Monday, December 27, 2010

Standard Operating Procedure Guidelines

This is provides guidance for writing a standard operating procedure (SOP). These guidelines detail the type of information to be included within each particular SOP section, along with writing dos and don’ts.

1. Purpose

    • Explain the objective the SOP is intended to achieve.

2. Scope

    • State the range of activities the SOP applies to, as well as any limitations or exceptions.

3. Responsibility

    • State the personnel, departments, groups, contractors, and/or subcontractors responsible for complying with the SOP.
    • State the person or group responsible for assuring the appropriate personnel are trained on the SOP.

4. Procedure

    • Explain the procedure in simple steps. Describe what to do, not how to do it.
    • State who does each step and how it is recorded to be certain that whoever is performing the procedure can prove that they have done it. Think about what is needed before the procedure is started so that the person performing the function can do it correctly the first time.

5. Review and Revision

    • State how often the SOP is reviewed and/or under what circumstances it is to be revised.

6. Contingencies

    • State what happens if the SOP cannot be followed. Identify who needs to be notified.

7. References

    • List related SOPs, any supporting documentation necessary to understand and correctly follow the procedure, and any applicable regulations and regulatory guidelines.

8. Definitions

    • Define words and acronyms that people reading the SOP would not generally know and that would require clarification. If a definition is needed, and one exists in the regulations, use the regulation definition.

9. Attachments

    • Attach any documents used in support of the SOP, e.g., flowcharts, work instructions.

10. History of Change

    • State in sufficient detail, what changes were made, what parts of the SOP were affected and when the changes become effective.

11. Content

    • Check the SOP to make sure it is clear, correct, concise, complete, and comprehensive.
    • Use language and detail appropriate to the staff performing the task. Use short sentences to express a single thought wherever possible.
    • Use techniques that condense information, e.g., tables, matrices, bulleted lists, checklists, and diagrams.
    • Write the text in the third person, present tense, active voice. State in the procedure what is done, not what must, shall, or may be done.
    • Avoid references to gender (“they, their” rather than “he, she”).
    • Express the main idea early in each sentence.
    • Define job titles or unusual terms the first time they appear, followed by the abbreviation in parentheses. The abbreviated form is used in the SOP.
    • Avoid the use of “etc.” If the list is limited, write it out in full. If a list is extensive and inappropriate to write out in full, write the term “for example (e.g.)” and give a relevant list.
    • Write the numbers 1 through 9 in words within the text. Write the numbers 10 and greater in the numerical form.

12. Style

    • The page header should include the SOP number, title, page number, and effective date.
    • The page footer should include the complete filename and path.

Friday, December 17, 2010

Employee Internet Usage Policy

As part of this organization’s commitment to the utilization of new technologies, many/all of our employees have access to the Internet. In order to ensure compliance with the copyright law, and protect ourselves from being victimized by the threat of viruses or hacking into our server, the following is effective immediately:
1. It is (Organization’s) policy to limit Internet access to official business. Employees are authorized to access the Internet for personal business after-hours, in strict compliance with the other terms of this policy.The introduction of viruses, or malicious tampering with any computer system, is expressly prohibited. Any such activity will immediately result in termination of employment.

2. Employees using (Organization’s) accounts are acting as representatives of (Organization). As such, employees should act accordingly to avoid damaging the reputation of the organization.

3. Files that are downloaded from the Internet must be scanned with virus detection software before installing or execution. All appropriate precautions should be taken to detect for a virus and, if necessary, to prevent its spread.

4. The truth or accuracy of information on the Internet and in e-mail should be Considered suspect until confirmed by a separate(reliable) source.

5. Employees shall not place company material (copyrighted software, internal correspondence, etc.) on any publicly accessible Internet computer without proper permission.

6. Alternate Internet Service Provider connections to (Organization’s)internal network are not permitted unless expressly authorized and properly protected by a firewall or other appropriate security device(s).

7. The Internet does not guarantee the privacy and confidentiality of information. Sensitive material transferred over the Internet may be at risk of detection by a third party. Employees must exercise caution and care when transferring such material in any form.

8. Unless otherwise noted, all software on the Internet should be considered copyrighted work.Therefore, employees are prohibited from downloading software and/or modifying any such files without permission from the copyright holder.

