Skip to content

CyberFM

  • Home
  • FileMaker Security
  • Disclaimer
  • Privacy Policy
  • Home
  • Heather McCue
  • Compliance Is a Process: FileMaker Is Your Toolbox
  • Heather McCue

Compliance Is a Process: FileMaker Is Your Toolbox

Dimitris Kokoutsidis 5 years ago2 weeks ago38 mins0

Heather McCue, FileMaker DevCon 2019

Introduction

In today’s rapidly evolving regulatory landscape, understanding and achieving compliance is more critical than ever for developers and organizations alike. Regulations such as HIPAA, GDPR, and the CCPA present significant challenges but also opportunities for developers to showcase their expertise in building secure, compliant applications.

The session “Compliance Is a Process: FileMaker Is Your Toolbox” delves into how FileMaker developers can navigate complex regulations and leverage the platform’s robust features to build compliant and efficient applications. Heather McCue, Lead Developer at Harmonic, brings over three decades of FileMaker experience, with nearly two decades focused on compliance in regulated environments. In this session, she shares invaluable insights into demystifying compliance requirements, implementing effective solutions using FileMaker’s tools, and managing client expectations throughout the process.

Table of Contents

  1. Managing Expectations
  2. Understanding Compliance and Regulated Environments
    • What Is Compliance?
    • What Is a Regulated Environment?
  3. Key Regulations Impacting Developers
    • GDPR and CCPA
    • Other Regulations
  4. Defining Success in Compliance
  5. Demystifying Regulations
    • Translating Requirements
    • Understanding the Rule – Paraphrase
    • Telling the Story – Describe the Behavior
    • Choosing the Approach
  6. FileMaker Tools for Compliance
    • Native Security Features
    • Encryption at Rest
    • JSON and Audit Logs
    • UI Controls and Scripting
    • Deployment Considerations
  7. Real-World Examples and Demos
    • Case Study: Medicaid Mileage Reimbursement Validation
    • Role-Based Privileges
    • Custom Menus
    • Trigger-Controlled Object Access
  8. The Larger Ecosystem
    • Risk Considerations
    • Integration with Third-Party Systems
    • Non-FileMaker Considerations
  9. Understanding Responsibilities and Communication
    • Managing Client Expectations
    • Communicating Responsibilities
    • Documentation and Agreements
  10. Conclusion
  11. Resources and References

Managing Expectations

Before diving into the specifics of compliance, it’s essential to set the stage for what this session covers and what it does not. Managing expectations is crucial for both developers and clients to ensure a successful project outcome.

Scope of the Session

  • Not a Security Session: While aspects of security are inherently tied to compliance, this session is not focused on security techniques per se. For in-depth security discussions, other sessions like Tim Neudecker’s and Kevin Havel’s are recommended.
  • Applicability: The tools and processes discussed are not specific to any single regulation. Instead, they are applicable across various regulatory requirements, including HIPAA, FDA Part 11, GDPR, CCPA, and Medicaid.
  • Legal Disclaimer: The insights provided are based on extensive experience but do not constitute legal advice. Developers should consult legal professionals for specific legal guidance.

Setting the Right Mindset

  • Demystifying Compliance: Compliance need not be intimidating. By understanding the requirements and knowing how to apply the appropriate tools, developers can confidently tackle compliance challenges.
  • Knowledge Over Fear: Fear often stems from the unknown. Gaining knowledge about regulations and how to meet them empowers developers to overcome apprehension.

Audience Engagement

  • Focus on Substance: The session prioritizes delivering substantive content without relying on entertainment tactics. The importance and relevance of the topic are expected to maintain audience interest.

Understanding Compliance and Regulated Environments

To effectively address compliance, it’s imperative to understand what it entails and the contexts in which it applies.

What Is Compliance?

