Plantilla de Implementacion del Factory Handbook de Sony para BGH Rev.

X
Se encuentra
Nombre y numero del Procedimiento Estado de la
Requerimiento R(x) Revisar/Crear un Procedimiento hecho? /
involucrado / Evidencia Acción (%)
Cuando?
9. IS/IT
R(x) 9.1- A The production site’s MES shall be compliant with the document MES Requirement Specification (1/1056-LXE 108 688)
used for SOMC mobile production.

R(x) 9.1- B1 All MES configurations that are product specific shall be available in an extractable configuration file in the Product
PLC. The MES configurations file in SPACE shall specify the detail name, configured value of all settings including ON or OFF
states, Changes to the configurations shall be documented with the person’s ID number and date of change.

R(x) 9.1- C If the site uses mWP as software platform within the manufacturing environment, the site shall be compliant with the
mWP Client Configuration (20/1050-LXE 108 234).
R(x) 9.1- D If the site uses mWP as software platform within the manufacturing environment the site is required to secure a
procedure to manage the mWP clients so that they are up to date with latest mWP Requirements.
R(x) 9.2- A If the site uses mWP as software platform within the manufacturing environment, the hardware within the
manufacturing environment shall be compliant with the mWP Client Configuration (20/1050-LXE 108 234).
R(x) 9.3- A The production site shall have the capability to communicate via the Internet. Enough capacity of the Internet
connection has to be secured so that all personnel that need access to SOMC applications can do so in a satisfying way.
Approximately 2MB/sec per user is recommended.
R(x) 9.3-B To integrate with QI-tool the SOMC QI-Tool the Data Interface (1/1050-FCP 101 3227) shall be followed.
R(x) 9.3-C If the site uses MWP as software platform within the manufacturing environment, the production site is required to
set up a terminal server that can access all the MWP clients. SOMC shall be able to run remote assistance on every MWP client
through Terminal Server.

R(x) 9.3-D The production site is, up on request, required to supply SOMC with online reporting services for test results. Test
values to query for, is specified for each phone project. Data from prototype runs need to be available online for by the project
specified time and data from HV production - according to document MES Requirement Specification (1/1056-LXE 108 688).

R(x) 9.3-E The production site shall make sure that if there are products that require the SECS infrastructure they shall be able
to place three servers in a secure rack with UPS. The production partner is responsible for LAN, power and security. The
servers are owned by SOMC and maintained by SOMC.
R(x) 9.3-F When setting up the security servers the production site needs to acquire the necessary equipment and follow the
pre set up instructions according to document SECS Factory Equipment list (9/002 01-LXE 108 688) and SECS Factory Pre Set Up
Instructions (10/1770-LXE 108 688) respectively
R(x) 9.3-G The production site shall be able to follow the requirements specified in document SECS Infrastructure Overview
(5/1056-LXE 110 0079)
R(x) 9.3-H The production site shall keep a list of all persons that have access to the server room with the SOMC security
servers. The list shall include name and working position of the persons with access: The list shall, on request, be sent or shown
to SOMC.

R(x) 9.3-I The production site needs to know how to use the support process for the SECS servers applying document SECS
Incident Site Instructions (26/1770-LXE 110 0079). Up on audit the site needs to present how the support process works

R(x) 9.3-J The data shall be sent to ETDB at least once per day via IC connection in the format specified in ETDB Message
Specification (43/159 35-FCP 101 2310) by qualified ETDB users

R(x) 9.3-K The production site shall have required knowledge and needed access to use systems applicable for the business
set up (ie Metadoc, Space, QI Tools, DMS, Dorith, WSS etc), and shall ensure that systems and related processes are
implemented and maintained in the production site smoothly
• Production site to DMS Database – (30/155 01-LXE 108 030)
• Industrialization project DMS process description – (28/155 01-LXE 108 030)
• training material IP DMS Training – (1/198 17-LXE 108 030)
• External Manufacturing Partner Training (86/1220-6/FCP1012361)
• SPACE Training Material - Production Line for External Partners (103/1220-6/FCP 101 2361)
• SPACE Training Material - ECO for External Partners (110/1220-6/FCP 101 2361)
• SPACE User Guide – ECI for Factories (14/19817-9/FCP1012361)
• SOMC/Ericsson standard and SPACE basics (8/174 60-LXE 108 688)
• SPACE E-learning System web link: https://extranet.sonyericsson.com/externalpartner/space/
• Prerequesites and rules for ordering Indus PCP-access (1/1553-LXE 108 688)
• PCP User Guide (17/038 12-LXE 108 234)
• metaDoc Leaflet Guide (2/038 12-LXA 119 213)
• metaDoc FAQ (1/1050-LXA 119 213)
• QI-Tool Wed Portal: User Guide and Instruction (1/1770-LXE1101432)

R(x) 9.3-L Users that work with SOMC projects shall have access to internet in order to enable them to set up the VPN to the
Partner Collaboration Portal.
R(x) 9.3-M The production site is required to secure that all personnel that need access to SOMC Applications through the PCP
can do so. A procedure to secure access and process for application has to be in place. SOMC is required to collaborate in this
process.
R(x) 9.3-N The production site is required to set up and internally communicate the support and help desk procedures related to
access of SOMC applications through the PCP. It is recommended that this information is to be held within the production sites
intranet. (Help documentation, Help desk number, etc.)

