Patches / updates in a Regulated Industry
'tho short, I felt these comments touched on an issue that will become more serious as regulated industry becomes more involved in electronic records / electronic signatures. I consult to FDA -regulated industries, primarily medical device / pharma. This industry is under 21 CFR Part 11 which requires that software for ER / ES be validated, which costs $1000's. Any subsequent change to that validated sw requires documented review and verification, if not revalidation. Automated updates / patches by the sw vendor, w/o such a documented review by the user, is a violation of the regs. I believe the issues in finance and legal fields are similar. Especially since the regs require cert'n that an ES carries the same legal weight as a hand signature. Everybody using such ES' should be assured that the sw is validated and that subsequent 'updates' haven't compromised that validation, date / time stamped audit trails, et al.
Keep Up with TechRepublic