Guidance For Vendor Notification Letter: Fill & Download for Free

[Update 2016-02-23]In light of recent studies [American Journal of Clinical Pathology], it seems highly unlikely that Theranos has achieved any comprehensive technological breakthrough. Their reluctance to disclose technology and data (they are supposed to publish data in the next week or so) even after four months and with the negative publicity piling on seems to underscore the point that they probably had no statistically relevant studies of their own technology to begin with. A best-intentions conclusion is that their management suffered from an overestimation bias from limited observations on 'friends and family'.I expect whatever results get disclosed at the behest of Theranos at this point will suffer from self-selection, over-massaging and false equivalence, while still maintaining the obscurative descriptions of their technology. They will conclude that their technology shows as much variability as commercial clinical hematology analyzers and will not allow any independent third-party examinations. I expect that the FDA will have concerns with such results and I fully expect a guidance on the use of finger stick based metrology in POC/clinical diagnostics in the next one year frame.Thanks for noticing this Terrence!tldr: Compliance, marketing and regulations are red herrings in this discussion. The core issue is technology, and its novelty and efficacy.I personally have exceedingly limited and very specific experiences restricted to radiological device premarket qualification/501k to be able to answer this question directly.I receive FDA CDRH (Center for Devices and Radiological Health) bulletins that contain recall and 'lack of compliance' notifications and updates for many major device makers. There are usually 3 or four such notices every week. Some issues are more egregious than others, but there's usually no corresponding public outcry and companies don't go out of business following such notices.Regulatory hurdles are generally not spikes of death, where if you stumble on one, you die. Usually people figure out how to either clear or circumvent the hurdles sooner or later and go about business after that. 23&Me is an example (and so are Abbott, Stryker, GE health, Medtronic..).Violations of regulations is bad, but it is an ordinary fact of healthcare QC because of the many, complicated, moving pieces. Such regulations themselves are not 'rules set in stone', but a matter of continual public discourse and academic/economic/legislative thought on 'what makes sense today' (FDA advisory Committees). FDA does generally have a problem with you if you are a repeat offender and do not respond to guidance (for example, Syntex/IBT Labs/naproxen flap in 1976).That's why I think that there are some misinterpretations in some of the post-Oct 14th opinions and analyses we hear about Theranos. For example, 483 observations are intended as non-comprehensive external feedback to the company's management, and as records meant for FDA to track a company's progress towards compliance.They are not an official critique like gossip has made them out to be. Inspections may also be scheduled or unscheduled, and does not exactly reflect on any particular issue (unless there was a complaint; this data is yet undisclosed). I am pretty sure that Theranos employs plenty of FDA regulation consultants to advice them, so they know what they are doing. This is standard practice.The following links illustrate the regular process for inspections and observations. I won't quote specifically from these since they may be interpreted out of context.FDA Form 483 Frequently Asked Questions(FDA inspection scheduling) What should I expect during an inspection?SUBCHAPTER 5.2 - INSPECTION PROCEDURESSUBCHAPTER 5.2 - INSPECTION PROCEDURES (Refusal of entry)Investigator/Staff Guidance for FDA InspectionsTips on Preparing for an FDA Inspection(The guidance on 'refusal of entry' illustrates that not all inspections may be scheduled a priori. FDA is both authorized as well as invested in in flagrante delicto)Some more data on what FDA considers as official censure: FDA enforcement statistics FY 2014 [pdf].The table below shows 6 big categories that FDA considers censure events (FDA Compliance and Enforcement Information). This is what FDA does when it thinks you are doing something not good for the public or a violation.483 observations don't make it to this list. And note that a warning letter is the first step on the road to FDA hell. IIRC Theranos hasn't made it to this step yet.23andme did, and they are doing fine.This should indicate that (1) 483s are not official censure (2) inspections may happen scheduled or unscheduled. This provides some external corroboration for claims made by Dr. Becker.As I have mentioned elsewhere, there's only a singular issue that Theranos needs to come clean on - The accuracy, precision and applicability of their 'new or unique technology'. That's the only one that matters in the discussion.Otherwise we risk asking the company easy questions that make them look better than pre-Oct 14th.