Compliance is the act of conforming to a rule, which could be a specification, policy, standard, or law. In the realm of software development and data management, compliance often involves adhering to regulations that govern:

  • Data Privacy: Protecting personal information from unauthorized access or disclosure.
  • Data Security: Ensuring the integrity and confidentiality of data throughout its lifecycle.
  • Operational Procedures: Following prescribed methods for handling, processing, and storing data.
  • Reporting and Accountability: Maintaining records and logs to demonstrate compliance and enable audits.

What Is a Regulated Environment?

A regulated environment is any controlled setting where specific regulations apply. These environments are typically found in industries that handle sensitive data or have significant impacts on individuals and society. Examples include:

  • Healthcare: Hospitals, clinics, and entities handling protected health information (PHI) must comply with regulations like HIPAA.
  • Pharmaceuticals and Medical Devices: Companies in these sectors may need to comply with FDA regulations, including FDA Part 11 for electronic records and signatures.
  • Finance: Banks, investment firms, and other financial institutions are subject to regulations like the Sarbanes-Oxley Act (SOX) and various consumer protection laws.
  • Consumer Privacy: Organizations collecting personal data from consumers may be subject to regulations like GDPR and CCPA.
  • Government Agencies: Entities handling public data or services often have additional compliance requirements.

Examples of Regulations

HIPAA (Health Insurance Portability and Accountability Act)

  • Purpose: Protects the privacy and security of individuals’ medical records and personal health information.
  • Applicability: Applies to covered entities (healthcare providers, health plans) and their business associates (service providers handling PHI).

FDA Part 11 (Electronic Records and Signatures)

  • Purpose: Establishes criteria for the acceptance of electronic records and signatures by the FDA.
  • Applicability: Applies to organizations submitting records to the FDA in electronic form.

GDPR (General Data Protection Regulation)

  • Purpose: Provides EU citizens with control over their personal data and simplifies the regulatory environment for international business.
  • Applicability: Applies to organizations within EU member states and those processing EU citizens’ data, regardless of the organization’s location.

CCPA (California Consumer Privacy Act)

  • Purpose: Grants California residents new rights regarding their personal information and imposes data protection responsibilities on businesses.
  • Applicability: Applies to for-profit businesses meeting certain criteria related to revenue, data collection, or other factors.

Medicaid and Medicare Regulations

  • Purpose: Govern the administration of Medicaid and Medicare programs, including reimbursement policies and fraud prevention.
  • Applicability: Applies to healthcare providers and entities involved in Medicaid and Medicare programs.

Finance and Consumer Protection Laws

  • Examples: Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA).
  • Purpose: Protect consumers and ensure the integrity of financial markets.
  • Applicability: Applies to financial institutions and organizations handling financial data.

Key Regulations Impacting Developers

Understanding the specific regulations that may impact your development projects is crucial for ensuring compliance.

GDPR and CCPA

General Data Protection Regulation (GDPR)

  • Overview:
    • The GDPR is a comprehensive data protection regulation effective since May 25, 2018.
    • Aims to harmonize data privacy laws across Europe and protect EU citizens’ data privacy.
  • Key Principles:
    • Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and transparently.
    • Purpose Limitation: Data must be collected for specified, explicit, and legitimate purposes.
    • Data Minimization: Only collect data that is adequate, relevant, and limited to what is necessary.
    • Accuracy: Personal data must be accurate and kept up to date.
    • Storage Limitation: Data should not be kept longer than necessary.
    • Integrity and Confidentiality: Ensure appropriate security of personal data.
  • Personal Data Definition:
    • Includes any information related to an identified or identifiable natural person.
    • Extends to data like IP addresses, biometric data, political opinions, and union membership.
  • Penalties:
    • Fines up to €20 million or 4% of global annual turnover, whichever is higher.
    • Case Study: British Airways was fined £183 million for a data breach affecting customer details.
  • Implications for Developers:
    • Ensure applications comply with data protection principles.
    • Implement features like data access requests, data deletion, and explicit consent mechanisms.
    • Data breaches must be reported within 72 hours.

