Tag Archives: standards

Competition in the BA Space – IIBA's concern with PMI's activities

Posted on by
Reply

threat

Just over a year ago I made the move to formalise my Business Analysis skills, and capabilities. To do this I turned to one of the globally recognised associations that support and promote the discipline of Business Analysis – the International Institute of Business Analysis (known as the IIBA).

The IIBA have been in existence since 2003, and have created the BABOK (Business Analysis Body of Knowledge). This incorporates current business analysis knowledge, into a framework with associated activities, tasks and techniques.

I have found the BABOK a wonderful tool. It has provided some structure and formality to BA activities that I have been undertaking for years (without knowing that they were BA activities.)

Alongside the IIBA, there exists BCS, The Chartered Institute for IT. BCS also offers BA certification. I have not been involved with BCS, but I believe that their offering is also very good. (I’m not going to get into a “this one is better than that one” discussion here).

And a search on the Internet will return several offers for BA training and certification.

Now – there also exists an association for the professional Project Manager – the Project Manager institute, or PMI. This exists to provide best practices, and certifications for project managers. This is something that is worthy of a future blog post, but  from what I can see, Business Analysts and Project Managers have different focuses in projects. They are interchangeable.

Taking into account the alternatives to the IIBA, it surprised me when I received an email from the Acting President of the IIBA stating that the PMI were planning on introducing a certification for business analysis within a project environment, and that the IIBA “do not take PMI’s entry into this market lightly“.

(You can read the email here).

I do not think that the PMI’s offering is going to be a threat.

Useful Links

  • Business Analyst Certifications: IIBA’s CBAP/CCBA or BCS Business Analyst Certification?
  • A comparison of BCS and IIBA Certifications [PDF]
  • Business Analyst Certification – Which Certification is Right for YOU?
  • BA Certification – ISEB or CCBA/CBAP?

The Difference between Records Management Policies, Procedures, and Guidelines – Richard Medina Doculabs

Posted on by
Reply

 

This is a great post from Richard Medina from Doculabs. It digs into the structure and differences between the policies, procedures, and guidelines you need for an effective RM program. Click on the link below:

The Difference between Records Management Policies, Procedures, and Guidelines – Richard Medina Doculabs.

 

Related articles

 

  • Advantages of Records Management (documentrecordsmanagement.wordpress.com)
  • Record Management and You (agimssinc.wordpress.com)

 

I think I underestimated what AIIM’s “Certified Information Professional” is

Posted on by
Reply

Recently Laurence Hart wrote a blog post about the new AIIM “Certified Information Professional” certification.

In response to this I made a comment  that I needed to be convinced that the CIP wouldn’t be just another of the many certifications that are available. (I refereed to it as JACJust Another Certification)

Laurence posted a second blog post where he discussed, further, the type of content that he encountered in the exam. This assuaged some of my concerns, but also prompted me to do something that I should have actually done in the beginning, and that is, read the CIP information that AIIM has on its site! If I had I would have seen that a lot of thought, and work, had been put into it.

As Laurence pointed out, the exam is not an easy one. I looked at the sample exam that is available, and got nervous just looking at that. The real exam has 100 questions, and is not the sort of thing that you can just do while sitting in the comfort of your own chair, while flicking back and forth between the exam, and Google. No, for this, you need to go to a Prometric test centre. The guys there are professionals, and you can expect to be under video surveillance while you do the exam.

When AIIM were putting the whole “certification” thing together, they went and asked the industry, what “stuff” was actually important to know. This was all scribbled down in a large notebook, and then scrutinized by subject matter experts. The SME’s then created the monster known as the CIP exam. Very broad, but also very deep in each of the various areas. Fortunately AIIM have made a large number of “preparatory” videos available.

AIIM also recognize that the industry is not a static thing. Technology changes, business processes change, ways of working change. As a result, if you pass the exam, it’s only valid for three years. After that, it’s necessary to either re-sit the exam, or to prove that you have attained a necessary level of continuing education credits ((in this case, 45). And what does that mean? Initially, this was something else that bothered me. “Hey, my company just paid $500 for an on-line training course. It was easy – didn’t have to do anything, and voila, I’m recertified.” No – earning continued education credits is not so easy. You earn credits by attending conferences, formal university-level courses, chapter meetings, giving presentations. And you don’t earn that many credits for each of these items. Even if you re-sat the exam after three years, AIIM will be continuously updating it reflect changes in the industry, so you can’t just “use the same answers as last time”. (For more details, check out the AIIM CIP Certification Maintenance Form)

This is what really impressed me. In the Netherlands, medical doctors need to keep up a certain level of training. Each course or conference they attend delivers them a certain number of points. To stay registered they need to attain a certain level each year. (It is most likely the same in other countries, it’s just my wife’s a doctor, and I get to hear about this all the time.) I realize that there is a world of difference between a Certified Information Professional, and a Medical Doctor, but this one factor drove home to me how serious AIIM’s CIP certification is.

Based on what I have read, I’m putting the CIP high on my list of goals for this year.
(And, even though I’ve been working in the industry now for over 13 years, I’m not going to do the exam “cold” as Laurence did. I’ll be making damn good use of those training videos.)

Relevant links:

  • CIP Examination Objective & Content
  • AIIM’s Certified Information Professional site
  • Certified Information Professional (CIP) Sample Exam
  • CIP FAQs
  • CIP Certification Maintenance Form
  • CIP Preparatory Videos

Note – currently many of the AIIM CIP sites are unavailable. This is because AIIM is working on a new version of the CIP. (For more information,  check out the following posts)

Related articles
  • Becoming a Certified Information Professional (wordofpie.com)
  • Certified Information Professional, A Valid Measure (wordofpie.com)
  • My Next Life as AIIM’s CIO (wordofpie.com)

The Inaugural Conference of the Swiss ARMA Chapter

Posted on by
Reply

In my previous post I mentioned that I was heading to Switzerland to attend the first meeting of the Swiss Chapter of ARMA.