[That's precisely what happened during the WSJD Live/2015 conference.]They can tweak all their marketing claims (exactly what they did by changing their website; don't forget "the website is constantly being updated"), they can readjust all their claims on regulatory compliance, they can create new business models. IMIO we also waste time in discussing the nanotainer nonsense. It's a very basic technology, and will probably receive all kinds of clearance shortly. But again, that doesn't have anything to do with the actual technology that carries out the metrology.I mean, anything can be tweaked. Except for the technology and the actual science.HOW do they carry out ~200 tests on such a small volume of blood?HOW does their metrology maintain the accuracy and precision?WHAT mechanism in their system prevents contamination-during-collection issues?WHAT is the comparison between data obtained by a 3rd party agency operating their equipment and equipment from established diagnostics vendors?If comparison cannot be established, then the 3rd party agency should also provide statistical results showing usable correlations with disease predictions.We do not need the exact technology description. But we do need the general description of the physics they employ - if their IP has value then they should have already patented this.There is a lot of precedence for such technology disclosures. For example,Here's i-STAT corp's 1988 patent (Patent US5096669 - Disposable sensing device for real time fluid analysis),Here's one of the earlier 3rd party performance verifications of the i-STAT device (Erickson/iSTAT/1992 [pdf]),Here's another 3rd party report from 2002 after they had sold their 20,000'th device (Papadea/i-STAT/2002). This report compares istat with other commercial devices.(Note i-STAT was founded in the mid 80s, their first patent is from May 1, 1987; it took at least about 11 years, till about 1998, and countless peer-reviewed medical publications and studies before the devices started getting accepted in the early 2000s. They were acquired by Abbott in 2003 for ~400M)That's what we need to wait for; not FDA reports, not SEC filings, not shareholder letters. So Dr. Becker's views regarding IP protection are not exactly valid.Karen M. Becker, PhD | Precision AdvisorsDr. Becker appears to have a very accomplished profile, so I personally believe that she would not produce opinions that could damage her professional reputation. This is her line of expertise.She might of course use favorable language where there may have been a choice, but the media has also already used unfavorable interpretations where there was a choice.Disclaimer - I have no bone in this. I do not work for Theranos or "the industry incumbents" or any one involved in marketed healthcare. I work in RnD, in segments that none of these companies have an interest in. I am only tracking this topic for the education in how medical technology companies need to behave and the inevitable, cheap lulz and lessons arising from media+marketing getting things wrong. Also, don't like the idea that an entity can be publicly crucified without fair interpretation (neither do I like anyone being exalted without due verification, but that also happened). And speaking of lulz - Dynapy and 'PRICKS'.

This happened sometime in March or April of 2016.What does "trade compliance" mean on the App Store?It is essential that all apps that use, access, contain, implement or incorporate encryption in any form comply with US export regulations as well as international import regulations as applicable. Currently, apps in the App Store are required to comply with US export regulations and import regulations in France for apps that are distributed in France.At the time of submitting an app, developers are required to answer trade compliance questions regarding encryption in the app. It is essential that these questions are answered accurately as you -- the app developer -- are responsible for the trade compliance for your app. Non-Compliance with government regulations is subject to penalties by the relevant government.Note: Failure to provide required copies of approvals from relevant government agencies could result in delisting of your app from Apple’s App Store.US Regulatory RequirementsCategory 5 Part 2 of the US Export Administration Regulations cover the Information Security section of the regulations. Relevant US export administration regulations can be found on the Category 5 Part 2 page and on the encryption web page.French Regulatory RequirementsFrench authorities have agreed to limit the regulatory approval requirements for Apple’s App Store apps that use, access, implement, or incorporate:any encryption algorithm that is yet to be standardized by international standard bodies such as IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, etc. or not otherwise published; or standard (e.g., AES, DES, 3DES, RSA) encryption algorithm(s) instead of or in addition to accessing or using the encryption in Apple OSConsistent with the requirement, Apple will require you to upload a copy of your approved French declaration when you submit your app to the App Store if it meets the criteria described above.Relevant French encryption regulations can be found at:http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000005789847&dateTexte=#LEGIARTI000006421577http://www.ssi.gouv.fr/archive/fr/reglementation/regl_crypto.html http://www.ssi.gouv.fr/site_article195.htmlhttp://www.ssi.gouv.fr/site_article197.htmlHow can I include export compliance documentation with my build?You can upload your export compliance documentation on iTunes Connect from the Encryption