PURPOSE
To lay down the procedure for password and data backup policy for computerized systems.
SCOPE
This SOP shall be applicable for the instruments/equipment wherein data is generated and stored in the computerized systems in the facility.
RESPONSIBILITY
Officers/ Executive
ACCOUNTABILITY
Department Head
PROCEDURE
System, Password, and Backup policies for various instruments/software shall be followed as per the below-mentioned procedure.
Password Policy
- Each user shall have a unique Username and Password.
- Password validity shall be 30 Days.
- Password shall have at least 8 characters.
- The system shall not acquire the last 5 expired passwords.
- Account shall be locked out automatically after 5 wrong login attempts. The lockout of the user shall be unlocked only by the administrator.
User Management Policy
Privilege Groups:
There shall be three different levels of users (i.e. Administrator, Reviewer, and User) and the following are the privileged groups in decreasing order based on the privileges assigned.
Administrators:
- Head-IT or Designee shall be the member of this group. The member of this group has maximum rights and also has rights to assign privileges to the other privileged group.
Reviewer:
- Head-QC/ Section Head-QC/ Designee shall be a member of this group. The member of this group shall have rights e.g. Create/Delete/ Edit user, Create/ Edit Method files, Create and Edit Custom calculations, view audit trail etc.
User:
- The person responsible for the generation of the histogram shall be a member of this group. Users shall have rights e.g. make measurements, set reference results, print reports etc.
Data Backup
Yearly Backup:
- Upon completion of the year, analytical data of the previous year shall be backed up from IT server in pre-numbered tape induplicate, Head IT shall be the custodian for the backup tapes.
- Tolerance of the yearly backup data shall be ten working days after due date of the yearly backup.
- Necessary entries shall be made in the yearly backup register.
- All the backed-up tapes shall be kept in a fireproof cabinet.
Numbering System for Backup Taps:
- Assign the number to the Tape as “XXXX/YYY-01 and XXXX/YYY-02
Where
XXXX - year
YYY - serial number of the tape starting from 001 for every new year.
The tape represents the ULTRIUM DATACARTRIDGE Tapes. Where 01 & 02 means the two copies of Tapes in duplicate for every year Tapes.
- Storage and Removal Backed-up Data
- The intermediate backed-up data shall be stored on IT server up to the completion of the month. Upon completion of the month, after verification of monthly backed-up data, the intermediate data shall be removed from IT server.
- The Monthly backed-up data shall be stored on IT server up to the completion of one year.
- Analytical data for the current month shall be maintained on the respective computer. Upon completion of monthly back-up on IT server and its verification, the previous month's data shall be removed by the concerned person / IT person. Example: The analytical data of May - 18 shall be removed from the hard disk of the PC upon completion and verification of the monthly back-up of May - 18 means at the start of June - 18.
- Yearly backed-up data shall be stored on the IT server for up to six years.
- Retrieval of Backed-up or Archived Electronic Files
- Retrieval of backed-up or archived electronic files shall be authorized by the Head Quality / Designee.
- Restore the data from backed-up Tapes to the IT server and from IT server copy it to its original destination. Then open the required file.
ABBREVIATIONS
SOP: Standard Operating Procedure
IT: Information Technology
QC: Quality Control
ANNEXURE
Nil
REVISION HISTORY
Nil
0 Comments