SOP for Password, Data Backup and Storage for Computer System

PURPOSE

To lay down the procedure for password and data backup policy for computerized systems.

SCOPE

This SOP shall be applicable for the instruments/equipment wherein data is generated and stored in the computerized systems in the facility.

RESPONSIBILITY

Officers/ Executive

ACCOUNTABILITY

Department Head

PROCEDURE

System, Password, and Backup policies for various instruments/software shall be followed as per the below-mentioned procedure.

ALSO READ: SOP for Internal Audit

Password Policy

• Each user shall have a unique Username and Password.
• Password validity shall be 30 Days.
• Password shall have at least 8 characters.
• The system shall not acquire the last 5 expired passwords.
• Account shall be locked out automatically after 5 wrong login attempts. The lockout of the user shall be unlocked only by the administrator.

User Management Policy

Privilege Groups:

There shall be three different levels of users (i.e. Administrator, Reviewer, and User) and the following are the privileged groups in decreasing order based on the privileges assigned.

Administrators:

• Head-IT or Designee shall be the member of this group. The member of this group has maximum rights and also has rights to assign privileges to the other privileged group.

Reviewer:

• Head-QC/ Section Head-QC/ Designee shall be a member of this group. The member of this group shall have rights e.g. Create/Delete/ Edit user, Create/ Edit Method files, Create and Edit Custom calculations, view audit trail etc.

User:

• The person responsible for the generation of the histogram shall be a member of this group. Users shall have rights e.g. make measurements, set reference results, print reports etc.

Data Backup

Yearly Backup:

• Upon completion of the year, analytical data of the previous year shall be backed up from IT server in pre-numbered tape induplicate, Head IT shall be the custodian for the backup tapes.

ALSO READ: SOP for Data Integrity

1. Tolerance of the yearly backup data shall be ten working days after due date of the yearly backup.
2. Necessary entries shall be made in the yearly backup register.
3. All the backed-up tapes shall be kept in a fireproof cabinet.

Numbering System for Backup Taps:

• Assign the number to the Tape as “XXXX/YYY-01 and XXXX/YYY-02

Where 

XXXX - year 

YYY - serial number of the tape starting from 001 for every new year. 

The tape represents the ULTRIUM DATACARTRIDGE Tapes. Where 01 & 02 means the two copies of Tapes in duplicate for every year Tapes.

• Storage and Removal Backed-up Data

1. The intermediate backed-up data shall be stored on IT server up to the completion of the month. Upon completion of the month, after verification of monthly backed-up data, the intermediate data shall be removed from IT server.
2. The Monthly backed-up data shall be stored on IT server up to the completion of one year.
3. Analytical data for the current month shall be maintained on the respective computer. Upon completion of monthly back-up on IT server and its verification, the previous month's data shall be removed by the concerned person / IT person. Example: The analytical data of May - 18 shall be removed from the hard disk of the PC upon completion and verification of the monthly back-up of May - 18 means at the start of June - 18.
4. Yearly backed-up data shall be stored on the IT server for up to six years.

• Retrieval of Backed-up or Archived Electronic Files

1. Retrieval of backed-up or archived electronic files shall be authorized by the Head Quality / Designee.
2. Restore the data from backed-up Tapes to the IT server and from IT server copy it to its original destination. Then open the required file.

ABBREVIATIONS

SOP: Standard Operating Procedure

IT: Information Technology

QC: Quality Control

ANNEXURE

Nil

REVISION HISTORY

Nil

ALSO READ: SOP for Signature Registration of Employees