Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
      • R-051-001 API event logs 2023_001
      • R-051-002 Security groups
      • R-051-003 EC2 instances
    • GP-052 Data Privacy Impact Assessment (DPIA)
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • Records
  • GP-051 Security violations
  • R-051-002 Security groups

R-051-002 Security groups

  • Governed by GP-051 Security violations
  • Comes from template T-051-002 security groups

Purpose​

Review the security groups

Periodicity​

Every 6 months

Security groups review​

ResponsibleDateReview
Gerardo Fernández Moreno2023/01/10OK
Gerardo Fernández Moreno2023/06/10OK
Gerardo Fernández Moreno2024/02/10OK
Help

At the review columns it will be indicated if the review was satisfactory (OK) or if any unexpected action was detected (see below). In this case the reference of the incidence (according to procedure GP-018 Infrastructure and facilities) or non-conformity (GP-006 Non-conformity. Corrective and Preventive actions) was included to allow traceability of the actions.

Criteria for acceptance​

All the resources in AWS have the minimum required security groups attached.

An example of an unacceptable result would be finding a resource with:

  • IP's that don't need to have access to the resource.
  • A too wide range of ports open.
  • Old IP's that are no longer used.

Record signature meaning​

  • Author: JD-007 Gerardo Fernández
  • Review and approval: JD-004 María Diez
Previous
R-051-001 API event logs 2023_001
Next
R-051-003 EC2 instances
  • Purpose
  • Periodicity
  • Security groups review
  • Criteria for acceptance
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)