Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
      • Templates
      • Specific procedures
        • SP-018-001 Remote infrastructure control access policy
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Corporate Governance
    • GP-026 Product requirements for US market
    • GP-027 Product requirements for UK market
    • GP-028 Product requirements for the Brazilian market
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • Records
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • GP-018 Infrastructure and facilities
  • Specific procedures
  • SP-018-001 Remote infrastructure control access policy

SP-018-001 Remote infrastructure control access policy

Procedure flowchart​

Purpose​

This procedure defines the process to grant remote access to a specific resource in AWS.

Scope​

This procedure applies to all our software development team.

Responsibilities​

JD-001​

  • To approve the entire process of granting permissions to team members.

JD-005​

  • To ensure that the entire process of granting permissions is carried out according to the methodology established in the present procedure.

Inputs​

  • Team member's fullname.
  • Team member's IP.

Outputs​

  • An updated policy that grants remote access to the user.
  • The credentials generated for allowing remote access to the user.

Development​

The process for granting access to a remote resource to a team member must follow these steps:

  • Request the team member's IP and his or her fullname.

  • Create, if not exist, a new AWS Security Group whose name will be the user's fullname converted to lower case, replacing spaces with hypens and removing accents. For example: 'Gerardo Fernández Moreno' will be transformed to gerardo-fernandez-moreno.

  • This security group should have at least one rule:

PortIPDescription
22XXX.XXX.XXX.XXX (User's IP)Gerardo's home

  • Add the security group to the specified resource.

  • Create a new user inside the specified resource following the same convention that the one used for the name of the security group.

  • If the resource accepts remote connection via SSH, generate a new pem file for the user (if not exists), and add it /home/{username}/.ssh/authorized_keys. Instructions. Otherwise, create a new user with the corresponding password in the device and share the credentials with the team member through 1Password.

Document signature meaning​

  • Author: JD-004 María Diez and/or JD-007 Gerardo Fernández
  • Review: JD-005 Mr. Alfonso Medela
  • Approval: JD-001 Ms. Andy Aguilar
Previous
Specific procedures
Next
GP-019 Software validation plan
  • Procedure flowchart
  • Purpose
  • Scope
  • Responsibilities
    • JD-001
    • JD-005
  • Inputs
  • Outputs
  • Development
  • Document signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)