Here’s a run-down of that event…

The conference was held at Hotel Victoria, and there were 50 seats arranged. Thanks to the kindness of the organisers, another seat was found for me.

Before the conference started, I had the opportunity to chat with Jürg Hagemann (the President of the chapter), and Jürg Meier (Vice-President) and asked them how the formation of the Swiss Chapter came about.

It turns out that the idea was talked about over a few beers with Gavin Siggers, the Director of the ARMA Europe. (Gavin used to work at the same place that Jürg Hagemann works at, and now works at the same place that Jürg Meier works at.)

(Note – Jürg Hagemann has written a good post on this event also. Click here to read it.)

Then, after an official welcome, Gavin Siggers gave a presentation on ARMA. ARMA is a predominantly American organisation, but about 2 years ago, a region was set up in Europe. Normally individual chapters are formed, and then a region is formed to encapsulate the chapters. However, in this case, ARMA formed a region first (Europe).

What dictates the forming of a chapter is the number of members. Apparently, in the Europe region, 32% of the members are in the UK, 23% in Switzerland, 6% France, 5% in the Netherlands, and 4% in Germany. But, I was to discover, this was not only the inaugural meeting of the Swiss Chapter, but also of the first Chapter in the Europe region! (Even though the UK had more members, a Chapter had not yet been formed).

Jürg  Hagemann also explained that, in Switzerland, professional associations are focused predominately on the public sector, and are strongly linked to archiving . The “Swiss Association of Archivists”  (SAA) is the main association that covers this. In contrast, ARMA Switzerland is mainly a forum for members from the private sector where the main goal is to offer networking opportunities, as well as event and activities that encourage a better understanding of Enterprise Information Management (EIM) along with establishing information governance standards. However, the SAA & Swiss ARMA will coördinate their activities to the most benefit (it doesn’t make sense if SAA holds a vendor fair one week, and then Swiss ARMA does the same the week after).

On a personal note, I encourage any activity that leads to a better understanding of information governance, and it seemed that the people at this inaugural meeting really had the right idea!

After a few other “housekeeping” tasks, the “public” part of the Conference started. Oracle are the sponsors, and Peter Gobonya (WebCenter Territory Account Manager) gave a bit of a spiel on Oracle’s solution to records management of content on disparate systems.

Then…the keynote speaker (Christian Walker) swooped in with his Xoom tablet under his arms, and a grin on his face. Chris’ keynote speech was on “Unstructured Data” (there’s a link to this at the end of the post). It was based on several blog posts he had written (links at the end of this post), and which had caught Jürg Hagemann’s attention.

Chris went through his presentation relatively quickly as he wanted to leave a lot of room for discussion afterwards. And there were a lot of questions. Which Chris answered with aplomb, adding oodles of useful advice, and many jewels of wisdom (which I have captured and will share at a later stage).

After a coffee break, Uli Zipfel (from a pharma company), shared with us his presentation on Governance for unstructured electronic information – a streamlined approach.

This was a fascinating look into how the challenge of exponential growth in information, combined with increasing regulatory, and other legal, standards, was tackled so that every employee could share information, and the regulations were complied with.

From the sea of unstructured information that was scattered across multiple locations (hard drives, etc), a governance framework was put into place. This involved, first, categorising information as records – either official records (critical to business continuance), or convenience records (reference records, etc).  Further to this, the location of the electronic information was taken into account – convenience documents were generally found on file shares, and hard drives. Official documents were found in Enterprise Content Management Systems. Depending on the type of record, and the location, retention policies & schedules were put into place. After the specified retention period, the records would be disposed of. (Prior to that, lists would be circulated to check whether the records were still required.)

Uli’s presentation also generated a lot of discussion. Clearly something that was relevant to the people present.

And this brought us to the end of the meeting.

One thing that was really clear to me, was that, here, in this Chapter of ARMA were a group of really smart people. And the Chapter had some excellent plans. In fact, the members were presented with a 6 page document containing topics (including Policy Management, Litigation, education, archiving, etc, etc) with related questions, that they could choose for interesting workshops.

Overall I was very impressed, and wish them well.I’ll try and stay in touch with them and see how they progress.

Useful Links

Chris’s blog post that were the basis for his presentation

  • ECM for Unstructured Content Only? No Way
  • Come Together
  • Mythical Beasties

FirstDoc, FirstPoint, NextDocs – a “rough notes” comparison

Posted on by
Reply

21 CFR 11 Compliance evaluationA reader has recently asked if I had any information on the differences between FirstDoc, FirstPoint and NextDocs.

To do a full feature-for-feature comparison of all the solutions is not something that I can easily do.  However I have been able to get my hands on some great documentation, and can put together a “rough notes” comparison of the three solutions with regards to the core system, and how each solution complies with 21 CFR Part 11.

Note – this is version 2 of this post. After publishing the initial version, one of the vendors was able to provide me with a later version of their compliance statements. The table below has been updated as well as the Comparison PDF that can be downloaded. This is marked as Version 2. The link in the references still links back to the original compliance statement.

Important Note 1:

The FDA regulation, 21 CFR Part 11, is often update and modified. The documentation that I was able to find from CSC, and NextDocs appears to have been created at different times. As a result – I found some “discrepancies” between them. Sometimes the wording in the material I had, didn’t match the current version of the regulations. However, the “intent” is still the same.

Important Note 2:

I do not claim to be an expert in 21 CFR 11. Nor do I claim to be an expert in each of the different platforms/applications described in this post. I will list my references at the bottom this, but I make 2 recommendations:

  1. 21 CFR Part 11 can be interpreted in slightly different ways. Discuss with your internal QAV people what the expectations are.
  2. Make contact with the vendors in question to really determine whether their application fits your requirements.


