OPERATING
PROCEDURE / Document No.: 50-0080_00
Rev. : 001
Title: Computer System Security
I. PURPOSE/SCOPE
This procedure describes the computer system security on the SAS server at MXI.
This procedure applies to all access to data files on MXI servers from users defined within the MXI organization. .
II. RESPONSIBILITY
This procedure applies to all employees who have the ability to access data on MXI server.
III. REFERENCES
· 21 CFR Part 11, Electronic Record Rule
· 21 CFR Part 312, Investigational New Drug Application
· Computerized Systems Used in Clinical Trials, Guidance for Industry, April 1999.
· SAS Data Access Control WPG
IV. DEFINITIONS
· SAS - a statistical package used by Biometry to perform statistical analysis.
· SAS User - individual with an account on the SAS system and is part of the Biometry SAS Users’ group account.
· Biometry SAS Administrator - the individual in the Biometry charged with managing the SAS system and implementing access requests.
· Prospective User - a MXI employee or contractor who needs access to SAS and to the Biometry SAS Users’ group account but does not yet have an account.
V. MATERIALS
N/A
VI. PROCEDURES
1.0 Physical access to Server
1.1 The building at Milpitas is secured with an alarm system with a security guards services who periodically perform survalance on the properties to ensure safety.
1.2 The building will have a receptionist at the front desk when the main door is open.
1.3 The room which the server is located will be locked with keys that only IT and Biometry SAS Administrator has access to.
1.4 The server room has a battery power backup facility in the event of power outage. This will provide one hour after the power has been lost to enable administrators to properly backup data and shut down servers to prevent data lost or corruption.
1.5 The server room will have a signup form documenting access to the room.
2.0 Data Security on the Server
2.1 User access to the server will follow the procedure as documented in the SAS System Access Authorization SOP 20-0408_00.
2.2 Server will contain the latest version of McAfee anti-virus software.
2.3 Server is behind hardware firewall that is integrated into the router for protection against connects to the Internet.
2.4 Physical network can only be access within the offices in the Milpitas office. The Windows XP authentication will prevent unauthorized users from entering.
2.5 All accounts on the server will have a unique user name and password. The passwords will require having both numbers and mixed case characters for better security. The passwords will need to be updated on a periodic period within each three weeks interval.
2.6 The wireless connections are disabled for secured servers. This will prevent unauthorized users who want to enter the system using WiFi.
Page 2 of 2