Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Web Design

SAS Corporate Compliance – ®

SAS® Corporate Compliance
– A case study for developing reusable
J2EE applications
Zhiyong Li
Lead Application Architect
SAS Pharmaceutical / Corporate Compliance
Software Development
Copyright © 2005, SAS Institute Inc. All rights reserved.
Agenda
 Background
 SAS Drug Development Key Architecture
Components
 Reuse
 Summary
 Demo
Copyright © 2005, SAS Institute Inc. All rights reserved.
2
The Sarbanes-Oxley Act of 2002 - What is It?
 Contains 11 Titles, 66 Sections
• §404 – Management Assessment of Internal Controls
• §302 – Corporate Responsibility for Financial Reports
• §409 – Real-time Issuer Disclosures
Copyright © 2005, SAS Institute Inc. All rights reserved.
3
The Sarbanes-Oxley Act of 2002 - Who is Impacted?
 All public companies
 Foreign-based companies / foreign subsidiaries
of US companies
 Chief Executive Officer and Chief Financial
Officer
 Finance, internal audit, audit committee of the
Board of Directors, Chief Risk Officer, Chief Audit
Officer
 IT, Sales & Marketing, Shipping & Receiving…
theoretically the entire company
Copyright © 2005, SAS Institute Inc. All rights reserved.
4
SAS® Corporate Compliance
 Secure, auditable repository, versioning,
electronic signatures
 Highly configurable
 Assessment-oriented workflow
 Documentation for control procedure, testing
activities, issues, etc.
 Report for viewing control effectiveness,
outstanding issues, etc.
 J2EE web application with zero footprint client
Copyright © 2005, SAS Institute Inc. All rights reserved.
5
SAS® Drug Development
 Centralized object repository, versioning and
electronic signature






Enables compliant environment
Data transformation and integration
Data exploration
Statistical analysis and reporting
Study reports and submissions
(Very) Thin client
Copyright © 2005, SAS Institute Inc. All rights reserved.
6
SAS Drug Development and SAS
Corporate Compliance Key Comparison
 Similarities
• Compliant solution
− Strong audit trail and security functionalities
• Web-based platform
• Content Management functionality
− objects, documents, versioning, electronic signing
 Differences
• SAS Drug Development
− Clinic trial oriented concepts (studies, protocols,
submissions)
− Java Swing applications
• SAS Corporate Compliance
− Process oriented workflow for control self assessment
Copyright © 2005, SAS Institute Inc. All rights reserved.
7
Agenda
 Background
 SAS Drug Development Key Architecture
Components
 Reuse
 Summary
 Demo
Copyright © 2005, SAS Institute Inc. All rights reserved.
8
SAS Drug Development Key Architecture
Components
Firewall
Mapped Drive\Web Folder
HTTPS
Web
Server
WebDAV
Server
App
Server
SAS
Server
Data
Server
Copyright © 2005, SAS Institute Inc. All rights reserved.
Oracle
9
Client
 User Interface
• HTML, Javascript and Java Swing applications
 Client Requirements Include:
•
Windows 98, NT, 2000 and XP
Browser IE 5.5 or higher, Netscape 7.0
•
MAC OS10
Safari on MAC
Copyright © 2005, SAS Institute Inc. All rights reserved.
10
Web/App Server
 Web-tier
• Handles request/request between client and server
• Maintains user interface flow and user’s states (sessions)
• Communicates with the business tier
 Business-tier
• EJB based APIs
• Provides business logic services
− searching, events, object management, security, audit
trail, etc.
Copyright © 2005, SAS Institute Inc. All rights reserved.
11
Backend Servers
 Data Storage-tier
• Accesses data in the backend servers.
• WebDAV server
− Stands for "Web-based Distributed Authoring and
Versioning".
− Content Management: Version control, security,
permission-based access, metadata
• Data server
− Stores all objects and metadata
− Stores all data, documents and files
• SAS server
− The analytical engine: Generating all reports
Copyright © 2005, SAS Institute Inc. All rights reserved.
12
Agenda
 Background
 SAS Drug Development Key Architecture
Components
 Reuse
 Summary
 Demo
Copyright © 2005, SAS Institute Inc. All rights reserved.
13
Reuse - Architecture
 Shares a similar architecture
 SAS Corporate Compliance is built on top of SAS Drug
Development
 Reuses components
SCC User Interface
SDD User Interface
SCC Web Tier
SDD
Web Tier
SCC Business Tier
SDD
Business Tier
SDD/SCC Database and Backend Servers
Copyright © 2005, SAS Institute Inc. All rights reserved.
14
Reuse – User Interface
 Shares the same frame_based layout
 Shares the same components / JSP tags
• Tree view
• Tab view
• Menu bar and menu
 Dynamically generated property pages
 Configures menu items, url link, etc.
Copyright © 2005, SAS Institute Inc. All rights reserved.
15
Sample SAS Drug Development Interface
Copyright © 2005, SAS Institute Inc. All rights reserved.
16
Sample SAS Corporate Compliance Interface
Copyright © 2005, SAS Institute Inc. All rights reserved.
17
Sample Configuration File
<ObjectAction nameString = "control"
icon = "/p21/portal/common/images/default/icons/icon_control.gif"
openIcon = "/p21/portal/common/images/default/icons/icon_control.gif"
>
<LinkAction nameString = "Default"
url ="mainContent.do?parentPath=$path$&navigate=true&fromShortcut=$fromShortcut$"
targetFrame = "RightFrame"
/>
<LinkAction nameString = "Assign-Control"
url = "assignPersona.do?actionType=edit&objectType=control&parentPath=$parentPath$&path=$path$"
/>
<LinkAction nameString = "My Assignments"
url = "viewAssignments.do?actionType=browse&userMode=user&viewMode=pending&parentPath=$parentPath$"
/>
<LinkAction nameString = "Properties"
url = "property.do?objectType=control&actionType=browse&parentPath=$parentPath$&path=$path$"
/>
<LinkAction nameString = "Audit Trail"
url = "objectAuditTrail.do?objectType=control&parentPath=$parentPath$&path=$path$&entityId=$entityId$"
/>
</ObjectAction>
Copyright © 2005, SAS Institute Inc. All rights reserved.
18
Reuse – Web-tier
 Shares the same control framework
• Struts-based control framework
• Common services
− Application and Session scope cache
− Configuration
 Business-tier independent access strategy
• Factory pattern to access business-tier objects
Copyright © 2005, SAS Institute Inc. All rights reserved.
19
Web-tier Architecture
Copyright © 2005, SAS Institute Inc. All rights reserved.
20
Reuse – Business-tier
 EJB based services
• Audit trail, Search, Object Management
• Assessment
 Reuses EJB services
 Dynamically defined types and attributes
• Shared types: Folder, document, shortcut
• Product specific types:
− SAS dataset, compound, protocol, …
− Time period, entity, process, risk, control
Copyright © 2005, SAS Institute Inc. All rights reserved.
21
Sample Type Definition File




