CADILA HEALTHCARE LIMITED

Annexure No. xxxx-SOP-xx-xxxxx-xx Version No. 2.0, CURRENT

Risk assessment report for use of Generic Id in CMUser application to access System audit trail of Chromeleon 6.8
Annexure Title
version application.

ATTACHMENT-I OF RISK MANAGEMENT REPORT

Information
Document Title Department
Technology
Risk assessment report for use of Generic Id in CMUser application to access System audit trail of Report No. QRM/2021/XX/XXX
Chromeleon 6.8 version application. Revision No. XX
––

Risk Probability

Probability of
Risk Severity

Classification

Risk Priority

Validation Method
Frequency Data Input

Evaluation
(Used for Occurrence

Detection

Function
Risk
Risk Parameter→
Rationale
Risk No.

Rationale for
Position/ Rationale for for
Component Occurrence Addressed Via
Location Severity Rating Detection
Rating
Rating

Cosmetic
Possible Values→

Critical /

Minor /
Major /
L/M/H

L/M/H

L/M/H

L/M/H

L/M/H
Specification/ Possible

↓
Function Failure(s)
1. Generic Id CMUser To login in Traceability will NA H As the Id will be L CMUser application L H Audit trail L Minor login in  NA
login having application CMUser not be available generic and will be installed on will be CM
admin role application for the person traceability will not Chromeleon 7.2 available for User
in login into the be available for servers and each login applicati
Chromeleon application person specific application can be made in on shall
User access accessed by the CMUser be
Managemen person having application verified
t software remote access to during
(6.8) servers. The servers Migratio
are in control n.
environment and
remote access is
only provided to IT
person, hence the
security rating has
been considered as
L

Page 1 of 3
 CADILA HEALTHCARE LIMITED
Annexure No. xxxx-SOP-xx-xxxxx-xx Version No. 2.0, CURRENT
Risk assessment report for use of Generic Id in CMUser application to access System audit trail of Chromeleon 6.8
Annexure Title
version application.

Risk Probability

Probability of
Risk Severity

Classification

Risk Priority

Validation Method
Frequency Data Input

Evaluation
(Used for Occurrence

Detection

Function
Risk
Risk Parameter→
Rationale
Risk No.

Rationale for
Position/ Rationale for for
Component Occurrence Addressed Via
Location Severity Rating Detection
Rating
Rating

Cosmetic
Possible Values→

Critical /

Minor /
Major /
L/M/H

L/M/H

L/M/H

L/M/H

L/M/H
Specification/ Possible

↓
Function Failure(s)
2. Addition / CMUser Perform User User Id can be NA L CMUser application L CMUser L H Audit trail will L Minor Activity  NA
Modificatio application management created / Modified is used for application is used be available in CM
n of Users / activity in / deactivated in Chromeleon 6.8 for Chromeleon 6.8 for each User
Roles in CMUser CMUser user-management user-management addition / applicati
CMUser application for application. activities and activities, however modification on shall
application Chromeleon 6.8 Roles / Access System audit Trail. the site is migrated done in be
via generic groups can be Chromeleon 6.8 to Chromeleon 7.2 CMUser verified
Id created / modified application is not application and application. during
in CM User operational and no Chromeleon 7.2 Migratio
application. activities i.e. / application has its n.
analysis, user independent Admin
management, etc. is console. Any
been performed on addition /
Chromeleon 6.8. modification in
Additionally, the CMUser
data is migrated application will not
from Chromeleon have any impact on
6.8 to Chromeleon Chromeleon 7.2
7.2 application application.
hence no request for Chromeleon 7.2
User addition / application cannot
modification will be be accessed using
received for Chromeleon 6.8
Chromeleon 6.8 application
application. credentials. 6.8
credentials in

Page 2 of 3
 CADILA HEALTHCARE LIMITED
Annexure No. xxxx-SOP-xx-xxxxx-xx Version No. 2.0, CURRENT
Risk assessment report for use of Generic Id in CMUser application to access System audit trail of Chromeleon 6.8
Annexure Title
version application.

Risk Probability

Probability of
Risk Severity

Classification

Risk Priority

Validation Method
Frequency Data Input

Evaluation
(Used for Occurrence

Detection

Function
Risk
Risk Parameter→
Rationale
Risk No.

Rationale for
Position/ Rationale for for
Component Occurrence Addressed Via
Location Severity Rating Detection
Rating
Rating

Cosmetic
Possible Values→

Critical /

Minor /
Major /
L/M/H

L/M/H

L/M/H

L/M/H

L/M/H
Specification/ Possible

↓
Function Failure(s)
3. Modification CMUser System Audit trail System audit trails NA L By design L By design M H Audit trail will L Critical Verify  Reference – Part 11
of system application / User history in is modified / Modification / Modification / be available directly assessment for
audit trail in CMUser deleted in Deletion of System Deletion of System for each Chromeleon 6.8
CMUser application for CMUser audit trail is audit trail is modification
application.
application Chromeleon 6.8 application. restricted in restricted in done in
via generic CMUser CMUser CMUser
Id application, hence application, hence application.
the occurrence User will not be
rating is Low. able to modify /
delete the System
audit trail in
CMUser
application

Prepared By Reviewed By Reviewed By Reviewed By

Name
Sign./Date
Department Information Technology Quality Control Quality Assurance Quality Assurance

Page 3 of 3