Upgrading Windows Operating System
Upgrading Windows Operating System
Ensuring Data Integrity through Optimal Security and Performance
Executive Summary
As Microsoft releases new updates and editions of Windows Operating System (Windows OS), it is harder to verify a device or network is running the right software for its job. This guide explains which editions of Windows OS are appropriate for the pharmaceutical industry to use, in compliance with FDA regulations and guidelines. Ultimately, upgrading to the latest edition of Windows OS will provide users the greatest functionality, especially in areas like serialization where large amounts of data is stored. However, an OS still in its lifecycle, with the most recent updates installed, can provide necessary data security and protection. This technology is the foundation of good data integrity, from record creation to destruction. Following this guide will ensure a device has the proper Windows OS for required functionality, and that it is maintained throughout the future.
Introduction
Windows Operating System (Windows OS) is software that controls the basic functions of a computer. With several Windows OS editions and updates, it can be complicated to know if a device has the proper OS for optimal security and performance. This guide provides an explanation of the differences in Windows OS, as well as guidelines for the use and importance of the appropriate one. This approach follows existing regulations and good manufacturing practices and applies to the most recent changes in pharmaceutical data, including serialization. It will explain the process of upgrading a device to a new edition of Windows OS, or updating a device’s current edition of Windows OS, and how to stay informed when to do so.
Supported Windows OS
With several different Windows OS editions, and versions of each one, monitoring the proper OS for a device can be confusing. To demystify this complexity, it is best to have a clear understanding of the important distinction between supported Windows OS and unsupported Windows OS. Supported Windows OS is a product Microsoft actively sells and maintains. This maintenance mostly consists of releasing updates that fix bugs and offer performance improvements that were initially overlooked, but also includes customer support services. Each edition of Windows OS continues to be supported until the end of its lifecycle. Currently supported Windows OS include Windows 8.1 and several editions of Windows 10.
When an edition of Windows OS concludes its lifecycle, Microsoft classifies it as unsupported. Unsupported Windows OS places the security and performance of systems at risk as Microsoft no longer releases updates that patch vulnerabilities nor provides customer support for it. Though there are exceptions where Microsoft updates unsupported Windows OS, as was done recently for Windows 7, this is volitional and rare (Warren, 2020). Because the use of unsupported Windows OS has inherent risks, Microsoft notifies their customers of important information regarding where a product lies in its lifecycle. To best determine if a particular device’s OS is supported, as well as key dates in its lifecycle, view the Windows Lifecycle Factsheet.
The Microsoft Product Lifecycle
The Microsoft Lifecycle Policy outlines the phases of Windows OS as it matures until being replaced with a newer edition and becoming obsolete. Microsoft states:
“Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade, or make other changes to your software.” (Windows Lifecycle Fact Sheet, 2020)
While distinguishing these key dates is important, it is also necessary to understand what they signify. Microsoft has different lifecycle policies for Windows OS, and with them different phases.
Fixed Lifecycle Policy
The Fixed Lifecycle Policy applies to editions of Windows OS like Windows 7, Windows 8, and some versions of Windows 10. This policy ensures at least 10 years of Microsoft Support for its respective product. Over this period, Microsoft maintains editions of Windows OS through two phases: Mainstream Support and Extended Support. Mainstream Support has a duration of at least 5 years, during which Microsoft provides security updates and incident assistance. Following Mainstream Support, Extended Support has a duration of at least 5 years and provides customers with security updates and additional paid assistance. Key dates for these phases can be found in Table 1, below, or the Windows Lifecycle Factsheet. For more information, view Microsoft’s Fixed Lifecycle Policy.