California Consumer Privacy Act (CCPA)

  • Overview:
    • Effective since January 1, 2020.
    • Gives California residents new rights regarding their personal information.
  • Key Rights Under CCPA:
    • Right to Know: Consumers can request information about the collection, use, and disclosure of their personal data.
    • Right to Delete: Consumers can request deletion of their personal information.
    • Right to Opt-Out: Consumers can opt out of the sale of their personal information.
    • Non-Discrimination: Businesses cannot discriminate against consumers exercising their CCPA rights.
  • Applicability:
    • Applies to for-profit businesses meeting certain thresholds (e.g., annual gross revenues over $25 million, handling data of 50,000 or more consumers).
  • Comparisons to GDPR:
    • While inspired by GDPR, CCPA has unique provisions and may be more stringent in some aspects.
    • Focuses on data monetization and consumer rights in data sales.
  • Implications for Developers:
    • Implement features to handle data access, deletion, and opt-out requests.
    • Update privacy policies to comply with CCPA requirements.
    • Ensure data handling practices are transparent and compliant.

Other Regulations

Upcoming Legislation

  • US Federal Privacy Laws: Multiple bills are under consideration in the US Senate, indicating a trend toward increased data privacy regulation at the federal level.
  • Global Trends: Other countries are enacting or updating data protection laws, such as Brazil’s LGPD.

Developers Must:

  • Stay informed about current and upcoming regulations in all regions where applications are used.
  • Assess the impact of these regulations on projects.
  • Implement necessary compliance measures proactively.

Defining Success in Compliance

Before embarking on a compliance journey, it’s essential to define what success looks like.

Key Questions

  • How Will Compliance Be Measured?
    • Will there be external audits or certifications?
    • Is compliance self-assessed, or will a client or regulatory body evaluate it?
  • What Are the Acceptance Criteria?
    • Beyond internal QA, what steps are necessary to ensure client acceptance?
    • Are there specific documentation or testing requirements?
  • Who Determines Compliance?
    • Clients may make the final determination in some cases.
    • For FDA validations, external entities will evaluate compliance.

Strategies for Success

  • Develop Comprehensive Test Plans
    • Create detailed test cases covering all compliance requirements.
    • Use tools or develop applications to facilitate client acceptance testing (UAT).
  • Documentation
    • Maintain thorough documentation of compliance efforts.
    • Include paraphrased requirements, narratives, and implementation details.
  • Client Communication
    • Engage with clients to understand their expectations.
    • Provide regular updates on compliance status.
    • Clarify responsibilities between developer and client.
  • Continuous Improvement
    • Treat compliance as an ongoing process, not a one-time effort.
    • Stay updated on regulatory changes and adjust accordingly.

Demystifying Regulations

Navigating complex regulations can be daunting. By breaking down requirements into manageable steps, developers can better understand and address them.

Translating Requirements

Three-Step Process:

  1. Understand the Rule – Paraphrase
    • Restate the regulation in your own words.
    • Ensure all essential elements are captured without omitting critical details.
  2. Tell the Story – Describe the Behavior
    • Create a narrative explaining how the requirement applies in real-world scenarios.
    • Use examples and context to clarify expectations.
  3. Choose the Best Approach
    • Evaluate different methods for implementing the requirement.
    • Consider pros and cons of each option.
    • Select the approach that best fits the application’s needs.

Step 1: Understanding the Rule – Paraphrase

Example from HIPAA:

  • Original Regulation Excerpt:
    • “Covered entities and their business associates must implement technical policies and procedures for electronic information systems that maintain electronic protected health information (ePHI) to allow access only to those persons or software programs that have been granted access rights.”
  • Paraphrased:
    • “The application must ensure that only authorized individuals or software can access electronic protected health information (ePHI).”

Tips:

  • Avoid Summarizing: Summarizing can lead to omitting essential details.
  • Aim for Clarity: Paraphrasing should make the rule easier to understand without losing meaning.