section under Features. After it has been uploaded and approved, you will receive a key string value that you can add to your build in Xcode. As long as this key is included, your app will reference the same documentation.How can I update my export compliance documentation?You can add new export compliance documentation on iTunes Connect at any time from the Encryption section under Features. After the new documentation is uploaded and approved, you will receive a new key string value that you must add to your next build. Any build that has already been uploaded will not have this new value, so a new build will need to be uploaded.What do the acronyms in this FAQ mean?Please see below for a list of frequently used Regulatory Acronyms: BIS - Bureau of Industry and Security CCL - Commerce Control List CCATS - Commodity Classification And Tracking System EAR - Export Administration Regulations ECCN - Export Commodity Classification Number ERN - Encryption Registration NumberWhat do I need to know to answer each export compliance questions accurately?The following are the potential questions you will be asked about your app during the trade compliance determination process in iTunes Connect:1st Question: Is your product designed to use cryptography or does it contain or incorporate cryptography?Please answer "YES" to the question even if your app uses or accesses encryption from another source, e.g., iOS or Mac OS X.If your application does not use, access, implement or incorporate encryption, you can answer "NO" to this question and you can continue with the process of uploading your binary.If your application does use, access, implement or incorporate encryption, it may be necessary to submit confirmation of approval by the United States Government and an approval from French authorities if your app is going to be distributed in France. The confirmation for US could be in the form of either a CCATS review and approval or the Exporter Registration Number (ERN). The confirmation for France would be in the form of an Import Declaration.If you are unsure how to classify the encryption used in your application in order to obtain the necessary approval, please refer to the Bureau of Industry and Security US Department of Commerce guidance page: http://www.bis.doc.gov/index.php/policy-guidance/encryption. If you have questions regarding the regulatory references or how to classify the encryption in your application, please consult the U.S. Bureau of Industry and Security, or your legal advisor.2nd Question: Does your product qualify for any exemptions provided under category 5 part 2?There are several exemptions available in US export regulations under Category 5 Part 2 (Information Security & Encryption regulations) for applications and software that use, access, implement or incorporate encryption.All liabilities associated with misinterpretation of the export regulations or claiming exemption inaccurately are borne by owners and developers of the apps.You can answer "YES" to the question if you meet any of the following criteria:(i) if you determine that your app is not classified under Category 5, Part 2 of the EAR based on the guidance provided by BIS athttp://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items#One. The Statement of Understanding for medical equipment in Supplement No. 3 to Part 774 of the EAR can be accessed at Electronic Code of Federal Regulations site. Please visit theQuestion #15 in the FAQ section of the encryption page for sample items BIS has listed that can claim Note 4 exemptions.(ii) your app uses, accesses, implements or incorporates encryption for authentication only(iii) your app uses, accesses, implements or incorporates encryption with key lengths not exceeding 56 bits symmetric, 512 bits asymmetric and/or 112 bit elliptic curve(iv) your app is a mass market product with key lengths not exceeding 64 bits symmetric, or if no symmetric algorithms, not exceeding 768 bits asymmetric and/or 128 bits elliptic curve.Please review Note 3 in Category 5 Part 2 to understand the criteria for mass market definition.(v) your app is specially designed and limited for banking use or ‘money transactions.’ The term ‘money transactions’ includes the collection and settlement of fares or credit functions.(vi) the source code of your app is "publicly available", your app distributed at free of cost to general public, and you have met the notification requirements provided under 740.13.(e).Please visit http://www.bis.doc.gov/index.php/policy-guidance/encryption web page in case you need further help in determining if your app qualifies for any exemptions.If you believe that your app qualifies for an exemption, please answer "YES" to the question.3rd Question: Does your product implement encryption algorithm(s) that is(are) proprietary or yet to be accepted as standards by international standard bodies(IEEE, IETF, ITU, etc.)