9. Any infringing activity by an employee may be the responsibility of the organization. Therefore, this organization may choose to hold the employee liable for the employee’s actions.
10. This organization reserves the right to inspect an employee’s computer system for violations of this policy. I have read (organization’s) anti-piracy statement and agree to abide by it as consideration for my continued employment by (organization).

I understand that violation of any above policies may result
in my termination.


__________________________ ___________________
(User Signature) (Date)

Source: Software & Information Industry Association (SIIA), SPA Anti-Piracy Division.

Corporate Policy Statement

Company/Agency Policy Regarding the Use of Personal Computer Software

(Company/Agency) licenses the use of copies of computer software from a variety of outside companies. (Company/Agency) does not own the copyright to this software or its related documentation and, except for a single copy for backup purposes or unless expressly authorized by the copyright owner(s), does not have the right to reproduce it for use on more than one computer. With regard to software usage on local area networks, (Company/ Agency) shall use the software only in accordance with the license agreement.

(Company/Agency) employees are not permitted to install their own copies of any software onto (Company/Agency) machines. (Company/Agency) employees are not permitted to copy software from (Company/Agency’s) computers and install it on home or any other computers.

(Company/Agency) employees, learning of any misuse of software or related documentation within the company, shall notify the Manager of Computer Systems or other appropriate Person. According to the U.S. and Canadian copyright law, unauthorized reproduction of software is a federal offense. Offenders can be subject to civil damages of as much as U.S. $100,000 per title copied, and criminal penalties, including fines (up to U.S. $250,000 per work copied, CN $1,000,000) and imprisonment (up to 5 years per title copied).

Any (Company/Agency) employee who knowingly makes, acquires, or uses unauthorized copies of computer software licensed to (Company/Agency) or who places or uses unauthorized software on (Company/Agency) premises or equipment shall be subject to immediate Termination of employment.

(Company/Agency) does not condone and specifically forbids the unauthorized duplication of software. I am fully aware of the software protection policies of (Company/ Agent) and agree to uphold those policies.


Employee Signature and Date


Source: Software & Information Industry Association (SIIA), SPA Anti-Piracy Division.

POLICY EXAMPLES

Few excerpts from various organizations’ security policies:

Access control...
“Security procedures must be implemented to prevent unauthorized access to
computers, network resources and data. Only employees of [Company] and
contractors who have been briefed on the acceptable use policy of [Company] will be
given access to the network. Managers shall decide the level of access for each
employee. Final permission to access the network will be the responsibility of the
Security Committee. Individuals will be issued a unique username. When an
employee terminates employment, Personnel will notify the Security Committee and
IT, and steps will be taken to disable that user’s accounts and access to internal and
external networks. Account logon and logoff information will be recorded for
security audits.”

Warning notice...
“The following notice will be displayed to all users when they access [Company]
computer systems: ‘Warning: Only [Company] authorized users only are allowed to
use this system. Access by anyone else is unauthorized and prohibited by law.
Monitoring for purposes of administration and security may take place, to which you
consent by proceeding.’”

Password management...
“Passwords will have a minimum of six alphanumeric characters. No common words
or phrases are acceptable. Passwords should be difficult for others to guess.
Administrators will test for weak passwords. Passwords must be kept private. Do not
share them or write them down. Passwords must be changed every 90 days. After
three failed logon attempts, account access will not be permitted, and automatic
notification will be sent to the system administrator. Highly sensitive systems will
generate an alarm after excessive violations. Sessions will be suspended after twenty
minutes of inactivity.”

Strong authentication...
“Approved products will be used to gain remote access to the network, as well as to
highly sensitive systems. Keep strong authentication devices safe. Do not store them
with the computer to which they enable access. Report it immediately to the Security
Committee if an authentication device is lost or stolen, and administrators will
disable the device. The device’s associated Personal Identification Number (PIN) or
password must be kept private. Do not share it or write it down.”

Digital signatures and certificates...
“Only use Digital Certificates from [Company] approved Certificate Authorities. Use
digital certificates to identify both the user and the server, and in conjunction with
SSL. Protect stored certificates and keys with strong authentication.”

Data encryption for data at rest and in transit...
“Encryption must be used to secure data stored in non-secure locations or
transmitted over open networks, including the Internet. Encryption must be used to
secure at all times any data classified ‘highly sensitive.’ [Company] approved
encryption services and products must be used, with a minimum key length of
128-bits recommended for highly sensitive data. Note — the use of any algorithm or
device must also comply with the laws of the country in which that data encryption
will be used, and may necessitate a shorter key length.”

Encryption keys...
“The keys to be used for encryption must be generated by means that are not easily
reproducible by outside parties. Only [Company] approved hardware or software
random number generators will be used, to ensure security and interoperability.
Encryption keys will be treated as highly sensitive data with restricted access.
Encryption keys that must be transmitted, as in symmetrical or secret key systems,
must be transmitted by secure means: use of public key-exchange algorithms,
double-wrapped internal mail, double-wrapped courier mail. Encryption keys must be
changed at the same frequency as the passwords used to access information. All
encryption keys must be made available to management via [Company] approved
key recovery implementations.”

Wednesday, December 15, 2010

SOP Design

Sop Design



Sop for Workmen Compensation Act , 1923

Standard Operating Procedure for Compliance Under Workmen Compensation Act , 1923

I. Objective :

To ensure due compliance under act by …… Ltd. and also by contractor/sub-contractor of …… Ltd.

II. Applicability :

1. It is applicable to ……. Ltd. as Principal Employer(incase of manufacturing locations/our owned premises/product business ) and also as Principal Contractor ( incase of Project locations where in ….. Ltd. is in capacity of Contractor and our client is Principal Employer).

2. It is also applicable to all contractors of ….. Ltd. ( In case of manufacturing locations where in ……. Ltd. is Principal Employer ) and also sub-contractors of …… Ltd. ( In case of project locations where in ……. Ltd. is Principal Contractor ) .

3. It is also applicable to all persons on the rolls of …… Ltd. and all such contractual persons who are on rolls of various agencies / vendors / contractors , whose services are hired by them for the business of ……. Ltd.

III. Methodology :

1. All employees on rolls of …… Ltd. are covered under the WC Policy obtained by the company which is handled by Mr. ……………. who is nationally responsible for all insurance matters.

2. All contractors must have valid WC policy throughout the tenure of their contract and activities till the last person is not removed and site is not vacated and officially handed over to ….. Ltd.

3. The copy of WC policy should be submitted to Labour Compliance Co-Ordinator / Location HR Resource before commencement of his activities by contractor/sub-contractor.

4. The policy should be renewed from time to time by the concerned contractor / sub – contractor





IV. Verification of WC Policy Document :

In order to ensure the validity of WC Policy documents following aspects to be carefully verified by all the concerned –

1. The contractor/sub-contractor should submit the copy of WC policy document only. In no case the Money Receipt of Premium or Cover Note of Policy should be treated valid.
2. The name & address of the contractor in the contract signed between him and ……. Ltd. and that on the WC Policy documents should be similar.
3. The nature of work mentioned in the WC Policy should be as that of mentioned in the Purchase Order / Work Order / Contract or Agreement issued by ……. Ltd.
4. The strength of personnel mentioned in the policy should be maximum average strength used by the contractor / sub-contractor on any particular at respective site / premises and same should be authenticated by the Manager of User Dept. or Project of …….. Ltd.
5. The location of work mentioned in the policy should include respective location / site of …… Ltd. for which the policy is issued.
6. The strength of personnel of contractors / sub-contractors should be categorized in various skill categories i.e. Highly Skilled , Skilled , Semi – Skilled and the respective nature of work should be mentioned against such category.
7. The period of the policy is to be constantly monitored by the contractor/sub-contractor and same should be immediately renewed by them.
8. Any period not covered by the policy the contractor / sub-contractor will be solely liable for the compensation.