Step 2: Telling the Story – Describe the Behavior

Purpose:

  • Establish Context: Provides a deeper understanding of how the rule applies.
  • Define Expectations: Clarifies what the application must do to comply.

Example Narrative:

  • “In our application, we will ensure confidentiality by restricting data access to authorized users based on their roles. Only users with appropriate permissions can view or edit sensitive health information. Access controls are enforced at both the user interface and data levels to prevent unauthorized access.”

Benefits:

  • Uncovers Details: Helps identify additional considerations or edge cases.
  • Facilitates Communication: Makes it easier to discuss requirements with clients and team members.

Step 3: Choosing the Approach

Considerations:

  • Evaluate Options: Explore different methods for implementing access controls, such as using FileMaker’s accounts and privilege sets, custom scripts, or UI elements.
  • Assess Risks and Benefits: Consider performance implications, maintenance overhead, and flexibility.

Example Approaches:

  1. FileMaker Accounts and Privileges
    • Pros: Provides robust, system-wide security controls.
    • Cons: May lack flexibility for dynamic role changes.
  2. Custom Privileges (Role-Based Access)
    • Pros: Offers greater flexibility, managed within the application.
    • Cons: Requires additional development effort and careful implementation.
  3. UI Controls (Hide Conditions, Conditional Formatting)
    • Pros: Enhances user experience by showing only relevant options.
    • Cons: Does not prevent access via other means (e.g., scripting).
  4. Field-Level Validation
    • Pros: Ensures data integrity at the field level.
    • Cons: May not be sufficient for comprehensive access control.

Conclusion:

  • Select the Best Fit: Based on the application’s needs, a combination of role-based privileges and UI controls may provide the optimal balance between security and flexibility.
  • Implement Foundational Security: Always use FileMaker’s built-in security features as a baseline.

FileMaker Tools for Compliance

FileMaker provides a comprehensive set of tools and features that can be leveraged to meet compliance requirements effectively.

Native Security Features

Accounts and Privileges:

  • Control Access at Multiple Levels:
    • File Access: Determine who can open the database.
    • Record Access: Set view, edit, and delete permissions on a per-table basis.
    • Field Access: Restrict access to sensitive fields.
    • Layout Access: Control which layouts users can access.
  • External Authentication:
    • Active Directory / Open Directory Integration: Manage user authentication via directory services.
    • OAuth Providers: Support for OAuth 2.0 authentication with providers like Google and Microsoft.

Best Practices:

  • Least Privilege Principle: Assign users the minimum access required for their duties.
  • Avoid Full Access for External Accounts: Do not grant full access privileges to externally authenticated accounts.
  • Control Extended Privileges: Manage extended privileges like FMApp (FileMaker Network Access) and FMWebDirect carefully.
  • Disable Default Admin Accounts: Secure or disable the default Admin account to prevent unauthorized access.
  • Implement Idle Disconnect: Use idle timeouts to disconnect inactive users, reducing security risks.

Encryption at Rest

Purpose:

  • Protect Data Stored in FileMaker Files: Encrypts the entire database file, including data, schema, scripts, and layouts.

Implementation:

  • Enable EAR: Use FileMaker Pro Advanced to encrypt the database with a strong password or encryption key.
  • Key Management: Securely manage and store encryption keys to prevent unauthorized decryption.

Benefits:

  • Compliance: Meets regulatory requirements for data protection.
  • Security: Protects data even if physical files are compromised.

JSON and Audit Logs

JSON in FileMaker:

  • Data Structure: Use JSON functions to create and parse structured data.
  • Flexibility: Store complex data structures in a single field.

Audit Logs:

  • Importance: Essential for tracking changes, meeting accountability requirements, and detecting unauthorized activities.
  • Implementation with JSON:
    • Capture Changes: Store before and after values in a JSON object.
    • User Actions: Record who made changes, when, and from where.
    • Efficient Storage: Use a dedicated audit table or log file to store JSON data.