?Please answer "YES" to the question if your app implements or provides "non-standard cryptography." The BIS defines "non-standard cryptography" as any implementation of "cryptography" involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body ( e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and have not otherwise been published.The WAPI protocol is one example of "non-standard cryptography." Any encryption algorithm designed, developed and implemented from ground up by your company or your vendor and is not otherwise published is another example of "non-standard cryptography."If your answer to the question is "YES", Apple would require you to upload a CCATS approval document from the US government in order for your app to be distributed outside of US.For a full list of items that require CCATS, please visit the guidance provided by the BIS at "What items require an encryption classification?" web page.4th Question: Does your product implement standard encryption algorithm(s) instead of or in addition to using or accessing the encryption in Apple OS?There are occasions when apps may need to implement industry standard algorithms such as AES, DES, RSA, etc., instead of or in addition to accessing or using the encryption algorithms available in Apple OS. If your app does implement industry standard encryption algorithms, please answer "YES" to the question.If you answer "YES" to the question, Apple would require you to upload a copy of your ERN approval document in order for your app to be distributed outside of US.5th Question: Are you releasing your product in France?Please answer "YES" if you would like to distribute your app in France. If your app reaches this point and if you answer "YES" this question Apple would require you to submit an Import Declaration approval from French authorities.NOTE: If you answered "YES" to question 1 but answered "NO" to all other questions, you would be required to upload your ERN approval document before your app can be distributed outside of the U.S.Sample ScenariosScenario 1: An app uses or accesses only encryption algorithms provided in iOS or Mac OS for its security features-- Only US Encryption Registration (ERN) will be required (even if the app is distributed in France)Scenario 2: An app uses or accesses encryption algorithms provided in iOS or Mac OS and implements a industry standard algorithm not yet implemented in iOS for its security features-- US Encryption Registration (ERN) and French Import Declaration approval are requiredScenario 3: A developer implements his own proprietary encryption algorithm(s) for security features in an app-- Both US CCATS and French Import Declaration approval are requiredScenario 4: A developer chooses to release app, that uses only encryption provided in iOS or Mac OS, only in France.-- Only US Encryption Registration (ERN) is requiredScenario 5: A developer chooses to release his app, that has proprietary encryption, only in France.-- Both US CCATS and French Import Declaration Approval are requiredScenario 6: A developer chooses to release his app, that has proprietary encryption, all other countries except France.-- Only US CCATS is requiredScenario 7: A developer chooses to release his app in the U.S. and Canada only.-- No U.S. CCATS or ERN is required. No France Import Declaration is required.How long does the trade compliance review take?Apple evaluates trade compliance reviews on a case by case basis. If complete information is provided, Apple takes around TWO business days to review and clear apps from trade compliance review queue.Where can I find more information on French encryption regulations?You can find French encryption regulations at the following links:http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000005789847&dateTexte=#LEGIARTI000006421577http://www.ssi.gouv.fr/archive/fr/reglementation/regl_crypto.html http://www.ssi.gouv.fr/site_article195.htmlhttp://www.ssi.gouv.fr/site_article197.htmlDo I need to get a French import declaration if my app does not use, access, implement, or incorporate any encryption other than the encryption in iOS and/or OS X?No, you do not need French import declaration if your app does not use, access, implement, or incorporate any encryption other than the encryption in iOS and/or Mac OS X. A French import declaration is required only if your app satisfies any of the following criteria:any encryption algorithm that is yet to be standardized by international standard bodies such as IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, etc. or not otherwise published; or standard (e.g., AES, DES, 3DES, RSA) encryption algorithm(s) instead of or in addition to accessing or using the encryption in Apple OSMy app allows user to directly transfer funds and also email their bank to initiate financial transactions. Does it qualify for the finance exemption?The banking and ‘money transaction’ exemption is for the transfer of funds only, it does not include any other means of communication or activities. Additional functionality would require further review. If you have questions regarding the applicability of this exemption, please contact BIS at 202-482-0707.Does my app require a trade compliance review if I only distribute it on the App Store in the U.S. and Canada?You do not need to go through either the U.S. CCATS or ERN process. However, you will need to answer the encryption questions as they apply to your app, ensure that only Canada and the U.S. are selected on your metadata page and submit a signed and dated letter on your letterhead, reference the app name and ID, certifying that you will only offer your app in the U.S. and/or Canada and that should you decide to expand to other countries at a later date, you will obtain the required U.S. and France approvals as necessary and submit them to Apple’s Export Compliance Department at that time.I am