| Edition of Windows Operating Systems | Mainstream Support End Date | Extended Support End Date |
| Windows 10 Enterprise LTSC | January 9, 2024 | January 9, 2029 |
| Windows 10 Enterprise 2016 LTSB | October 12, 2021 | October 13, 2026 |
| Windows 10 Enterprise 2015 LTSB | October 13, 2020 | October 14, 2025 |
| Windows 8.1 | January 9, 2018 | January 10, 2023 |
| Windows 7, service pack 1 | January 13, 2015 | January 14, 2020 |
Table 1: Key Fixed Lifecycle Dates for Windows OS
Modern Lifecycle Policy
More recently, Microsoft introduced the Modern Lifecycle Policy to incorporate newer products and services. Under this policy, Windows OS is supported if the conditions below are satisfied:
- Customers are current, as per the servicing and system requirements of the OS
- Customers are licensed to use the OS
- Microsoft currently offers support for the OS
Should a Windows OS require customer action to maintain its current status, this policy ensures a minimum of 30 days’ notice prior to its degradation. Additionally, should a Windows OS become obsolete without a successor, this policy ensures a minimum of 12 months’ notice prior to being classified as unsupported. Key dates of the Modern Lifecycle Policy can be found in Table 2, below, or the Windows Lifecycle Factsheet. For more information, view Microsoft’s Modern Lifecycle Policy.
| Edition of Windows Operating Systems | End of Service for Home, Pro, Pro Education, and Pro for Workstations Editions | End of Service for Enterprise and Education Editions |
| Windows 10, version 2004 | May 27, 2020 | December 14, 2021 |
| Windows 10, version 1909 | November 12, 2019 | May 11, 2021 |
| Windows 10, version 1903 | May 21, 2019 | December 8, 2020 |
| Windows 10, version 1809 | November 13, 2018 | November 10, 2020 |
| Windows 10, version 1803 | April 30, 2018 | November 12, 2019 |
Table 2: Key Modern Lifecycle Dates for Windows OS
Security
Though it may seem trivial, upgrading to a Windows OS that is routinely updated via Microsoft Support is essential to data security. Updates are periodically released and are only available to supported Windows OS. They provide performance improvements for greater functionality, but more importantly patch vulnerabilities in the OS software. Though infrequent, these vulnerabilities are inherent within Windows OS and can be exploited by malware to access a device or network. Microsoft continually monitors for these weaknesses and newly discovered flaws to protect against them. This is why using a supported and updated OS is essential for data protection.
A recent case that best illustrates the risk to organizations without a fully updated, supported edition of Windows OS is the May 2017 WannaCry ransomware attack. WannaCry exploited a vulnerability in several editions of Windows OS to block access to, if not delete, stored files, before spreading throughout networks. It reached 150 countries and infected 230,000 computers, promising to restore access to data in exchange for bitcoin. One affected system, that of the UK’s National Health Services (NHS), interrupted appointments, surgeries, and ambulance transport, inducing costs totaling over $100 million as a result (What is WannaCry Ransomware?, 2020). While the computers impacted were running Windows OS with Microsoft Support, only those that had not installed the latest updates – patches that were released two months prior to the attack – were infected. This malware is one of many that demonstrate the importance of ensuring devices run on fully updated and supported editions of Windows OS in order to protect sensitive data.
Figure 1: WannaCry Ransomware Window (Whittaker, Z., 2019)
Performance
A device running a fully updated, supported Windows OS allows users to receive features that maximize use. Routine updates provide performance improvements, and upgrades to newer editions of Windows OS allow for even greater functionality. In Windows 10, this functionality includes security features like Windows Defender Antivirus, a program that gives added protection from third-party software, and automatic updates, an element which eliminates manual steps required to keep a system secure. Additional performance benefits included in the latest Windows OS incorporate greater cross-platform support, better cloud integration tools, and advances in user interface. All of these allow users to interact with data safely and efficiently.
Regulations and Guidelines
Within pharmaceutics, requirements and guidelines for specific data protections require the security and performance an updated edition of Windows OS provides. The FDA states:
“CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business models.” (Clark et al., 2019, p. 17)
The security and performance offered by this technology serves as a basis for this, as the proper version of Windows OS minimizes data integrity risks. The FDA further stipulates systems “that create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records.” (Title 21: Food and Drugs, 2020) This requisite too can only be ensured with a trusted OS.
Likewise, the MHRA states:
“Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are or the required quality” (Clark et al., 2019, p. 47)
“The effort and resource applied to assure the validity and integrity of the data should be commensurate with the risk and impact of a data integrity failure to the patient and environment” (Clark et al., 2019, p. 48)
Thus, devices running updated and supported Windows OS are fundamental to not only drug quality but ultimately public safety. These standards ensure stored data is protected from modification or loss, and, when used in conjunction with proper practices, creates the trust and validation required between government, industry, and patients.
