Laserfiche WebLink
<br />ACZ Laboratories, Inc. August 10, 2007 <br />Quality Assurance Plan Version 12 <br />' SOPAD018.08.07.12 Page 41 of 96 <br />10.6.17 Record Disposal <br />10.6.17.1 Records are disposed of in a manner to ensure client confidentiality. <br />10.6.17.2 Stored records will be reviewed to determine which ones can be destroyed. Any <br />record older than five (5) years from the current date will be destroyed, unless <br />client request, regulatory requirement, or civil action order dictates otherwise. <br />10.7 Computer Data and Records <br />10.7.1 Network File Server <br />Computer files pertaining to all aspects of ACZ's business are stored on a file/print server. To gain <br />access, an employee logs on to the "LAB" domain. Each employee has a unique network user name <br />so that security rules may be enforced. No "guest" logon is permitted. Every employee belongs to a <br />specific "group" and directory security is enforced through privileges granted to these groups. <br />Typically, an employee is granted access to files that pertain to their job functions; otherwise, read- <br />only access or no access is granted. <br />Data generated and reported by ACZ is extremely confidential and the company may be liable for the <br />consequences of the release of this data to any unauthorized person. The implementation of password <br />security is not arbitrary and ensures data is protected and cannot be disclosed to outside parties. <br />Weak, unchanging passwords make this scenario more likely. <br />In general, the network will prompt employees to change their password every 30 days. The <br />password must be at least five (5) characters. Numeric characters are optional. Passwords may not <br />be shared with other employees. The use of another employee's password (with the exception of <br />' common passwords for shared computers) is grounds for disciplinary action. <br />10.7.2 LIMS Server <br />1) Information stored on the LIMS server consists of all sample and client information <br />needed for day-to-day production activities. The information is stored using an Oracle <br />database application. Access is controlled through membership in "groups." Employees <br />may update and change database records according to their job responsibilities. <br />Otherwise, information is restricted to read-only access or no access. <br />2) No modifications to data can be made through applications not authorized by ACZ's IT <br />' department unless a CAR or Issue Wizard is submitted or documentation is provided on <br />the hardcopy of the workgroup. Unauthorized applications include Attached Tables. <br />3) All tables that track changes (TrackInvoice, TrackWorkgroup, etc.) will be audited on a <br />regular basis by a member of the IT department to ensure sufficient information is being <br />supplied as to why changes occur. The explanations must be professional and specific. <br />' 10.7.3 Does Server <br />Access to the does server is read-only and is permitted through Internet Information Services <br />(IIS) authentication and is logged in IIS log files. The server is updated on a regular basis by <br />automated scripts. <br />2773 Downhill Drive 970-879-6590 <br />Steamboat Springs, CO 80487 www.acz.com <br />