21 CFR Part 11

To get read what is specifically contained in 21 CFR Part 11, click on this link. This will open the FDA’s “CFR – Code of Federal Regulations Title 21” site.

Product Comparison

Below I have listed each vendors response to each of the regulations outlined in 21 CFR 11.

This was compiled using information that can be found on the Internet. (I include reference links at the bottom of this post, as well as in the PDF.)

However, as mentioned – this is intended merely as a guideline. I encourage you to contact each of the vendors directly to get an updated statements of compliance, as well as information on server configuration/sizing & prerequisite software.

(Note to vendors – if you feel that there are errors, please let me know in the comments, and I will make the necessary corrections).

You can also click HERE to download a PDF version.

FirstDoc, SPX, FirstPoint & NextDocs

Subpart B – Electronic Records
§ 11.10 CONTROLS FOR CLOSED SYSTEMS
21 CRFR 11 Requirement FirstDoc FirstPoint NextDocs
(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. FirstDocis developed in accordance with the CSC LSQMSadvantage™, an ISO 9001:2000 certified Quality Management System.QMSadvantage and FirstDoc have been audited by many pharmaceutical clients. As part of a formal vendor audit, CSC can provide evidence that FirstDoc is developed and tested in accordance with QMSadvantage.FirstDoc has been validated by many clients. CSC offers a validation package (consisting of validation plan, traceability matrix, and IQ/OQ/PQ protocol templates and OQ protocols) with each release of the FDRD, FDQ&M, and FDTMF products. FirstPoint is developed in accordance with the CSC LS QMSadvantage™, an ISO 9001:2000 certified Quality Management System. QMSadvantage™ has been audited by many pharmaceutical clients. As part of a formal vendor audit, CSC can provide evidence that FirstPoint is developed and tested in accordance with QMSadvantage™.FirstPoint is “validation ready” for its clients upon completion of installation and configuration. Full IQ, OQ validation scripts, a PQ template and supporting services available from CSC for interested clients. Validation is ultimately the responsibility of the client as validation can only be performed in the environment in which the software will be used, and against specifications defined by system users.NextDocs offers a validation toolkit to streamline the validation process.The toolkit includes a sample validation master plan and traceability matrix, ready-to-run scripts for IQ and OQ, summary report templates, and sample PQ scripts.NextDocs also has standard professional services packages that include assistance with validation planning, PQ script preparation, and managing PQ script execution and documentation activities.
(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. Documentum will satisfy this requirement in conjunction with a company’s records management policy. Features of Documentum that support generation of accurate and complete copies in human readable form include the generation of PDF renditions and the ability to view and print these renditions in accordance with a system’s defined security rules.Additional support for this requirement is provided by FirstDoc’s automatic PDF rendition generation feature. Each time the content of a document is modified and the modifications checked in, FirstDoc generates a PDF rendition from an approved rendition generation station if the format supports transformation to PDF. Automatic transformation to PDF ensures that all documents will be readable in the foreseeable future. FirstPoint satisfies thisrequirement by managingaccurate and complete copies of files in human readable form with the tight integration with the Microsoft Office Suite of products andthe generation of PDF renditions and the system generated and maintained metadata. The system also provides human readable audit trails and reports. The ability to view and print these files and associated metadatais managedin accordance with a system’s defined security rules.All relevant recordsare maintained in their native file format within a robust MS SQL database and MS SharePoint environment. FirstPoint generates a PDF rendition from an approved rendition generation station, if the format supports transformation to PDF. Automatic transformation to PDF ensures that all documents will be readable into the foreseeable future. Actual generation of records is a client responsibility. NextDocs facilitates generating copies of records by:

  • Viewing records in native electronic format with any computer running one of several supported browsers.
  • Allowing records to be exported by dragging and dropping to any desired file system location
  • Providing sophisticated controlled, uncontrolled and clean copy printing capabilities

 
(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.
  • Documents may be retained in the system throughout their retention period, or an archiving process developed to store them outside the system. Documentum’s built-in archiving capability can be used to migrate content offline while maintaining metadata in the docbase.
  • FirstDoc uses Documentum’s robust security, which limits the capability for modifying and deleting records to designated users. FirstDoc automatically applies security to Approved documents that prevents them from being deleted or modified.
  • The FirstDoc product also includes an optional Records Management module which implements retention policies and allows deletion of records which have reached the end of their retention periods in accordance with a standard process.
 Documentsmay be retained in the system throughout their retention periodthrough the use of a built-inlifecycle management system.FirstPoint applies robust security across the entirelifecycle, which prevents and limits approved or historical records from being deleted or modified except by specifically designated users. A document restore feature is available to the system administrator that allows for the retrieval of deleted records.All FirstPoint content is retained for retrieval until some business rule criteria has been meet to trigger the destruction. Records retention fun includes the ability to purge specific cycles of minor or major versions at the Library Level and purge working comments and draft comments after a specified retention period. NextDocs systems automatically “lock down” official versions of documents so that they cannot be deleted or modified without following system configurable change control procedures.
(d) Limiting system access to authorized individuals.
  • The underlying Documentum application implements a secure username and encrypted password (generally the network password) to limit access to authorized individuals.
  • FirstDoc augments Documentum security by providing automatic application of a client’s defined security scheme. Users cannot modify security outside of the rules defined by the client.
  • FirstPoint provides a secure username and encrypted password for all users in addition to the network access/password system.
  • FirstPoint augments the SharePoint basic Library level security by allowing permission sets to be applied based on any metadata in the system. This allows for content to have a more granular security model based on role, site, project, product etc, and allows for confidential documents to have a restricted access permission set.
  • FirstPoint also provides application level rights to system and business administration function such as setting up workflow and other business rules templates.
 In general, an SOP is needed to define the roles and responsibilities for the administration and maintenance of the groups and users for the system and/or network permissions. Access to NextDocscan be controlled by configuration. Securitycan be configured to use Active Directory or Active Directory Lightweight Directory Services accounts or accounts created within SharePoint. Internal users with on-premises deploymentscan access NextDocs applications through single sign-on without requiringadditional system login unless performing a signature related action in the system.Alternatively, if a client’s Part 11 interpretation requires explicit sign-onto access the system, single sign-oncan be disabled. Internal users with hosted deployments access NextDocs applications by providing a user name and password.External users access NextDocs applications by providing a user name and password. Depending on a client’s security set-up, Virtual Private Network (VPN) access may be required as well.
(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
  • FirstDoc uses the Documentum audit trail capability augmented by audit trail entries produced for custom FirstDoc events. Example events include checkin, save, destroy, status change and user acknowledgements, such as review and approval outcome — including electronic signature. Since the audit trail must be maintained for the life of the record, Documentum’s Purge Audit Trail capability should not be used unless the audit trail has been migrated offline as controlled by a client’s SOP. Note: This assumes that the approved record is the electronic record. Audit trail entries for draft, minor versions of records can be deleted using the FirstDoc purge minor version functionality if the clients’ policies dictate.
  • FirstDoc provides thecapability for authorized users to change document metadata on approved records. In this case, an audit trail entry captures the previously recorded values so they are not obscured.
    • SharePoint records all events that occur on documents, the time and date of the and the username of individual (or system account) performing the action.
    • FirstPoint also provides a preconfigured, system generated audit trail report for each document that records the date/time of all critical events that occur during the entire of the document or record from creation, review and approval.
      The username of the individual (or system account) who invoked each action during the history of the document is also shown in the audit trail report.
      Information pertaining to previous document will continue to be displayed in the audit trail report, even as new versions of the document are created.
    • The audit trail report is presented as a single viewable and printable file.
    • The audit trail report is systematically generated, and cannot be overwritten or otherwise modified by any user.
 NextDocs records:

  • Record modification events including check-in and check-out.
  • Move, copy, delete and undelete events.
  • Electronic/Digital Signature events.
  • Lifecycle promotions and demotions
  • Workflow events
  • Permission changes
  • Record viewing (configurable).

Audit trail entries include event, user name and server-based time/date stamp. Local time/date stamps can also be configured if desired.

Audit trail records are retained indefinitely unless manually purged from the system.

NextDocs also provides access to and copying of the audit trail. The audit trail can be saved to Excel with a single click for advanced sorting, filtering and analysis.
(f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. These checksare implemented within a number of system functions. They include client-defined control over:

  1. Enforcing the use of approved templates only in creating documents
  2. Limiting property values to predefined dictionary lists wherever possible
  3. Requiring entry of mandatory attributes
  4. Enforcing storage in a pre-defined hierarchy (cabinet/folder structure)
  5. Enforcing a defined document lifecycle and approval process
  6. Ensuring that all required electronic signatures are obtained (if electronic signatures are used)
 These checks areimplemented within a number of system functions. They include client control over:

  • The use of approved templates in creating documents/records.
  • Predefined metadata dictionary lists which structure dependent valid choices.
  • Enforcement of mandatory metadata fields where required.
  • Enforcing a defined document lifecycle requiring a specific, defined review and approval process via document workflow
  • Enforcing the review and approval of the PDF rendition of the document, since that is generally considered to be the approved electronic record
  • Ensuring that all required electronic signatures or electronic approvals are obtained using systematic participant selection and voting rules.

 

 These checksare implemented ina number of areas. Some examples include:

  • Ensuring that documents follow a defined lifecycle
  • Ensuring that workflows are used when needed to move a document through its lifecycle
  • Ensuring that documents are properly set up to display digital signatures before they can be signed
  • Ensuring that all required signatures are collected before a document is approved
  • Ensuring that documents meet requirements such as having a valid PDF rendition before becoming approved or effective
  • Ensuring that all required metadata is entered for a document
  • Enforcing the use of approved templates for authoring
  • Limiting pick lists to appropriate values when creating or modifying document properties
(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. These checksare implemented within a number of system functions. They include client-defined control over authorization for:

  • Document creation
  • Document access (delete, write, read, etc.) (via ACL security)
  • Changing status
  • Initiating and participating in the review and approval process
  • Signing documents (if electronic signatures are used)
  • Establishing document relations including change request relationships
  • Performing various types of business administration functions including dictionary maintenance, training record control, etc.
 A series of authority checksare implemented within system functions. They include the following client defined controls:

  • Network access with unique ID and password controlled at the operating system level.
  • The SharePoint permission model controls document security at the Library (a collection of documents) and for draft versus approved documents.
  • FirstPoint enhances this security model which allows additional security layers to be implemented based on document metadata. This is useful for documents required restricted, confidential controls.
  • Documents that are part of a workflow process receive enhanced security in that only those selected participants have access to the in progress document.
  • System configuration, maintenance and other types of business administration functions are accessed only by those individuals with specific access rights.

 

 These checksare implemented ina number of areas. Some examples include limiting the following to authorized users:

  • Modifying a document’s content or properties
  • Initiating or participating in workflows
  • Applying digital/electronic signatures
  • Modifying system configurations
  • Generating controlled or uncontrolled copy prints
  • Modifying essential information, such as study investigators
  • Approving requests for system access
(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. This requirement in general does not apply to FirstDoc since the system does not have any functionality where information is valid only when entered from specific terminals. If a specific client has this requirement, CSC will address the requirement for that client. This requirement in general does FirstPoint since the system does not have any functionality where information is valid only when entered only from specific terminals. If a specific client has this requirement, CSC will address the requirement for that client. This requirement does not apply to NextDocs since the system does not have any functionality where information is valid only when entered from specific terminals.
(i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.
  • CSC maintains resumes and training records on all team members.
  • CSC provides training to key client team members including business users, business administrators, and system administrators.
  • Upon request, CSC can provide developer training to non-CSC developers employed by the client.
  • CSC maintains resumes and training records for all its team members.
  • CSC will also help generate training records to track any training it provides to the client’s personnel.
 NextDocs maintains resumes and training records s to provide evidence that our employees who develop and deploy our software are trained and qualified to do so.NextDocs also provides client-specific training documentation to help our clients comply with this requirement. We also offer end user training, train-the-trainer training and administrator training.
(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. N/A This requirement is not applicable at a system level but requires a procedure to be implemented by the client. Client responsibility
(k) Use ofappropriate controls over systems documentation including:(1) Adequate controls overthe distribution of, access to, and use of documentation for system operation and maintenance.(2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation. Electronic audit trail for the appropriate document types must be enabled if documentation is maintained in electronic format.
  • CSC will provide the client copies or access to system documentation corresponding to the licensing agreement and version of the product.
  • CSC maintains a strict version and change control methodology for its product, product related documentation and training materials.

