RESTRICTED CIRCULATION (Draft)

SOP No: IT-002

STANDARD OPERATING Department: Information
PROCEDURE Technology
Page No.: 1 of 4
Title: OPERATING SYSTEM AND SECURITY POLICIES

Version 00 Effective Date Review due Date

1.0 OBJECTIVE
To lay down the procedure to configure the basic policies for user accounts, general security for data
and maintenance for desktops.

2.0 SCOPE
This procedure is applicable to all the computers in CRONUS PHARMA SPECIALITES INDIA PVT
LTD, Hyderabad.

3.0 RESPONSIBILITY.
3.1. IT is responsible for the configuration of such policies.
3.2. All the users in the Cronus Pharma have to follow this procedure.
3.3. IT & team are responsible to supervise and comply with this procedure.
3.4. Head QA/Designee is responsible for compliance of this procedure.

4.0 ACCOUNTABILITY
Head-IT is accountable of this SOP.

5.0 PROCEDURE
5.1. Basic security and group policies.
5.1.1. User login account policies for the operating system.
5.1.2. User name and password combination is unique for that particular user and it is the
electronic identification of that user.
5.1.3. Creation and deletion of user account is under the responsibility of IT.
5.1.4. Maintenance of user password is under responsibility of respective user with the help of
IT.
Prepared by Reviewed by Approved by
Name
Department Quality Assurance Quality Assurance
Designation Manager AGM
Sign & Date
Format No.QA-001-F01-00
RESTRICTED CIRCULATION (Draft)
SOP No: IT-002
STANDARD OPERATING Department: Information
PROCEDURE Technology
Page No.: 2 of 4
Title: OPERATING SYSTEM AND SECURITY POLICIES

Version 00 Effective Date Review due Date

5.1.5. For reactivation and missing password users have to consult IT.
5.1.6. IT is responsible for deactivate\disable the User account on his\her last working day.
5.1.7. Previous login user name shall not be visible at new login.
5.2. User privilege for operating system of computers
5.2.1. Each user shall have a unique combination of user identification and password.
5.2.2. The password shall be confidential.
5.2.3. There are two types of common user groups
a. Administrator level
b. User level
5.3. General policies and privileges for the Administrator level users
5.3.1. The administrator level users shall have rights to access / modify / control all features of
the computer system.
5.3.2. IT personnel will have the rights to access administrator level.
5.4. General policies and privileges for the user level users
5.4.1. All the computer users of Cronus Pharma come under user level.
5.4.2. Users are restricted to Copy, Paste, Delete any kind of electronic raw data files from raw
data storage folder of the application software generated by systems.
5.4.3. Computer lockout mechanism shall be configured to prevent unauthorized access to
operating system when system is ideal.
5.4.4. They cannot use CD writer / Floppy drive/ USB flash drives.
5.4.5. All the users by default will be the members of restricted users group.
5.4.6. They cannot change Date, Time and Time zone of the system.
5.5. Security policies
5.5.1. Password Policy
Prepared by Reviewed by Approved by
Name
Department Quality Assurance Quality Assurance
Designation Manager AGM
Sign & Date
Format No.QA-001-F01-00
RESTRICTED CIRCULATION (Draft)
SOP No: IT-002
STANDARD OPERATING Department: Information
PROCEDURE Technology
Page No.: 3 of 4
Title: OPERATING SYSTEM AND SECURITY POLICIES

Version 00 Effective Date Review due Date

5.5.2. All passwords shall have a minimum number of six characters. Passwords must be
complexity (combination of alphabets and numbers).
5.5.3. Password shall not be copied by anyway.
5.5.4. Password will expire in 90 days.
5.5.5. Passwords shall not be repeated for at least 3 changes.
5.5.6. During first login, system will ask to change the password given by the IT personnel.
5.5.7. Folder level security policy
 Each user will have network drive to store their data, which is not accessible by other
users. Network Drives will back up into Magnetic tapes.
 Data exported by the software (Empower, Lab X, etc.) will be stored in the network
drive and available to only respective users.
 The folders, which are used by multi user, shall have access by network drive and
configuration to the respective user in a predefined manner approved by head of the
department.
5.6. Network connections settings
5.6.1. Network settings are configured for Network Connections for Security Purpose.
5.6.2. Disabled to rename LAN connections or remote access connections available to all
users.
5.6.3. Prohibited access to properties of components of LAN connections.
5.6.4. Prohibited the TCP/IP advanced configurations.
5.6.5. Prohibited the enabling/disabling components of LAN connection.
5.7. Antivirus policy

Prepared by Reviewed by Approved by

Name
Department Quality Assurance Quality Assurance
Designation Manager AGM
Sign & Date
Format No.QA-001-F01-00
RESTRICTED CIRCULATION (Draft)
SOP No: IT-002
STANDARD OPERATING Department: Information
PROCEDURE Technology
Page No.: 4 of 4
Title: OPERATING SYSTEM AND SECURITY POLICIES

Version 00 Effective Date Review due Date

5.7.1. For security of the data from the various viruses, ISD installed Antivirus software on
Server and all its client computers in entire network.
5.7.2. The definition of the antivirus shall be updated automatically by using the Antivirus
server on regular basis

6.0 LIST OF ANNEXURES

Not Applicable

7.0 REFERENCES
Not Applicable

8.0 ABBREVATIONS
USB : Universal Serial Bus

9.0 CHANGE HISTORY:

S. No. Supersede No. Review Date CC Ref No. Revision Summary

01 NA NA NA New SOP

“END OF THE DOCUMENT”

Prepared by Reviewed by Approved by

Name
Department Quality Assurance Quality Assurance
Designation Manager AGM
Sign & Date
Format No.QA-001-F01-00