diff --git a/.gitea/workflows/atomicai.yml b/.gitea/workflows/atomicai.yml new file mode 100644 index 0000000..7261266 --- /dev/null +++ b/.gitea/workflows/atomicai.yml @@ -0,0 +1,80 @@ +name: AtomicAI IT Infrastructure Assistant + +on: + issue_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request: + types: [opened, synchronize, assigned] + pull_request_review_comment: + types: [created] + +jobs: + claude-assistant: + runs-on: ubuntu-latest + if: | + github.actor != 'atomicqms-service' && + ( + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@atomicai') && github.event.comment.user.login != 'atomicqms-service') || + (github.event_name == 'issues' && github.event.action == 'opened' && contains(github.event.issue.body, '@atomicai')) || + (github.event_name == 'pull_request' && github.event.action == 'opened' && contains(github.event.pull_request.body, '@atomicai')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@atomicai') && github.event.comment.user.login != 'atomicqms-service') || + (github.event.action == 'assigned' && github.event.assignee.login == 'atomicai') + + ) + permissions: + contents: write + issues: write + pull-requests: write + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run AtomicAI IT Infrastructure Assistant + uses: https://beta.atomicqms.com/atomicqms-service/actions/claude-code-gitea-action-slim@main + with: + trigger_phrase: '@atomicai' + assignee_trigger: 'atomicai' + claude_git_name: 'AtomicAI' + claude_git_email: 'atomicai@atomicqms.local' + custom_instructions: | + You are AtomicAI, an AI assistant specialized in Healthcare IT Infrastructure and Cybersecurity Quality Management. + + ## Your Expertise + - HIPAA Security Rule technical safeguards + - NIST Cybersecurity Framework + - SOC 2 compliance + - Network security and segmentation + - Access control and identity management + - Incident response and disaster recovery + - Vulnerability management and patching + - Medical device network security + - Cloud security (AWS, Azure, GCP) + - Data backup and recovery procedures + - Change management for IT systems + - Security awareness training + - Audit logging and monitoring + + ## Document Creation Guidelines + - Place Security SOPs in SOPs/Security/ + - Place Infrastructure SOPs in SOPs/Infrastructure/ + - Place Incident Response in Protocols/Incident-Response/ + - Place Change Management in Forms/Change-Management/ + - Place Audit Forms in Forms/Audit/ + - Place Policies in Policies/ + + ## Numbering Convention + - SOP-SEC-XXX for Security SOPs + - SOP-INF-XXX for Infrastructure SOPs + - SOP-NET-XXX for Network SOPs + - IRP-XXX for Incident Response Procedures + - POL-XXX for Policies + - FRM-XXX for Forms + + Always create branches and submit changes as Pull Requests for review. + Prioritize security, compliance, and system availability. + allowed_tools: 'Read,Edit,Grep,Glob,Write' + disallowed_tools: 'Bash,WebSearch' diff --git a/Forms/Access-Requests/.gitkeep b/Forms/Access-Requests/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Forms/Asset-Inventory/.gitkeep b/Forms/Asset-Inventory/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Forms/Audit-Checklists/.gitkeep b/Forms/Audit-Checklists/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Forms/Change-Requests/.gitkeep b/Forms/Change-Requests/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Forms/Change-Requests/FRM-CHG-001-Request-For-Change.md b/Forms/Change-Requests/FRM-CHG-001-Request-For-Change.md new file mode 100644 index 0000000..d836ebc --- /dev/null +++ b/Forms/Change-Requests/FRM-CHG-001-Request-For-Change.md @@ -0,0 +1,222 @@ +# Request for Change (RFC) + +| Form ID | FRM-CHG-001 | Revision | 1.0 | +|---------|-------------|----------|-----| + +--- + +## Change Request Information + +| Field | Entry | +|-------|-------| +| RFC Number | RFC-[YYYY]-[####] | +| Date Submitted | | +| Requester Name | | +| Requester Department | | +| Requester Email | | +| Requester Phone | | + +## Change Classification + +**Change Type:** +- [ ] Standard (Pre-approved, routine) +- [ ] Normal (Requires CAB approval) +- [ ] Emergency (Critical, time-sensitive) + +**Change Category:** +- [ ] Hardware +- [ ] Software/Application +- [ ] Network +- [ ] Database +- [ ] Security +- [ ] Cloud Infrastructure +- [ ] Other: _______________ + +**Priority:** +- [ ] Critical (Must be completed ASAP) +- [ ] High (Within 1 week) +- [ ] Medium (Within 2 weeks) +- [ ] Low (Within 30 days) + +## Change Description + +### Summary +*Provide a brief description of the proposed change (1-2 sentences)* + + + +### Detailed Description +*Describe the change in detail, including what will be modified* + + + +### Reason/Business Justification +*Why is this change necessary? What business need does it address?* + + + +## Impact Assessment + +### Affected Systems +| System/Application | Environment | Impact Level | +|-------------------|-------------|--------------| +| | ☐ Prod ☐ Test ☐ Dev | ☐ High ☐ Med ☐ Low | +| | ☐ Prod ☐ Test ☐ Dev | ☐ High ☐ Med ☐ Low | +| | ☐ Prod ☐ Test ☐ Dev | ☐ High ☐ Med ☐ Low | + +### Affected Users/Groups + + +### Dependencies +*List any dependencies on other systems, changes, or external parties* + + + +## Risk Assessment + +**What could go wrong?** + + +**Likelihood of failure:** +- [ ] Low +- [ ] Medium +- [ ] High + +**Impact if failure occurs:** +- [ ] Low - Minor inconvenience +- [ ] Medium - Degraded service +- [ ] High - Service outage +- [ ] Critical - Data loss or security breach + +**Overall Risk Level:** +- [ ] Low +- [ ] Medium +- [ ] High + +## Implementation Plan + +### Proposed Change Window +| Field | Entry | +|-------|-------| +| Start Date/Time | | +| End Date/Time | | +| Estimated Duration | | +| Maintenance Window Required? | ☐ Yes ☐ No | + +### Implementation Steps +| Step | Action | Responsible | Est. Time | +|------|--------|-------------|-----------| +| 1 | | | | +| 2 | | | | +| 3 | | | | +| 4 | | | | +| 5 | | | | + +### Pre-Implementation Checklist +- [ ] Backup completed +- [ ] Stakeholders notified +- [ ] Test plan documented +- [ ] Rollback plan documented +- [ ] Required access/permissions confirmed + +## Rollback Plan + +**Rollback Trigger Criteria:** +*Under what conditions will rollback be initiated?