Good Manufacturing Practice
Good Automated Manufacturing Practice (GAMP) is one of the many FDA guidelines Windows OS supports. While multifaceted, one aspect of GAMP is the integrity of records and data through data governance. Data governance is defined by the MHRA as:
“The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained, and used to ensure complete, consistent, and accurate record throughout the data life cycle.” (Clark et al., 2017, p. 21)
It is composed of three main areas: technology, process, and people. Seen in Figure 2, each area is organized under its own controls that guide decisions for data integrity and security.
Technical Controls
Technical controls prevent the unauthorized deletion or modification of regulated data and records via user access arrangements. Additionally, they preserve copies of data through a combination of backup and recovery processes and validated security controls (Clark et al., 2017, p. 19). Using a supported Windows OS sets the foundation for strong technical controls. It ensures the most secure access to and modification of data records, and that integrated controls cannot be evaded due to flaws in the software system. The installation of released updates to supported Windows OS is a key part of maintaining this security. In addition, upgrading to the newest editions of Windows OS provides access to the latest backup and recovery technologies, such as cross-platform connected devices and tools for the cloud.
Figure 2: Controls for Data Governance (Clark et al., 2017, p. 21)
Procedural Controls
Procedural controls minimize the risk to data integrity, identify the residual risk of following the principles of ICH Q9, and assess risk associated with third-party software (Clark et al., 2017, p. 19). While they relate to the processes that utilize technology rather than the technology itself, using a supported Windows OS is still important in maintaining these controls. Windows OS aids in the process of ensuring data integrity by inherently minimizing risk to it. Features like Windows Defender Antivirus help evaluate the safety and risk associated with third party software, in addition to the use of similar programs available.
Behavioral Controls
Behavioral controls relate to the maintenance and training for data integrity, the preservation of a work environment that promotes data transparency, and the ownership of data over its lifecycle. The maintenance of data integrity and preservation of data transparency are upkept through the protections and channels that are included in supported Windows OS functionality. While the ultimate ownership of data relates to the actions of the users that behavioral controls govern, Windows OS plays a key role in its protection through the data lifecycle.
The Data Lifecycle
The data lifecycle represents all phases of data from its initial creation to final destruction. Depicted in Figure 3, it contains five phases. A supported Windows OS ensures data integrity throughout each phase.
Data Creation
Data can be created manually through user input or via the use of an instrument or measuring device. Its integrity can be compromised at the point of creation by lacking appropriate accuracy, completeness, content, and meaning. Windows OS limits these risks by safely storing created data through properly authorized channels.
Processing
Data processing is the phase in which the required information is formatted and derived from created data. Though it varies by product and business process, data processing has a direct impact on product quality and patient safety (Clark et al., 2017, p. 35). Windows OS supports programs necessary for secure processing.
Review, Reporting, and Use
During review, reporting, and use, data is used for informed decision making, through defined and verified processes most typically related to record documentation. Windows OS serves as the foundation for appropriate data access during documentation activities.
Retention and Retrieval
Throughout retention and retrieval, data is readily available for any entity or regulator approved to review it. Windows OS protects stored data for the length of its retention period, as in accordance with defined and verified processes and approved procedures.
Destruction
Data destruction occurs at the conclusion of the retention period, when all regulations for destruction are met and the data is completely cleared to be disposed. Given appropriate controls, Windows OS will not destroy data until properly authorized and protect against data destroying malware.
In this way, a device with Windows OS ensures only those with proper access can create, process, review, and destroy data. Working with the newest editions of Windows OS bolsters these functions through data management via cloud tools and other performance capabilities.
Figure 3: The Data Lifecycle (Clark et al., 2017, p. 33)
Serialization
The Drug Supply Chain Security Act (DSCSA) provides regulations to help the industry identify suspect and illegitimate products in the prescription drug distribution system in the United States. A core practice that supports this legislation is serialization, a process to track and trace pharmaceutical drug products through the complete supply chain. This process identifies legitimate products at the unit, inner-pack, case, and pallet level of production and relies heavily on the security and integrity of data. From data protection to cross-platform access and storage via the cloud, Windows OS acts as a pharmaceutical company’s foundation for security and integrity throughout this process.