R(x) 9.3-O The production site is required to have a contact person that will be the main interface for SOMC regarding
application and PCP access. The person is responsible for distributing access information and remote access tokens needed.

R(x) 9.3-P1 The use of standard station naming abbreviations when reporting data to QI Tool or other SOMC data collection
system is mandatory and shall follow the specification detailed in document Station Naming Convention (22/1050-LXE10880).The
document also specifies the symptom text format, which must be followed when sending information to QITOOL. It is mandatory
for Production site to provide data to QITOOL for all test stations in the production line, this includes Troubleshoot and Quick
Repair.
R(x) 9.3-Q With a 1 min. average measurement interval for the utilization of the network, there shall not be a peak at max
bandwidth more then 1 consecutive measurement period. The site shall be able to measure this and when asked be able to
present the information to SOMC. This requirement is valid for all communication lines that are controlled by the production site
and its network suppliers.
R(x)9.3-R Availability of the wan (Wide area network – normally the internal network for a company) shall be 99,8% over a
period of one month.
R(x) 9.3 -S There shall be a redundancy in the wan for all critical applications that communicate with SOMC systems. The
SECS infrastructure is an example of a critical system.
R(x) 9.3-T The internet access availability shall be 99,5% over a period of one month for each internet access point.
R(x) 9.3- U There shall be redundancy in the access points to the internet for the production site.
R(x) 9.3- V Each site shall upon request provide possibilities for visitors from SOMC to get an Internet connection. The SOMC
users shall have the possibility to set up a VPN connection to the SOMC servers and minimum be able to work with Outlook
though the VPN.
R(x) 9.4- A An information security policy document shall be approved by management, and published and communicated to all
employees and relevant external parties.

R(x) 9.4-B Secure area/information shall be protected by appropriate entry controls to ensure that only authorized personnel are
allowed access, also need a formal user registration and de-registration procedure in place for granting and revoking access to
all information systems and services. Management shall review users' access right at regular intervals using a formal process.

R(x) 9.4-C Security shall be addressed at the recruitment (both contract and permanent staff) stage, included in job descriptions
and contracts, and monitored during an individual’s employment.
R(x) 9.4- D All system storing, processing or transmitting SOMC related information shall be protected with an authentication
solution requireing the user to provide user id and password or similar.
R(x) 9.4- E Networks shall be adequately managed and controlled, in order to be protected from threats, and to maintain
security for the systems and applications using the network, including information in transit.
R(x) 9.4 -F The use of resources shall be monitored, tuned, and projections made of future capacity requirements to ensure the
required system performance.

R(x) 9.4- G All information security requirements, including the need for system backup and disaster recovery, are to be
identified and documented for all systems where SOMC related information is stored. The following shall at least be considered
for these systems:
• The requirements for controlling access to information and services, including any segregation of duties issues.
• The audit trail requirements shall be specified.
• The requirements to comply with regulatory, legislative or contractual requirements shall be specified.
• The requirements for recovering from failures, especially for high availability requirements, shall be stated. The impact on
business continuity plans shall be assessed.
• A risk analysis shall be carried out in order to specify appropriate measures to secure confidentiality, availability and integrity
requirements for the information system.

R(x) 9.4- H When systems, affecting SOMC processes, are changed, SOMC shall well in advance be notified if risk of disturbing
shipment quality of SOMC products occur.
R(x) 9.4- I Development, test and operational facilities shall be separated to reduce the risks of unauthorised access or changes
to the operational system.
R(x) 9.4- J Acceptance criteria for new information systems, upgrades, and new versions shall be established and suitable tests
of the system(s) carried out during development and prior to acceptance, Changes to information processing facilities and
systems shall be controlled
R(x) 9.4- K Detection, prevention, and recovery controls to protect against malicious code and appropriate user awareness
procedures shall be implemented.
R(x) 9.4- L There shall be procedures in place for the management of removable media.
R(x) 9.4- M Back-up copies of information and software shall be taken and tested regularly in accordance with the agreed
backup policy.
R(x)9.4-N The allocation and use of privileges shall be restricted and controlled.