* + + + +**Rollback Steps:** +| Step | Action | Responsible | Est. Time | +|------|--------|-------------|-----------| +| 1 | | | | +| 2 | | | | +| 3 | | | | + +**Estimated Rollback Time:** + +## Testing Plan + +**Test Environment:** +- [ ] Already tested in Dev +- [ ] Already tested in Test/Stage +- [ ] Production verification only + +**Test Cases:** +| Test | Expected Result | Pass/Fail | +|------|-----------------|-----------| +| | | ☐ | +| | | ☐ | +| | | ☐ | + +## Communication Plan + +### Notifications Required +- [ ] End users +- [ ] Help desk +- [ ] Management +- [ ] External parties +- [ ] None required + +### Notification Details +| Audience | Method | Timing | Responsible | +|----------|--------|--------|-------------| +| | | | | +| | | | | + +## Approvals + +### Technical Review +| Field | Entry | +|-------|-------| +| Reviewer Name | | +| Date | | +| Decision | ☐ Approved ☐ Rejected ☐ More Info Needed | +| Comments | | +| Signature | | + +### CAB Review +| Field | Entry | +|-------|-------| +| CAB Meeting Date | | +| Decision | ☐ Approved ☐ Approved w/Conditions ☐ Deferred ☐ Rejected | +| Conditions (if any) | | +| CAB Chair Signature | | + +### Management Approval (if required) +| Field | Entry | +|-------|-------| +| Approver Name | | +| Date | | +| Signature | | + +## Post-Implementation + +### Results +| Field | Entry | +|-------|-------| +| Implementation Date | | +| Actual Start Time | | +| Actual End Time | | +| Status | ☐ Successful ☐ Partial ☐ Failed ☐ Rolled Back | + +### Issues Encountered + + +### Lessons Learned + + +### PIR Required? +- [ ] Yes (Schedule date: _________) +- [ ] No + +### Closure +| Field | Entry | +|-------|-------| +| Closed By | | +| Date Closed | | +| Final Status | ☐ Successful ☐ Failed | + +--- + +*Form FRM-CHG-001 Rev 1.0 - Request for Change* diff --git a/Forms/FRM-001-Document-Change-Request.md b/Forms/FRM-001-Document-Change-Request.md new file mode 100644 index 0000000..55c718a --- /dev/null +++ b/Forms/FRM-001-Document-Change-Request.md @@ -0,0 +1,64 @@ +# Document Change Request Form + +| Form ID | FRM-001 | Revision | 1.0 | +|---------|---------|----------|-----| + +--- + +## Section 1: Request Information + +| Field | Entry | +|-------|-------| +| Request Date | | +| Requested By | | +| Department | | + +## Section 2: Document Information + +| Field | Entry | +|-------|-------| +| Document Number | | +| Document Title | | +| Current Revision | | + +## Section 3: Change Description + +### Type of Change +- [ ] New Document +- [ ] Revision to Existing Document +- [ ] Document Obsolescence + +### Description of Change +*(Describe the proposed change in detail)* + + + + +### Reason for Change +*(Explain why this change is needed)* + + + + +## Section 4: Impact Assessment + +### Affected Areas +- [ ] Training Required +- [ ] Other Documents Affected +- [ ] Process Changes Required +- [ ] Validation Impact + +### List Affected Documents + + +## Section 5: Approvals + +| Role | Name | Signature | Date | +|------|------|-----------|------| +| Requester | | | | +| Document Owner | | | | +| Quality Assurance | | | | + +--- + +*Form FRM-001 Rev 1.0* diff --git a/Forms/FRM-003-CAPA-Form.md b/Forms/FRM-003-CAPA-Form.md new file mode 100644 index 0000000..6790a8f --- /dev/null +++ b/Forms/FRM-003-CAPA-Form.md @@ -0,0 +1,91 @@ +# Corrective and Preventive Action (CAPA) Form + +| Form ID | FRM-003 | Revision | 1.0 | +|---------|---------|----------|-----| + +--- + +## Section 1: CAPA Identification + +| Field | Entry | +|-------|-------| +| CAPA Number | | +| Date Initiated | | +| Initiated By | | +| CAPA Owner | | +| Target Closure Date | | + +## Section 2: Classification + +### Type +- [ ] Corrective Action +- [ ] Preventive Action + +### Source +- [ ] Customer Complaint +- [ ] Internal Audit +- [ ] External Audit +- [ ] Process Deviation +- [ ] Nonconforming Product +- [ ] Management Review +- [ ] Other: ____________ + +### Priority +- [ ] Critical (5 business days) +- [ ] Major (15 business days) +- [ ] Minor (30 business days) + +## Section 3: Problem Description + +*(Describe the nonconformity or potential nonconformity)* + + + + +## Section 4: Immediate Containment + +*(Actions taken to contain the immediate impact)* + + + + +## Section 5: Root Cause Investigation + +### Investigation Method Used +- [ ] 5 Whys +- [ ] Fishbone Diagram +- [ ] Fault Tree Analysis +- [ ] Other: ____________ + +### Root Cause Determination + + + + +## Section 6: Corrective/Preventive Actions + +| Action | Responsible | Due Date | Status | +|--------|-------------|----------|--------| +| | | | | +| | | | | +| | | | | + +## Section 7: Effectiveness Verification + +| Criteria | Method | Result | +|----------|--------|--------| +| | | | + +Verification Date: ____________ +Verified By: ____________ + +## Section 8: Closure + +| Role | Name | Signature | Date | +|------|------|-----------|------| +| CAPA Owner | | | | +| Quality Approval | | | | + +--- + +*Form FRM-003 Rev 1.0* diff --git a/Forms/FRM-006-Audit-Checklist.md b/Forms/FRM-006-Audit-Checklist.md new file mode 100644 index 0000000..45bf0b6 --- /dev/null +++ b/Forms/FRM-006-Audit-Checklist.md @@ -0,0 +1,56 @@ +# Internal Audit Checklist + +| Form ID | FRM-006 | Revision | 1.0 | +|---------|---------|----------|-----| + +--- + +## Audit Information + +| Field | Entry | +|-------|-------| +| Audit Number | | +| Audit Date | | +| Area/Process Audited | | +| Lead Auditor | | +| Auditee(s) | | + +--- + +## Checklist Items + +| # | Requirement/Question | Reference | C/NC/NA | Evidence/Notes | +|---|---------------------|-----------|---------|----------------| +| 1 | Are current versions of applicable procedures available? | SOP-001 | | | +| 2 | Are personnel trained on applicable procedures? | SOP-003 | | | +| 3 | Are training records current and complete? | SOP-003 | | | +| 4 | Are records properly maintained and retrievable? | SOP-001 | | | +| 5 | Are nonconformities being documented and addressed? | SOP-002 | | | +| 6 | Are CAPAs being completed on time? | SOP-002 | | | +| 7 | Is equipment calibrated and maintained? | | | | +| 8 | Are process controls being followed? | | | | +| 9 | Are quality objectives being monitored? | | | | +| 10 | | | | | + +**Legend:** C = Conforming, NC = Nonconforming, NA = Not Applicable + +--- + +## Findings Summary + +| Finding # | Type | Description | Clause Reference | +|-----------|------|-------------|------------------| +| | | | | +| | | | | + +--- + +## Auditor Signature + +| Auditor | Signature | Date | +|---------|-----------|------| +| | | | + +--- + +*Form FRM-006 Rev 1.0* diff --git a/Forms/Incident-Reports/.gitkeep