Follow
1.0 OBJECTIVE: To lay down a procedure for Access Control of ERP System.
2.0 SCOPE: This SOP is applicable for maintenance of user policy, User Name, ID, Password & privilege of ERP System in …………
3.0 RESPONSIBILITY:
3.1 Users: Officer/Executive of relevant department shall responsible for entry of data, view of data, Transaction and save the data in the ERP System.
3.2 Executive: Executive of relevant department can shall view, verify, authorized, transaction and save the data in the ERP System.
3.3 Managers: Managers/Section head of relevant department shall be responsible to create procedure/method, view, verify, authorizes, transaction, Print and save the data in the ERP System.
3.4 Auditors: Auditors shall be responsible for view the data & review of Audit trails of ERP system.
3.5 System Administrator: IT person shall be responsible for overall rights including addition and deletion of User ID, Creation of Passwords in the ERP System.
4.0 ACCOUNTABILITY:
Head QA: Approval, ensure Training and Implementation of this SOP.
5.0 DEFINITIONS: Not Applicable
6.0 PROCEDURE:
6.1 User Name, ID & Password Generation & Control:
6.1.1 After receiving of requisition from user department IT person shall create user ID in the ERP System.
6.1.2 IT Person shall provide privilege to users as per recommendation of concerned department head.
6.1.3 IT person shall create password for users which shall be changed by user and can’t be share to any other persons.
6.1.4 All ERP activity shall be controlled with audit trial.
6.1.5 Audit trial shall be activated & locked by IT person.
6.1.6 Audit trail shall be checked by auditors on daily basis.
6.1.7 User privilege, addition and deletion shall be maintained in Annexure –I of this SOP.
6.1.8 Users shall be well aware to his/her privileges.
6.1.9 User Levels & Privileges:
6.1.10 First Level: User shall be enter data, view of data, Transaction and save the data but they don’t have right for preparation of procedure/method in the ERP System.
6.1.11 Second level: Executive of relevant department shall view, verify, authorized, transaction and save the data in the ERP System.
6.1.12 Third level: Manager/Section head of relevant department shall be prepare procedure/method View, verify, authorizes, transaction, Print and save the data in the ERP System but they don’t have right for any addition and deletion.
6.1.13 Fourth level: Administrator have all the rights they shall edit, delete the User ID, modify the user password if lost by users and can modify the system as per instruction of service provider.
6.1.14 Each change in the ERP system shall be control through change control after approval of Head-Quality.
6.1.15 Auditors: Auditors/Reviewers shall be view and take printout of the Audit trials and check the systems but they don’t have right to change anything in the system.
7.0 ABBREVIATIONS:
ERP Enterprise Resource Planning
ID Identity
IT Information Technology
SOP Standard Operating Procedure
