Document No

STANDARD OPERATING PROCEDURE [Document Number]

<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

APPROVALS:
Name Signature Date

REVISION HISTORY:
Revision Initials and Date Summary of Changes
00

Instructions on completing this document

(Please remove this table when you are finished modifying this document.
This table is for your information only.)

- Montrium has inserted instructions in blue text into this document to help you
understand the information in each section. Once you have modified this document
to meet the specifics of your organization, please delete the blue text.

- Italicized blue text in this document indicates elements which should be revised or
completed by you so that the text meets your company’s needs and quality system
requirements. Once you have completed this information, please remove the italics
in the document.

Confidential Page 1 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

Contents
1.0 PURPOSE .............................................................................................................................. 4
2.0 SCOPE .................................................................................................................................. 4
3.0 DEFINITIONS ........................................................................................................................ 4
3.1 Acronyms ......................................................................................................................... 4
3.1.1 AD – Active Directory .............................................................................................. 4
3.1.2 HR – Human Resources ........................................................................................... 4
3.1.3 IPS – Intrusion Prevention System .......................................................................... 4
3.1.4 IT – Information Technology ................................................................................... 4
3.1.5 QA – Quality Assurance ........................................................................................... 4
3.1.6 SOP – Standard Operating Procedure ..................................................................... 4
3.1.7 VPN – Virtual Private Network ................................................................................ 4
3.2 Terms ............................................................................................................................... 4
3.2.1 Communication Tools .............................................................................................. 4
3.2.2 Executables .............................................................................................................. 4
3.2.3 Firewall .................................................................................................................... 4
3.2.4 Log ........................................................................................................................... 4
3.2.5 Logical Security ........................................................................................................ 4
4.0 RESPONSIBILITY ................................................................................................................... 5
4.1 IT Manager, representative or designee ......................................................................... 5
4.2 Management ................................................................................................................... 5
4.3 Human Resources representative .................................................................................... 5
4.4 Users ................................................................................................................................ 5
5.0 PROCEDURE ......................................................................................................................... 5
5.1 Firewall Maintenance ...................................................................................................... 5
5.2 VPN Management ........................................................................................................... 6
5.3 Network Access ............................................................................................................... 6
5.3.1 New Users ................................................................................................................ 6
5.3.2 Changes to Existing Users ........................................................................................ 6
5.3.3 Users Leaving the Company .................................................................................... 7
5.3.4 Contractors, Consultants and Visitors ..................................................................... 7
5.4 Password Management Policy ........................................................................................ 7
5.5 Account Management ..................................................................................................... 8
5.6 Logical Security Breaches ................................................................................................ 9
5.7 Antivirus and Antispam Control ...................................................................................... 9

Confidential Page 2 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

5.7.1 Virus Definition Distribution .................................................................................... 9

5.7.2 Notification of Virus Attack ..................................................................................... 9
5.7.3 Recovery Process Following a Virus Attack ........................................................... 10
5.7.4 Antispam Control and Management ..................................................................... 10
5.8 Periodic Review ............................................................................................................. 10
6.0 REFERENCES ...................................................................................................................... 10

Confidential Page 3 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

1.0 PURPOSE Commented [MTM1]: In this section, you should insert a short
statement describing the purpose of the procedural document to
The purpose of this procedure is to describe Company Name appropriate logical security describe why it is needed, and what it is being implemented to
accomplish.
measures necessary to protect data and users.
If the text in Section 1 is acceptable, you need only to insert your
Company name to replace the highlighted field.
2.0 SCOPE Commented [MTM2]: In this section, you should insert a short
statement describing the scope of the procedural document,
This procedure applies to all systems, employees and contractors at Company Name. outline the reason the document was created and define its
intended audience.

If the text in Section 2 is acceptable, you need only insert your

3.0 DEFINITIONS Company name to replace the highlighted field.

3.1 Acronyms Commented [MTM3]: In this section define acronyms and

terms that would help team members better understand the
3.1.1 AD – Active Directory content of this Procedure.
3.1.2 HR – Human Resources
3.1.3 IPS – Intrusion Prevention System
3.1.4 IT – Information Technology
3.1.5 QA – Quality Assurance
3.1.6 SOP – Standard Operating Procedure
3.1.7 VPN – Virtual Private Network
3.2 Terms
3.2.1 Communication Tools
Telephone, e-mail, voice mail, internet access.
3.2.2 Executables
File or program able to be run by a computer.
3.2.3 Firewall
A network device which uses rules and policies to manage the data traffic which is allowed in
and out of the company network.
3.2.4 Log
A written or electronic record of modifications.
3.2.5 Logical Security
Consists of software safeguards for an organization’s systems, including user identification and
password access, authentication, access rights and authority levels. These measures are to
ensure that only authorized users are able to perform actions or access information in a network
or a workstation.

Confidential Page 4 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

4.0 RESPONSIBILITY
4.1 IT Manager, representative or designee

4.2 Management

4.3 Human Resources representative

4.4 Users

5.0 PROCEDURE
5.1 Firewall Maintenance

Confidential Page 5 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

5.2 VPN Management Commented [MTM6]:

5.3 Network Access Commented [MTM7]:

5.3.1 New Users

5.3.2 Changes to Existing Users

Confidential Page 6 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

5.3.3 Users Leaving the Company

5.3.4 Contractors, Consultants and Visitors

5.4 Password Management Policy Commented [MTM8]:

Confidential Page 7 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

5.5 Account Management Commented [MTM9]:

Confidential Page 8 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

5.6 Logical Security Breaches Commented [MTM10]:

5.7 Antivirus and Antispam Control Commented [MTM11]:

5.7.1 Virus Definition Distribution

5.7.2 Notification of Virus Attack

Confidential Page 9 of 13
 Document No
STANDARD OPERATING PROCEDURE [Document Number]
<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Logical Security [Effective Date]

5.7.3 Recovery Process Following a Virus Attack

5.7.4 Antispam Control and Management

5.8 Periodic Review

6.0 REFERENCES
Document Number Document Title
Document number Access/Termination Request form

Confidential Page 10 of 13
 FORM Document No
ENTER COMPANY LOGO [Document Number]
TITLE
Revision: [00]
Logical Security

Request Number:

PART A

Request Information
Request Type: ☐ ☐

Request Activity: ☐ ☐ ☐

End User Information

Permissions/Requirements

Date of effect:
Valid until (if applicable):

Confidential Page 11 of 13
 FORM Document No
ENTER COMPANY LOGO [Document Number]
TITLE
Revision: [00]
Logical Security

Request Signature(s)

Signature Date
(First Name and Surname) (dd-MMM-yyyy)

Signature Date
( (dd-MMM-yyyy)

PART B

☐ Yes ☐ No
Comment:

☐ Yes ☐ No
Comment:

Confidential Page 12 of 13
 FORM Document No
ENTER COMPANY LOGO [Document Number]
TITLE
Revision: [00]
Logical Security

Request Number:

Signature Date
(First Name and Surname) (dd-MMM-yyyy)

Confidential Page 13 of 13