Help > Cloud/SaaS Topics > SaaS/Cloud - IT Compliance > ID and Rights Managemement within RMS

The Rotronic Monitoring System is a GAMP©5 category 4 software combined with category 1 hardware, helping users monitor their GxP compliant applications, looking into the critical quality attributes and monitoring critical process parameters, helping focus on patient safety, product quality and data integrity and compliant to EudraLex Annex 11 and FDA 21 CFR Part 11.

Which authentication protocols are supported?

•When logging into the Rotronic Public SaaS the user has to add:

oCompany Name,

oUser Name,

oPassword.

•The password security can be defined within the Rotronic System Settings:

oDo not reuse passwords,

oChange password after x days,

oMinimum password length,

•Password strength:

oUpper and lower case letters,

oNumber and special character.

•The passwords are stored hashed within the database.

Are role-based access controls used?

•Yes.

Are administration controls provided to the customer and can these be used to assign read and write privileges to other users?

•Yes.

Can the system enforce various password policies (minimum number of characters, upper- and lowercase, numbers and regular change of x days)?

•Yes.

Can the system provide a report of granted access rights to the system users?

•Yes.

Can the system allow to connect the identity management with the cloud service?

•No, the Public SaaS solution won’t allow users to use their active directory,

•However, active directory is possible with an exclusive SaaS solution.

Does Rotronic do a regular review of roles and rights of their employees?

•Yes.