Upgrade Considerations
As in upgrading any system, there are important factors to be considered. Though it depends on age and configuration, most devices operating on Windows 7 or newer can be fully upgraded within an hour (Upgrade to Windows 10: FAQ, 2020). Pending on the age of a computer, in some instances, a new device will be required to upgrade to the newest versions of Windows OS. Additionally, some devices may require freeing up or acquiring additional storage space. Large-scale deployment of the latest editions of Windows 10 can be arranged through the use of the Microsoft Development Tool kit. For more information, view Microsoft’s Windows Update: FAQ.
Windows OS Maintenance
Fortunately, once a device’s OS is upgraded to Windows 10, maintaining the software takes less effort than before. Without any work from the user, automated updates on the latest editions of Windows OS will install routine fixes and improvements as they are released by Microsoft. These updates can be scheduled within the Update and Security tab of the Settings menu. Details regarding updates available, and the most recent updates installed, can be viewed on this tab as well. While Microsoft sends notifications related to the end of a product’s lifecycle, the best resource to find information related to a specific Windows OS and the timeframe to upgrade to a newer edition is the Windows Lifecycle Factsheet.
Conclusion
This guide explains the importance of a fully updated and supported Windows Operating System in the pharmaceutical industry, and the processes Microsoft follows to release improvements and phase out old software. Through these processes, devices running Windows OS receive the latest security features and performance improvements that protect the access, storage, and transfer of data. In compliance with Good Manufacturing Practices, Windows OS provides the infrastructure to uphold the latest pharmaceutical standards as well as international regulations and guidelines. The latest editions of Windows OS automate updates and emphasize timeframes to upgrade to new OS software, making such standards and practices easier to follow. Running devices and networks on a fully updated Windows OS with Microsoft Support will ensure the highest degree of software security and data integrity for a pharmaceutical company.
References
Clark, C., Jones, C., Margetts, T., Newton, M., Perez, A., Reid, C., . . . Wingate, G. (2017). ISPE GAMP Records and Data Integrity Guide. Tampa, FL: ISPE.
Fixed Lifecycle Policy – Microsoft Lifecycle. (2019, September 19). Retrieved August 31, 2020, from https://docs.microsoft.com/en-us/lifecycle/policies/fixed
Grynoch, T. (2018). Data Lifecycle. Retrieved August 31, 2020, from https://nnlm.gov/data/thesaurus/data-lifecycle
Lindsay, G., Hall, J., Keller, L., Poggemeyer, L., Lich, B., Hernandez Avedon, M., . . . Mariano Gorzelany, A. (2020, August 13). Windows 10 deployment scenarios (Windows 10) – Windows Deployment. Retrieved August 31, 2020, from https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios
Modern Lifecycle Policy – Microsoft Lifecycle. (2020, January 10). Retrieved August 31, 2020, from https://docs.microsoft.com/en-us/lifecycle/policies/modern
Title 21: Food and Drugs. (2020, August 28). Retrieved September 01, 2020, from https://www.ecfr.gov/cgi-bin/text-idx?SID=63804c565597c0de4c2f5628c5381d47
Upgrade to Windows 10: FAQ. (2019, July 29). Retrieved August 31, 2020, from https://support.microsoft.com/en-us/help/12435/windows-10-upgrade-faq
Warren, T. (2020, January 27). Microsoft Forced to Create a Free Windows 7 Update Just Days after Updates Ended. Retrieved September 01, 2020, from https://www.theverge.com/2020/1/27/21082228/microsoft-windows-7-black-wallpaper-fix-update-support-patch
What is WannaCry Ransomware? (2020, June 11). Retrieved August 31, 2020, from https://www.kaspersky.com/resource-center/threats/ransomware-wannacry
Whittaker, Z. (2019, May 12). Two years after WannaCry, a million computers remain at risk. Retrieved August 31, 2020, from https://techcrunch.com/2019/05/12/wannacry-two-years-on/
Windows Lifecycle Fact Sheet. (2020, August). Retrieved August 31, 2020, from https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Windows Update: FAQ. (2020, August 11). Retrieved August 31, 2020, from https://support.microsoft.com/en-us/help/12373/windows-update-faq
Steps to Success: Know Your Goal
When you prepare to do a task, you need to set a goal. Sometimes our goals are big, like running a marathon in record time. Other times, our goals seem small, like only hitting the snooze button three times. Either way, setting goals is an important step towards success. The same is true for businesses. What are the goals that your company is trying to reach? What steps are you taking to reach these goals? Are those goals attainable within the steps that you have planned?
