Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, redesign and development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Non-product software validation
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Predetermined Change Control Plan
    • GP-025 Usability and Human Factors Engineering
    • GP-026 Market-specific product requirements
    • GP-027 Corporate Governance
    • GP-028 AI Development
    • GP-029 Software Delivery and Commissioning
    • GP-030 Cyber Security Management
      • Templates
        • T-030-001 Cyber Security Management Plan
        • T-030-002 Software Bills Of Materials
        • T-030-003 Cyber Security Assessment Report
        • T-030-004 Cyber Security Risk Matrix
        • T-030-005 NIS2-Compliant Incident Response Plan
        • T-030-006 Access and Segregation-of-Duties Review Record
    • GP-031 Training Data Governance
    • GP-032 CE Mark Process (MDR)
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-110 Esquema Nacional de Seguridad
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-600 Equality Planning
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health version 2.1 (Legacy MDD)
  • Legit.Health US Version 1.1.0.0
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • BSI Non-Conformities
  • Pricing
  • Public tenders
  • Trainings
  • Procedures
  • GP-030 Cyber Security Management
  • Templates
  • T-030-006 Access and Segregation-of-Duties Review Record

T-030-006 Access and Segregation-of-Duties Review Record

  • Governed by GP-030 Cyber Security Management

Purpose​

Periodic review of production-system access assignments and segregation of duties (SoD). Each run of the review confirms that:

  • Every active principal (user, role, service account) has access appropriate to its assigned role.
  • No principal holds a combination of permissions that would breach segregation-of-duties constraints.
  • No stale accounts remain active (no sign of use in the previous 90 days).
  • Administrative access to production systems is gated behind multi-factor authentication.

Periodicity​

Every 6 months (semi-annual). Additional reviews are performed on any change of role, on any onboarding or offboarding event, and on any material change to the access model.

Scope of the review​

Production cloud infrastructure (AWS)​

  • IAM users, IAM roles, and service accounts across the production accounts.
  • Multi-factor authentication status of every human principal.
  • Attached IAM policies (managed and inline) verified for least-privilege.

Source-code repository (organisation-level)​

  • Organisation members and organisation-level admin rights.
  • Write access to protected branches on production-releasable repositories.
  • Third-party applications and OAuth integrations that hold write scope.

Review methodology​

Current active principals are enumerated from each system in scope and cross-checked against the role assignments recorded in the QMS responsibilities matrix. For every principal:

  • Permissions attached to the principal are confirmed minimal for the holder's current role.
  • SoD-critical splits are verified, in particular the separation between "manage production infrastructure" and "approve production deployments", and between "clinical operation" roles and "reviewer or approver" roles.
  • Last-login or last-use timestamp is checked; any principal with no activity in the previous 90 days is flagged for removal.

Review history​

Each semi-annual review adds one row to the table below, signed by the reviewer and the approver.

Review dateReviewerApproverAWS SoD conflictAWS stale accountsRepo SoD conflictRepo stale accountsCorrective actionsOutcome
Help

The Outcome column states "Clean" when no SoD conflict, no stale account, and no over-privileged principal is found. When any of those conditions is not met, the outcome column records the reference of the corrective action opened under GP-006 Non-conformity. Corrective and Preventive actions, so that traceability is preserved.

Criteria for acceptance​

A review is accepted when every column of the row is populated, the reviewer and the approver are distinct roles, and every finding category is either "None" or is cross-referenced to an open corrective action.

Record signature meaning​

  • Reviewer: JD-007 Reviewer name — enumerates principals, cross-checks against the responsibilities matrix, documents findings.
  • Approver: JD-001 Approver name — confirms the review was performed and accepts the outcome.
  • The reviewer and the approver are held as distinct roles. The reviewer is the principal administrator of the production systems in scope; the approver holds no day-to-day operational access to those systems. This split preserves segregation of duties for the review itself.

Template signature meaning​

info

Delete this section when you create a new record from this template.

  • Author: JD-007 Gerardo Fernández
  • Review: JD-004 Saray Ugidos
  • Approval: JD-001 Ms. Andy Aguilar
Previous
T-030-005 NIS2-Compliant Incident Response Plan
Next
GP-031 Training Data Governance
  • Purpose
  • Periodicity
  • Scope of the review
    • Production cloud infrastructure (AWS)
    • Source-code repository (organisation-level)
  • Review methodology
  • Review history
    • Criteria for acceptance
  • Record signature meaning
  • Template signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)