Standard Operating Procedure for Access Control to Regulatory Submission Records
| Department | Regulatory Affairs |
| SOP No. | RA/2026/769 |
| Supersedes | NA |
| Page No. | 1 of X |
| Issue Date | 16/04/2026 |
| Effective Date | 16/04/2026 |
| Review Date | 16/04/2028 |
Purpose
The purpose of this SOP is to establish a controlled and consistent process for managing access to regulatory submission records to ensure data integrity, confidentiality, and compliance with applicable regulatory requirements. This SOP supports the control objective of protecting regulatory documents from unauthorized access, alteration, or loss throughout their lifecycle.
Scope
This SOP applies to all regulatory submission records maintained by the Regulatory Affairs department, including but not limited to electronic and hard copy submissions, supporting documentation, correspondences, and backup records related to regulatory filings. The SOP governs access controls across all record storage systems and physical archives. This SOP excludes non-regulatory records and archives maintained by other functional areas.
Responsibilities
The following roles are responsible within the scope of this SOP:
- Regulatory Affairs Staff – Execute activities in compliance with access controls and request access as per procedure.
- Regulatory Affairs Supervisor – Review and approve access requests, oversee compliance with this SOP.
- Quality Assurance (QA) – Verify and audit adherence to access control procedures periodically.
- Information Technology (IT) Support – Implement and maintain technical controls enabling secure access to electronic records.
- Document Control Coordinator – Maintain controlled access lists and update access records accordingly.
Accountability
The Head of Regulatory Affairs is accountable for the overall implementation, compliance monitoring, periodic review, and ensuring the effectiveness of this SOP. This role is also responsible for escalating access-related issues to senior management.
Procedure
1. Preparation and Prerequisites:
– Confirm that the Regulatory Submission Records requiring controlled access have been clearly identified and categorized.
– Ensure that documented access control lists are established and maintained, detailing authorized personnel with defined access levels.
– Verify that IT systems managing electronic submissions have encryption, login authentication, and audit trail functionalities enabled.
2. Access Request and Approval:
– Any personnel requiring access to regulatory submission records must submit an Access Request Form (as per Annexure-1).
– Supervisors or designated approvers review the request considering job relevance and compliance requirements.
– Upon approval, the Document Control Coordinator updates the access lists and coordinates with IT for system access provisioning if needed.
3. Access Execution and Controls:
– Authorized users may only access regulatory submission records for legitimate business activities.
– Access to physical archives requires signing in and out in the Record Access Logbook (Annexure-2).
– Electronic access is controlled through individual user credentials; shared accounts are prohibited.
– All access activities are monitored via audit trails and periodic access reviews.
4. In-Process Controls and Monitoring:
– Conduct periodic reviews of access lists to remove obsolete or unauthorized accesses.
– Verify compliance through internal audits and spot checks of access records.
– Report any unauthorized access attempts or breaches to QA immediately for investigation.
5. Approvals and Escalations:
– Significant deviations or suspected breaches must be escalated to the Head of Regulatory Affairs and QA for corrective and preventive actions.
6. Documentation and Record Retention:
– Maintain all access request forms, approval records, logbooks, and audit reports in a secure and retrievable manner.
– Preserve these records according to applicable retention policies and ensure their availability during inspections or audits.
7. SOP Review and Updates:
– Regularly review and update this SOP and associated access control documentation to reflect organizational or regulatory changes.
Adhering to these procedures ensures the confidentiality, integrity, and availability of critical regulatory submission records in compliance with good documentation and data integrity practices.
Abbreviations
GMP – Good Manufacturing Practice
QA – Quality Assurance
IT – Information Technology
SOP – Standard Operating Procedure
RA – Regulatory Affairs
Documents
- Access Request Form for Regulatory Submission Records (Annexure-1)
- Physical Record Access Logbook (Annexure-2)
- Access Review Report Template (Annexure-3)
References
– ICH Q7: Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients
– FDA 21 CFR Part 11: Electronic Records; Electronic Signatures
– EMA Guideline on Data Integrity
– Internal Document Control Policy
– Corporate IT Security Policy
Version
1.0
Approval
| Prepared By | |
| Checked By | |
| Approved By |
Annexures
Annexure-1: Access Request Form for Regulatory Submission Records
| Title | Access Request Form for Regulatory Submission Records | ||||||||||||||||||
| Purpose | To formally request, justify, and approve access to regulatory submission records. | ||||||||||||||||||
| Fields |
|
||||||||||||||||||
| Sample Filled Data |
|
Annexure-2: Physical Record Access Logbook
| Title | Physical Record Access Logbook | ||||||||||||||
| Purpose | To record all physical access events to regulatory submission records to ensure traceability and control. | ||||||||||||||
| Fields |
|
||||||||||||||
| Sample Filled Data |
|
Annexure-3: Access Review Report Template
| Title | Access Review Report Template | ||||||||||||||
| Purpose | To document periodic review results of regulatory submission records access and identify obsolete or unauthorized accesses. | ||||||||||||||
| Fields |
|
||||||||||||||
| Sample Filled Data |
|
Revision History
| Revision Date | Revision No. | Revision Details | Reason for Revision | Approved By |
| 16/04/2026 | 1.0 | Initial issue | New SOP creation |