b/Forms/Incident-Reports/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Forms/Training/FRM-004-Training-Record.md b/Forms/Training/FRM-004-Training-Record.md new file mode 100644 index 0000000..b66164d --- /dev/null +++ b/Forms/Training/FRM-004-Training-Record.md @@ -0,0 +1,72 @@ +# Training Record Form + +| Form ID | FRM-004 | Revision | 1.0 | +|---------|---------|----------|-----| + +--- + +## Section 1: Employee Information + +| Field | Entry | +|-------|-------| +| Employee Name | | +| Employee ID | | +| Department | | +| Job Title | | + +## Section 2: Training Information + +| Field | Entry | +|-------|-------| +| Training Title | | +| Training Date | | +| Training Duration | | +| Trainer Name | | +| Trainer Qualification | | + +### Training Type +- [ ] Initial Training +- [ ] Retraining +- [ ] Refresher +- [ ] Procedure Update + +### Delivery Method +- [ ] Classroom +- [ ] On-the-Job +- [ ] Self-Study +- [ ] Computer-Based +- [ ] Other: ____________ + +## Section 3: Training Content + +*(List topics covered or attach training materials)* + + + + +## Section 4: Assessment + +### Assessment Method +- [ ] Written Test +- [ ] Practical Demonstration +- [ ] Verbal Assessment +- [ ] Observation + +### Assessment Results + +| Metric | Result | +|--------|--------| +| Score (if applicable) | | +| Pass/Fail | | + +## Section 5: Signatures + +| Role | Name | Signature | Date | +|------|------|-----------|------| +| Trainee | | | | +| Trainer | | | | +| Supervisor | | | | + +--- + +*Form FRM-004 Rev 1.0* diff --git a/Policies/POL-001-Quality-Policy.md b/Policies/POL-001-Quality-Policy.md new file mode 100644 index 0000000..ebd85dd --- /dev/null +++ b/Policies/POL-001-Quality-Policy.md @@ -0,0 +1,57 @@ +# Quality Policy + +| Document ID | POL-001 | +|-------------|---------| +| Title | Quality Policy | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | + +--- + +## 1. Policy Statement + +[ORGANIZATION NAME] is committed to providing products and services that consistently meet customer requirements and applicable regulatory requirements. We strive for continual improvement of our Quality Management System to enhance customer satisfaction. + +## 2. Quality Objectives + +Our organization commits to: + +1. **Customer Focus**: Understanding and meeting customer needs and expectations +2. **Regulatory Compliance**: Maintaining compliance with all applicable regulations and standards +3. **Continuous Improvement**: Continually improving the effectiveness of our QMS +4. **Employee Engagement**: Ensuring all employees understand their role in quality +5. **Risk-Based Thinking**: Identifying and addressing risks and opportunities + +## 3. Management Commitment + +Top management demonstrates commitment to the QMS by: + +- Ensuring the quality policy is appropriate to the organization's purpose +- Ensuring quality objectives are established and compatible with strategic direction +- Ensuring integration of QMS requirements into business processes +- Promoting the use of the process approach and risk-based thinking +- Ensuring resources needed for the QMS are available +- Communicating the importance of effective quality management +- Ensuring the QMS achieves its intended results +- Engaging, directing, and supporting persons to contribute to QMS effectiveness + +## 4. Scope + +This policy applies to all employees, contractors, and processes within the scope of our Quality Management System. + +## 5. Communication + +This policy shall be: +- Communicated and understood within the organization +- Available to relevant interested parties as appropriate +- Reviewed for continuing suitability + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/README.md b/README.md index 8091df2..305169c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,133 @@ -# it-infrastructure +# IT Infrastructure Quality Management System -A comprehensive QMS template designed for IT departments, managed service providers, and technology infrastructure teams in regulated industries. \ No newline at end of file +A comprehensive QMS template designed for IT departments, managed service providers, and technology infrastructure teams in regulated industries. + +## 💻 Designed For + +- **Healthcare IT Departments** - Hospital and clinic technology teams +- **Managed Service Providers (MSPs)** - IT service organizations +- **Data Centers** - Colocation and hosting facilities +- **Cloud Operations Teams** - AWS, Azure, GCP management +- **Cybersecurity Teams** - Security operations centers +- **Research Computing** - HPC and scientific computing +- **Compliance-Focused IT** - HIPAA, SOC 2, PCI environments + +## 📋 Regulatory Framework + +This template supports compliance with: + +- **ISO 27001** - Information Security Management Systems +- **SOC 2** - Service Organization Control (Trust Services Criteria) +- **HIPAA Security Rule** - Healthcare information security +- **NIST Cybersecurity Framework** - Security controls and practices +- **PCI DSS** - Payment Card Industry Data Security Standard +- **GDPR** - Data protection requirements (if applicable) +- **FISMA** - Federal information security (government) +- **CIS Controls** - Center for Internet Security benchmarks +- **ITIL** - IT Service Management best practices +- **COBIT** - Governance and management of IT + +## Repository Structure + +``` +├── SOPs/ +│ ├── Change-Management/ # Change requests, approvals, implementation +│ ├── Incident-Response/ # Security incidents, outages, escalation +│ ├── Access-Control/ # User provisioning, authentication, authorization +│ ├── Backup-Recovery/ # Backups, disaster recovery, business continuity +│ ├── Security-Operations/ # Vulnerability management, patching, monitoring +│ └── General/ # Document control, training, CAPA +├── Forms/ +│ ├── Change-Requests/ # RFC forms, CAB meeting records +│ ├── Incident-Reports/ # Incident tickets, post-mortems, RCA +│ ├── Access-Requests/ # User access, privilege escalation forms +│ ├── Audit-Checklists/ # Security audits, compliance assessments +│ ├── Asset-Inventory/ # Hardware, software, license tracking +│ └── Training/ # Security awareness, competency assessments +├── Policies/ # IT and security policies +├── Work-Instructions/ # Step-by-step procedures +└── Templates/ # Document templates +``` + +## Document Numbering Convention + +- **POL-XXX**: Policies +- **SOP-CHG-XXX**: Change Management SOPs +- **SOP-INC-XXX**: Incident Response SOPs +- **SOP-ACC-XXX**: Access Control