This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FDA (21 CFR Part 11) Validation

Preface

This page discusses using Tomcat in an FDA validated environment, i.e. one where 21 CFR Part 11 regulations apply.

Please note that although this page mentions specific companies, we do not explicitly endorse or sell anyone's services. Tomcat and Apache are not-for-profit organizations. This page is also far from a complete listing of vendors and support options. It is meant as a demonstration showing that these options do exist and that running Tomcat in a validated environment is both feasible and reasonable.

Questions

  1. Can Tomcat be used in a validated environment?
  2. Has anyone actually done it?
  3. Is Tomcat itself validated?
  4. What kind of support is there around validating Tomcat?
  5. How do I know I have a validated release? How do I know no one has tampered with the release package?
  6. What about security? I'm concerned about attacks.

Answers

Anchor
Q1
Q1
Can Tomcat be used in a validated environment?

...

  • There are numerous smaller vendors and several large ones, including IBM, HP, Sun, and Novell, who offer Tomcat consulting and support services, including application auditing, environment assessments, and risk analysis.
  • There are numerous vendors in addition to the above consultants, like SpringSource (formerly Covalent) and JBoss, who offer 24/7/365 enterprise-level support for Tomcat.
  • The Tomcat mailing lists are extremely active and contain members of many of the above organizations, including contractors available for hire.

Anchor
Q5
Q5
How do I know I have a validated release? How do I know no one has tampered with the release package?

...

There's no need to be. See the security page of this FAQ for more information.

CategoryFAQ