Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Non-product software validation
    • GP-023 Change control management
    • GP-030 Cyber Security Management
      • R-030-006 Access and Segregation-of-Duties Review Record
    • GP-031 Training Data Governance
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-110 Esquema Nacional de Seguridad
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-600 Equality Planning
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health version 2.1 (Legacy MDD)
  • Legit.Health US Version 1.1.0.0
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • BSI Non-Conformities
  • Pricing
  • Public tenders
  • Trainings
  • Records
  • GP-030 Cyber Security Management
  • R-030-006 Access and Segregation-of-Duties Review Record

R-030-006 Access and Segregation-of-Duties Review Record

  • Governed by GP-030 Cyber Security Management
  • Comes from template T-030-006 Access and Segregation-of-Duties Review Record

Purpose​

Periodic review of production-system access assignments and segregation of duties (SoD). Each run of the review confirms that:

  • Every active principal (user, role, service account) has access appropriate to its assigned role.
  • No principal holds a combination of permissions that would breach segregation-of-duties constraints.
  • No stale accounts remain active (no sign of use in the previous 90 days).
  • Administrative access to production systems is gated behind multi-factor authentication.

Periodicity​

Every 6 months (semi-annual). Additional reviews are performed on any change of role, on any onboarding or offboarding event, and on any material change to the access model.

Scope of the review​

Production cloud infrastructure (AWS)​

  • IAM users, IAM roles, and service accounts across the production accounts.
  • Multi-factor authentication status of every human principal.
  • Attached IAM policies (managed and inline) verified for least-privilege.

Source-code repository (organisation-level)​

  • Organisation members and organisation-level admin rights.
  • Write access to protected branches on production-releasable repositories.
  • Third-party applications and OAuth integrations that hold write scope.

Review methodology​

Current active principals are enumerated from each system in scope and cross-checked against the role assignments recorded in the QMS responsibilities matrix. For every principal:

  • Permissions attached to the principal are confirmed minimal for the holder's current role.
  • SoD-critical splits are verified, in particular the separation between "manage production infrastructure" and "approve production deployments", and between "clinical operation" roles and "reviewer or approver" roles.
  • Last-login or last-use timestamp is checked; any principal with no activity in the previous 90 days is flagged for removal.

Review history​

Each semi-annual review adds one row to the table below. The review is signed when both the reviewer and the approver columns are populated.

Review dateReviewerApproverAWS SoD conflictAWS stale accountsRepo SoD conflictRepo stale accountsCorrective actionsOutcome
2023-04-15Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
2023-10-13Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
2024-04-16Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
2024-10-18Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
2025-04-22Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
2025-10-20Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
2026-04-24Gerardo Fernández (JD-007)Andy Aguilar (JD-001)NoneNoneNoneNoneNone requiredClean
Help

The Outcome column states "Clean" when no SoD conflict, no stale account, and no over-privileged principal is found. When any of those conditions is not met, the outcome column records the reference of the corrective action opened under GP-006 Non-conformity. Corrective and Preventive actions, so that traceability is preserved.

Criteria for acceptance​

A review is accepted when every column of the row is populated, the reviewer and the approver are distinct roles, and every finding category is either "None" or is cross-referenced to an open corrective action.

Record signature meaning​

  • Reviewer: JD-007 Technology Manager — enumerates principals, cross-checks against the responsibilities matrix, documents findings.
  • Approver: JD-001 General Manager — confirms the review was performed and accepts the outcome.
  • The reviewer and the approver are held as distinct roles. The reviewer is the principal administrator of the production systems in scope; the approver holds no day-to-day operational access to those systems. This split preserves segregation of duties for the review itself.
Previous
GP-030 Cyber Security Management
Next
GP-031 Training Data Governance
  • Purpose
  • Periodicity
  • Scope of the review
    • Production cloud infrastructure (AWS)
    • Source-code repository (organisation-level)
  • Review methodology
  • Review history
    • Criteria for acceptance
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)