USER ID PASSWORD POLICY

USER ID PASSWORD POLICY

OBJECTIVE: This document provides procedure for issuing user ID’s and Passwords to access Computerized System and procedure to be followed to create, maintain and obsolete user account.

SCOPE: This SOP-IT is applicable to all computerized Systems covered under GxP & non GxP.

RESPONSIBILITY:

T. Administrator:

Responsible for implementation of procedures outlined in this document at all the location. To maintain approved computerized system access forms in Domain User file. Forms of all application access shall be made available to I.T. administrator in the event when Employees is being other sections within department or to other department within sites.

Function Users: Adhere to policy and procedure laid down in this SOP.

ACCOUNTABILITY:

• Information Technology Department.
• Respective Department Head.
• QA Head.

PROCEDURE:

Preamble: This document is intended to protect computing environment in sites of the company by providing rules for required access to Computerized Systems and management of User ID and password.

Roles:

Employees / Contractors / Third Party: Functionally operation of Computerized Systems for business operations.

T. Administrator:

• User ID and password management.
• Authorization and Administration of credentials.

Policy:

Access to Computerized Systems shall be provided to authorized employee / contractors / third Party person only.

The I.T. administrator’s ID needs to be in individual name of administrator.

All Computerized Systems administrator ID and Password shall be in custody of I.T. designated person.

Application roles and privileges related to User ID Management shall remain only with I.T. Administrator.

Application usage roles and access shall be assigned to users on their accounts, based on receipt of written of approved document from designated authorized person.

T. administrator has access to create, modify and obsolete user ID.

T. Administrator shall receive a duly filed and approved form as per respective application SOP for computerized systems User ID Creation / Modification / Deactivation.

In case Employee transfers to other sites or other section within the site or parting from the company, the Form shall be forwarded to I.T. administrator for creation / modification / deactivation practice of all application access.

T department shall be responsible to maintain all filled and approved Form in Domain User files.

T. administrator shall allocate access based on approved form. Once rights are allocated, I.T. Administrator shall return the Form to I.T. department

Employee Responsibility:

Each authorized account holder is assigned a unique user identification and password to access Computerized Systems.

Employee shall initiate an account request form for user id creation or modification.

Approved from shall be forwarded to designated I.T. person.

The systems administrator will issue the initial password for the user ID. However, the account holder will be responsible for changing the password on first logging.

User ID and passwords should not be shared with anyone including administrative assistants, secretaries, managers, co-workers. All passwords are to be treated as sensitive and confidential information.

Resetting password:

In case of password reset, employee or his superior shall in form to designate I.T. with valid reason and designated I.T. person shall forward the request to system administrator.

On receipt of request administrator shall execute and inform the new password within one working day.

Password expiry set for instrument software and operating system.

Password policy:

Password Construction:

Hackers use sophisticated programs to break into systems it is important to the employees to select passwords that would be difficult to breach. Some guidelines for constructing passwords are as follows: Do not use your user ID name in any form in the password.

Do not use first or last names.

Do not use other personal information such as address, birth date, social security Number, etc.

Do not use a password consisting of all letters, or all numbers.

Do not use a password consisting words in the dictionary.

Do not use the same password for various company access needs.

Use passwords with mixed –case alpha characters.

Use passwords containing at least one non-alpha character.

Use a password that is easy to remember so you do not have to write it down.

Use a password that can be typed quickly without having to look at the keyboard.

Password Confidentiality:

Never write password on whiteboard stick notes etc.

Never share password with anyone

Never send a password through email.

Never include a password in a non-encrypted stored document.

Never tell anyone your password.

Never reveal your password over the telephone.

Never hint at the format of your password.

Never reveal or hint at your password on the internet

Never use the “Remember Password” feature of application programs such as internet Explorer, your email program, or any other program.

Never use your password on an account over the internet which does not have a secure login where the web browser address starts with http:// rather than https://

If any suspicion of your password is being broken, change the password immediately and report incident to I.T. designated person for further investigation.

ENCLOSURE:

PC Checklist for Lab and Office Network

ABBREVIATIONS:

PC CHECKLIST FOR LAB AND OFFICE NETWORK