not based in the U.S. Why does my app require an encryption review?Your application will be uploaded to an Apple server in the U.S., which means that your product will be exported from the U.S. and is captured by U.S. export laws. This requirement applies even if you only plan to distribute within your own country.I am from Germany and intend to distribute my app only on the German App Store Does my app require an encryption review?Yes, your app is subject to US export regulations as your app will be uploaded to an Apple server in the US, which means that your product will be exported from the US and is captured by US export laws.Where can I get more information on the encryption registration process?The BIS has created a website on encryption regulations with helpful information. You can visit their "How to file an encryption registration" page that has step by step instructions on the encryption registration process.My app uses public domain libraries, such as OpenSSH. Does it qualify for TSU notification submission under the 740.13(e)1 guidelines? Is it sufficient to send an email notification to the U.S. government with the source code location (for example, http://openssh.org)?Just because you use open source in your app does not necessarily mean that you qualify for the "Source Code – Publicly Available – TSU Notification." In order for your app to qualify for TSU, as detailed in 740.13(e)1 the entire source code and the object file has to be open source, your app must be distributed free of charge to your customers, and you should have notified the US government with the location of your source code.Why does my app require ERN approval after my CCATS has been approved?Apple would require you to provide a copy of your ERN approval only if the comments from the BIS licensing officer in your CCATS approval include the following instructions:ITEM #1: THIS MASS MARKET ENCRYPTION ITEM IS DESCRIBED IN SECTION 742.15(B)(1) OF THE EXPORT ADMINISTRATION REGULATIONS (EAR). AUTHORIZATION UNDER SECTION 742.15.(B)(1) OF THE EAR REQUIRES SUBMISSION OF AN ENCRYPTION REGISTRATION IN ACCORDANCE WITH SECTION 742.15(B)(7) AND ANNUAL SELF-CLASSIFICATION REPORT IN ACCORDANCE WITH SECTION 742.15(C) OF THE EAR.I use the encryption available in iOS and/or OS X. Do I still need to obtain U.S. government approval?You still need to submit your app to the U.S. Bureau of Industry and Security (BIS) for approval because they want to know how you are using encryption in your particular app, even though they have already approved the encryption in the iOS and Mac OS X. You are responsible for obtaining separate approval.It is not necessary to provide Apple’s source code to the government because it has already been reviewed and approved by the U.S. Bureau of Industry and Security (BIS).Does my app require ERN approval?If your app uses, accesses, implements or incorporates industry standard encryption algorithms for purposes other than those listed as exemptions under question 2, you need to submit for an ERN authorization. Examples of standard encryption are: AES, SSL, https. This authorization requires that you submit an annual report to two U.S. Government agencies with information about your app every January.Does my app require CCATS approval?If your app contains, uses or accesses non-standard or proprietary cryptography for purposes other than the exemptions listed under questions 2, Apple would require you to upload a CCATS approval. BIS defines "non-standard cryptography" as any implementation of "cryptography" involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body ( e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and have not otherwise been published.The WAPI protocol is one example of "non-standard cryptography." Any encryption algorithm designed, developed and implemented from ground up by your company or your vendor and is not otherwise published is another example of "non-standard cryptography."How can I obtain the requested document from the U.S. Bureau of Industry and Security (BIS)?You will need to determine what type of approval, if any, is required from the U.S. Bureau of Industry and Security (BIS) for your particular app. This approval is dependent on the type, strength and use of the encryption in your app. Some of the potential choices include: self classification of your product under an exception, the need to submit an "ERN," or a "CCATS," which is outlined in the guidance page (http://www.bis.doc.gov/encryption/default.htm) or under the Export Administration Regulations section 742.15(b)(1) and (b)(2). Seehttp://www.access.gpo.gov/bis/ear/ear_data.html. If you have questions regarding the regulatory references or how to classify the encryption in your application, please consult the U.S. Bureau of Industry and Security, or your trusted legal advisor.Where can I find more information about Apple’s export process?Submit your questions through the iTunes Connect Contact Us page and choose export compliance from the drop down menu. Your questions will be forwarded to Apple’s Export Compliance Department and they will contact you with their response.Do the French authorities require a translated import declaration or can I send it in English?Please direct your questions related to French Import Declarations to French authorities at http://controle.sr@Agence nationale de la sécurité des systèmes d'information.

