SOP for Password Policy and Data Backup and Storage for Computer Systems

1.0 PURPOSE

To lay down the procedure for password and data backup policy for computerized systems.

2.0 SCOPE

This SOP shall be applicable for the instruments/ equipment wherein data is generated and stored in the computerized systems in the facility.

3.0 RESPONSIBILITY

Officers/ Executive

4.0 ACCOUNTABILITY

Department Head

5.0 PROCEDURE

System, Password and Back-up policies for various instruments/ software shall be followed as the below-mentioned procedure.

5.1 Password Policy

5.1.1 Each user shall have unique Username and Password.

5.1.2 Password validity shall be 30 Days.

5.1.3 Password shall have at least 8 characters.

5.1.4 System shall not acquire last 5 expired passwords.

[ads id="ads1"]

5.1.5 Account shall be lockout automatically after 5 wrong login attempts. Lockout of user shall be unlocked only by administrator.

5.2 User Management Policy

Privilege Groups: There shall be four different level of users (i.e. Administrator, Reviewer and User) and following are the privilege group in the decreasing order based on the privileges assigned.

5.2.1 Administrators: Head-IT or Designee shall be the member of this group. The member of this group has maximum rights and also have rights to assign the privileges to the other privilege group.

5.2.2 Reviewer: Head-QC/ Section Head-QC/ Designee shall be the member of this group. The member of this group shall have rights e.g. Create/ Delete/ Edit user, Create/ Edit Method files, Create and Edit Custom calculations, view audit trail etc.

5.2.3 User: The person responsible for the generation of histogram shall be the member of this group. User shall have rights e.g. make measurements, set reference results, print reports etc.

[ads id="ads1"]

5.3 Data Backup

5.3.1 Yearly Backup: Upon completion of the year, analytical data of previous year shall be backed-up from IT server in pre-numbered tape in duplicate, Head IT shall be the custodian for the backup tapes. 

5.3.1.1 Tolerance of the yearly backup data shall be ten working days after due date of yearly back-up. 

5.3.1.2 Necessary entry shall be made in the yearly backup register. 

5.3.1.3 All the backed-up tapes shall be kept in a fireproof cabinet. 

5.3.2 Numbering System for Backup Taps:

5.3.2.1 Assign the number to the Tape as “XXXX/YYY-01 and XXXX/YYY-02 

Where ‘XXXX’ is the year and ‘YYY’ is the serial number of the tape starting from 001 for every new year. Tape represents the ULTRIUM DATA CARTRIDGE Tapes. Where, 01 & 02 means the two copies of Tapes in duplicate for every year Tapes. 

5.3.3 Storage and Removal Backed-up Data

5.3.3.1 The intermediate backed-up data shall be stored on IT server up to completion of the month. Upon completion of the month, after verification of monthly backed-up data, the intermediate data shall be removed from IT server. 

5.3.3.2 The Monthly backed-up data shall be stored on IT server up to completion of one year. 

5.3.3.3 Analytical data for the current month shall be maintained on the respective computer. Upon completion of monthly back-up on IT server and it’s verification the previous month data shall be removed by Concern person / IT person. Example: The analytical data of May - 18 shall be removed from the hard disk of PC upon completion and verification of monthly back-up of May - 18 means in the start of June - 18.

[ads id="ads1"]

5.3.3.4 Yearly backed-up data shall be stored on IT server up to six years. 

5.3.4 Retrieval of Backed-up or Archived Electronic Files

5.3.4.1 Retrieval of backed-up or archive electronic files shall be authorized by Head Quality / Designee.

5.3.4.2 Restore the data from backed-up Tapes to IT server and from IT server copy it to its original destination. Then open the required file.

6.0 ABBREVIATIONS

6.1 SOP: Standard Operating Procedure

6.2 IT: Information Technology

6.3 QC: Quality Control

Previous Post Next Post

Share our Posts

Latest Learning