Let’s start this piece with a question for ourselves: do we still need password expiration as a security measure? In today’s life science industry, especially the pharmaceutical sector, a number of compliance reasons, guidelines, and agency regulations are responsible for an organization’s requirement to have their employees change their passwords every so often. It is now fair to say that we arrived at a point in time where most of the reasons behind the password expiration policy seem obsolete.
The Quality Systems (QS) Regulations of FDA 21 CFR 820 are general standards that apply to finished devices, that are intended for human use. Rather than impose strict requirements, the regulations offer an opportunity to the manufacturers of these devices to incorporate their quality management standards into key organizational processes.