, monitor, and respond to cybersecurity incidents.GxP ComplianceGxP is a general abbreviation for "good practice" guidelines and regulations. Technology systems that support GxP processes such as Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Distribution Practice (GDP) and Good Manufacturing Practices (GMP) require validation and qualification of adherence to GxP requirements. Solutions are considered qualified when they can demonstrate the ability to fulfill GxP requirements. RC-QMS GxP ComplianceOur fully web based solution, which runs on the common browsers and is cross-platform compatible to allow for use on any device type, including pc’s, laptops, tablets and smartphones. Our solution will help you to establish and maintain a GxP-compliant and reliable IT infrastructure and application landscape for continuous business operations. The RC-QMS suite is developed according GxP regulations and fully tested before delivering to customers in a pre-validated way.Rescop Quality Management Suite (RC-QMS) forms a comprehensive solution for quality and compliance management within regulated industries. It contains products for all key quality management processes, and these products have been designed in such a way that they integrate seamlessly with each other, to enable an efficient and fully paperless quality management system.RC-QMS is a full solution for ensuring permanent inspection readiness in an efficient way. Moreover, RC-QMS enables paperless validation and compliance. Cloud GxP ComplianceOrganizations building GxP solutions on Microsoft Azure can take advantage of the cloud’s efficiencies while at the same time helping protect patient safety, product quality, and data integrity. Customers also benefit from Microsoft Azure’s multiple layers of security and governance technologies, operational practices, and compliance policies to enforce data privacy and integrity at very specific levels.The Microsoft Azure GxP qualification guidelines give customers the tools they need to build on Microsoft Azure’s security foundation by providing:•    The shared responsibilities between Microsoft and Rescop for meeting GxP requirements•    Documentation of the extensive controls implemented as part of Microsoft Azure’s internal development of security and quality practices•    Visibility into crucial areas of internal Microsoft Azure quality management, IT infrastructure qualification, and software development practices•    Descriptions of GxP-relevant tools and features within Microsoft AzureWe are partnering with Microsoft Azure to make cloud-based systems a safer, more efficient model for driving innovation and maintaining regulatory compliance.For more information: https://aka.ms/gxpcompliancePrivacy – General Data Protection Regulation (GDPR) Rescop complies with GDPR as a data processor in the provision of Rescop’s services to its customers. In addition, we are devoted to helping our customers with their GDPR compliance processes by providing robust privacy and security protections built into our services and contracts.By default, Rescop does not collect personally identifiable information (PII) other than IP addresses in logs for security purposes, end-users’ approximate geolocation (country and city in which they are located) and masked IP addresses for the ongoing operation of the Rescop systems. Moreover, Rescop collects and transfers environment properties such as browser and OS, page URL, and title. Operations and Access Control  Security Measures •    All the client files in RC-QMS are encrypted in rest state.•    All RC-QMS files are encrypted in transit state.•    The database of RC-QMS is encrypted.•    The RC-QMS security log is recording personal data: User (Last, First Name), Username, External IP Address.•    All RC-QMS servers are under change control.•    All RC-QMS servers are under access control.•    Backups are taking and stored encrypted by Microsoft Azure and ATERA.  Monitoring & Auditing Intrusion Prevention and Detection Rescop has an extensive Security Information and Event Management system (SIEM), that collects security audit trail logs across infrastructure components in industry standard formats (CEF and Syslog) using an Intrusion Detection System and for analysis and control.Rescop’s SIEM alerts are based on comprehensive pre-defined scenarios, including identification of suspicious signs such as failed login attempts, logins from unknown and off-premise IP addresses or logins during off-hours.SIEM alerts are monitored 24/7 by Rescop. The SIEM prioritizes all alerts, notifies in real time, and escalates them according to severity. Access Control User Management and Permissions Rescop’s platform has an integrated, comprehensive role-based user management and enforcement system.Assigning roles to users requires authorization from the relevant parties in Rescop, and application permissions are granularly controlled per action and screen.  Rescop’s internal corporate access control is centrally and manually managed based on strict need-to know and least-privileged principles on all levels: Application (strong authentication), Network (segmentation, firewall), Platform (access to servers), and procedural (who’s granted to review/approve code, manage changes, etc.).All internal duties within Rescop are segregated. Access verifications are done by internal audits and period reviews, including but not limited to firewall rules, user accounts permissions etc.Overall Conclusion Rescop as the developer of RC-QMS, backed with an uncompromising commitment to GxP, security and privacy, is trusted by companies worldwide. Rescop makes sure to comply with corporate, governmental and (inter)national regulations, maintaining and abiding by the strictest requirements, regulations and security measures at all levels – from its staff, through infrastructure and down to the finest details of its products and procedures.Rescop has received the most demanding international certifications ISO 27001 and ISO 9001, and offers its customers the ability to enforce corporate governance internally, while providing an overarching security umbrella – hosting Rescop’s environments with Microsoft Azure Cloud Services, actively monitoring customer security 24/7, and performing frequently  pen-tests on Rescop’s platforms.Maurice KerensManaging Director Software Development and ImplementationJan BlooCorporate Director Quality Assurance