 

 NextDocs’s documentationis maintained in our configuration management system and available for review during audits.However, ultimately it is the client’s responsibility to control system documentation in their environment.NextDocs’ release notes describe the names and versions of documentation that apply to each product release. In addition, each client receives documentation specific to their NextDocs implementation.
§ 11.30 Controls for Open Systems. Same as § 11.10 plus document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality.
  • If the system is judged to be an open system, it would require encryption and digital signature standards. This is not part of FirstDoc and can be contracted as an option if needed.
 CSC believes the FirstPoint products are a closed system so section 11.30 is not applicable. NextDocs systems that are hosted may be considered open based on the specific circumstances and the client’s 21 CFR Part 11 interpretation. The use of digital signature is available in all NextDocs products to fulfill the additional requirements imposed on open systems.

Subpart B – Electronic Records
§ 11.70 SIGNATURE/RECORD LINKING
21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
  • Signature information is stored as document properties.
  • Signature information is also displayed as non-editable properties on the Properties screen.
  • • Signaturesare removed when a documentis edited, copied, or otherwise modified.
    • Electronic signatures can only be applied to a documentrecord through the administrator-configured workflow process and the proper execution of approval rules.
    • The signature page is fused to the PDF rendition of the document and cannot be excised from the document.
    • Signature information is also retained as non-editable data in the database and is displayed in the document’s audit trail report.
    • When a document is revised or copied, the signature page is removed from the new version of the document.
 Signatures are bound directly to a specific version of a document.NextDocs digital signaturesare based on Public Key Infrastructure (PKI) and are a result of a cryptographic operation that guarantees signer authenticity, data integrity and non-repudiation of signed documents. The digital signature cannot be copied, tampered or altered.Digital signatures appearing in a document automatically appear as invalid when the document changes in any way.During change control the signature is removed for the draft version in anticipation of future approval and signing.

Subpart C – Electronic Signatures
§ 11.100 General requirements.
21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.
  • The client will need an SOP on establishing and maintaining user profiles as applied to the assigning of a unique ID code/password combination to only one individual and maintaining a list of user profile information in perpetuity.
  • Documentum can assist with this via the ability to disable (rather than delete) users who are removed from the system. By leaving the users in the system, but disabling them, re-use of their user IDs will not be possible.
  • The network operating system ensures a unique userid which is used to execute the electronic signature.
    FirstPoint allows the administrator to lockout or disable accounts, as well as delete users from the system.
 Since NextDocs is generally implemented such that user credentialsare supplied via Active Directory (or Active Directory Lightweight Directory Services), complianceis built in.Active Directory willensure that a user name cannot be re-used within a given domain, andprovide the ability to disable (rather thandelete) users whoare removed from the system. By maintaining a record ofprevious users, reuse of user IDswill not be possible.NextDocs signatures authenticate the content of documents by attributing the signer to the signed document. Every signer is identified by an issued certificate (or by that of an external trusted entity). This identification is based on the fact that the user is a recognized employee in the organization.
(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. The client will need SOPs on establishing and maintaining user profiles as applied to the verification of a user identity. This requirement needs to be met with a client’s business processes. CSC can help establish work instructions or training procedures to assist with the on-boarding process Client Responsibility
(c) Persons using electronic signatures shall,prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997,are intendedto be the legally bindingequivalent of traditional handwritten signatures.

  1. The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.
  2. . Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.

 
  • The client will need to submit a letter to the FDA certifying that they consider electronic signatures are the legally binding equivalent to handwritten signatures.
  • The client will need SOPs on establishing and maintaining user profiles showing that a given individual accepts that the electronic signature is the legally binding equivalent of handwritten signatures.
  • This requirement needs to be met with a client’s business processes.
 Client Responsibility

Subpart C – Electronic Signatures
 11.200 Electronic signature components and controls.
21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
(a) Electronic signatures that are not based upon biometricsshall:(1) Employ at least two distinct identification components such as an identification code and password.(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

(2) Be used only by their genuine owners; and

(3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

 NoteContact CSC directly for their comments on how FirstDoc meets this regulation.  FirstPoint incorporates the user’s network account and password for general access to the system, which is also used for electronic signature approval. FirstPoint requires the re-entry of both identification components (user ID and password) each time an electronic signature is executed.. Each time a signature is applied, both a user name and password are required.NextDocs supports a configurable automatic time-out during periods of system inactivity. This time-out will also end a user’s continuous and controlled access to the system.
  • (b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.
 FirstDoc can support the use of biometric solutions through customizations. Customizations for biometrics are not in the scope of this document. FirstPoint can support the  use of biometric solutions through customizations. Customizations for biometrics are not in the scope of this document. NA – Biometrics are not used by NextDocs.

