Standard Operating Procedure
Testing File Integrity of E-Mail Attachments
This document is a proposal and starting point only. The type and extent of
documentation depends on the process environment. The proposed documentation
should be adapted accordingly and should be based on individual risk assessments.
There is no guarantee that this document will pass a regulatory inspection.
Publication from
www.labcompliance.com
Global on-line resource for validation and compliance
Copyright by Labcompliance. This document may only be saved and viewed or printed
for personal use. Users may not transmit or duplicate this document in whole or in part,
in any medium. Additional copies and licenses for department, site or corporate use can
be ordered from www.labcompliance.com/solutions.
While every effort has been made to ensure the accuracy of information contained in
this document, Labcompliance accepts no responsibility for errors or omissions. No
liability can be accepted in any way.
Labcompliance offers books, master plans, complete Quality Packages with validation
procedures, scripts and examples, SOPs, publications, training and presentation
material, user club membership with more than 300 downloads and audio/web
seminars. For more information and ordering, visit www.labcompliance.com/solutions
STANDARD OPERATING PROCEDURE
Document Number: S-248 Version Beta
Testing File Integrity of E-Mail Attachments
Page 2 of 6
Company Name:
Controls:
Superseded Document
N/A, new
Reason for Revision
N/A
Effective Date
Jan 1, 2005
Signatures:
Author
Approver
Reviewer
I indicate that I have authored or updated this SOP according
to applicable business requirements and our company
procedure: Preparing and Updating Standard Operating
Procedures.
Name:
________________________________
Signature:
________________________________
Date:
________________________________
I indicate that I have reviewed this SOP, and find it meets all
applicable business requirements and that it reflects the
procedure described. I approve it for use.
Name:
________________________________
Signature:
________________________________
Date:
________________________________
I indicate that I have reviewed this SOP and find that it meets
all applicable quality requirements and company standards. I
approve it for use.
Name:
________________________________
Signature:
________________________________
Date:
________________________________
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-248 Version Beta
Testing File Integrity of E-Mail Attachments
Page 3 of 6
1. PURPOSE
When files are sent by e-mail there is a limited risk that they may be changed. On
the other hand good business and regulatory practices rely on the accuracy and
integrity of files, e.g., when sent through e-mails. This procedure allows easy
checking of file integrity using a well-established MD5 hash algorithm.
2. SCOPE
Verification of files attached to e-mails. Recommended for initial e-mail set-up and
regular ongoing testing.
3. GLOSSARY/DEFINITIONS
Item
Explanation
MD
Message Digest.
MD5
Popular hash function to verify file integrity and digital signatures.
A hash function is an algorithm that takes a variable-length string
of any length as the input, and produces a fixed-length binary
value (hash) as the output (fingerprint). MD5 was invented by
Ron Rivest for RSA Security, Inc. and produces 128-bit hash
values. Hash calculations are used for Internet applications and
also to verify accuracy of file copies and proper installation of
software packages from CD’s to hard disks.
Note: For definitions, see www.labcompliance.com/glossary.
4. REFERENCES
4.1. Primer: “Using Internet and Intranet in Regulated Environments”.
Available through http://www.labcompliance.com/books/internet-quality.
4.2. SOP S-276: “Validation of Web-Based Applications”. Available through
http://www.labcompliance.com/solutions/sops.
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-248 Version Beta
Testing File Integrity of E-Mail Attachments
Page 4 of 6
4.3. “Internet/Intranet Quality Package”, Labcompliance.
Available through http://www.labcompliance.com/books/internet-quality.
4.4. “Validation of WinMD5 Software”, Labcompliance Best Practices.
Available through http://www.labcompliance.com/books/internet-quality.
5. EQUIPMENT
Software to calculate MD5 hash values, for example WinMD5.
Available through http://www.labcompliance.com/books/internet-quality.
6. RESPONSIBILITIES
6.1. Sender

Installs MD5 software for hash calculations.

Creates file digest using WinMD5 software.

Sends file digest information to the recipient.
6.2. Recipient

Installs MD5 software for hash calculations.

Creates file digest using WinMD5 software.

Compares newly calculated file digest information with the received one.
6.3. Quality Assurance

Advises on regulations and guidelines related to GxP and 21 CFR Part 11.

Reviews documentation for compliance with internal policies and
regulations.

Reviews and approves test protocols.
7. FREQUENCY
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-248 Version Beta
Testing File Integrity of E-Mail Attachments
Page 5 of 6
7.1. Initially after an e-mail system has been set up.
7.2. When a new account is added.
7.3. Every three months.
8. PROCEDURE
8.1. Sender creates a file digest using MD5 software.
8.2. Sender writes e-mail, attaches the file to the e-mail and includes file digest in
the e-mail text.
8.3. Recipient downloads the attached file to the hard disk.
8.4. Recipient starts program to calculate message digest and compares the newly
calculated result with the digest as sent by the sender.
8.5. Results are documented using the form in Attachment 9.1.
8.6. In case of deviations, the test person informs the system owner.
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE
STANDARD OPERATING PROCEDURE
Document Number: S-248 Version Beta
Testing File Integrity of E-Mail Attachments
Page 6 of 6
9. ATTACHMENTS
9.1. Attachment - Test Script
Purpose of Test:
Verify file accuracy of e-mail attachments.
Test Procedure:
MD5 values are calculated at the sending site and
recalculated at the receiving site. Both values are
compared and must be identical.
Test Person:
Test System:
Location:
Date and Time:
E-mail Received From:
Name of Attachment:
Attached MD5 Hash Value:
Newly Calculated Hash Value:
Acceptance Criteria:
Newly calculated value must be identical with
received value.
Comment:
Signatures and Approval
Tested by
Approved by
Name:
Signature:
Date:
www.labcompliance.com (Replace with your company’s name)
FOR INTERNAL USE