SOP for Password Policy and Data Backup and Storage for Computer Systems

SOP for Password Policy and Data Backup and Storage for Computer Systems

Standard operating procedure for computer system passwords and data backup and storage.

1.0 PURPOSE

To lay down the procedure for password and data backup policy for computerized systems.

2.0 SCOPE

This SOP shall be applicable for the instruments/ equipment wherein data is generated and stored in the computerized systems in the facility.

3.0 RESPONSIBILITY

Officers/ Executive

4.0 ACCOUNTABILITY

Department Head

5.0 PROCEDURE

System, Password and Back-up policies for various instruments/ software shall be followed as the below-mentioned procedure.

5.1 Password Policy

5.1.1 Each user shall have unique Username and Password.

5.1.2 Password validity shall be 30 Days.

5.1.3 Password shall have at least 8 characters.

5.1.4 System shall not acquire last 5 expired passwords.

5.1.5 Account shall be lockout automatically after 5 wrong login attempts. Lockout of user shall be unlocked only by administrator.

5.2 User Management Policy

Privilege Groups:There shall be four different level of users (i.e. Administrator, Reviewer and User) and following are the privilege group in thedecreasing order based on the privileges assigned.

5.2.1 Administrators:Head-IT or Designee shall be the member of this group. The member of this group has maximum rights and also have rightsto assign the privileges to the other privilege group.

5.2.2 Reviewer:Head-QC/ Section Head-QC/ Designee shall be the member of this group. The member of this group shall have rights e.g. Create/Delete/ Edit user, Create/ Edit Method files, Create and Edit Custom calculations, view audit trail etc.

5.2.3 User: The person responsible for the generation of histogram shall be the member of this group. User shall have rights e.g. makemeasurements, set reference results, print reports etc.

5.3 Data Backup

5.3.1 Yearly Backup: Upon completion of the year, analytical data of previous year shall be backed-up from IT server in pre-numbered tape induplicate, Head IT shall be the custodian for the backup tapes.

5.3.1.1 Tolerance of the yearly backup data shall be ten working days after due date of yearly back-up.

5.3.1.2 Necessary entry shall be made in the yearly backup register.

5.3.1.3 All the backed-up tapes shall be kept in a fireproof cabinet.

5.3.2 Numbering System for Backup Taps:

5.3.2.1 Assign the number to the Tape as “XXXX/YYY-01 and XXXX/YYY-02

Where ‘XXXX’ is the year and ‘YYY’ is the serial number of the tape starting from 001 for every new year. Tape represents the ULTRIUM DATACARTRIDGE Tapes. Where, 01 & 02 means the two copies of Tapes in duplicate for every year Tapes.

5.3.3 Storage and Removal Backed-up Data

5.3.3.1 The intermediate backed-up data shall be stored on IT server up to completion of the month. Upon completion of the month, after verificationof monthly backed-up data, the intermediate data shall be removed from IT server.

5.3.3.2 The Monthly backed-up data shall be stored on IT server up to completion of one year.

5.3.3.3 Analytical data for the current month shall be maintained on the respective computer. Upon completion of monthly back-up on IT server andit’s verification the previous month data shall be removed by Concern person / IT person. Example: The analytical data of May - 18 shall be removedfrom the hard disk of PC upon completion and verification of monthly back-up of May - 18 means in the start of June - 18.

5.3.3.4 Yearly backed-up data shall be stored on IT server up to six years.

5.3.4 Retrieval of Backed-up or Archived Electronic Files

5.3.4.1 Retrieval of backed-up or archive electronic files shall be authorized by Head Quality / Designee.

5.3.4.2 Restore the data from backed-up Tapes to IT server and from IT server copy it to its original destination. Then open the required file.

6.0 ABBREVIATIONS

6.1 SOP: Standard Operating Procedure

6.2 IT: Information Technology

6.3 QC: Quality Control