top of page

Password Security Policy

1 day ago2 min read

1. Purpose

The purpose of this policy is to protect company data, systems, and sensitive information by ensuring secure password management practices. Passwords are a key line of defense against cyber threats, and sharing them poses significant security risks. This policy establishes guidelines to prevent unauthorized access and maintain data integrity.


2. Scope

This policy applies to all employees, contractors, vendors, and third parties with access to company systems, networks, applications, and sensitive data.


3. Policy Statement

To maintain a secure digital environment, employees are strictly prohibited from sharing their passwords under any circumstances. Each individual is responsible for safeguarding their login credentials to prevent unauthorized access.


4. Password Security Guidelines

  • Individual Responsibility: Every employee is responsible for their own login credentials.Passwords must never be shared, written down, stored in unsecured locations, or sent via email, chat, or other electronic communication methods.

  • Multi-Factor Authentication (MFA): Whenever possible, employees must use MFA to add an additional layer of security.

  • Unique Passwords: Employees must use unique passwords for company accounts and must not reuse personal passwords.

  • Strong Password Requirements: Passwords must meet the following complexity requirements:

    • Minimum 12 characters

    • At least one uppercase letter, one lowercase letter, one number, and one special character

    • Must not contain easily guessable information (e.g., "password123," birthdates, or company name)

  • Password Management Tools: Employees are encouraged to use company-approved password managers to store and retrieve passwords securely.

  • Regular Password Changes: Passwords must be updated at least every 90 days or immediately if a compromise is suspected.

  • Access Control: Employees must only access systems and data required for their job role. Managers should review permissions regularly to ensure proper access control.


5. Prohibited Actions

Employees must never:

  • Share passwords with coworkers, managers, or IT staff. If IT support is required, use company-approved access recovery procedures.

  • Use personal accounts or third-party software to store or share company passwords.

  • Use the same password across multiple accounts or external services.

  • Allow others to use their credentials to access company resources.


6. Reporting Security Incidents

If an employee suspects that a password has been compromised, lost, or shared improperly, they mustimmediately notify the Chief Financial Officer. The CFO will work with IT support to initiate appropriate remediation steps, including password resets and security audits.


7. Enforcement and Disciplinary Action

Failure to comply with this policy may result in disciplinary action, up to and including termination. The company takes security violations seriously, and any unauthorized password sharing or negligence that leads to a breach will be subject to review.


8. Policy Review and Updates

This policy will be reviewed annually and updated as necessary to align with best practices and emerging security threats.


9. Questions or Concerns

For any questions about this policy, employees should contact the Chief Financial Officer atmgullette@southernindustries.com.




0 comments

Comments

We are interested in your thoughts!

Do you have an idea to make the company better?  

Is there a question on your mind that you would like answered?

 

It takes all of us to help this company reach its fullest potential- we truly appreciate you getting involved!

red black minimalist love ribbon logo design.gif
Your submissions go anonymously straight to only Derek and Fran- We’re listening!  If you would like us to contact you back directly please include your first and last name so we know where the submission came from and we will be sure to get back with you!

Thanks for submitting!

bottom of page