Features of the Best Visitor Management SystemsWhenever you look to make a purchase or procure new technology for your business, it is important to start by understanding the desired outcomes. Identify the needs of various stakeholders who will be impacted. Then consider the available features and determine which are most important for your organization. Next, consider whether the options that match your checklist fit your budget. Ensure the vendor that is the best fit is known to provide excellent customer support. And in an era of constant news of digital theft, will they secure your data like it's their own?This guidance especially applies when selecting a visitor management system. Keep in mind your most important visitors will interact with this system. As many people are not tech savvy, you need to make sure everyone can easily use it. (At Greetly, we ask our moms to test every aspect of the app before releasing them!)Here are the most important features in a visitor sign-in app:Ease of UseNotifications that Match Receivers’ PreferencesPreregistration and Repeat Visitor FeaturesVisitor Photo CaptureVisitor Badge PrintingLegal Document eSignature CaptureCloud-Based Visitor LogbookSecured DataSoftware IntegrationsWorks with Common Hardware OptionsUnlimited Usage CapacityNo Dedicated or Specialized Personnel is RequiredFor more information about each of these All-Star features, continue reading.The Basics - A Visitor Management App Must...The core of any visitor registration app is quickly and efficiently checking in visitors, capturing key information and letter host employees know of their arrival. Thus, before considering an app, make sure it meets your organization's needs in terms of:Ease of UseThe user interface should have a clear display, without a lot of text and icon clutter. Even first-time visitors should be able to navigate the sign-in process - without assistance - like a tech-savvy veteran. Also, consider is the app's design, known as the user interface. What does it say about your organization and brand? Does the vendor add their logo?Notifications that Match Receivers’ PreferencesYour visitor sign-in app should offer many different visitor reception notification options. Different employees have different works tools and preferences. Some people focus on their work for extended periods of time and do not check their emails often, they need a phone call. Some people don’t like their phone ringing all the time and would prefer email notifications instead. Some rely on Slack corporate instant messaging for most of their communications, so they’d prefer that notifications arrive there. Be sure your service will provide a wide variety of options for guest arrival notifications.Ultimately, you'll want to reach most employee on their smartphones. Make sure your selected software offers unlimited text notifications.Preregistration and Repeat Visitor FeaturesYou want the check-in process to be fast so everyone can get down to business. Look for visitor management software that allows guests to be preregistered ahead of their arrival. Most offer the ability to preregister an associate via the admin portal. Most advanced visitor management apps allow you to preregister visitors directly from your calendar app, whether you use Microsoft Outlook, Google or just about any other digital calendar.And once a visitor has been onsite once, their details are stored in your cloud-based visitor logbook. Select check-in software that allows that person to sign in as a “repeat visitor” the next time they visit and skip several steps in the already quick check-in process.Advanced Features for a More Secure WorkplaceObviously, when using a system that is letting people into your work home, security should be a key concern for everyone. The goal is to protect the physical and data of employees and visitors alike.The hope is that security measures never have to come into play. But in the event that something happens, whether the wrong person is let in, or an unfortunate accident or emergency, where all people in the building need to be accounted for, these measures are incredibly helpful. In order to provide security for the person who is receiving the visitor, as well as the security of the visitor’s data, these are the features to look for:Visitor Photo CaptureCapturing the image of the visitor allows the receiving party to know at a glance who is visiting them. If photos are included in email or Slack notifications, hosts can easily recognize guests even if they have not met previously. Visitor photos are also stored in case of emergency or if something goes missing.Visitor BadgesAnother use for taking digital photos is they can be printed on visitor badges. This will help everyone know, at a glance, that the guest is welcome in the facility. If anything remains in doubt, the visitor label will indicate when the person checked-in and who their host is so they can clarify the situation.Legal Document eSignature CaptureDoes your workplace discuss confidential information? Or do you host events that might require attendees to sign a legal waiver? A visitor