EN | EE | RU

Disclaimer: Our company categorically condemns the fascist, annexationist war unleashed by the mad dictator Ń€utin against the people of independent, democratic Ukraine and wishes for a swift victory over the fascist invaders!
We do not provide services to fascists. Glory to Ukraine! 

About
Partners
References
Contacts

Send request

User Accounts

A GMP monitoring system must include access control with individual user accounts and passwords. There must be at least three levels of access permissions:

  • Operator
  • Process Engineer / Technologist (Shift Leader, Process Owner)
  • Administrator

None of these access levels should allow for manipulation or deletion of registered environmental parameters, event logs, or the Audit Trail.

The monitoring system should allow for the deactivation/disablement/blocking of user accounts but should not permit their deletion, as this would compromise data integrity.

The system for managing access permissions can be implemented in several ways, for example:

  1. Fixed User Groups (Operators/Technologists/Administrators), where each operation is assigned to a group authorized to perform it.
  2. Ranking System, where each user is assigned a numerical value – a rank – sufficient for performing only certain operations, with each operation specifying the minimum rank required.
  3. Permission Matrix, where specific permissions are configured for each individual user.

Passwords

Passwords must be strictly individual. Password assignment should ensure that no one knows the password except the user (not even the administrator). Passwords should be changed regularly, with the system automatically prompting users to update their passwords. Minimum password length/complexity requirements should be enforced (e.g., 8 characters, mixed case letters, special characters, and digits). User authorization should automatically expire after a set period of inactivity (e.g., 10 minutes). The administrator should have the ability to reset passwords and block user accounts.

Remote Access

Remote access (via public Internet networks) to the GMP monitoring system is highly undesirable and poses significant risks. If remote access is still necessary, extraordinary security measures must be implemented:

  • Set up a VPN channel with a reliable level of security/encryption.
  • Create a "mirror" of the monitoring system database in an external environment (outside the secure server infrastructure of the monitoring system) specifically for remote access, without the ability to transfer data back from the mirror to the main database.
  • If data transmission/control from outside is still required, use a custom command system (non-compatible with any known systems, protocols etc.) and additional command authorization.

Tarqvara GMP Monitoring System

The Tarqvara GMP monitoring system implements technical solutions for user account management and system access that meet all security requirements based on a risk-based approach and GMP practices.

See also:
GMP Monitoring Systems
Tarqvara GMP Monitoring System
IT Solutions / GAMP / Data Integrity (RDI)
Computerized Systems Validation (CSV)

 

+372 580 500 39
in@tarqvara.com

Tallinn, Estonia