and that proper access control protocols are in place to protect the confidentiality of records.

Regulatory Affairs Team: Responsible for ensuring that all confidential records comply with the relevant regulatory standards and that they are retained for the required duration.

4. Accountability

The Manufacturing Manager is accountable for ensuring that confidential records are handled and stored according to this SOP. The overall compliance with this SOP is overseen by the Quality Assurance (QA) Manager.

5. Procedure

5.1. Handling Confidential Records

1. All confidential records should be clearly marked with a “Confidential” label, ensuring that anyone handling the records is aware of their sensitive nature.
2. Ensure that confidential records are only accessed by authorized personnel. Access to these records should be restricted to those who require it for the completion of their job responsibilities.
3. For paper-based records, ensure that they are stored in locked, secure filing cabinets or rooms. Only authorized personnel should have the keys or access codes to these storage locations.
4. For electronic records, ensure that access is controlled using usernames, passwords, and encryption. Confidential data should be stored in secure electronic systems with restricted access permissions.

5.2. Storing Confidential Records

1. Confidential records should be stored in secure locations that are protected from unauthorized access, theft, or destruction. The storage location should be regularly monitored to ensure compliance with security standards.
2. For physical records:
   • Store confidential records in locked cabinets or rooms.
   • Ensure that records are stored in a way that prevents unauthorized individuals from accessing them.
   • Limit physical access to the storage location to authorized personnel only.
3. For electronic records:
   • Store records in encrypted systems or cloud storage solutions that provide secure access control and data protection.
   • Ensure that access to the storage system is restricted by user roles and that sensitive data is protected by encryption during transmission and at rest.

5.3. Retaining Confidential Records

1. Confidential records should be retained for the duration specified by company policy, regulatory requirements, or contractual obligations. The retention period for each type of record should be outlined in the company’s document retention policy.
2. At the end of the retention period, confidential records should be securely disposed of following the appropriate destruction methods outlined in this SOP.
3. Ensure that confidential records are retained in a manner that allows for easy retrieval during audits, inspections, or regulatory reviews.

5.4. Accessing Confidential Records

1. Confidential records should only be accessed by authorized personnel who need the information to perform their job duties. All access to confidential records should be documented, including the user, the purpose of access, and the date and time of access.
2. In cases where access to confidential records is required for business reasons, ensure that a request is submitted to the designated authority (e.g., QA Manager) for review and approval before access is granted.
3. For electronic records, the IT department should ensure that access logs are maintained, and any unauthorized access attempts are reported and addressed immediately.

5.5. Disposing of Confidential Records

1. Once the retention period for confidential records has ended, the records should be securely destroyed to prevent unauthorized access. The destruction process should include:
   • Shredding paper records
   • Wiping electronic records from storage systems using approved data destruction methods
   • Destroying physical media such as CDs, DVDs, and USB drives in a manner that ensures the data is unrecoverable
2. Ensure that the destruction of confidential records is documented, including the method of destruction, the date of destruction, and the personnel involved in the process.

6. Abbreviations

• GMP: Good Manufacturing Practice
• QA: Quality Assurance
• SOP: Standard Operating Procedure
• IT: Information Technology
• CAPA: Corrective and Preventive Action

7. Documents

1. Confidential Record Handling Log (Annexure-1)
2. Record Access Log (Annexure-2)
3. Destruction Log (Annexure-3)

8. References

This SOP is based on the following regulatory guidelines and industry standards:

• Good Manufacturing Practice (GMP) Guidelines
• FDA Code of Federal Regulations (CFR) Title 21, Part 211
• ISO 9001 – Quality Management Systems

9. SOP Version

Version: 2.0

10. Approval Section

	Prepared By	Checked By	Approved By
Signature
Date
Name
Designation
Department

11. Annexures

Annexure-1: Confidential Record Handling Log

Record ID	Record Description	Handled By	Date of Handling	Purpose
CR-12345	Formulation Data	Rajesh Patel	06/02/2025	Research and Development

Annexure-2: Record Access Log

Record ID	Accessed By	Purpose	Date of Access	Time of Access
CR-12345	Anjali Sharma	Audit	06/02/2025	14:00

Annexure-3: Destruction Log

Record ID	Destruction Method	Destruction Date	Personnel Involved
CR-12345	Shredding	06/02/2025	Rajesh Patel, Anjali Sharma

12. Revision History:

Revision Date	Revision No.	Revision Details	Reason for Revision	Approved By	Page No.	Ref. Point No.	Details of Revision
01/01/2024	V 1.0	Initial Release	First Issue	Anjali Sharma	Page 1	[Ref Point]	First Release
01/01/2025	V 2.0	Updated handling and storage procedures	To comply with updated GMP regulations	Anjali Sharma	Page 1	[Ref Point]	Updated procedures