Instrument Computer Security Policy
Security requirements for computers connected to lab instruments
- The University of Wisconsin-Madison School of Pharmacy requires that computers connected to lab instruments meet certain security requirements. This is to prevent abuse of the instrument computer, increasing the probability that the computer and instrument will be available for research purposes. This policy does not apply to computers in the Analytical Instrument Center.
- instrument computer is one that physically connects to a lab instrument (a spectrometer, HPLC, or other device) for controlling that device or collecting and storing data generated from that device.
- The instrument software is the software installed on the instrument computer that provides the interface for controlling or configuring the instrument.
- An IP Address is a number assigned to a computer that uniquely identifies it on the Internet.
- The lab must use the instrument computer solely for the purpose of operating the instrument and collecting information from it.
- The instrument computer needs to run an OS that is “actively supported” by the vendor (i.e., the vendor still offers updates for the OS). If the instrument vendor does not offer a supported OS, the IIT staff can consult on other security options to allow operation of your instrument.
- No software other then the instrument software on the instrument computer and antivirus software is installed on the computer.
- The user account from which lab staff operate the instrument software cannot have administrator-level rights. The account should have no higher rights than User level (or Power-User, if available). This also means that the instrument software must be able to operate without administrator rights.
- If it becomes necessary for a service technician to repair or install an instrument, and the technician needs administrator level rights to do this, both the lab and SoP IIT staff should follow this procedure
- The lab must give SoP IIT staff at least 48 hours notice for scheduling the event.
- SoP IIT staff will then either create (or enable an existing) an administrator level account for the technician to use. Sop IIT staff will inform only the technician of the account’s username and password.
- Once the technician has finished with his work, SoP IIT staff will either disable or delete the administrator level account.
- If the technician needs to work on an instrument computer for more than one day, SoP IIT staff will disable the administrator account at the end of the day, and re-enable it the following day until the technician completes the work.
- If the instrument computer needs access to the network, SoP IIT staff will assign a static IP address to the instrument computer, and block internet and email communication from the lab computer using that address. Access to antivirus and Windows update sites will be allowed. If there is a solid need, access will be granted for the instrument computer to specific web sites.