Password policy

Password policy

Purpose

The purpose of this Password Policy is to establish a standard for creating, managing, and protecting passwords within the organisation. This policy aims to safeguard company systems and data by enforcing strong password practices for all employees, contractors, and third-party users.

Scope

This policy applies to all users who access company systems, networks, or data, including but not limited to employees, contractors, consultants, and temporary staff.

Policy

Password and PIN creation guidelines

Password guidelines

Pin guidelines

Password change requirements

Multi-factor authentication (MFA) or Two-factor authentication (TFA)

Password storage

Password management tools

User responsiblities

Procedure for Compromised Password or PIN

In the event that a password or PIN is suspected or confirmed to be compromised, the following steps must be followed:

Immediate Actions

Tech Circle Actions

Monitoring

Communication

Post-Incident Review

Member and employee responsibilities

Exceptions

Any exceptions to this policy must be approved in writing by the Tech Circle or a designated authority.

Monitoring and review

Last updated: