Almost every business has a few compliance challenges, but some businesses have more than others.
Persistent business records that support confidentiality and provenance with high availability are the cornerstone of any compliance solution, but they are not easy or cheap to achieve in practice, without specialist cyber security systems, and compliance also needs to consider the entire range of business systems, processes and policies, and the evidence that demonstrates that all business activities have been conducted in accordance with them.
The ISO 9001 standard for quality management systems is focussed on the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements. The standard isn’t prescription in terms of how the business achieves those objectives, but it does require the business systems, processes and policies to be documented, and it does require evidence to demonstrate that they have been applied in accordance with the documentation.
The ISO 27001 standard for cyber security is focussed on the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization, including the assessment and treatment of information security risks tailored to the needs of the organization. This standard is more prescriptive, but still provides significant scope for choices within each organisation.
The GAMP5 standard for regulated computerized systems is focussed on the Good Practice (GxP) Guidelines & Regulations , which were created to support compliance with Food & Drug Administration (FDA) requirements. This standard is even more prescriptive, but still offers scope for choices within each organisation.
Our Secure Business systems are specifically designed to support these standards, including the requirements for document release management and electronic signatures for compliance purposes.