Typedef.xml
Typedef.xsd
I18n.xml
AttrLayout.xml
Typedef.xml
<?xml version="1.0" encoding="UTF-8"?>
<TypeDef>
<id>sdd:control</id>
<typeName>control</typeName>
<isContainer>true</isContainer>
<isStateful>true</isStateful>
<typeNamePlural>controls</typeNamePlural>
<handlerClass>com.sas.ibiomatics.p21.server.scc.control.ControlHandler
</handlerClass>
<notifyUpLevel>1</notifyUpLevel>
<standardType>standardcontrol</standardType>
<validationClass>com.sas.ibiomatics.p21.server.scc.StandardIdToPathTypedefRule
</validationClass>
</TypeDef>
Copyright © 2005, SAS Institute Inc. All rights reserved.
22
Data Access Layer
 Uses Xythos to store object related data
• Object instances and relationships
• Object attributes
 Uses Hibernate to access other data
• Users, Audit records, Signing, Registration
• SCC assessment, workflow and states
 Same approach of accessing Hibernate functions
• Sessions, transactions
• Shared database connection pools
Copyright © 2005, SAS Institute Inc. All rights reserved.
23
Summary
 Uses multiple-tier architecture
• Separates responsibilities
 Uses best practices for each tier
• Presentation
− Templates, shared components, configurable actions
• Web-tier
− Shared control framework
− Factory pattern for configurable accessing to business-tier
• Business-tier
− Component-oriented design with well-defined APIs
− Event-driven design for easy integration (reuse)
• Data-tier
− Uses O/R mapping tool to manage relational data
− Uses external tools to manage transactions and connections
Copyright © 2005, SAS Institute Inc. All rights reserved.
24
Agenda





Background
SDD Key Architecture Components
Reuse
Summary
Demo
• SAS Corporate Compliance
• SAS Drug Development
Copyright © 2005, SAS Institute Inc. All rights reserved.
25
Demo
 SAS® Corporate Compliance (SCC)
 SAS® Drug Development (SDD)
Copyright © 2005, SAS Institute Inc. All rights reserved.
26
Copyright © 2005, SAS Institute Inc. All rights reserved.
27
Related documents
IET Virtual Computer Lab SAS 9.3
IET Virtual Computer Lab SAS 9.3
Requestor - PhilaSUG
Requestor - PhilaSUG
SAS Curriculum Pathways Instructional Guide
SAS Curriculum Pathways Instructional Guide
Download