R-002-007 Process validation card 2023_018
Version control
| Reason for review | Date | Version id | Change |
|---|---|---|---|
| Initial creation | 20230308 | 1 | N/A |
| Management Review 2024 | 20240415 | 2 | Annual revalidation |
| Management Review 2025 | 20250415 | 3 | Annual revalidation |
| Update | 20260223 | 4 | Added risk analysis section |
Process
Design and development
Requirements
We need a secure password management tool that allows collaboration within our team, protects our passwords from external parties, and has audit and control fuctionalities.
Selection description
We have chosen to use Passbolt, instead of 1Password, for our password management needs from a desire for enhanced control and transparency. It has the following characteristics:
- Enhanced Security: Passbolt's open-source nature and end-to-end encryption provide a high level of security. This is crucial when dealing with sensitive medical data and the need to ensure compliance with privacy regulations like HIPAA.
- Full Data Control: With self-hosting capabilities, Passbolt allows us to maintain complete control over our password data. This is particularly advantageous when dealing with medical information, as it reduces reliance on external servers.
- Transparency and Accountability: Passbolt's ability to track and log password access supports transparency and accountability within our remote team. This feature is crucial when working with a distributed team on a critical project like our medical device development.
- Collaboration Features: Passbolt's design facilitates secure sharing of passwords and credentials among team members. In a startup environment, where efficient collaboration is vital, this is a substantial benefit.
- Customization for Compliance: As our medical startup needs to adhere to specific regulatory requirements, Passbolt's self-hosting option allows us to customize security measures to meet those standards effectively.
- Cost Efficiency: As an open-source tool, Passbolt can potentially save costs on licensing fees.
- Flexibility and Scalability: Passbolt can grow with our startup. Its open-source nature means it can be adapted to our evolving needs as our company expands.
- Integration Possibilities: Passbolt can often be integrated with other tools our startup might use, providing a more seamless workflow.
- Community Support: Being open-source means Passbolt often has an active community of developers and users who can provide assistance and contribute to improvements.
- Long-Term Viability: Open-source projects tend to have longer lifespans as they are not reliant on the financial health of a single company.
Validation
The switch to Passbolt is as a strategic move towards more hands-on control, heightened security, and aligned collaboration while considering our unique requirements, such as the sensitive medical nature of our work.
Identified risks
| Risk | Potential impact | Control measure | Status |
|---|---|---|---|
| Self-hosted infrastructure failure | Loss of access to passwords | Regular backups, documented recovery procedure | Controlled |
Record signature meaning
- Author: JD-004 María Diez
- Review and approval: JD-001 Andy Aguilar
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
- Approver: JD-001 General Manager