The document discusses the key responsibilities and proposed system architecture for the Cosmetics Devices and Drug Authority (CDDA) of Sri Lanka's new Management Information System. The system will manage drug and device registration, import licenses, and pharmacy licenses. It will integrate with other agencies and allow mobile access. However, it is vulnerable to data loss and unauthorized access. The document recommends replicating data in real-time to an off-site disaster recovery system, strict access controls, and audit trails to address these risks.
The document discusses the key responsibilities and proposed system architecture for the Cosmetics Devices and Drug Authority (CDDA) of Sri Lanka's new Management Information System. The system will manage drug and device registration, import licenses, and pharmacy licenses. It will integrate with other agencies and allow mobile access. However, it is vulnerable to data loss and unauthorized access. The document recommends replicating data in real-time to an off-site disaster recovery system, strict access controls, and audit trails to address these risks.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
The document discusses the key responsibilities and proposed system architecture for the Cosmetics Devices and Drug Authority (CDDA) of Sri Lanka's new Management Information System. The system will manage drug and device registration, import licenses, and pharmacy licenses. It will integrate with other agencies and allow mobile access. However, it is vulnerable to data loss and unauthorized access. The document recommends replicating data in real-time to an off-site disaster recovery system, strict access controls, and audit trails to address these risks.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
Management Information System Key Responsibilities of the CDDA • Issue and maintain registration certificates • Issue and maintain Import Licenses • Issue and maintain registration of devices and cosmetics • Issue and maintain pharmacy licenses • Control standards among pharmaceutical companies and pharmacies • Carrie out audits and searches of storage facilities • Conduct post market surveillance of drugs • Monitor and control drugs that have arrived through unauthorized channels (baggage drugs) Proposed System Architecture • Include a image of the high-level architecture of the CDDA system (Centralize database, and three levels of access, remote unit access etc) System Features • System should include module to issue and maintain drug registration certificates • System should include a module to issue and maintain import licenses • System should include module for devices and cosmetics registration • System should include a module for issuing and maintaining pharmacy licenses • System should have facility to publish certain public information such as expired drugs • System should have a citizens reporting mechanism followed by a inquiry mechanism • System should have facility for mobile inspection teams to access the system vis PDA’s • System should be able to integrate with other authorities for information sharing such as integration with the customs, Ministry of Health, Disaster Response unit etc • System should allow to issue various information/notice distribution to different parties within the system (Ex: to registered importers) System Vulnerabilities and Risks • High risk of data loss due to centralized nature • Loss of mobile devices can pause threats such as exposed access, data loss • Unauthorized access through mobile devices • Inaccurate data could be entered to the system due to human error • Unauthorized access to the system • Unauthorized alterations to the information • Technical failures such as loss of connectivity or not adequate connectivity will hinder timely updates and waste resources Remedies to Overcome Threats and Risks • In order to overcome loss of data incase of a disaster there should be a proper off site disaster recovery hot site • Should allow as much as real time data replication to avoid losses in case of disaster • Role based login should be given to the system with strict access control • Users who are allowed to access multiple areas of the system should enter different login credentials for each function they perform within the system • System should maintain audit trails in order to trace any and all changes • System should use technologies like WORM Drives (Write Once Read Many) to avoid tampering, accidental or deliberate erasure of critical data • System should be able to remotely disable any mobile unit • Login timeouts should be used be used for mobile units as well as the main system • Mass/emergency information distribution should be authorized through several layers to make sure there is proper control (mail mergers and mass emailing) • Only allow viewing rights to other integrated parties Steps for Recovery • Create offsite DR site with live replication • Regular back-ups are taken and back-ups are stored off site on daily basis • Creating Business Continuity Plan