At RemTech, one of our goals is to make sure your company meets its goals.
Completing a project within a specified time frame is a very common goal. Meeting the needs of your clients and customers in a timely manner can set you apart from your competitors. To do this, you need the best team, the best equipment, and the best advisors. RemTech can provide you with these things through staff augmentation, project management, and many years of professional experience.
Staff Augmentation
A RemTech consultant is more than just a consultant. Our professionals will integrate into your team to help with training and implementation planning during your project. We become a part of your team to share our knowledge and experience to make your team the best it can be.
Project Management
When starting a project or upgrading equipment there are many variables to consider. What equipment do you need? What is a manageable timeframe? Where do you even start?
RemTech consultants specialize in project management. This means that we will be there for you, guiding you through every step of the process. From planning the project, purchasing equipment to installation and implementation, we have the experience you need.
Professional Experience
Our team of dedicated professionals have decades worth of experience in project management. The leadership and knowledge that we bring to your team are one of a kind. We know the competitive landscape, as well as regulatory and compliance guidelines, so we can put you at the forefront of your industry.
RemTech is the company that can help you reach your goals. We can provide you with the tools you need for success. Contact us today to see what we can do for you.
Tim LaGreca: RemTech’s New Project Engineer
RemTech, LLC is excited to announce that Tim LaGreca has joined the company as the Project Engineer to continue to position RemTech as a market leader in serialization in pharmaceuticals, food industry, and medical devices. Tim comes with a solid background in software development and mechanical engineering and is recently graduated as a Bachelor of Science from Lafayette College in Easton, PA.
Tim was an integral member of the Lafayette Motorsports Team, helping develop the school’s electric formula car for the 2020 FSAE competition. He acted as the lead mechanical engineer of the vehicle’s Tractive Voltage System, applying his knowledge of hardware and software to design the high voltage batteries that powered the motor. Other colligate projects include the exploration of semi-autonomous robots and their functionality with machine learning capabilities.
His prior professional experience involves the areas of automated manufacturing and software development in the field of consulting. In mechanical applications, he designed and manufactured prototypes and carried out laboratory testing to assess the viability of automated process applications. With software, he held roles using front end development for websites and user interfaces, and back end development for architecture design of data management systems.
Tim is also an Eagle Scout and actively supports his local community.
‘We are very excited about having Tim on board and look forward to continuing to grow RemTech to better serve our clients’ state John Hartwig and Bob Matje, principals of RemTech. ‘Tim brings a wealth of knowledge in current computer science trends and will help enormously with supporting our client’s data management and efficiency through automation and knowledge sharing.’
Welcome to the team, Tim!
Steps to Success: Foundation
The success of your business is your first priority. On the road to success, the first thing to consider is your footing. Whether you are talking about archery, marksmanship, sports, or business, if your footing is not secure then your aim will be off. Making sure you have a solid foundation is the first step to success.
RemTech is that solid foundation. At RemTech, our consultants are experienced professionals that will work with your company to set you on the road to success. With our serialization and automation experience, we will not only increase your company’s accuracy but also reduce cost and make sure you are compliant with current laws, regulations, and best practices.
Serialization helps an organization track products and know where each individual item ends up. This process helps companies maintain shipping accuracy as well as providing excellent customer service. Your clients can rest easy in the knowledge that each item from your company is traced from manufacturing to distribution.
Another benefit of serialization is product authenticity. Utilizing serial numbers on your product helps to maintain integrity and protects the market from fraudulent products. Serial numbers are more difficult to counterfeit and provide better protection for your product and your brand.
Serialization is one of our specialties. Through our serialization services, your company can better maintain a chain of possession. We will develop a system that reflects the needs of your business and work with you to achieve the goals for your business and clients.
Serialization is the foundation that your company needs. RemTech can provide your company with that foundation and make sure you are on the road to success! Contact us today to find out more!