Please write operational qualification and performance qualification to test the below FRS.

STEP INSTRUCTION VERIFY

EXPECTED RESULT

1. Users must create a user id with password (FRS- 22.1) Risk Priority Medium.

2. Users' id are verified at every log in with their biometrics and user id (FRS 22.2) Risk priority Medium.

3. Time limits are set per session (FRS- 22.3) Risk Priority Low.

4. Cloud-based authentication is supported (FRS 22.4) Risk Priority Medium.

5. Multiple authentication approaches are supported (FRS- 22.5) Risk Priority Medium.

6. Multiple concurrent login sessions are supported (FRS- 22.6) Risk Priority Medium.

7. System does not allow storing of sensitive static content in web-accessible directory paths (FRS-22.7) Risk Priority Medium. 8. Administrative privileges are assigned (FRS-23.1) Risk Priority Medium.

9. Users must get access granted from admin to create User id for label printer access (FRS-23.2) Risk Priority Medium.

10. Users cannot access functions outside of their roles (FRS-23.3) Risk Priority Medium.

11. Users cannot have dual privileges (FRS-23.4) Risk Priority Medium.

. 12. System ensures database access is performed using parameterized stored procedures to allow all access to be revoked if necessary (FRS-23.5) Risk Priority Medium.

Perform evaluation for users usability (FRS-24.1) Risk Priority High.

Create daily logs of user activities (FRS-24.2) Risk Priority High.

Accurate and positive identification of network users, hosts, applications, services, and resources are done through password tool and RADIUS protocol (FRS-25.1) Risk Priority High.

Users can only access confidential data permitted for their role (FRS-25.2) Risk Priority High.

Tunneling, encryption technologies and IPsec protocols are in place when implementing Virtual Private Networks (VPNs) (FRS-25.3) Risk Priority High.

802.1x port secured (FRS-25.4) Risk Priority High.

Data is encrypted (FRS-25.5) Risk Priority High.

Remote monitoring enabled for admins (FRS-25.6) Risk Priority High

Run regular tests to monitor security preparations to identify possible areas of weakness (FRS-25.7) Risk Priority High.

Policy management tools in place to define, distribute, enforce, and audit the security policy through browser interfaces (FRS-25.8) Risk Priority High.

Anti-malware software is active (FRS-25.9) Risk Priority High.

Single access point (FRS-26.0) Risk Priority High.

Reference Monitor (FRS-26.1) Risk Priority High.

Firewalls, Proxies (FRS-26.2, 26.3) Risk Priority High.

Run the QSA tool prior to using a 3rd party device with our system to identify components' vulnerability (FRS-27.1) Risk Priority High.

Users must have an employee Access card (FRS-28.1) Risk Priority High

Alarms are set in place (FRS-28.2) Risk Priority High.

Equipment is tagged (FRS-28.3) Risk Priority High.

Offsite Storage (FRS-28.4) Risk Priority High.

Security Personnel (FRS-28.5) Risk Priority High.

The audit trail records the time, date, user identification, previous and changed value, and action when a user creates or modifies an electronic record (FRS-29.1) Risk Priority High.

The system prohibits the deletion of records (FRS-29.2) Risk Priority High.

The system records the actions of creation, change, canceling, disabling, terminating of access authorization (FRS 29.3) Risk Priority High.

The system prohibits modifications of the date and time setting by general users (FRS-29.4) Risk Priority High.

The system is configured to generate and display the Audit Trail to authorized users (FRS-30.1) Risk Priority High.

The system is configured to allow authorized users to print the audit trail (FRS-30.2) Risk Priority High.

The system is configured to allow authorized users to save audit trails to durable media (FRS-30.3) Risk Priority High.

The system uses automation software to avoid the risk of human error (FRS 31.0) Risk Priority High.

Electronic Signatures include the signers printed name (FRS-32.1) Risk Priority Medium.

Data and time stamps are standardized against a valid time standard (e.g., GMT, UTC) (FRS-32.3) Risk Priority Medium.

System prompts the meaning of signature during signature (FRS-32.4) Risk Priority Medium.

The electronic components of the e-signature are displayed on the user interface and in the printed records (FRS-33.0) Risk Priority Medium.

System locks the sign record from editing and deletion (FRS-34.0) Risk Priority High.

System stores and secure electronic records in the oracle cloud database for the life of the electronic record (FRS-35.0) Risk Priority High.

Companys production and process control procedures must (1) be followed in the execution of your companys various production and process control functions and (2) be documented at the time of performance (URS-5.8.1) Risk Priority High.

Users must keep [a]n accurate reproduction of the appropriate master production or control record, checked for accuracy, dated, and signed (URS-5.8.2) Risk Priority Medium.

Users must make sure that copies are complete and match the originals. If the original record includes metadata, the copy must include this metadata as well (FRS-36.2) Risk Priority High.

Clients records must include complete data derived from all tests necessary to assure compliance with established specifications and standards (URS-5.8.3) Risk Priority Medium.

The failing test result still needs to be recorded in the batch record (even if it is invalidated (FRS-36.3) Risk Priority Medium.