Security and the theory of constraints


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

Security management is tricky.  It’s not only about technical controls and good software development practice. It’s also about management responsibility.

If you remember TOC ( Theory of Constraints, invented by Dr. Eli Goldratt about 40 years ago) there is only 1 key constraint that limits system (or company) performance to achieve it’s goal.

So – what is that 1 key constraint for achieving FDA Premarket Notification (510k) and/or HIPAA compliance success for your medical device on a tight schedule and budget.

That’s right boys and girls – it’s the Business unit manager

Consider 3 cases of companies who are developing medical devices and need to achieve FDA Premarket Notification (510k) and/or HIPAA compliance for their product.   We will see that there are 3 generic “scenarios” that threaten the project.

A key developer leaves and the management waits until the last minute

In this scenario, the person responsible for the software security and compliance quits. The business unit manager waits until the last minute to replace him and in the end realizes that they need a contractor. External consultants (like us) start wading through reams of documentation, interviewing people and reconstructing an understanding of the systems and scope before we even start our first piece of threat analysis and write our first piece of code.

The mushroom theory of management

In this scenario, there are gobs of unknowns because the executive staff did not, could not or would not reveal all their cards in a particularly risky and complex development project that is not reaching a critical milestone.  The business unit manager calls in an outsider to evaluate and/or take over. After 6 weeks – you may sort of think you have most of the cards on the table. But – then again, maybe not. You might get lucky and achieve great progress because the engineers are ignoring the product manager and doing a great job. Miracles sometimes happen but don’t bet on it.

We’re in transition

In scenario 3, a new CEO is brought in after a putsch in the board and things come to a standstill as the executive staff started getting used to the new boss and the line staff start getting used to new directives and the programmers stop wondering if they will still have a job.

Truth be told – only the first scenario is really avoidable.  If your executive staff runs things by the mushroom theory of management or you get into management transition mode – basically, anything can happen.  And that’s why consultants like us are busy.

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply