Jump to content

Reactivating LIMS/QMS accounts for returning staff

Recommended Posts

OK Question for you...

I have always reactivated accounts to LIMS and QMS if the leaver has returned whilst still under technical competency (up to 2 years).  

  • ISO 27001:2016 - A.11.5.2 User identification and authentication Control - All users shall have a unique identifier (user ID) for their personal use only, and a suitable authentication technique shall be chosen to substantiate the claimed identity of a user

I have interpreted this as "as long as we can confirm the identity of the staff member (which we can), then there are no issues with reinstating their login. Having one person with two logins recorded against them means there is no longer a unique identifier for that person and we may potentially be seen as non-compliant. By giving someone a secondary login we lose traceability from an audit perspective and also regarding competence.  Which would require the staff member to undergo full re-competency for the role as there is nothing recorded (our competencies are managed within the QMS).

New IT person has just said "No - GDPR!" - our DPO said there are no GDPR issues but it has got me thinking. Have I interpreted the standards incorrectly?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Advertisement

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.