USER ID PASSWORD POLICY
OBJECTIVE: This document provides procedure for issuing user ID’s and Passwords to access Computerized System and procedure to be followed to create, maintain and obsolete user account.
SCOPE: This SOP-IT is applicable to all computerized Systems covered under GxP & non GxP.
RESPONSIBILITY:
T. Administrator:
Responsible for implementation of procedures outlined in this document at all the location. To maintain approved computerized system access forms in Domain User file. Forms of all application access shall be made available to I.T. administrator in the event when Employees is being other sections within department or to other department within sites.
Function Users: Adhere to policy and procedure laid down in this SOP.
ACCOUNTABILITY:
- Information Technology Department.
- Respective Department Head.
- QA Head.
PROCEDURE:
Preamble: This document is intended to protect computing environment in sites of the company by providing rules for required access to Computerized Systems and management of User ID and password.
Roles:
Employees / Contractors / Third Party: Functionally operation of Computerized Systems for business operations.
T. Administrator:
- User ID and password management.
- Authorization and Administration of credentials.
Policy:
Access to Computerized Systems shall be provided to authorized employee / contractors / third Party person only.
The I.T. administrator’s ID needs to be in individual name of administrator.
All Computerized Systems administrator ID and Password shall be in custody of I.T. designated person.
Application roles and privileges related to User ID Management shall remain only with I.T. Administrator.
Application usage roles and access shall be assigned to users on their accounts, based on receipt of written of approved document from designated authorized person.
T. administrator has access to create, modify and obsolete user ID.
T. Administrator shall receive a duly filed and approved form as per respective application SOP for computerized systems User ID Creation / Modification / Deactivation.
In case Employee transfers to other sites or other section within the site or parting from the company, the Form shall be forwarded to I.T. administrator for creation / modification / deactivation practice of all application access.
T department shall be responsible to maintain all filled and approved Form in Domain User files.
T. administrator shall allocate access based on approved form. Once rights are allocated, I.T. Administrator shall return the Form to I.T. department
Employee Responsibility:
Each authorized account holder is assigned a unique user identification and password to access Computerized Systems.
Employee shall initiate an account request form for user id creation or modification.
Approved from shall be forwarded to designated I.T. person.
The systems administrator will issue the initial password for the user ID. However, the account holder will be responsible for changing the password on first logging.
User ID and passwords should not be shared with anyone including administrative assistants, secretaries, managers, co-workers. All passwords are to be treated as sensitive and confidential information.
Resetting password:
In case of password reset, employee or his superior shall in form to designate I.T. with valid reason and designated I.T. person shall forward the request to system administrator.
On receipt of request administrator shall execute and inform the new password within one working day.
Password expiry set for instrument software and operating system.
Password policy:
Password Construction:
Hackers use sophisticated programs to break into systems it is important to the employees to select passwords that would be difficult to breach. Some guidelines for constructing passwords are as follows: Do not use your user ID name in any form in the password.
Do not use first or last names.
Do not use other personal information such as address, birth date, social security Number, etc.
Do not use a password consisting of all letters, or all numbers.
Do not use a password consisting words in the dictionary.
Do not use the same password for various company access needs.
Use passwords with mixed –case alpha characters.
Use passwords containing at least one non-alpha character.
Use a password that is easy to remember so you do not have to write it down.
Use a password that can be typed quickly without having to look at the keyboard.
Password Confidentiality:
Never write password on whiteboard stick notes etc.
Never share password with anyone
Never send a password through email.
Never include a password in a non-encrypted stored document.
Never tell anyone your password.
Never reveal your password over the telephone.
Never hint at the format of your password.
Never reveal or hint at your password on the internet
Never use the “Remember Password” feature of application programs such as internet Explorer, your email program, or any other program.
Never use your password on an account over the internet which does not have a secure login where the web browser address starts with http:// rather than https://
If any suspicion of your password is being broken, change the password immediately and report incident to I.T. designated person for further investigation.
ENCLOSURE:
PC Checklist for Lab and Office Network
ABBREVIATIONS:
Abbreviation | Full Form |
SOP | Standard Operating Procedure |
QA | Quality Assurance |
Rev. | Revision |
NA | Not Applicable |
NCR | Non-conformance Report |
cGMP | Current manufacturing Practices |
USB | Universal Serial Bus |
DVD | Digital Versatile Disc |
GxP | Good X Practices |
IT | Information Technology |
PC CHECKLIST FOR LAB AND OFFICE NETWORK
Description | Observation | |
Operating System Windows – 10 | □ OK □ Not OK □ NA | |
System Type – 64 Bit | □ OK □ Not OK □ NA | |
System Drivers | □ OK □ Not OK □ NA | |
Windows Activation | □ OK □ Not OK □ NA | |
Windows Service Pack Installed | □ OK □ Not OK □ NA | |
Time Zone Settings to “GMT + 5:30” | □ OK □ Not OK □ NA | |
Windows Firewall Disabled | □ OK □ Not OK □ NA | |
Windows Auto update Disabled | □ OK □ Not OK □ NA | |
Antivirus Seqrite Endpoint Security | □ OK □ Not OK □ NA | |
Antivirus Updated | □ OK □ Not OK □ NA | |
MS – Office | □ OK □ Not OK □ NA | |
Adobe Reader | □ OK □ Not OK □ NA | |
Winrar | □ OK □ Not OK □ NA | |
Browsers : Chrome / Firefox | □ OK □ Not OK □ NA | |
Gmail ID Configured | □ OK □ Not OK □ NA | |
Adobe Flash Player | □ OK □ Not OK □ NA | |
Media Player : VLC | □ OK □ Not OK □ NA | |
Profile Configuration | □ OK □ Not OK □ NA | |
Printer Installed : Network / USB / Share | □ OK □ Not OK □ NA | |
Access Rights on Drives to User | □ OK □ Not OK □ NA | |
Check Domain Policy | □ OK □ Not OK □ NA | |
VNC Server Installed | □ OK □ Not OK □ NA | |
Network Drives Access | □ OK □ Not OK □ NA | |
Restrict the Removable Storage Devices i.e. CD / DVD & USB Access | □ OK □ Not OK □ NA | |
Activate the Audit Account Logon Events | □ OK □ Not OK □ NA | |
Windows Administrator Login Account | □ OK □ Not OK □ NA | |
Hide Security Tab | □ OK □ Not OK □ NA | |
Hide Access of Local Drives | □ OK □ Not OK □ NA | |
Lockout Windows Account in case of Idle 5 Minutes | □ OK □ Not OK □ NA | |
Restrict Control Panel | □ OK □ Not OK □ NA | |
Restrict Movie Maker & Windows Media Player | □ OK □ Not OK □ NA | |
Restrict Date & Time Modification | □ OK □ Not OK □ NA |