Subpart C – Electronic Signatures
§ 11.300 CONTROLS FOR IDENTIFICATION CODES/PASSWORDS
Persons who use electronic signatures based upon the use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include:
21 CFR 11 Regulation

FirstDoc

FirstPoint

NextDocs
(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.
  • Documentum and Unix/Windows Server will provide most of this functionality. See Item § 11.10 (a).
  • The client will need an SOP on establishing and maintaining user profiles.
  • The client’s network user authentication methodology provides this functionality.
 See item § 11.100 (a).
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).
  • Both Trusted Unix and Windows Server can be used to require periodic aging of passwords.
  • The client will need an SOP on establishing and maintaining user profiles.
  • The client’s network user authentication and password encryption methodology provides this function
 This is a client responsibility, generally achieved through settings in Active Directory. Windows and Active Directory infrastructure can enforce password policy for complexity and expiration. Windows integrated authentication and Basic authentication can leverage this automatically.
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.
  • The client will need an SOP covering loss management for passwords.
  • If devices are used, the client must have an SOP covering loss management.
  • NA
 NextDocs does not make use of tokens, cards, and other devices that bear or generate identification code or password information.Windows and Active Directory administrators can deactivate users, change users’ passwords, or require users to change passwords after issuing a temporary password. Windows integrated authentication and Basic authentication can leverage this automatically
(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.
  • Both Trusted Unix and Windows Server can be used to disable user accounts after a configurable number of unsuccessful attempts.
  • The client will need an SOP containing the procedure for reactivating accounts.
  • The client’s network user authentication methodology provides this functionality.
  • Windows can disable user accounts after a configurable number of unsuccessful attempt
 This is a client responsibility, generally achieved through settings in Active Directory.The Microsoft Windows family of products can audit logon changes and failed attempts. Group policy can enforce account lockout policy to help to prevent brute force password guessing. Lockout policy is based on failed attempts for a time window and users can be locked out for specified times before they can attempt again (or not).
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.
  • If such devices are used, the client must have such a policy in place.
  • NA
 NextDocs does not make use of tokens, cards, and other devices that bear or generate identification code or password information.


Audit Trail Functionality

Audit Trails is an included feature in FirstDoc. Documentum has its own audit trail capabilities, with FirstDoc adding on to Documentum’s audit trail system. Table 3 discusses the Audit Trails functionality that FirstDoc provides in support of 21 CFR Part 11.

Subpart C – Electronic Signatures
§ 11.10(E),(K)(2) AUDIT TRAIL
21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
(a) Use of secure, computergenerated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
  • • FirstDoc uses the Documentum audit trail capability augmented by audit trail entries produced for custom FirstDoc events. Example events include check-in, save, destroy, status change and user acknowledgements, such as review and approval outcome — including electronic signature.
  • • Since the audit trail must be maintained for the life of the record, Documentum’s Purge Audit Trail capability should not be used unless the audit trail has been migrated offline as controlled by a client’s SOP. Note: This assumes that the approved record is the electronic record. Audit trail entries for draft, minor versions of records can be deleted using the FirstDoc purge minor version functionality if the clients’ policies dictate.
  • • FirstDoc provides the capability for authorized users to change document metadata on approved records. In this case, an audit trail entry captures the previously recorded values so they are not obscured.
(b) Use of appropriate controls over systems documentation including: 1. Adequate controls over the distribution of, access to and use of documentation for system operation and maintenance. 2. Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.
  • • Electronic audit trail for the appropriate document types must be enabled if documentation is maintained in electronic format.

References

CFR – Code of Federal Regulations Title 21
(http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?cfrpart=11)

21 CFR Part 11 Compliance Position for FirstDoc Applications
(https://developer-content.emc.com/marketplace/collateral/white_papers/CSC_FirstDoc21CFRComplianceWhitePaper.pdf)

21 CFR Part 11 Compliance Position for FirstPoint
(http://download.microsoft.com/documents/France/Entreprises/2010/CSCFirstPointLivreBlancAnglais.pdf)

21 CFR Part 11 Challenges and Solutions – NextDocs
 (http://www.nextdocs.com/en-us/White%20Papers/WhitePaper-21CFR11.pdf)

21CFR11 Comparison of FirstDoc, FirstPoint & NextDocs
(http://markjowen.files.wordpress.com/2011/10/21cfr11_compliance-comparison_v21.pdf)

Related articles

Working with Global Teams: Date Formats

Posted on by
Reply
Timezones

Image via Wikipedia

This is part of the Working with Global Teams series

 

Previous Post: Working with Global Teams: Pesky Time Zones


 OK, I’m going to give you a date, and I want you, without thinking about it, to tell me when it is.

11/7/7

Did you choose the 7th day of the 11th month of 2007? Or did you choose the 11th day of the 7th month of 2007? Or even the 7th day of June 2011?

All three are valid.

I’m sure whatever you choose was based on what is normal where you live. And that’s great when communicating with other people within that area (city, county, country).

But when you working beyond the extend of that area, as part of a global group for example, then you need to be aware of the date formats.

For example, if someone in Japan was asked to do something by 11/10/12, then they would aim at the 12th day of October 2011. While someone in North America would know that, obviously, the date is November 10, 2012.

Real life example – my car was broken into when I was in the United States. The police officer who arrived, asked me for my date of birth. I told him 17-11-73 (17th day of November 1973 – and not my real date of birth). You’d think that, obviously, there is no 17th month, that he would be able to work out what I meant. However, he was so used to MM-DD-YYY that he had to stop and think about it.

While it’s easy to rant and rave about how stupid this is, the fact is that different date formats are one of the things that comes with working with a global team.

ISO 8601 suggests using YYYY-MM-DD (similar to what our Japanese friend in the example would use). I think that this is a brilliant idea, and gives a clear standard. Also it allows a list of dates (in a spreadsheet or similar) to be easily put in order.)

However, I know that unless you were used to it, even this would cause frustration, and possible errors (until it became second nature).

When communicating with people in other parts of the world, using e-mail, fax, or carrier pigeon, I recommend using a  long date form. Something like “10 January 2013”, or “January 10, 2012”. Sure – even there, there are differences in the way that it is written, but at least you know what the month is, you can see what the year is, and (hopefully) you can work out that the rest is the day.