V. Process for Payment of Workmen Compensation :

1. The compensation is payable only incase of any accident resulting into “Disability” or “Death” if it is “During the Course of Employment” and “Out of the Course of Employment”.
2. The compensation is to be deposited within 30 days of occurrence of accident.
3. The compensation is to be deposited either covered through any workmen compensation policy or not.
4. The compensation is to be deposited in time whether the claim has been received or not from the insurance company.
5. The compensation is to be deposited only to the Judge of the Labour Court who is designated as Workmen Compensation Commissioner.
6. No direct payment to workmen / legal heirs of deceased workmen is allowed as it has no legal sanctity. No outside court settlement is considered valid in such cases.
7. While depositing compensation the necessary details about the dependent family members of the workmen / deceased workmen to be furnished in the applicable formats as prescribed (attached herewith) under WC Act,1923.
8. All other necessary documents viz. Detailed Accident Report , Copy of FIR , Copy of Inquest Panchanama , Date of Birth Certificate , Certificate of Disability in case of non-fatal accident is to be also submitted.
9. In case of fatal accident additional records like Copy of Post-Mortem Report , Original Death Certificate etc. is to be submitted.
10. Any other documents as required by the court for the said matter should be submitted in time to avoid any delay.
11. The court seeks the permission make ……Ltd or its’ contractor / sub – contractor to participate in the process of disbursement of the compensation which is avoidable. The …….Ltd or contractor/sub-contractor can give no-objection to court as the same is very time consuming process and is avoidable.
12. The court issues summons for the hearing for the disbursement of compensation. The concerned Functional / Project Manager must take help of respective Location HR / Labour Compliance Coordinator.
13. The dependent family members of deceased workmen should be extended adequate necessary support for obtaining compensation from the court.
14. The copy of all important documents related to such cases should be properly maintained with Location HR Resource / Labour Compliance Coordinator.

VI. Method of Calculation of WC Amount :

1. Please refer Schedule IV under the act and find out the Relevant Factor applicable to the age of workmen who met with an accident.

2. Formula for calculation :

3. Workmen Compensation = % of Wages X Relevant Factor

Example :

• For Fatal Accident :
• Age of deceased workmen at the time of death : 30 years
• Relevant factor : 207.98
• Wages of the workmen at the time of death : Rs.4000/- per month
• % of Wages applicable to fatal accident : 50% of Wages
• Hence, in this case : Rs.2000/- per month

Workmen Compensation = 2000 X 207.98
= Rs.4,15,960/-
VII. Formats :

As per attached files as prescribed under Workmen Compensation Act , 1923

SOP Example

Standard Operating Procedures

Subject: Network Data Security
Date: 15 Jun 2010 Reviewed Date : 16 jun 2010

Purpose: The purpose of this Standard Operating Procedure (SOP) is to define the
minimum standards of data security. Keeping data secure insures that data will not be
lost or compromised.

Scope: This procedure applies to all data at the ANKLESH Data Management and Analysis
Center (DMAC).

Responsibility: Maintaining data security is the responsibility of the network
administrator in IT Services assigned to maintaining the network drives used by the Data
Management and Analysis Center. The network administrator is responsible for
notifying DMAC of any changes in the security procedures.

Security Review Procedure

Data Access Security procedures:

• Passwords for individuals are set to automatically expire every 120 days.
• Only programmers and statisticians have rights to files and directories that contain
sensitive data unless data is currently being entered.
• Data entry personnel only have access to files and directories where they are
entering data.
• When a programmer, statistician, or data entry person leaves DMAC, their
account is immediately disabled and ultimately deleted.

Software Security Procedures:

• The administrator must review security alerts distributed on campus by UNC ITS.
• The administrator must review alerts and or subscribe to mailing lists put out by
Shatyamail for major security holes in software (at www.soptemplates.co.cc).
• The administrator must apply software patches as needed from Windows Server to keep the server software secure.
• The administrator must set up logs and review them to monitor possible security
breaches.
• The administrator must maintain backups as needed to recover from deliberate damage.

Prepared By : Varified By: Autorized By:

Singnature Singnature Singnature

Friday, December 10, 2010

SOP Format | SOP Example | SOP Templates | SOP Procedure | SOP Process | SOP Guidelines | SOP Preparation

What is Standard Operating Procedure (SOP) ?
A Standard Operating Procedure (SOP) is a set of written instructions that document a routine or repetitive activity followed by an organization. The development and use of SOPs are an integral part of a successful quality system as it provides individuals with the information to perform a job properly, and facilitates consistency in the quality and integrity of a product or end-result. The term “SOP” may not always be appropriate and terms such as protocols, instructions, worksheets, and laboratory operating procedures may also be used. For this document “SOP” will be used.

What is the Purpose of SOP ?
SOPs detail the regularly recurring work processes that are to be conducted or followed within an organization. They document the way activities are to be performed to facilitate consistent conformance to technical and quality system requirements and to support data quality. They may describe, for example, fundamental programmatic actions and technical actions such as analytical processes, and processes for maintaining, calibrating, and using equipment. SOPs are intended to be specific to the organization or facility whose activities are described and assist that organization to maintain their quality control and quality assurance processes and ensure compliance with governmental regulations.