Dashboard / Files / C-106
C-106

Redzone Security

Section C — Record Management Revision 0 7 pages

Original Document

Scanned document (image-only PDF)

Extracted Text

Searchable text extracted from PDF

1.0 Purpose 
 
 This procedure defines the Redzone Information Technology security and compliance policy
 
 for Ion Labs, Inc. 
 
 2.0 Scope 
 
 This procedure only applies to users of the Redzone Compliance module in use at Ion Labs,
 
 Inc. 
 
 3.0 Responsibility 
 
 3.1 It is the responsibility of all employees to execute this policy in full and to report any
 violations of this policy to their manager or the Director of IT. 
 
 3.2 It is the responsibility of the Director of IT to report any violation of this policy to the
 appropriate manager, department, or committee. The Director of IT is also responsible
 
 for the maintenance of this policy. 
 
 4.0 Definitions 
 
 4.1 RZ — Redzone; Mark Sutcliffe founded Redzone Production Systems in 2013. The
 company website is https://rzsoftware.com/ and provides additional information about
 
 the product. 
 
 4.2 RZ Admin - When written in bold and italic font, this is the Redzone backend
 application used to configure the system. 
 
 4.3 Redzone - When written in bold and italic font, this is the Redzone frontend user
 
 application. 
 
 4.4 Backend Application — The backend application provides tools to set user permissions,
 define locations to use RZ, define products and associated characteristics, define shifts,
 define datasheets, and define triggers. 
 
 
 

[SOP 

 Standard Operating Procedure SOP No Rev ears 
 C-106 0 age 2 0 
 Redzone Security 
 
 4.5 Frontend Application - The frontend application provides the interface for using the
 RZ software in the production environment. It is the end user interface.
 
 4.6 Datasheet - Unless explicitly stated otherwise, a datasheet is a RZ component of the
 RZ Compliance Module that is configured in RZ Admin and used in Redzone to collect
 
 data. 
 
 4.7 IT — Information Technology; the study or use of systems (especially computers and
 telecommunications) for storing, retrieving, and sending information.
 
 5.0 References 
 
 5.1 QS-115, SOP, cGMP Electronic System Controls and Requirements 
 
 3.2 QS-115-F3, Form, Electronic Signature Acknowledgement and Consent 
 
 5.3 New User Setup Policy 
 
 5.4 Release to Production Policy 
 
 6.0 Procedure 
 
 6.1 Employee Onboarding 
 
 6.1.1 The New User Setup policy governs all onboarding. 
 
 6.1.2 Onboarding includes but is not limited to: 
 
 6.1.2.1 Creation of user account 
 
 6.1.2.2 Defining user permissions based on group 
 
 6.1.2.3 Assigning equipment 
 
 6.1.2.4 User training 
 
 6.1.3 All parameters are documented in the New User Setup policy. 
 
 6.1.4 All users have executed form QS-115-F3 Electronic Signature 
 
 Acknowledgement and Consent prior to being assigned a user account.
 
 6.2 Employee Offboarding 
 
 6.2.1 User accounts are disabled immediately upon determination of duties or
 employment. 
 
 
 

[SOP 

 Standard Operating Procedure SOP No Rev 
 C-106 Page 3 of 7 
 Redzone Security 
 
 6.3 Device Release to Production 
 
 6.3.1 All equipment for processing Redzone applications meets or exceeds the
 
 Release to Production policy. 
 
 6.4 Apple ID 
 
 6.4.1 All users with personally assigned iPads or Apple devices will be issued a
 private iCloud account. 
 
 6.4.2 Users with shared devices will have a shared iCloud account.
 
 6.4.3. All Apple devices will have and maintain strong passcodes for the unlock
 
 screen. 
 
 6.5. Passwords 
 
 6.5.1 For the RZ user account, the following requirements apply to passwords:
 
 6.5.1.1 All passwords expire every ninety (90) days. 
 
 6.5.1.2 All passwords must contain at least one (1) capital letter.
 
 6.5.1.3 All passwords must contain at least one (1) lowercase letter.
 
 6.5.1.4 All passwords must be at least six (6) characters long.
 
 6.5.1.5 All password resets are performed by the IT department upon request
 
 and verification. 
 
 6.5.2 Forgotten and Compromised Passwords 
 
 6.5.2.1 SOP QS-115 cGMP Electronic System Controls and Requirements
 requires that all employees using electronic passwords for cGMP
 systems protect and keep confidential user names and passwords used
 
 to access those systems. 
 
 6.5.2.2 All compromised or forgotten passwords must be reported to the IT
 department, who will then reset the password as required.
 
 
 

[SOP 

 Standard Operating Procedure SOP No | Rev 
 C-106 0 Page 4 of 7 
 Redzone Security 
 
 6.5.2.3 IT will inform management in the case of suspicion that someone other
 than the person assigned a username and password has used it to
 access systems or sign transactions. 
 