Benefits:

  • Transparency: Provides a clear history of data modifications.
  • Compliance: Meets requirements for traceability and non-repudiation.

UI Controls and Scripting

Hide Conditions:

  • Dynamic Visibility: Show or hide layout objects based on calculations.
  • User Experience: Simplifies the interface by removing irrelevant options.

Modal Windows and Cards:

  • Process Control: Guide users through workflows and enforce sequential steps.
  • Focus: Keeps the user’s attention on critical tasks.

Custom Menus:

  • Tailored Options: Modify or remove menu items to prevent unauthorized actions.
  • User Roles: Assign different menu sets based on user privileges.

Button Bars and Script Triggers:

  • Interactive Interfaces: Create responsive navigation and controls.
  • Event Handling: Use script triggers to respond to user actions and enforce rules.

Additional Tools:

  • Conditional Formatting: Highlight fields or records based on conditions.
  • Popovers: Provide contextual information or options without navigating away.
  • OnTimer Scripts: Automate periodic checks or updates.
  • Custom Functions: Reusable code snippets for consistent behavior.

Deployment Considerations

HTTPS vs. HTTP:

  • Secure Connections: Always use HTTPS to encrypt data in transit.
  • SSL Certificates: Obtain certificates from trusted authorities and install them on the server.

Deprecations:

  • Stay Updated: Be aware of deprecated features and plan for alternatives.
  • PHP API Access: Deprecated in favor of the FileMaker Data API.

FileMaker Data API:

  • Token-Based Authentication: More secure than passing usernames and passwords.
  • RESTful Interface: Enables integration with modern web services.

Server Deployment:

  • Admin Console Access: Limit access to authorized personnel.
  • External Accounts and OAuth: Choose appropriate authentication methods.
  • Backups and Disaster Recovery: Implement robust backup strategies, including off-site retention.
  • Firewall and Port Management: Configure network security to allow necessary traffic and block unauthorized access.

Real-World Examples and Demos

Applying theory to practice is essential for understanding how to implement compliance solutions.

Case Study: Medicaid Mileage Reimbursement Validation

Background:

  • Client: Independent Support Services (ISS), a non-profit agency in New York.
  • Context: ISS manages self-direction (SD) plans for developmentally disabled participants.
  • Regulations: Subject to HIPAA, multiple New York state entities, and Medicaid requirements.

Medicaid Requirement:

  • Rule: Medicaid will not pay for mileage incurred on days that support staff did not work.
  • Paraphrased: Support staff can only be reimbursed for mileage on days they actually worked.

Implementation:

  • Tell the Story:
    • Describe scenarios where mileage claims might not align with work days.
    • Identify potential for errors or fraud.
  • Choose the Approach:
    • Implement validation tests for each expense and line item.
    • Use server-side scripts to validate data upon entry.
    • Automatically reject expenses failing validation, providing detailed feedback.

Challenges:

  • Frequent Rule Changes: Regulations change often, sometimes retroactively.
  • Multiple Violations: Need to detect and prevent 34 separate violation possibilities.

Solution:

  • Data-Driven Validation: Create a flexible validation system adaptable to new rules.
  • Performance Considerations: Avoid UI-based validations that could impact performance.
  • Workflow Integration: Embed validation into the expense submission process.

Role-Based Privileges

Features:

  • Dynamic Assignment: Users can be assigned multiple roles with associated privileges.
  • Inheritance: Users inherit privileges from their roles.
  • Flexibility: Privileges can be adjusted as needed, roles can be temporarily disabled.

Implementation:

  • Data Tables: Store roles, privileges, and user assignments in tables.
  • Scripts and Calculations: Determine access rights based on user roles at runtime.
  • Client Management: Allow clients to manage roles and privileges through the application interface.

Benefits:

  • Scalability: Accommodate changes in staff and responsibilities easily.
  • Granular Control: Fine-tune access to meet compliance requirements.
  • Client Empowerment: Clients can adjust settings without developer intervention.

