SOP for Password for Computers and Software in Pharmaceutical

PURPOSE

The purpose of the document is to establish a procedure for the allocation, maintenance of uniqueness; and confidentiality of passwords which in turn are useful in achieving the maintenance of authenticity, integrity, confidentiality, and security of electronic data.

SCOPE

It is applicable to all computers, software, PLCs, and any other electronic devices used in the QA, Warehouse, Quality Control, Production, and Utilities for generating data records except for the software used for the purpose of the management of the inventory control.

RESPONSIBILITY

Head of Production

Head of Engineering

Head of Quality Control

Head of Quality Assurance

DEFINITION

Password:

A series of characters that enables someone to access a file, computer or program and prevent unauthorized access.

Administrator:

The person will have full access to the system.

Supervisor:

A person who will have access to change the daily operational variables, which are required to identify operations from each other, e.g. Batch No. / Lot No. Operator Name.

Operator/ User:

An individual who can only operate the system.

ALSO READ: SOP for Signature Registration of Employees

PROCEDURE

• All computers, software, PLCs, and any other electronic devices used in the Warehouse, QA, Quality Control, Production, and Utilities for generating data records shall have restricted access through user passwords.
• The Quality Assurance shall assign individual passwords to log into the system and access the system.
• The password shall be categorized based on the access rights assigned and /or the design of the system.
• The password preferably shall be allocated at the Administrative level, Supervisory level, and user level depending upon the availability of the provision in the system and the equipment.
• The individual shall maintain the confidentiality of passwords assigned to him/her.
• The assigned user passwords shall be enabled in the system.

• The following category of passwords are forbidden for use:

1. First Name
2. Surname
3. Birth Date
4. Telephone Numbers
5. Name of cities

• The password allocated shall be recorded in Annexure-I and maintained under lock and key in the Quality Assurance department.
• The data/records on the electronic system shall be viewed in case of emergency or during inspection/audit by another person only after approval from Quality Assurance.
• The uniqueness of the passwords shall be maintained such that no two individuals shall have the same passwords for the same system.

Note: The same password can be shared by different user-level individuals in case there is no provision for generating more than two passwords for the system at the User level.

• The passwords shall be revised every quarter and records of the same shall be maintained under lock and key in the Quality Assurance department.
• Once the revised password is enabled, the previous password record shall be made obsolete and destroyed every year.
• The Quality Assurance department shall verify randomly that the old password does not permit access to the system.
• No password shall be repeated for that year for any systems.
• The access rights shall be defined by the Quality Assurance department and shall be recorded in Annexure-II
• In case of any individual who leaves the organization in between to whom the password has been already issued, the same password shall not be issued to the new joint replacement for that post. Instead, a new password shall be issued to the new recruit, and a record of the same is maintained.

ABBREVIATIONS

QAP: Quality Assurance Procedure

PLC: Programmable logic control

QA: Quality Assurance

ID: Identity

ANNEXURE

Annexure-I: Password Allocation Record

Annexure-II: Access Rights Record

REVISION HISTORY

Nil

ALSO READ: SOP for Password, Data Backup and Storage for Computer System