Is Aspose Cloud FDA Part 11 compliant? - aspose

The US FDA has regulations for electronic record keeping:
TITLE 21--FOOD AND DRUGS
CHAPTER I--FOOD AND DRUG ADMINISTRATION
DEPARTMENT OF HEALTH AND HUMAN SERVICES
SUBCHAPTER A--GENERAL
PART 11 ELECTRONIC RECORDS; ELECTRONIC SIGNATURES
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11
Q1. Is the Aspose Cloud service Part 11 compliant?
(The forums have no existing questions)
Q2. Are you using Aspose Cloud currently in a Part 11 compliant app, what are the pros/cons?
Thanks,

If we are supposed to be certified by an external authority then we are not compliant. Though while reading the CFR document, we found no reason to not comply this certification.
Aspose for Cloud provides Cloud Storage to its customers but we also let our customers use their own Cloud Storage or some other third party Storage they are comfortable with. So you can use Microsoft Azure or Dropbox that are Part 11 compliant with our APIs as a storage provider.
In short, you should not rely on our system alone to get the compliance. But if you use our system from a system that is Part 11 compliant, we don't find any reason why we will break the compliance.

Related

Firebase migration for China [duplicate]

I am now developing a social application. But recently I noticed that Firebase is blocked in China. So I want to make sure whether firebase can be used in China?
* EDIT 24 January 2020 *
Some of the information here might be out of date.
Firebase has a China service at https://firebase.google.cn/ which is not blocked in the PRC. (Thanks to #c-an for bringing this up.)
That said, *.google.com and *.googleapis.com are still blocked in China. I'll change/update this as I get more information.
Original Answer
For now Firebase is blocked and can't be used in China, along with other Google services, because the PRC has blocked all URIs with *.google.com and *.googleapis.com.
This also means, for example, that the Play app store can't be accessed from China. If you don't know what's going on between Google and the PRC, here's a primer.
Also, according to Chinese law, user data of Chinese citizens must be stored inside of the PRC. You might be able to get away with only addressing this once you have a significant number of users, but the trend has been for the CCP to crack down more and more on foreign information, even busting VPNs and declaring them illegal despite complaints of academics who say that they need, you know, real information.
As we're now in the run-up to the 19th Party Congress this autumn, we can expect the situation to get worse before it gets better. Maybe 2018 will leave room for relaxation?
For now, very sadly, forget anything Google in China, and be prepared to store user data of PRC citizens on servers located inside the Great Firewall. Also be prepared for seemingly random degradations of your service within China, or to be blocked altogether, along with these other blocked services.
Update 2017-11-23: The 19th Party Congress has come and gone and, if anything, Google services look less likely than ever to become available in China. The great firewall is likely to continue to be strengthened as the Chinese Communist Party extends its role into corporations, and foreign firms are generally disadvantaged.
Update 2018-08-05: Google plans to open a censored version of its search in China, according to leaked documents. It seems reasonable to assume that if a censored Google Search becomes available in the PRC, then Firebase and other Google Cloud products may as well. The censored search plan, code-named Dragonfly, has reportedly been in the works since December 2017, possibly a result of meetings that month between Google CEO Sundar Pichai and an unnamed top Chinese official when they met at the World Internet Conference in Wuzhen, China, where PRC General Secretary and President Xi Jinping gave a speech.
Update 2018-12-23: It appears that Google's Project Dragonfly is now on hold if not outright abandoned. This implies that the outlook for Firebase in China has worsened.
You can build your own Rest API server outside of China, and make the server talks to Firebase rest api endpoints of Realtime db or Authentication, https://firebase.google.com/docs/reference/rest/database. So you web app talks to your rest api server (accessible from China), and your rest api server talks to Firebase.
The answer is NO :
Using a huge part of Firebase services, I contacted the support, this is the answer :
I'm glad you are considering Firebase for your project. However, in
accordance with current U.S. policies, it is not possible to use
Firebase from within certain countries. For more information about
these restrictions, please refer to the U.S. Department of the
Treasury website. The current list is of blocked countries is listed
here. If you have end-users located within China, it's quite difficult
to access Firebase there since the use of Firebase requires Google
Play Services, which most of the devices in China don't have. We
understand that access to our products has been problematic from
within mainland China. We believe it may have been caused by
networking conditions in China, rather than Google's own services.
Since access to services is determined by the respective country's
government and they don't report to Google, the Transparency Report is
the most authoritative it can be.
I just tested and I am able to access my realtime database hosted on the Singapore region in China mainland. No need to modify anything. Whatever works overseas, works in China. Tested in Beijing.
Facing the same problem, if you are in china, install Astrill VPN and change from openweb to StealthVPN, connect to a server like USA for china one and login to firebase. It will work successfully.