This would certainly prevent issues and miscommunication regarding dates.

For some interesting reading on this subject , check out the following:

  • Date and Time Format (W3C)
  • “A summary of the international standard date and time notation” by Markus Kuhn
  • ISO 8601 (Wikipedia)

AIIM's CMIS Product Guide!!!

Posted on by
Reply

AIIM CMIS

Wow – call me Happy and knock me to the ground.

AIIM have just released their standards based Product Guide focused on CMIS. Being an AIIM Professional Member I was quick to download a copy.

For those of you unfamiliar with CMIS (Content Management Interoperable Services), one of my earlier posts “Small Brain Notes on CMIS” explains it more in detail.

About 9 months ago I started writing a blog post that would give an overview on the CMIS market at that stage. A lot of Vendors had recognised the real benefit of CMIS and were all making plans to implement it one way, or another.

My post did have some promise. (Click here if you’d like to view it in it’s unfinished glory). However I was not happy with the incompleteness of it, and decided, at the stage not to publish it.

The AIIM document is not comprehensive (which AIIM states clearly in the Introduction). It covers 13 vendors, and describes the CMIS enabled product of each of them along with more detailed information on the use of the product as well as (where possible) the CMIS capability support of the product.

Products covered in AIIM’s Report:

  • Alfresco Web Quick Start
  • Alfresco Activiti
  • CMIS Export for Kodak Capture
  • Content View
  • Documentum Content Management Interoperable Service
  • Fresh Docs
  • IBM Connections 3.0.1
  • IBM Content Manager Enterprise Edition 8.4.3
  • IBM FileNet Content Manager 5.0
  • IBM Lotus Quickr 8.5
  •  Nuxeo Document Management
  • Open Text ECM Suite 1.0
  • SharePoint 2010
  • WeWebU Open Workdesk

The authors hope that later versions of the guide will contain more vendors.

In the start of the Guide there is a very good introduction, and an article by David Choy (chair, OASIS CMIS Technical Committee). David Choy has also recorded a brilliant video, awhile ago, in which he explains CMIS. This was a great tool when I was trying to understand what CMIS was all about. (You can view the video here.)

After the vendor review, there are a couple of articles by Laurance Hart (@piewords) and Stephan Waldhauser (@WeWebU).

Following the articles, there is an excellent list of CMIS Resources, which I am going to look through when I get some time.

Taking into account that (at AIIM’s own admission) the Guide is not comprehensive, it is still a very handy document to give a better understanding of the CMIS landscape.

My only criticism is: Guys – when you are creating a PDF – do it properly. Get each section properly bookmarked, as well as the TOC hyperlinked to the corresponding page. It’s not hard to do; it makes the Guide a lot more usable (when viewing on screen).

Click on CMIS for my other CMIS posts.

Related articles
  • CMIS: Nearly a reality in ECM software
  • CMIS one year on – soon in public review
  • Getting Started with CMIS
  • CMIS 1.1 is now an approved spec; Here’s a recap of what’s new

AIIM’s CMIS Product Guide!!!

Posted on by
1

AIIM CMIS

Wow – call me Happy and knock me to the ground.

AIIM have just released their standards based Product Guide focused on CMIS. Being an AIIM Professional Member I was quick to download a copy.

For those of you unfamiliar with CMIS (Content Management Interoperable Services), one of my earlier posts “Small Brain Notes on CMIS” explains it more in detail.

About 9 months ago I started writing a blog post that would give an overview on the CMIS market at that stage. A lot of Vendors had recognised the real benefit of CMIS and were all making plans to implement it one way, or another.

My post did have some promise. (Click here if you’d like to view it in it’s unfinished glory). However I was not happy with the incompleteness of it, and decided, at the stage not to publish it.

The AIIM document is not comprehensive (which AIIM states clearly in the Introduction). It covers 13 vendors, and describes the CMIS enabled product of each of them along with more detailed information on the use of the product as well as (where possible) the CMIS capability support of the product.

Products covered in AIIM’s Report:

  • Alfresco Web Quick Start
  • Alfresco Activiti
  • CMIS Export for Kodak Capture
  • Content View
  • Documentum Content Management Interoperable Service
  • Fresh Docs
  • IBM Connections 3.0.1
  • IBM Content Manager Enterprise Edition 8.4.3
  • IBM FileNet Content Manager 5.0
  • IBM Lotus Quickr 8.5
  •  Nuxeo Document Management
  • Open Text ECM Suite 1.0
  • SharePoint 2010
  • WeWebU Open Workdesk

The authors hope that later versions of the guide will contain more vendors.

In the start of the Guide there is a very good introduction, and an article by David Choy (chair, OASIS CMIS Technical Committee). David Choy has also recorded a brilliant video, awhile ago, in which he explains CMIS. This was a great tool when I was trying to understand what CMIS was all about. (You can view the video here.)

After the vendor review, there are a couple of articles by Laurance Hart (@piewords) and Stephan Waldhauser (@WeWebU).

Following the articles, there is an excellent list of CMIS Resources, which I am going to look through when I get some time.

Taking into account that (at AIIM’s own admission) the Guide is not comprehensive, it is still a very handy document to give a better understanding of the CMIS landscape.

My only criticism is: Guys – when you are creating a PDF – do it properly. Get each section properly bookmarked, as well as the TOC hyperlinked to the corresponding page. It’s not hard to do; it makes the Guide a lot more usable (when viewing on screen).

Click on CMIS for my other CMIS posts.

Related articles
  • CMIS one year on – soon in public review
  • Getting Started with CMIS
  • CMIS 1.1 is now an approved spec; Here’s a recap of what’s new

CMIS is here … but where?

Posted on by

Note – this post is in a draft format. It was written in June 2010 and was never published. The information in this post is not complete.
I have released it now as part of my AIIM CMIS Product Guide post.