Custom Menus

Purpose:

  • Prevent Unauthorized Actions: Remove or disable menu options that could lead to non-compliant behavior.
  • Simplify Interface: Reduce clutter by showing only relevant menu items.

Implementation:

  • Menu Sets: Create different menu sets for various user groups.
  • Scripted Actions: Replace default actions with scripts including validation and logging.
  • Keyboard Shortcuts: Disable or reassign shortcuts to prevent accidental actions.

Example:

  • Records Menu:
    • Standard: Includes options like New, Duplicate, and Delete Record.
    • Management Menu: Removes the Duplicate option, scripts New and Delete for checks.
    • Basic Menu: Removes New, Duplicate, and Delete options entirely.

Trigger-Controlled Object Access

Technique:

  • Script Triggers: Attach scripts to field events (e.g., OnObjectEnter, OnObjectModify).
  • Dynamic Control: Prevent or allow actions based on conditions during interaction.

Scenarios:

  • Field-Level Control:
    • Prevent editing fields based on record status or user role.
    • Disable data entry in certain fields while allowing it in others.
  • Popovers and Layouts:
    • Require users to complete required fields before exiting a popover.
    • Control navigation based on form completion.

Implementation Considerations:

  • Field Formatting: Different field types (checkboxes, radio buttons) may trigger scripts differently.
  • Efficiency: Use script parameters to reuse scripts across multiple objects.

Benefits:

  • User Experience: Provides immediate feedback and guidance to users.
  • Compliance: Enforces data entry rules, prevents incomplete or invalid submissions.

The Larger Ecosystem

FileMaker often operates within a broader technological environment, introducing additional considerations for compliance and risk management.

Risk Considerations

Assessing Risk Profile:

  • Number of Users: More users increase potential risk.
  • Platforms Used: Consider risks associated with FileMaker Pro, Go, WebDirect, Data API.
  • Access Points: Each additional access point (web services, APIs) introduces potential vulnerabilities.
  • Data Sensitivity: Evaluate types of data handled and regulatory requirements.

Strategies:

  • FileMaker First: Address compliance within FileMaker before extending to other platforms.
  • Evaluate Applicability: Determine if compliance requirements apply to external systems.
  • Risk Mitigation: Implement security measures appropriate to risk level.

Integration with Third-Party Systems

Examples:

  • Amazon S3: Used for storage and backups; ensure data is encrypted and access controlled.
  • DocuSign: For electronic signatures; understand how it meets electronic signature requirements.
  • QuickBooks: Financial data integration; ensure compliance with financial regulations.
  • Salesforce: CRM data exchange; manage data transfers securely.

Considerations:

  • Security: Verify third-party systems have appropriate security measures.
  • Compliance Alignment: Ensure third-party services comply with relevant regulations.
  • Responsibility Assignment: Clearly define who manages integrations and addresses compliance issues.

Non-FileMaker Considerations

External Factors:

  • Systems and Hardware: Understand who is responsible for hardware maintenance and updates.
  • Network Infrastructure: Consider LAN, WAN, VPN, and remote access configurations.
  • Web Services and Routers: Manage and secure network devices and services.
  • External Policies: Be aware of policies related to services like AWS or identity management systems.

Strategies:

  • Trust but Verify: Collaborate with IT professionals but verify compliance requirements are met.
  • Clear Communication: Define responsibilities for non-FileMaker components.
  • Documentation: Maintain records of external dependencies and compliance measures.

Understanding Responsibilities and Communication

Clear communication and well-defined responsibilities are crucial for managing compliance effectively and maintaining a healthy client relationship.

Managing Client Expectations

Challenges:

  • Scope Creep: Clients may expect additional features based on offhand comments or demonstrations.
  • Assumptions: Clients might assume developers will handle aspects beyond the agreed scope.

