SOP ON USER PASSWORD POLICY FOR ALL USER/HPLC

by
SOP ON USER PASSWORD POLICY FOR ALL USER/HPLC

OBJECTIVE :  To lay down a procedure for all computer user password policy.

SCOPE : This SOP is applicable for all computer user password policy.

RESPONSIBILITY :

Officer and above shall responsible for preparation of SOP and create numbering system of computer and accessories.

Executive and above shall responsible for Reviewed/Checked of SOP.

Head QA shall responsible for approval of this SOP.

ACCOUNTABILITY : Executive and above shall be accountable for the implementation of SOPs.

DEFINITION :

All computer system users must choose passwords that cannot be easily guessed. This means passwords must never be the same as the User-id passwords must not be a word found in the dictionary or some other part of speech. For example, proper names, places, and slang must not be used.

Password protection ensures that only those users who establish a proof of their authorization will be granted access to data and programs. A poorly chosen password may result in the compromise of the Company’s entire network.

PROCEDURE :

System, Password as the below mentioned procedure

Each user shall have unique Username and Password.

Password validity shall be 40 days.

Password shall have at least 8 characters.

System shall not acquire last 5 expired passwords.

Account shall be lockout automatically after 5 wrong login attempts. Lockout of user shall be unlocked only by administrator.

USER MANAGEMENT POLICY

Privilege Groups: There shall be four different level of users (i.e. Administrator, Reviewer and User) and following are the privilege group in the decreasing order based on the privileges assigned.

Administrators: Head- IT or Designee shall be the member of this group. The member of this group has the maximum rights and also have the rights to assign the privileges to the other privilege group.

Reviewer: Head-QC /Section, Head-QC /Designees shall be the member of this group. The member of this group shall have right e.g. Create/Delete/Edit user, Edit Method files, Create and edit Custom calculations, view audit trail etc.

User: The person responsible for the generation of this group. User shall have right e.g. make measures, set results, print reports etc.