 6.6 RZ Permissions 
 
 6.6.1 The following are available permission settings: 
 
 6.6.1.1 Users and Permissions 
 
 6:0.1,1.1 This permission provides full admin access to all other
 permissions. 
 
 6.6.1.1.2 With this level of access, a user can view and edit basic
 configuration data on the Places, Products, and Shifts tabs.
 
 Places includes access to Sites, Areas, Locations, Problems
 and Assets, and Manufacturing Types. Products access
 includes the ability to edit product data such as SKUs,
 costs, product characteristics, and unit of measure
 
 conversions. 
 
 6.6.1.1.3 This access level also includes the ability to define shifts,
 and view and edit the Apple TV configurations and
 Highlights. 
 
 6.6.1.2 Places, Products, & Shifts 
 
 6.6.1.2.1 With this level of access, a user can view and edit
 Production Checks and Audits. Along with the ability to
 
 manage characteristics, option lists, and Quality
 Preferences. 
 
 6.6.1.2.2 If utilizing Base Settings, a user with this access level will
 have the ability to view and edit the Base Settings sheets
 
 and defined settings. 
 
 6.6.1.3 Production Checks & Base Settings 
 
 6.6.1.3.1 With this level of access, a user can view and edit
 Production Checks and Audits. Along with the ability to
 manage characteristics, option lists, and Quality
 Preferences. 
 
 
 

[SOP 

 Standard Operating Procedure SOP No | Rev 
 C-106 0 Page 5 of 7 
 Redzone Security 
 
 6.6.1.3.2 “Base Settings” is no longer a feature in the Compliance
 module. It has been moved to the Reliability module.
 
 6.6.1.4 Quality Checks 
 
 6.6.1.4.1 With this level of access, a user can view and edit Quality
 Checks only. Along with the ability to manage 
 
 characteristics, option lists, and Quality Preferences.
 
 6.6.1.5 Maintenance Tasks 
 
 6.6.1.5.1 With this level of access, a user can view and edit
 Maintenance Tasks only. Along with the ability to manage
 characteristics, option lists, and Quality Preferences.
 
 6.6.1.6 Triggers 
 
 6.6.1.6.1 With this level of access, a user can view and edit within
 the Triggers tab. Most likely this would be used in
 conjunction with another toggle enabled for one of the
 datasheet types. 
 
 6.6.1.6.2 Use these toggles individually, or combine them in custom
 
 combinations to create the desired levels of unique access
 for your users. 
 
 6.6.1.7 Send Links in Comments 
 
 6.6.1.7.1 This permission on its own does not provide any screens to
 be available in Admin, other than the Knowledge Base. It
 
 does allow the user to post clickable URLs in the Redzone
 app. 
 
 6.6.1.8 Quality Signoff Permission 
 
 6.6.1.8.1 This permission defines the level of quality sign-off
 available to the user. 
 
 e None = no quality sign off 
 
 e Datasheet = partial sign-off 
 
 e Run = full run or partial sign off 
 
 
 

[SOP 

 Standard Operating Pr oc edure SOP No Rev P age 66 of 7 
 Redzone Securi:ty 
 C-106 0 
 
 6.6.1.9 @Mention Notifications by Email 
 
 6.6.1.9.1 This permission allows the RZ @Mention app notifications
 to forward to the users email. An email must also be
 provided. 
 
 6.6.1.10 @Mention Notifications by SMS 
 
 6.6.1.10.1 This permission allows the RZ @Mention app notifications
 to forward to the user by text message. A phone number
 must also be provided. 
 
 6.7 Roles 
 
 6.7.1 Redzone does not have “Roles” that are applied to users. IT applies the
 
 following permission settings when individuals are assigned the roles in the
 table below: 
 
 & 3 S 
 Ss ish) 
 mJ SS 8=) Q . = = ~ ££ 
 : s 8 iS 3 3 
 Ss & Re x § eS 
 8 2 8 = & & = 
 N S38 = = 28 3 
 N _ S S SRS < 
 Permission le) AN Q Q Qs S 
 Users & Permissions No No No No No Yes 
 Places, Products, & Shifts No Yes No No Yes Yes 
 Production Checks & Base Settings No No No No Yes Yes 
 Quality Checks No No No No Yes Yes 
 Maintenance Tasks No No No No No Yes 
 Triggers No No No No Yes Yes 
 Send Links in Comments No No No No No Yes 
 Quality Sign Off Permission None None Run Run Run Yes 
 @Mention Notifications by Email As desired | As desired | As desired | As desired | As desired Yes
 
 @Mention Notifications by SMS As desired | Asdesired | Asdesired | Asdesired | As desired Yes
 
 6.8 Backup 
 
 6.8.1 Redzone is a cloud-based system. Redzone is responsible for all data backup.
 
 
 

[SOP 

 Standard Operating Procedure SOP No | Rev adeeb? 
 Redzone Security om e : 
 
 7.0 Revision History 

| Rev | Date | Description of Changes | CCR # | By |
|-----|----------|------------------------|-------|----|
| 0 | 01/04/22 | New procedure. N/A D. Wagner | - | - |