Cosmetics Devices and Drug

Authority of Sri Lanka

Management Information System
 Key Responsibilities of the CDDA
• Issue and maintain registration certificates
• Issue and maintain Import Licenses
• Issue and maintain registration of devices and
cosmetics
• Issue and maintain pharmacy licenses
• Control standards among pharmaceutical
companies and pharmacies
• Carrie out audits and searches of storage
facilities
• Conduct post market surveillance of drugs
• Monitor and control drugs that have arrived
through unauthorized channels (baggage drugs)
 Proposed System Architecture
• Include a image of the high-level
architecture of the CDDA system
(Centralize database, and three levels of
access, remote unit access etc)
 System Features
• System should include module to issue and maintain drug registration
certificates
• System should include a module to issue and maintain import licenses
• System should include module for devices and cosmetics registration
• System should include a module for issuing and maintaining pharmacy
licenses
• System should have facility to publish certain public information such as
expired drugs
• System should have a citizens reporting mechanism followed by a inquiry
mechanism
• System should have facility for mobile inspection teams to access the
system vis PDA’s
• System should be able to integrate with other authorities for information
sharing such as integration with the customs, Ministry of Health, Disaster
Response unit etc
• System should allow to issue various information/notice distribution to
different parties within the system (Ex: to registered importers)
 System Vulnerabilities and Risks
• High risk of data loss due to centralized nature
• Loss of mobile devices can pause threats such
as exposed access, data loss
• Unauthorized access through mobile devices
• Inaccurate data could be entered to the system
due to human error
• Unauthorized access to the system
• Unauthorized alterations to the information
• Technical failures such as loss of connectivity or
not adequate connectivity will hinder timely
updates and waste resources
 Remedies to Overcome Threats
and Risks
• In order to overcome loss of data incase of a disaster there should be a
proper off site disaster recovery hot site
• Should allow as much as real time data replication to avoid losses in case of
disaster
• Role based login should be given to the system with strict access control
• Users who are allowed to access multiple areas of the system should enter
different login credentials for each function they perform within the system
• System should maintain audit trails in order to trace any and all changes
• System should use technologies like WORM Drives (Write Once Read
Many) to avoid tampering, accidental or deliberate erasure of critical data
• System should be able to remotely disable any mobile unit
• Login timeouts should be used be used for mobile units as well as the main
system
• Mass/emergency information distribution should be authorized through
several layers to make sure there is proper control (mail mergers and mass
emailing)
• Only allow viewing rights to other integrated parties
 Steps for Recovery
• Create offsite DR site with live replication
• Regular back-ups are taken and back-ups
are stored off site on daily basis
• Creating Business Continuity Plan