Regulatory Compliance

CECL requires loss estimates to include relevant information about past events, current condition and reasonable and supportable forecasts using both internal and external information, including a range of qualitative and quantitative factors. Estimates of expected credit losses must consider information related to the borrower’s creditworthiness, the issuer’s underwriting practices, and the current and forecasted direction […]

CECL, or current expected credit loss, is a new accounting standard that will change how financial institutions account for expected credit losses. Complying with the new CECL standard will have a major impact on an institutions’ operations, accounting/finance, IT, credit, and risk processes and systems. Under current US GAAP (generally accepted accounting principles), an “incurred […]

This is the final post in our series on maintaining regulatory-compliant IT systems in the cloud. In this post, we’ll go over the key takeaways from the series and then we’ll send you on your way! Regardless of how much control you have over your IT systems, if you are using them for regulatory purposes, […]

As we’ve learned in the previous posts in this series, having a thoughtful, thorough cloud vendor qualification process and intelligent SLAs in your cloud vendor contracts will help you maximize the value of the cloud while maintaining regulatory compliance. In addition, here are some tips and best practices to help you knock it out of […]

In my previous post in this series, we discussed how to qualify cloud vendors. Once that process is complete, the second step to maintaining compliance is to document your specific regulatory requirements in a contract with the cloud vendor, usually in the form of service-level agreements (SLAs). In this blog post, I include a range […]

Perficient’s Life Sciences practice regularly monitors the software release notes for several Oracle Health Sciences applications, including: Argus Safety Oracle Clinical/Remote Data Capture (OC/RDC) Thesaurus Management System (TMS) Generally speaking, we review release notes at the beginning of each month for the previous month. On occasion, there are no new releases and, therefore, nothing to […]

We recently completed a 21 CFR Part 11 gap analysis engagement for a client that was largely using SaaS applications, but had no cloud vendor qualification process in place. They had just been allowing each business unit to select the applications that met its user requirements, accept whatever validation documentation the cloud vendor supplied (if […]

Any time you take advantage of a cloud service – infrastructure, platform, or software – for a regulated purpose, you are ultimately responsible for its regulatory compliance, not the cloud vendor. This is critical for you to remember. So, how can you ensure regulatory compliance of a software system you did not build, you do […]

We often hear the phrase “Seek first to understand and then to be understood” or are told to actively listen. While these are important, often time it’s simply not tactical enough. Too often what we hear is skewed by the filters that we (and our audiences) apply. So how do we ensure what we say […]

As we continue our series on maintaining regulatory-compliant cloud systems, let’s touch on a few key terms. Below are explanations of the primary cloud-hosted offerings available in the market. Infrastructure-as-a-Service (IaaS) When you purchase a software system and opt to have a vendor host it for you instead of installing it on servers you own, […]

Recent months have seen many discussions and questions about tax reform and its impact on the industry as a whole. The introduction of lower corporate tax rates in the U.S. has created a jubilant atmosphere, as the rates are generally expected to boost earnings and investments for many insurers. Companies including Aflac, MetLife, Travelers, and […]

If your company makes drugs, medical devices, or biologics (vaccines, blood and blood components, allergenics, somatic cells, gene therapy, tissues, and recombinant therapeutic proteins), it is regulated. If your company is regulated, then every IT system you use to design, develop, conduct trials, manufacture, package, label, store, distribute, install, or service your products is also […]