SOPs +- **SOP-BAK-XXX**: Backup and Recovery SOPs +- **SOP-SEC-XXX**: Security Operations SOPs +- **WI-XXX**: Work Instructions +- **FRM-XXX**: Forms and Records + +## 🤖 AI-Powered Assistance + +This repository includes **AtomicAI**, your IT infrastructure QMS assistant. Mention `@atomicai` in any issue or pull request to: + +- Draft change management and incident response procedures +- Create access control and user provisioning SOPs +- Generate backup and disaster recovery plans +- Develop security policies and procedures +- Create audit checklists and compliance documentation +- Review documents for ISO 27001/SOC 2 compliance + +### Example Prompts + +- "@atomicai create an SOP for change management with CAB approval workflow" +- "@atomicai draft a security incident response procedure" +- "@atomicai write a user access provisioning and deprovisioning SOP" +- "@atomicai create a disaster recovery plan template" +- "@atomicai develop a vulnerability management procedure" +- "@atomicai create a patch management SOP with testing requirements" + +## Getting Started + +1. **Establish Governance** - Define IT policies and approval authorities +2. **Implement Change Management** - Configure RFC and CAB processes +3. **Set Up Incident Response** - Create escalation procedures and playbooks +4. **Define Access Controls** - Establish user provisioning workflows +5. **Train Staff** - Security awareness and procedure training + +## Key Documents to Create First + +1. **Change Management SOP** - RFC, approval, and implementation workflow +2. **Incident Response Procedure** - Detection, containment, recovery, post-mortem +3. **Access Control Policy** - Least privilege, authentication, authorization +4. **Backup and Recovery SOP** - Backup schedules, retention, testing +5. **Vulnerability Management SOP** - Scanning, prioritization, remediation +6. **Patch Management SOP** - Testing, deployment, rollback procedures +7. **Business Continuity Plan** - DR procedures and RTO/RPO targets + +## Special Considerations for IT Infrastructure + +### Change Management +- Request for Change (RFC) documentation +- Change Advisory Board (CAB) process +- Risk assessment and testing requirements +- Rollback procedures +- Post-implementation review + +### Security Operations +- Vulnerability scanning and assessment +- Penetration testing programs +- Security monitoring and SIEM +- Threat intelligence integration +- Incident detection and response + +### Access Control +- Identity and access management +- Privileged access management +- Multi-factor authentication +- Access reviews and recertification +- Termination and offboarding + +### Business Continuity +- Disaster recovery planning +- RTO/RPO definitions +- Backup verification and testing +- Failover procedures +- Communication plans + +--- + +*This template is maintained by AtomicQMS. For questions, open an issue in this repository.* diff --git a/SOPs/Access-Control/.gitkeep b/SOPs/Access-Control/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/SOPs/Backup-Recovery/.gitkeep b/SOPs/Backup-Recovery/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/SOPs/Change-Management/.gitkeep b/SOPs/Change-Management/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/SOPs/Change-Management/SOP-CHG-001-Change-Management.md b/SOPs/Change-Management/SOP-CHG-001-Change-Management.md new file mode 100644 index 0000000..e2667cb --- /dev/null +++ b/SOPs/Change-Management/SOP-CHG-001-Change-Management.md @@ -0,0 +1,193 @@ +# Standard Operating Procedure: Change Management + +| Document ID | SOP-CHG-001 | +|-------------|-------------| +| Title | IT Change Management Process | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | IT Operations | + +--- + +## 1. Purpose + +To establish a controlled process for managing changes to IT infrastructure, applications, and services to minimize risk and ensure stability while enabling business agility. + +## 2. Scope + +This procedure applies to all changes to: +- Production servers and network infrastructure +- Databases and storage systems +- Applications and software +- Security configurations +- Cloud infrastructure and services +- Network and firewall rules + +## 3. Responsibilities + +### 3.1 Change Requester +- Submit complete RFC with business justification +- Coordinate with stakeholders +- Verify change success post-implementation + +### 3.2 Change Manager +- Review and classify changes +- Schedule CAB meetings +- Track change metrics + +### 3.3 Change Advisory Board (CAB) +- Review and approve/reject changes +- Assess risk and impact +- Prioritize conflicting changes + +### 3.4 Technical Implementer +- Develop implementation plan +- Execute approved changes +- Document results + +## 4. Definitions + +| Term | Definition | +|------|------------| +| RFC | Request for Change - formal change proposal | +| CAB | Change Advisory Board - approval committee | +| ECAB | Emergency CAB - expedited approval for urgent changes | +| PIR | Post-Implementation Review | + +## 5. Change Categories + +### 5.1 Standard Changes +Pre-approved, low-risk, routine changes: +- Password resets +- User account creation +- Approved software installations +- Scheduled maintenance activities + +### 5.2 Normal Changes +Require CAB review and approval: +- Application deployments +- Server configuration changes +- Network modifications +- Database changes + +### 5.3 Emergency Changes +Require ECAB approval, used only for: +- Security incidents requiring immediate response +- Critical system failures +- Regulatory compliance issues + +## 6. Procedure + +### 6.1 Change Request Submission + +1. **Complete RFC Form** (FRM-CHG-001) + - Description of change + - Business justification + - Risk assessment + - Implementation plan + - Rollback plan + - Testing plan + - Affected systems/users + +2. **Submit RFC** + - Submit via ticketing system + - Attach all supporting documentation + - Identify change window preference + +### 6.2 Change Assessment + +| Risk Level | Criteria | Approval Required | +|------------|----------|-------------------| +| Low | Single system, no downtime, easy rollback | Change Manager | +| Medium | Multiple systems, planned downtime, tested rollback | CAB | +| High | Critical systems, extended downtime, complex rollback | CAB + Management | + +### 6.3 CAB Review Process + +1. **Pre-CAB Preparation** + - Review all pending RFCs + - Verify completeness + - Identify conflicts with other changes + +2. **CAB Meeting Agenda** + - Review of failed/problematic changes + - Assessment of new RFCs + - Scheduling of approved changes + - Review of change calendar + +3. **Decision Outcomes** + - **Approved**: Proceed as planned + - **Approved with conditions**: Requires modifications + - **Deferred**: Reschedule for later review + - **Rejected**: Not approved, requires rework + +### 6.4 Change Implementation + +1. **Pre-Implementation** + - [ ] Approval documented in ticket + - [ ] Stakeholders notified + - [ ] Backup completed + - [ ] Rollback plan ready + - [ ] Monitoring in place + +2. **During Implementation** + - [ ] Follow implementation plan exactly + - [ ] Document each step + - [ ] Test at defined checkpoints + - [ ] Communicate status updates + +3. **Post-Implementation** + - [ ] Verify change success + - [ ] Update documentation + - [ ] Close RFC with results + - [ ] Schedule PIR if required + +### 6.5 Rollback Criteria + +Initiate rollback if: +- Change causes unplanned outage +- Functionality fails verification +- Security vulnerability introduced +- Performance degradation exceeds threshold +- Change window expiring with incomplete work + +### 6.6 Emergency Change Process + +1. Obtain verbal ECAB approval (minimum 2 members) +2. Document decision and justification +3. Implement with minimal viable scope +4. Complete formal RFC within 24 hours +5. Conduct PIR for all emergency changes + +## 7. Change Freeze Periods + +No non-emergency changes permitted during: +- Month-end/quarter-end processing +- Major business events +- Holiday periods (as defined) +- Audit periods + +## 8. Metrics and Reporting + +| Metric | Target | +|--------|--------| +| Change success rate | >95% | +| Emergency change ratio | <5% | +| Unauthorized changes | 0 | +| Average approval time | <3 business days | + +## 9. Related Documents + +- FRM-CHG-001 Request for Change Form +- FRM-CHG-002 CAB Meeting Minutes +- SOP-INC-001 Incident Response Procedure + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/General/SOP-001-Document-Control.md b/SOPs/General/SOP-001-Document-Control.md new file mode 100644 index 0000000..b64ef52 --- /dev/null +++ b/SOPs/General/SOP-001-Document-Control.md @@ -0,0 +1,112 @@ +# Standard Operating Procedure: Document Control + +| Document ID | SOP-001 | +|-------------|---------| +| Title | Document Control | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | Quality Assurance | + +--- + +## 1. Purpose + +To establish a procedure for the creation, review, approval, distribution, and control of documents within the Quality Management System. + +## 2. Scope + +This procedure applies to all controlled documents including: +- Policies +- Standard Operating Procedures (SOPs) +- Work Instructions +- Forms and Templates +- Specifications +- External documents of external origin + +## 3. Responsibilities + +### 3.1 Document Owner +- Responsible for document content and accuracy +- Initiates document creation and revision +- Ensures periodic review is performed + +### 3.2 Quality Assurance +- Maintains the document control system +- Assigns document numbers +- Manages document distribution +- Archives obsolete documents + +### 3.3 Approvers +- Review and approve documents before release +- Ensure documents are adequate for intended purpose + +## 4. Procedure + +### 4.1 Document Creation + +1. Identify the need for a new document +2. Request document number from Quality Assurance +3. Draft document using appropriate template +4. Include all required header information +5. Submit for review and approval + +### 4.2 Document Review and Approval + +1. Route document to appropriate reviewers +2. Reviewers provide comments within 5 business days +3. Author addresses all comments +4. Final approval by designated approver +5. Quality Assurance releases document + +### 4.3 Document Numbering + +Documents shall be numbered according to the following convention: + +| Type | Prefix | Example | +|------|--------|---------| +| Policy | POL | POL-001 | +| SOP | SOP | SOP-001 | +| Work Instruction | WI | WI-001 | +| Form | FRM | FRM-001 | + +### 4.4 Revision Control + +1. All changes require documented justification +2. Changes follow same review/approval process as new documents +3. Revision number increments with each approved change +4. Revision history maintained in document footer + +### 4.5 Document Distribution + +1. Current versions available in document control system +2. Obsolete versions marked and archived +3. Training on new/revised documents as needed + +### 4.6 Periodic Review + +1. Documents reviewed at least every 2 years +2. Review documented even if no changes made +3. Reviews may result in revision or reaffirmation + +## 5. Related Documents + +- FRM-001 Document Change Request Form +- FRM-002 Document Review Record + +## 6. Definitions + +| Term | Definition | +|------|------------| +| Controlled Document | Document managed under document control system | +| Obsolete | Document no longer valid for use | +| Revision | Updated version of a document | + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/General/SOP-002-CAPA.md b/SOPs/General/SOP-002-CAPA.md new file mode 100644 index 0000000..8dace85 --- /dev/null +++ b/SOPs/General/SOP-002-CAPA.md @@ -0,0 +1,134 @@ +# Standard Operating Procedure: Corrective and Preventive Action (CAPA) + +| Document ID | SOP-002 | +|-------------|---------| +| Title | Corrective and Preventive Action | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | Quality Assurance | + +--- + +## 1. Purpose + +To establish a systematic process for identifying, investigating, correcting, and preventing nonconformities and potential nonconformities. + +## 2. Scope + +This procedure applies to: +- Product and process nonconformities +- Customer complaints +- Audit findings +- Process deviations +- Potential nonconformities identified through risk analysis + +## 3. Definitions + +| Term | Definition | +|------|------------| +| Corrective Action | Action to eliminate the cause of a detected nonconformity | +| Preventive Action | Action to eliminate the cause of a potential nonconformity | +| Root Cause | Fundamental reason for a nonconformity | +| Effectiveness Check | Verification that implemented actions achieved desired results | + +## 4. Responsibilities + +### 4.1 CAPA Owner +- Investigates the issue +- Identifies root cause +- Develops and implements corrective/preventive actions +- Verifies effectiveness + +### 4.2 