CMIS 1.0 was ratified in the beginning of May 2010. This is the standard that will allow interoperability between the various content management systems that are currently on the market. For more information on CMIS, refer my Small Brain Notes on CMIS. Go and read it now, and when you are finished, click on the back button. I’ll be waiting…

Ok – now that you understand a bit of what CMIS will offer, let’s ask the question – when will it be available in these disparate content electronic content management systems?

Let’s look at the list of companies that were associated with the creation on CMIS 1.0

And…who is ready for CMIS?

Founders

  • ECM – EMC have stated that Documentum 6.7 is CMIS complant. This is due out in 2011.
  • Microsoft,k
  • IBM
    • Have released a servlet that sits on Websphere. This allows CMIS clients to access IBM FileNet and IBM Content Manager repositories. (http://www.ibm.com/developerworks/data/downloads/cmistechpreview/index.html).
    • IBM are also

These three  were there in the beginning, and developed the initial draft.

Reviewers

The following companies also played a part in the moulding and shaping of the CMIS standard:

  • Alfresco – Version 3.3 (available now)
  • Open Text,
  • Oracle,
  • SAP

Others Adapting their systems to be CMIS compliant:

  • ASG Software Solutions
  • Content Technologies ApS
  • Day Software
  • Ektron
  • ESoCE-NET
  • Exalead, Inc.
  • FatWire
  • Flatiron Solutions Corporation
  • Greenbytes GmbH
  • Harris Corporation
  • Nuxeo
  • Saperion AG
  • Sun Microsystems
  • Vignette Corporatio

Here is a list of the vendors with regards CMIS compliance.

Vendor Product CMIS Support Timeline
Alfresco Alfresco 3.2 Available for testing
EMC Documentum First half of 2010
IBM Content Manager Second First half of 2010
IBM FileNet P8 Second First half of 2010
KnowledgeTree KnowledgeTree 3.7 Available for testing
Microsoft SharePoint Server 2010 First half of 2010
Nuxeo Nuxeo DMS 5.3 Available for testing
Open Text Enterprise Library Services (ELS-Beta) CMIS connector available now
Open Text Open Text ECM 10 Mid 2010
Oracle Oracle Universal Content Management Not known
SAP SAP DMS Not known
Sense/Net Sense/Net 6.0 Available for testing
Related articles
  • AIIM’s CMIS Product Guide!!! (markjowen.com)

SharePoint “Upgrades” and discovering a small compatibility issue.

Posted on by
Reply

Recently a friend of mine was working on creating a Document Management portal.

That is, he was using SharePoint as the user interface, and was populating the pages with web parts that would allow the user to interact with a back-end document management system.

He had built up the Portal using SharePoint 2007, and had created several sub-sites that contain web parts that were relevant to the requirements of specific groups of users. He had run some informal testing and had confirmed that the web parts were offering the business users the functionality that they required. He had also spent some time on the design of each page. He was using a standard master page  so that each sub-site had the same look and feel, but had made small tweaks to each page so that the presentation of the web parts was optimal.

Then he wanted to move the system to a SharePoint 2010 system. Fortunately the Portal site was not yet in use, and nothing extra, or unknown, had been done to the sites, so was pretty sure there wasn’t any customization. However he wasn’t sure what the best way to get his Portal from 2007 to 2010. So he called me.

We had a look at the options:

  1. In-place upgrade,
  2. Database Attach
  3. Build the site from scratch.

SharePoint 2010 had already been installed on a new, suitably spec’d server, so an in-place upgrade was not an option.

We examined the database attach method. This would involve making a backup of the 2007 content database, restoring it in the new SQL Server installation on the the new server,  This sounded like a good option. The only thing we were worried about was the third-party we parts (the ones that hooked into the third-part document management system). We weren’t quite sure how these were going to respond.

We considered the third option – building the site from scratch on SP2010. This also introduced new challenges. Could we migrate the default. master from 2007 to 2010? I knew that 2010 didn’t use default.master, but now used v4.master. What impact would that have? We also had the ribbon to contend with, as well as the “Tags & Notes”, and “I like it” buttons.  (The sites were meant to be static, offering only the ability of users to work with their documents. It was not meant to be a “social” site.)

One other benefit of an in-place, or database attach upgrade, was the fact that SharePoint 2010 offered a “Visual Upgrade”. That is, the 2007 look and feel is maintained, and there was the ability to “preview” how the sites would look in 2010. Once you were happy with them, you could make the changes permanent.

This would have been nice, but, because of the fact that we wanted to make sure that we could document how the Portal was built up, we decided that option 3 would be the best option.

So – the decision was made. The first step was to install the third-party web parts. And this is where it got interesting. We were using the latest version of these web parts that were SharePoint 2010 compatible, so we thought there would be no problem.

Except there was one small thing…

The third-party web parts were designed to use WSE.  WSE, or Web Services Enhancements, is an add-on to the .NET framework that offers improvements to security and communication. It was released in 2005. The SharePoint server had been installed by another department according to a “standard”, and this included WCF, or Windows Communication Foundation. WCF was brought out as the “next-generation web service/interoperability framework”.

So here was the question: Do we get the department that installed the SharePoint server to uninstall WCF, and install WSE? Or do we ask the vendor to test, and certify that their web part technology will work with WCF?

Removing WCF and installing WSE would have very little impact to the overall scheme of things (the server was not being used for anything else), BUT it would mean a non standard installation.

On the other hand, the vendor has stated that their application was compatible with SP2010, and one would assume that it would be designed to use the newer WCF component.

Currently the discussion is going back and forth between the two options.

One thing though, this small compatibility issue wouldn’t have become quite so obvious if we had not decided to build up the Portal from scratch.

Related material:

  • Determine upgrade approach (SharePoint Server 2010)
  • Interoperability between WCF and WSE 3.0
  • What’s New in WSE Version 3.0
  • What Is Windows Communication Foundation

——————————————————————————–