Google Cloud Vision - Which region does Google upload the images to?

I am building an OCR based solution to extract information from certain financial documents.
As per the regulation in my country (India), this data cannot leave India.
Is it possible to find the region where Google Cloud Vision servers are located?
Alternately, is it possible to restrict the serving region from the GCP console?
This is what I have tried:
I went through GCP Data Usage FAQ: https://cloud.google.com/vision/docs/data-usage
GCP Terms of Service:
https://cloud.google.com/terms/
(Look at point 1.4 Data Location on this page)
Talking to the GCP Sales rep. He did not know the answer.
I know that I can talk to Google support but that requires $100 to activate, which is a lot for for me.
Any help would be appreciated. I went through the documentation for Rekognition as well but it seems to send some data outside for training so not considering it at the moment.
PS - Edited to make things I have tried clearer.
For anyone looking at this topic recently, Google Vision has introduced multi-region support in December 2019, as can be see in their release notes.
Currently Google Vision supports 2 different processing regions: eu and us, and they say that using a specific endpoint guarantees that processing will only take place in the chosen territory.
The documentation for regionalization mentions that you can simply replace the default API endpoint vision.googleapis.com with either of the regional ones:
eu-vision.googleapis.com
us-vision.googleapis.com
The vision client libraries offer options for selecting the endpoint as well, and the documentation gives code samples.
For example, here is how you would do it in Python:
from google.cloud import vision
client_options = {'api_endpoint': 'eu-vision.googleapis.com'}
client = vision.ImageAnnotatorClient(client_options=client_options)
As pointed out by #Tedinoz in a comment above, the answer can be found here: https://groups.google.com/forum/#!topic/cloud-vision-discuss/at43gnChLNY
To summarise:
1. Google stores images uploaded to Cloud Vision only in memory
2. Data is not restricted to a particular region (as of Dec 6, 2018)
3. They might add data residency features in Q1, 2019.

Google Speech API compliance in Canada

A customer I am working with wants to use Google Speech API for transcribing audio but there are compliance concerns.
I know that you can upload files directly or have the API access files in Google Cloud Storage. For either of these methods is anyone familiar with how they interact with the data compliance laws in Canada?
For instance if the audio files are uploaded to a Cloud Storage bucket at the Montreal datacenter and we make an API call on it does the file ever leave that datacenter?
Thanks in advance for any insights!
Stack Overflow is not a great place to get a legal opinion, but is there a particular standard for compliance that they require? Google Cloud has a number of international data compliance certifications, one of which might be the one your customer requires. Talk to your customer and see what they need, and take a look at Google Cloud's list of standards that they are compliant with to see if it meets those needs: https://cloud.google.com/security/compliance
For example, the Cloud Speech API is compliant with ISO 27018, an international standard for cloud service privacy. Is that sufficient for your customer? You'll need to ask them.

Google Cloud Speech API on production

As we know, Google Cloud Speech API is in Beta now.
Will it be safe to use it in a application on production server?
I was also searching for the applications which is using Google Cloud Speech API, So far I have found the following,
VoiceBase, Hyperconnect, InterActiveTel
Does anyone know of any other applications that could give us more confidence in using it on production server?
The official definition of GCP launch stages, such as Beta, can be found in our documentation here.
Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release, and charges may be waived in some cases. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
Emphasis is mine: Limited production. Ultimately, it is going to come down to your risk appetite.
As of Tuesday, April 18, the Cloud Speech API has reached General Availability, meaning all features are open to developers and are to be considered stable.
Voicebase provides more than just speech recognition and it is currently used in production by large customers. Take a look at some of the features
http://voicebase.readthedocs.io/en/v2-beta/index.html

How long can I expect that youtube api v.3 is maintained?

I'm looking at youtube api v.3 for a project for a client. They want to know for how long the applicaiton will work without maintenance. Is there any dates presented for how long api v.3 will be supported, or at least a version history for when the previous api:s where created and depricated?
The answer can be found in the Terms of Service:
Deprecation.
Google will announce if it intends to discontinue or make backwards
incompatible changes to this API or Service. Google will use
commercially reasonable efforts to continue to operate those YouTube
API versions and features identified at
http://developers.google.com/youtube/youtube-api-list without these
changes until the later of: (i) one year after the announcement or
(ii) April 20, 2015, unless (as Google determines in its reasonable
good faith judgment):
required by law or third party relationship (including if there is a
change in applicable law or relationship), or doing so could create a
security risk or substantial economic or material technical burden.
The above policy is the "Deprecation Policy."