Quality Assurance +- Manages CAPA system +- Assigns CAPA numbers +- Tracks CAPA status +- Reviews and approves CAPAs +- Reports CAPA metrics to management + +### 4.3 Management +- Provides resources for CAPA implementation +- Reviews CAPA trends +- Ensures timely closure + +## 5. Procedure + +### 5.1 CAPA Initiation + +1. Identify nonconformity or potential nonconformity +2. Document issue on CAPA Form (FRM-003) +3. Classify severity and priority +4. Assign CAPA owner + +### 5.2 Investigation + +1. Gather relevant data and evidence +2. Interview personnel involved +3. Review related documents and records +4. Use appropriate investigation tools: + - 5 Whys + - Fishbone Diagram + - Failure Mode Analysis + +### 5.3 Root Cause Analysis + +1. Identify potential root causes +2. Verify root cause through evidence +3. Document root cause determination +4. Consider systemic implications + +### 5.4 Action Development + +1. Develop corrective/preventive actions +2. Assign responsibilities and due dates +3. Assess actions for: + - Appropriateness to problem severity + - Impact on other processes + - Resource requirements + +### 5.5 Implementation + +1. Execute approved actions +2. Document implementation evidence +3. Update affected documents/processes +4. Provide training as needed + +### 5.6 Effectiveness Verification + +1. Define effectiveness criteria +2. Allow sufficient time for actions to take effect +3. Collect and analyze data +4. Document verification results +5. If ineffective, reopen CAPA for further action + +### 5.7 Closure + +1. Review all CAPA documentation +2. Verify all actions completed +3. Confirm effectiveness verified +4. Obtain approval for closure + +## 6. CAPA Metrics + +Quality Assurance shall track and report: +- Number of open CAPAs +- CAPA aging +- On-time closure rate +- Effectiveness rate +- CAPAs by category/source + +## 7. Related Documents + +- FRM-003 CAPA Form +- SOP-003 Nonconforming Product Control +- SOP-004 Customer Complaints + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/General/SOP-003-Training.md b/SOPs/General/SOP-003-Training.md new file mode 100644 index 0000000..22538c1 --- /dev/null +++ b/SOPs/General/SOP-003-Training.md @@ -0,0 +1,123 @@ +# Standard Operating Procedure: Training and Competence + +| Document ID | SOP-003 | +|-------------|---------| +| Title | Training and Competence | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | Human Resources / Quality | + +--- + +## 1. Purpose + +To ensure personnel performing work affecting product quality are competent based on appropriate education, training, skills, and experience. + +## 2. Scope + +This procedure applies to: +- All employees performing quality-affecting activities +- Contractors and temporary personnel +- Personnel requiring GxP training + +## 3. Responsibilities + +### 3.1 Supervisors/Managers +- Identify training needs for their personnel +- Ensure training is completed before performing tasks +- Evaluate competence of personnel +- Maintain department training records + +### 3.2 Human Resources +- Coordinate training programs +- Maintain central training database +- Track training compliance +- Archive training records + +### 3.3 Quality Assurance +- Develop QMS-related training +- Approve training curricula for GxP activities +- Audit training compliance + +### 3.4 Employees +- Complete assigned training on time +- Maintain current qualifications +- Report training needs to supervisor + +## 4. Procedure + +### 4.1 Training Needs Assessment + +1. Identify competence requirements for each role +2. Document requirements in job descriptions +3. Assess current competence of personnel +4. Identify training gaps + +### 4.2 Training Curriculum Development + +1. Define learning objectives +2. Develop training materials +3. Identify delivery method: + - Classroom + - On-the-job + - Self-study + - Computer-based +4. Define assessment criteria +5. Obtain approval from Quality (for GxP training) + +### 4.3 Training Delivery + +1. Schedule training session +2. Document attendance +3. Deliver training per curriculum +4. Assess comprehension through: + - Written test (minimum 80% passing) + - Practical demonstration + - Supervisor observation + +### 4.4 Training Documentation + +Training records shall include: +- Employee name and ID +- Training title and date +- Trainer name and qualifications +- Assessment results +- Signatures + +### 4.5 Retraining Requirements + +Retraining is required when: +- Significant document revisions occur +- Performance deficiencies identified +- Extended absence from job function +- Periodic requalification due + +### 4.6 New Employee Orientation + +All new employees shall complete: +1. Company orientation +2. Quality system overview +3. Job-specific training +4. SOP read and understand for applicable procedures + +## 5. Training Records Retention + +- Training records maintained for duration of employment +- Records retained 3 years after employee departure +- Records available for regulatory inspection + +## 6. Related Documents + +- FRM-004 Training Record Form +- FRM-005 Training Assessment Form +- Job Descriptions + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/General/SOP-004-Internal-Audit.md b/SOPs/General/SOP-004-Internal-Audit.md new file mode 100644 index 0000000..749d6a5 --- /dev/null +++ b/SOPs/General/SOP-004-Internal-Audit.md @@ -0,0 +1,136 @@ +# Standard Operating Procedure: Internal Audit + +| Document ID | SOP-004 | +|-------------|---------| +| Title | Internal Audit | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | Quality Assurance | + +--- + +## 1. Purpose + +To establish a systematic approach for conducting internal audits to verify the effectiveness of the Quality Management System. + +## 2. Scope + +This procedure covers: +- QMS process audits +- Compliance audits +- Product audits +- System audits + +## 3. Definitions + +| Term | Definition | +|------|------------| +| Audit | Systematic, independent examination to determine conformance | +| Auditor | Person qualified to perform audits | +| Finding | Observation of conformance or nonconformance | +| Observation | Noted item not rising to level of finding | + +## 4. Responsibilities + +### 4.1 Lead Auditor +- Plans and schedules audits +- Prepares audit checklists +- Conducts audit activities +- Reports audit findings + +### 4.2 Quality Manager +- Maintains audit program +- Qualifies auditors +- Reviews audit reports +- Reports to