check-in app that can capture electronic signatures on legal documents streamlines the process.eSignature capture has many advantages of asking visitors to sign paper documents. First, it avoids a very awkward moment for your employees. Plus, it's safer and incredibly convenient. The security of an electronic signature is in the fact that there is traceable information associated with the signature. The signature will hold information on who signed in, when they signed and where they signed. With nothing to file these digitally, documents are easily retrieved when needed.Cloud-Based Visitor LogbookThe purpose of any logbook is to maintain a record of every guest who checks in and leaves. A digital visitor logbook has countless advantages over the traditional paper version. First, it's available from any web-enabled device. In case of an emergency, like an evacuation, multiple employees can access it from their phones or tablet computers. It will store the reason for visit, host employee, visitor photos, eSigned documents, time in, time out and more. And it maintains privacy.Secured Data (in Europe, GDPR compliance)By its very nature, a visitor management system has key information about your employees and guests. So it is necessary to assure all stakeholders that their names, contact information, signatures, image, etc. will all be kept secure. Make sure to understand the data security practices of your selected sign-in app.In 2018, the European Union introduced the General Data Protection Regulation, commonly referred to as GDPR. If your organization has offices in Europe, or even if you are located elsewhere, if you see a lot of Europeans visitors, make sure your selected visitor registration software is GDPR compliant.Deluxe FeaturesOnce you have the basics down, there are other features you will want to consider. You want to be sure the system is easy to administer so it saves your staff time, instead of wasting it. Also, you'll want it to integrate with other software you use to, yup, save time. Other considerations are the ability to customize preferences for your individual employees or coworking community members and the usage capacity and constraints.Software IntegrationsTo be a productivity app, it must save you time. Integrations automate data into and out of your visitor check-in app.Directory services integrations are key. This will automatically ensure the correct members are available to be notified. So ensure your selected app plays well with Active Directory and Azure AD? Or, for coworking spaces, looks for the ability to sync with member databases like essensys Operate, OfficeRnD, Cobot and Satellite Deskworks?Will it integrate with Zapier, and provide almost unlimited functionality? Will the system provide any version of notification used by employees or community members: voice call, text message, email and Slack notifications? If you have systems already in place, you don’t want to have to change your systems to accommodate your software. The selected software solution should accommodate your existing system, not the other way around.Smart Hardware OptionsThere are three cost components to a visitor management system.SoftwareHardwareThe personnel cost of running the system. (See "Management of System" below).Unless you have specific needs that dictate otherwise, seek a sign-in app that works well with popular, low-cost hardware. There are few reasons you should break your budget with high cost, high tech hardware and gadgets. For example, an iPad receptionist app allows your organization to use low-cost hardware found at any electronics and computer or office supply store. Avoid systems with proprietary hardware requirements, which are hard to find or expensive to replace.Unlimited Usage CapacityDoes it provide unlimited usage with unlimited text messages? You can’t have your system stop working because it reached a limit. And you don’t want to have to try to figure out how much capacity you will need over a period of time, so be sure you get unlimited for a fixed price.Management of SystemThe system should be of such quality that there would be no need for a special IT person on staff or have its management assigned to someone to care for it. It should be helping you, not taking time away from you or anyone else for extra attention.ConclusionToday's modern office should implement a visitor management app. Selecting the right one is important.There is no reason to settle. Select a check-in app one with top-notch security, that works well with services, apps and programs that you have in place, including the preferred “announcement” or alert system for each of your employees or coworking community members. The system should work well with low cost, easy to find hardware, that can be quickly picked up at your local computer or office supply store (just in case). It should have unlimited capacity and no need for someone to be maintaining it. You should be able to get all of this for just a few dollars per day.Originally posted by Greetly at Features of the Best Visitor Management Systems | Digital Receptionist. Reposted with permission.