Many systems and products within the IT environment contain critical or sensitive information. In order to maintain control of access to information the following policies are required.
User IDs and Passwords will not shared with anyone at anytime.
Users will not allow anyone else to log in with their ID or password at any time.
Passwords will not be written down unless placed in a secure location (eg, a locked drawer or on your person)
Passwords may not be re-used within a 13 month period
Password will require a minimum of seven characters and should include mixed letters and numbers
ALL employees accessing systems will have unique user ID’s
Temporary employees will have accounts that expire every 30 days; manager approval is required to extend for 30-day increments
Users will not use “checkboxes” within applications that offer to “remember” passwords.