Skip to main content

Policy - Password and Access Management

Section: Human Resource Policies
Policy Owner: Ignition633 Ministries Human Resources
Policy Name: Password and Access Management Policy
Origination Date: April 2025

Password and Access Management Policy

Purpose:
The Password and Access Management Policy establishes requirements for creating, protecting, and managing user credentials and system access. This policy ensures appropriate access controls are maintained across all systems and applications. The policy helps protect against unauthorized access and maintains the principle of least privilege.

Scope:
This policy applies to all user accounts, passwords, and access credentials used within 633Donor Solutions' systems. It covers all employees, contractors, and temporary workers who require access to any organizational systems or data. The policy includes requirements for password complexity, change frequency, and access review procedures.

Policy:
All employees must create unique, complex passwords that meet minimum length and character requirements. Passwords must not be reused across different systems and should be changed annually. Multi-factor authentication is required for all systems containing sensitive or confidential information. Password sharing is strictly prohibited under all circumstances.

Access Control Procedures:
Access to systems and data will be granted based on the principle of least privilege, providing only the minimum access needed to perform job duties. All access requests must be documented and approved by the appropriate manager and IT security personnel. Regular reviews of user access rights will be conducted quarterly to ensure permissions remain appropriate. Terminated employee accounts must be disabled immediately upon employment cessation.

Security Incident Response:
Users must immediately report any suspected compromise of their credentials to the IT security team. Compromised accounts will be locked and investigated according to established security incident procedures. Users may be required to change their passwords as part of incident response activities. The security team will maintain documentation of all password-related security incidents and their resolution.

Compliance and Enforcement:
Regular compliance audits will be conducted to ensure adherence to this policy. Violations may result in disciplinary action up to and including termination of employment. Exceptions to this policy must be documented and approved by the Chief Information Security Officer. All employees must acknowledge this policy during onboarding and after any significant policy updates.

If you have any questions or concerns, please contact support@ignition633.org

This policy will be reviewed annually and is subject to change. Any changes will be communicated to all employees promptly.
For any questions or further assistance regarding this policy, employees should contact the HR department at hr@ignition633.org.

Back to top