Strategies:

  • Documentation: Keep detailed records of meetings, decisions, and agreed-upon features.
  • Scope Management: Clearly define project scope and any changes in writing.
  • Set Boundaries: Politely but firmly communicate what’s included in the project and what requires additional agreements.

Communicating Responsibilities

Key Points:

  • Business Associate Agreements: Required for HIPAA compliance but don’t define scope of work.
  • Division of Labor: Clearly outline who is responsible for system maintenance, backups, network security, compliance monitoring.
  • Client Education: Help clients understand their responsibilities, especially in regulated environments.

Best Practices:

  • Regular Updates: Provide clients with progress reports, highlight compliance milestones.
  • Risk Assessments: Share identified risks and recommended mitigation strategies.
  • Set Expectations Early: Address responsibilities and limitations at the project start.

Documentation and Agreements

Importance of Documentation:

  • Contracts and Agreements: Use formal agreements to define project scope, responsibilities, liabilities.
  • Meeting Recaps: Follow up meetings and calls with written summaries to ensure mutual understanding.
  • Change Requests: Document any changes to project scope or requirements.

Benefits:

  • Legal Protection: Provides clarity in case of disputes.
  • Client Satisfaction: Reduces misunderstandings, enhances trust.
  • Compliance Evidence: Demonstrates due diligence in meeting regulatory requirements.

Conclusion

Compliance is an ongoing process requiring diligence, understanding, and effective use of available tools. By leveraging FileMaker’s robust features and following best practices in communication and risk management, developers can build applications meeting regulatory requirements and providing value and security to clients.

Key Takeaways:

  • Stay Informed: Keep up-to-date with changing regulations and industry standards.
  • Be Proactive: Address compliance considerations early in the development process.
  • Leverage FileMaker Tools: Utilize the platform’s capabilities for effective compliance solutions.
  • Communicate Clearly: Maintain open lines of communication with clients and stakeholders.
  • Define Responsibilities: Clearly outline responsibilities for various compliance aspects.

By embracing compliance as an integral part of the development process, developers can mitigate risks, build trust with clients, and contribute to creating secure and effective applications.

Resources and References

  • FileMaker Security Guides:
    • Official documentation on implementing security features in FileMaker.
    • FileMaker Security Guide
  • GDPR and CCPA Overviews:
    • GDPR: EU GDPR Official Website
    • CCPA: California Attorney General’s CCPA Page
  • HIPAA Compliance Resources:
    • U.S. Department of Health & Human Services HIPAA Page
  • FDA Part 11 Guidance:
    • FDA Part 11 Compliance
  • Harmonic Compliance Series:
    • Upcoming videos and demos on compliance-related topics.
    • Visit harmonix.fm/heather for updates.
  • FileMaker Community Forums:
    • Engage with other developers on compliance challenges and solutions.
    • Claris Community
  • Data Security Blogs and Articles:
    • Stay updated on best practices and emerging trends in data security.
  • Legal Counsel:
    • Consult legal professionals specializing in data protection and compliance for specific guidance.

By integrating these principles and resources into your development practices, you can confidently navigate the complexities of compliance and deliver applications that meet both your clients’ needs and regulatory obligations.

https://support.claris.com/s/article/BUS05-2019?language=en_US

Tagged: Account Active Directory Amazon API Audit Log Authentication AWS Backup Balance Best Book Compliance Confidentiality Deployment Disaster Documentation Encryption Encryption At Rest FileMaker Pro Firewall FM DevCon 2019 GDPR Google Identity Install Integration Integrity Json Logging Maintenance Management Microsoft Monitoring Network OAuth Open Directory PHP Plan Policy Practice Principle Privacy Privilege Procedure Provider Recovery Report Role Scalability Scenario Server SOC SSL SSO Storing Test Tracking Update UPS VPN Vulnerabilities Web Windows YouTube

Dimitris Kokoutsidis

Post navigation

October 1, 2019
Getting Started with Zabbix in FileMaker
October 1, 2019
How Not to Worry About Security in FileMaker