Security requirements to consider for your QMS selection
As much as having a solid Quality Management System (QMS) enables the delivery of high-quality products, its ability to provide a strong level of security is a major complement. Security is a major component to rolling out your system. It goes beyond who can create, work, review and approve documents. Once the data is loaded, you are faced with the challenge of protecting that data by securing information that may be proprietary, sensitive, or carry with it some legal reason that it must remain secure and for only designated eyes.
Manufacturers are challenged with how to hide specific documents either individually or by a class or type of documents. They may need to restrict entire organizations, as some data may be for executive or legal department readership only. Some parts of the system may need to be hidden, such as navigational components or search views that will allow a user to search and find a particular document. There may be requirements that users are only allowed to see approved and released versions of a given document. Customer and Supplier data must be secured not only from an extranet perspective, but potentially within the organization.
When considering a QMS, you should not only think about the comprehensiveness of the quality processes and requirements it fulfills, but also the tools it provides to build a security model around organizations, features, views, parameters settings and templates that meet your company’s requirements. Determine whether it offers the flexibility to the administrative users that a solid application development tool should provide.
Consider also some of these key features. Your QMS should not only allow for default readership restrictions, but also for on-the-fly or en masse setting/removal of read restrictions. You should be able to restrict a document either by content or total readership, with restrictions for the entire document or for sections. Sectional restrictions are important when an area of the document contains proprietary or legally sensitive information. This type of restriction can also be useful when developing checklists and test questions for which you want to prevent users from seeing answers.
Navigationally, you should be able to lock down your QMS to show only certain components/modules (components being part of a module and Module being the entire functional area). You should be able to lock down documents by approved status as well, disallowing unauthorized users from seeing outdated or in-process versions. You may have the need to hide your CAPA-related modules and views, as not all of your departments may need to see this sensitive data.
For document creation, you should have the capability to hide or unhide entire classes of documents or types. This functionality is useful when you are supplanting a process document type with another or switching or controlling all organizations-specific workflows from departmental specific workflows.
Overall, when looking at the Quality requirements of your QMS, think about selecting a system that has robust and current workflows, and affords you the ability to control your data’s visibility and readership. You need the assurance that your data is safe, and you have full control on what is made available and to whom.
Find out about Siemens’ QMS solutions, and why they offer not only the richest Quality process capabilities, but also the most secure. Visit the QMS website for more information.