My company is currently implementing an Oracle ERP system and will be subsequently validating to 21 CFR 11 compliance. We need to create a "System Access and Security" procedure, but I'm not sure where to start. Does anyone have an example of such a procedure they would be willing to share?