Password Policy

Last updated on

1. Introduction

This Password Policy is established by Patient Watch Ltd (hereinafter referred to as “the Company”) to ensure the security and confidentiality of data, systems, and resources by establishing best practices for password management. The policy is applicable to all employees, contractors, and third parties who have access to the Company’s systems and data.

2. Policy Statement

The Company recognizes the importance of strong, unique passwords and effective password management to protect its information assets. This policy aims to:

  • Promote the selection of strong and unique passwords.
  • Prevent the use of easily discoverable or common passwords.
  • Prohibit password reuse.
  • Provide guidelines on how to record and store passwords securely.
  • Specify the use of password management software.
  • Identify which passwords must be memorized.
  • Ensure that all systems utilizing internet-facing authentication services enforce high-strength passwords.

3. Password Guidelines

(a) How to Avoid Choosing Obvious Passwords

Users must avoid choosing passwords that are based on easily discoverable information such as names, birthdates, or publicly available information. Passwords should not be based on dictionary words or easily guessable patterns.

(b) Avoiding Common Passwords

The use of common and easily guessable passwords is strictly prohibited. The Company maintains a password blocklist to prevent the use of common passwords. Users are required to adhere to the blocklist.

(c) No Password Reuse

Users are prohibited from reusing passwords across different accounts or systems. Each account and system must have a unique password.

(d) Recording and Storing Passwords Securely

Passwords must not be recorded or stored in an unsecured manner, such as on sticky notes, in text files, or other easily accessible formats. If passwords need to be recorded, they must be stored securely in encrypted password vaults or password managers.

(e) Password Management Software

The use of password management software is strongly encouraged to securely store and manage passwords. Approved password management tools will be specified by the Company’s IT department.

(f) Password Memorization

Users should memorize and keep confidential critical passwords that provide access to sensitive systems and data. These passwords must not be recorded anywhere.

(g) Assessing Risks and High-Strength Passwords

The Company will assess risks and, where appropriate, enforce high-strength passwords for all users of internet-facing authentication services. High-strength passwords must include a combination of upper and lower case letters, numbers, and special characters. Password changes should be performed at regular intervals.

4. Changing Default Passwords

(a) System Accounts

All system accounts within Patient Watch Ltd, including but not limited to user accounts, service accounts, and administrative accounts, must adhere to the organization’s password policy. It is imperative that all default passwords provided by the system or device manufacturer be changed immediately upon deployment. Default passwords are well-known and often published in public documentation, making them vulnerable to unauthorized access.

(b) Social Media Accounts

In cases where social media accounts are used for official purposes, the same principles apply. Default passwords for social media accounts should be changed promptly to unique, strong passwords in accordance with the organization’s password policy. These passwords should not be shared among multiple users.

(c) Infrastructure Components

Infrastructure components, including network devices, servers, and other critical systems, must also undergo a password change from their default values. Default passwords for these components are a common target for attackers and must be replaced with strong, unique passwords that align with the organization’s password policy.

Password Policy Compliance

Patient Watch Ltd requires all users and administrators to comply with the organization’s password policy, which includes guidelines for creating strong, unique passwords. This policy encompasses the principles of password strength, uniqueness, regular changes, and secure storage.

Failure to change default passwords for system accounts, social media accounts, and infrastructure components in alignment with the organization’s password policy is considered a breach of security and will result in appropriate action, as outlined in the organization’s security policies and procedures.

It is the responsibility of each user and system administrator to ensure that default passwords are promptly replaced with secure passwords and to actively maintain the confidentiality and integrity of those passwords. This is essential to mitigate the risk of unauthorized access and potential security breaches.

Patient Watch Ltd’s IT department will provide guidance and support in the secure management of passwords, including the change of default passwords, and ensure that all users have the necessary tools and knowledge to meet the organization’s security standards.

By adhering to this policy, all users are responsible for safeguarding the Company’s information assets and ensuring the integrity and confidentiality of data.

Review and Compliance: This policy will be reviewed periodically to ensure its effectiveness and compliance with the Company’s security standards and legal requirements.

For inquiries or clarification on this policy, please contact the IT department at support@patient-watch.com.

Guy Solan

Director

Patient Watch Ltd