management + +### 4.3 Auditee +- Provides access to areas/records +- Responds to findings +- Implements corrective actions + +## 5. Procedure + +### 5.1 Annual Audit Schedule + +1. Develop annual audit schedule considering: + - Previous audit results + - Process criticality + - Regulatory requirements + - Changes to processes +2. Ensure all QMS processes audited at least annually +3. Obtain management approval +4. Communicate schedule to affected areas + +### 5.2 Auditor Qualification + +Auditors shall: +- Complete auditor training course +- Conduct at least 2 audits under supervision +- Be independent of area being audited +- Maintain competence through ongoing audits + +### 5.3 Audit Preparation + +1. Review applicable procedures and standards +2. Review previous audit reports +3. Prepare audit checklist +4. Notify auditee of audit scope and schedule +5. Confirm auditor availability + +### 5.4 Conducting the Audit + +1. Hold opening meeting with auditee +2. Execute audit checklist +3. Gather objective evidence: + - Document review + - Personnel interviews + - Process observation +4. Document findings with evidence +5. Classify findings: + - Major Nonconformance + - Minor Nonconformance + - Observation +6. Hold closing meeting + +### 5.5 Audit Reporting + +1. Complete audit report within 5 business days +2. Report shall include: + - Audit scope and criteria + - Personnel interviewed + - Findings with evidence + - Recommendations +3. Distribute report to auditee and management + +### 5.6 Finding Resolution + +1. Auditee responds with corrective action plan within 10 business days +2. Quality reviews and approves plan +3. Auditee implements corrective actions +4. Auditor verifies effectiveness +5. Close finding upon verification + +## 6. Audit Records + +Maintain for 5 years: +- Audit schedules +- Checklists +- Reports +- Corrective action records + +## 7. Related Documents + +- FRM-006 Audit Checklist Template +- FRM-007 Audit Report Template +- SOP-002 CAPA + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/General/SOP-005-Management-Review.md b/SOPs/General/SOP-005-Management-Review.md new file mode 100644 index 0000000..dd82006 --- /dev/null +++ b/SOPs/General/SOP-005-Management-Review.md @@ -0,0 +1,114 @@ +# Standard Operating Procedure: Management Review + +| Document ID | SOP-005 | +|-------------|---------| +| Title | Management Review | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | Quality Assurance | + +--- + +## 1. Purpose + +To ensure top management reviews the Quality Management System at planned intervals to ensure its continuing suitability, adequacy, and effectiveness. + +## 2. Scope + +This procedure applies to the periodic management review of the QMS, including all processes and quality objectives. + +## 3. Frequency + +Management reviews shall be conducted: +- At least annually +- More frequently if significant changes occur +- As needed based on quality performance + +## 4. Responsibilities + +### 4.1 Quality Manager +- Prepares management review agenda and materials +- Facilitates the meeting +- Documents meeting minutes and action items +- Tracks completion of action items + +### 4.2 Top Management +- Attends management review meetings +- Reviews QMS performance data +- Makes decisions on QMS improvements +- Allocates resources as needed + +### 4.3 Department Managers +- Provides input data for their areas +- Attends management review +- Implements assigned action items + +## 5. Management Review Inputs + +The following shall be considered: + +### 5.1 Actions from Previous Reviews +- Status of action items +- Effectiveness of implemented actions + +### 5.2 Changes in Context +- Internal changes (organization, resources) +- External changes (regulations, market) + +### 5.3 QMS Performance +- Customer satisfaction and feedback +- Quality objectives achievement +- Process performance metrics +- Nonconformities and corrective actions +- Audit results +- Supplier performance + +### 5.4 Resource Adequacy +- Personnel +- Infrastructure +- Work environment + +### 5.5 Risk and Opportunities +- Risk assessment results +- Effectiveness of risk controls +- New opportunities identified + +### 5.6 Improvement Opportunities +- Process improvements +- Product improvements +- QMS enhancements + +## 6. Management Review Outputs + +Decisions and actions related to: +- Improvement of QMS and processes +- Product improvement +- Resource needs +- Changes to quality policy or objectives + +## 7. Documentation + +### 7.1 Meeting Minutes +- Date and attendees +- Items discussed +- Decisions made +- Action items with owners and due dates + +### 7.2 Record Retention +- Management review records retained for 5 years +- Available for regulatory inspection + +## 8. Related Documents + +- FRM-008 Management Review Agenda Template +- FRM-009 Management Review Minutes Template + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/Incident-Response/.gitkeep b/SOPs/Incident-Response/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/SOPs/Incident-Response/SOP-INC-001-Incident-Response.md b/SOPs/Incident-Response/SOP-INC-001-Incident-Response.md new file mode 100644 index 0000000..e612df8 --- /dev/null +++ b/SOPs/Incident-Response/SOP-INC-001-Incident-Response.md @@ -0,0 +1,182 @@ +# Standard Operating Procedure: Security Incident Response + +| Document ID | SOP-INC-001 | +|-------------|-------------| +| Title | Security Incident Response Procedure | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | IT Security | + +--- + +## 1. Purpose + +To establish a structured approach for detecting, responding to, containing, and recovering from security incidents to minimize impact and prevent recurrence. + +## 2. Scope + +This procedure applies to all security incidents including: +- Unauthorized access attempts +- Malware infections +- Data breaches +- Denial of service attacks +- Phishing attacks +- Lost or stolen devices +- Insider threats +- System compromises + +## 3. Responsibilities + +### 3.1 All Staff +- Report suspected incidents immediately +- Preserve evidence (do not turn off systems unless directed) +- Follow instructions from incident response team + +### 3.2 IT Security Team +- Triage and classify incidents +- Lead response efforts +- Coordinate with stakeholders + +### 3.3 Incident Response Manager +- Authorize containment actions +- Escalate to management as needed +- Coordinate external communications + +## 4. Incident Classification + +| Severity | Criteria | Response Time | +|----------|----------|---------------| +| Critical | Active breach, data exfiltration, ransomware | Immediate | +| High | Confirmed compromise, malware spreading | < 1 hour | +| Medium | Attempted intrusion, isolated malware | < 4 hours | +| Low | Policy violation, suspicious activity | < 24 hours | + +## 5. Incident Response Phases + +### 5.1 Phase 1: Detection and Reporting + +**Detection Sources:** +- Security monitoring tools (SIEM, IDS/IPS) +- User reports +- Vendor notifications +- Audit findings +- Automated alerts + +**Reporting:** +1. Document initial observations +2. Report via security hotline or email +3. Complete FRM-INC-001 Incident Report +4. Do NOT attempt remediation without guidance + +### 5.2 Phase 2: Triage and Analysis + +1. **Initial Assessment** + - Confirm incident is genuine (vs. false positive) + - Classify severity level + - Identify affected systems/data + - Determine initial scope + +2. **Evidence Collection** + - System logs + - Network traffic captures + - Memory dumps (if warranted) + - Screenshots + - Preserve chain of custody + +3. **Escalation Decision** + - Critical/High: Immediate escalation to management + - Notify legal/compliance if data breach suspected + - Engage external forensics if needed + +### 5.3 Phase 3: Containment + +**Short-term Containment:** +- Isolate affected systems from network +- Block malicious IPs/domains +- Disable compromised accounts +- Preserve evidence before changes + +**Long-term Containment:** +- Apply temporary fixes +- Increase monitoring +- Implement additional controls +- Prepare for eradication + +**Containment Decision Matrix:** +| Action | Authority Required | +|--------|-------------------| +| Isolate single workstation | Security Team | +| Disable user account | Security Manager | +| Block network segment | IT Director | +| Shut down production system | Executive approval | + +### 5.4 Phase 4: Eradication + +1. Identify root cause +2. Remove malware/backdoors +3. Patch vulnerabilities exploited +4. Reset compromised credentials +5. Verify removal is complete + +### 5.5 Phase 5: Recovery + +1. Restore systems from clean backups +2. Rebuild if necessary +3. Verify integrity before reconnecting +4. Monitor closely post-recovery +5. Confirm normal operations + +### 5.6 Phase 6: Post-Incident Review + +**Conduct within 5 business days:** +- Timeline reconstruction +- Root cause analysis +- Response effectiveness review +- Lessons learned +- Improvement recommendations + +**Documentation:** +- Complete FRM-INC-002 Post-Incident Report +- Update procedures as needed +- Brief stakeholders + +## 6. Communication Guidelines + +### Internal Communication +| Audience | Information | Method | +|----------|-------------|--------| +| Executive Team | Status, business impact, decisions needed | Phone/meeting | +| IT Staff | Technical details, actions required | Secure channel | +| All Staff | General awareness (if warranted) | Email | + +### External Communication +- All external communications through designated spokesperson +- Coordinate with Legal and PR +- Regulatory notifications per compliance requirements +- Customer notifications per contract/law + +## 7. Regulatory Notification Requirements + +| Regulation | Notification Timeframe | Authority | +|------------|----------------------|-----------| +| HIPAA | 60 days (breach of >500) | HHS OCR | +| GDPR | 72 hours | Supervisory Authority | +| PCI DSS | Immediately | Card brands, acquirer | +| State Laws | Varies | State AG | + +## 8. Related Documents + +- FRM-INC-001 Incident Report Form +- FRM-INC-002 Post-Incident Report +- Contact list for incident response team +- Vendor/partner contact list + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/SOPs/Safety/.gitkeep b/SOPs/Safety/.gitkeep new file mode 100644 index 0000000..dcf2c80 --- /dev/null +++ b/SOPs/Safety/.gitkeep @@ -0,0 +1 @@ +# Placeholder diff --git a/SOPs/Security-Operations/.gitkeep b/SOPs/Security-Operations/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Templates/SOP-Template.md b/Templates/SOP-Template.md new file mode 100644 index 0000000..2e9f35e --- /dev/null +++ b/Templates/SOP-Template.md @@ -0,0 +1,62 @@ +# Standard Operating Procedure: [Title] + +| Document ID | SOP-XXX | +|-------------|---------| +| Title | [Title] | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | [DEPARTMENT] | + +--- + +## 1. Purpose + +[State the purpose of this procedure] + +## 2. Scope + +[Define the scope and applicability] + +## 3. Responsibilities + +### 3.1 [Role 1] +- [Responsibility] +- [Responsibility] + +### 3.2 [Role 2] +- [Responsibility] +- [Responsibility] + +## 4. Definitions + +| Term | Definition | +|------|------------| +| | | + +## 5. Procedure + +### 5.1 [Section Title] + +[Procedure steps] + +### 5.2 [Section Title] + +[Procedure steps] + +## 6. Related Documents + +- [List related procedures, forms, etc.] + +## 7. References + +- [External standards, regulations, etc.] + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] | diff --git a/Work Instructions/WI-001-Template.md b/Work Instructions/WI-001-Template.md new file mode 100644 index 0000000..68167f1 --- /dev/null +++ b/Work Instructions/WI-001-Template.md @@ -0,0 +1,68 @@ +# Work Instruction: [Title] + +| Document ID | WI-001 | +|-------------|--------| +| Title | [Title] | +| Revision | 1.0 | +| Effective Date | [DATE] | +| Author | [AUTHOR] | +| Approved By | [APPROVER] | +| Department | [DEPARTMENT] | + +--- + +## 1. Purpose + +[Describe the purpose of this work instruction] + +## 2. Scope + +[Define what activities this instruction covers] + +## 3. Safety Precautions + +- [List any safety requirements] +- [Personal protective equipment needed] +- [Hazards to be aware of] + +## 4. Equipment/Materials Required + +| Item | Specification | +|------|---------------| +| | | +| | | + +## 5. Procedure + +### Step 1: [Title] +[Detailed instructions] + +### Step 2: [Title] +[Detailed instructions] + +### Step 3: [Title] +[Detailed instructions] + +## 6. Acceptance Criteria + +[Define what constitutes successful completion] + +## 7. Records + +| Record | Location | Retention | +|--------|----------|-----------| +| | | | + +## 8. References + +- [Related SOPs] +- [Specifications] +- [Standards] + +--- + +## Revision History + +| Rev | Date | Description | Author | +|-----|------|-------------|--------| +| 1.0 | [DATE] | Initial release | [AUTHOR] |