SOP on Password Policy For Computers and Softwares in Pharmaceutical Plant

0
17281

1.0 PURPOSE:

The purpose of the document is to establish a procedure for allocation, maintenance of uniqueness; and confidentiality of passwords which in turn useful in achieving the maintenance of authenticity, integrity, confidentiality and security if electronic data.

2.0 SCOPE:

It is applicable to all computers, software’s, PLCs and any other electronic devices used in the QA, Warehouse, Quality Control, Production and Utilities for generating data records except for the software used for the purpose of the management of the inventory control.

 3.0 RESPONSIBILITY:

  • Head of Production:
  • Head of Engineering
  • Head of Quality Control
  • Head of Quality Assurance

 4.0 DEFINITION:

  • Password: A series of character that enables someone to access a file, computer or program and prevent unauthorized access.
  • Administrator: Person will have full access to the system.
  • Supervisor: Person who will have access to change the daily operational variables, which are required to identify operations from each other, e.g. Batch No. / Lot No. Operator Name.
  • Operator/ User: An individual who can only operate the system.                                     

5.0 PROCEDURE:

5.1 All computers, software’s, PLCs and any other electronic devices used in the Warehouse, QA, Quality Control, Production and Utilities for generating data records shall have restricted access through user passwords.

5.2 The Quality Assurance shall assign individual passwords to log into the system and access the system.

5.3 The password shall be categorized on the basis of access rights assigned and /or design of the system.

5.4 The password preferably shall be allocated at Administrative level, Supervisory level and User level depending upon the availability of the provision in the system and the equipment.

5.5 The individual shall maintain the confidentiality of passwords assigned to him/her.

5.6 The assigned user passwords shall be enabled in the system.

5.7 Following category of the passwords are forbidden for use:

5.7.1 First Name

5.7.2 Surname

5.7.3 Birth Date

5.7.4 Telephone Numbers

5.7.5 Name of cities

5.8 The password allocated shall be recorded in the Annexure-I and maintain it under lock and key in Quality Assurance department.

5.9 The data / records on electronic system shall be viewed in case of emergency or during inspection / audit by another person only after approval from Quality Assurance.

5.10 The uniqueness of the passwords shall be maintained such that no two individuals shall have the same passwords for the same system.

Note: Same password can be shared by the different user level individuals in case if there is no provision for generating more than two passwords for the system at User level.

5.11 The passwords shall be revised on quarterly basis and records of the same shall be maintained under lock and key in Quality Assurance department.

5.12 Once the revised password is enabled, previous password record shall be made obsolete and destroyed on yearly basis.

5.13 Quality Assurance department shall verify randomly that old password does not permit access to the system.

5.14 No password shall be repeated for that year for any systems.

5.15 The access rights shall be defined by Quality Assurance department and shall be recorded in the Annexure -II

5.16 In case of any individual who leaves the organization in between to whom the password has been already issued, the same password shall not be issued to the newly joined replacement for that post. Instead new password shall be issued to the new recruit and record of the same is maintained.

6.0 REFERENCES:

SOP on Design and Control of Documents

7.0 ENCLOSURES:

7.1       Password Allocation Record  :                       Annexure-I

7.2       Access Rights Record            :                      Annexure-II

8.0 ABBREVIATIONS :

QAP                :                       Quality Assurance Procedure

PLC                 :                       Programmable logic control

QA                   :                       Quality Assurance

ID                    :                       Identity

Annexure-I

PASSWORD ALLOCATION RECORDS

Name of

Equipments/System

Equip./ System ID No.
Location Minimum Characters Required for Password
Security Level

Available

Administrative/Supervisory/User
Password Allocation Details:
Administrator
Name of Candidate Designation User ID Password Password

Expiry

Password

Allocated

By(Sign/Date)

Supervisor
Name of Candidate Designation User ID Password Password

Expiry

Password

Allocated

By(Sign/Date)

User
Name of Candidate Designation User ID Password Password

Expiry

Password

Allocated

By(Sign/Date)

Note: QA Department shall assign the password and fill in details in page 1of 2 of form. The password shall be communicated to concerned personnel and sign of password shall be taken on page 2 of 2 (Page 1 of 2 shall be kept confidential).

Annexure-II

ACKNOWLEDGEMENT OF PASSWORD ALLOCATION

Acknowledgement of Password
Administrator
Name of Candidate Password Expiry Date Sign. of Password Holder
Supervisor
Name of Candidate Password Expiry Date Sign. of Password Holder
User
Name of Candidate Password Expiry Date Sign. of Password Holder

RIGHTS ALLOCATION RECORDS

Name of

Equipments/System

Equip. ID. No.
Location Function of Equipment
Security Level

Available

Administrative/Supervisory/User
Criticality of activity to be Carried out at system:
Rights Allocation
Security Level Rights Assigned Approved By

(Head QA)

Authorized By

(Unit Head)

 

 

 

 

 

Administrator

 

 

 

 

Supervisor  

 

 

 

 

 

 

 

 

 

User