| SOP | WIN | AA Doc ID | Type | Frequency | Description (Purpose, Scope & Audit Focus) |
|---|---|---|---|---|---|
| SOP-IT-ACCESS | |||||
| WIN-IT-ACCESS-CHK | AA-IT-ACCESS-CHK | CHK | Per Event |
Purpose: Ensure provisioning, modification, and removal of system access is approved. Scope: All GxP-relevant systems and user access changes. Auditor Focus: QA approval, role appropriateness, and access control enforcement. |
|
| WIN-IT-ACCESS-LOG | AA-IT-ACCESS-LOG | LOG | Ongoing |
Purpose: Maintain chronological traceability of user access changes. Scope: User provisioning, modification, and deactivation events. Auditor Focus: Timely updates, completeness, and consistency with approvals. |
|
| SOP-IT-ESIG | |||||
| WIN-IT-ESIG-FRM | AA-IT-ESIG-FRM | FRM | Per Assignment |
Purpose: Authorize users for compliant electronic signature use. Scope: Systems requiring Part 11–compliant electronic signatures. Auditor Focus: Identity verification, authorization, and signature linkage. |
|
| WIN-IT-ESIG-REC | AA-IT-ESIG-REC | REC | Per Event |
Purpose: Provide evidence of compliant electronic signature execution. Scope: All electronic signature events in regulated systems. Auditor Focus: Audit trails, attribution, and record integrity. |
|
| SOP-IT-BACKUP | |||||
| WIN-IT-BACKUP-LOG | AA-IT-BACKUP-LOG | LOG | Scheduled |
Purpose: Confirm execution of required system backups. Scope: All regulated systems requiring backup and recovery. Auditor Focus: Backup frequency, success status, and exception handling. |
|
| WIN-IT-BACKUP-REC | AA-IT-BACKUP-REC | REC | Periodic |
Purpose: Verify that backed-up data can be successfully restored. Scope: Restore testing for regulated systems. Auditor Focus: Restore success, testing frequency, and issue resolution. |
|
| SOP-IT-VALIDATE | |||||
| WIN-IT-VALIDATE-FRM | AA-IT-VALIDATE-FRM | FRM | Per Lifecycle Milestone |
Purpose: Obtain QA approval of system validation activities. Scope: Validation lifecycle phases and milestones. Auditor Focus: QA oversight and lifecycle control. |
|
| WIN-IT-VALIDATE-REC | AA-IT-VALIDATE-REC | REC | Per Release / Change |
Purpose: Confirm systems remain in a validated state. Scope: System releases, changes, and periodic validation reviews. Auditor Focus: Fit-for-use justification and ongoing validation status. |
|