Password Security Policy
Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of RAMSIS ENGLISH PRIVATE SCHOOL’s entire network. As such, all RAMSIS ENGLISH PRIVATE SCHOOL Community (including employees, students and parents with access to RAMSIS ENGLISH PRIVATE SCHOOL systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their password. (See E-safety&AUP Policies for additional information).
The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.
The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at RAMSIS ENGLISH PRIVATE SCHOOL, or has access to the RAMSIS ENGLISH PRIVATE SCHOOL network .
- All systems-level passwords (e.g., network administrator, application administration accounts, teachers account, students account etc.) must be changed at least every 90 days.
- All production system-level passwords must be part of the Information Security administrated global password management database.
- All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every 90 days and cannot be reused the past 10 passwords.
- User accounts with access to school website must have a unique password from all other accounts held by that user.
- Passwords must not be inserted into email messages or other forms of electronic communication.
- All user-level, and system-level, must conform to the guidelines described below.
Password Construction Requirements
- Be a minimum length of eight (8) characters on all systems.
- Not be a dictionary word or proper name.
iii. Not be the same as the User ID.
- Expire within a maximum of 90 calendar days.
- Not be identical to the previous ten (10) passwords.
- Not be transmitted in the clear or plaintext outside the secure location.
vii. Not be displayed when entered.
viii. Ensure passwords are only reset for authorized user.
4.3 Password Deletion
All passwords that are no longer needed must be deleted or disabled immediately. This includes, but is not limited to, the following:
- When a user retires, quits, is reassigned, released, dismissed, etc.
- Default passwords shall be changed immediately on all equipment.
- teachers or students accounts, when no longer needed to perform their duties.
When a password is no longer needed, the following procedures should be followed:
- Employee should notify his or her Head of Department.
- Supervisor should fill out a password deletion form and send it to [Online Safety Coordinator].
- [Online Safety Coordinator] will then delete the user’s password and delete or suspend the user’s account.
- A second individual from that department will check to ensure that the password has been deleted and user account was deleted or suspended.
- The password deletion form will be filed in a secure filing system “Private Files”.
4.4 Password Protection Standards
Do not use your User ID as your password. Do not share RAMSIS ENGLISH PRIVATE SCHOOL passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive, Confidential RAMSIS ENGLISH PRIVATE SCHOOL information.
- Don’t reveal a password over the phone to anyone
- Don’t reveal a password in an mail message
- Don’t reveal a password to the boss
- Don’ talk about a password in front of others
- Don’t hint at the format of a password (e.g., “my family name”)
- Don’t reveal a password on questionnaires or security forms
- Don’t share a password with family members
- Don’t reveal a password to a co-worker while on vacation
- Don’t use the “Remember Password” feature of applications
- Don’t write passwords down and store them anywhere in your office.
- Don’t store passwords in a file on ANY computer system unencrypted.
If someone demands a password, refer them to this document.
If an account or password is suspected to have been compromised, report the incident to the E-safety coordinator and change all passwords.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
- REPS Student Behavior Management Policy for Distance Learning
- REPS Acceptable Use Policy
- REPS Password Security Policy
- REPS Filtering Policy
- REPS Managing Mobile Technologies Policy
- REPS Emails Policy
- REPS Distance Learning Policy
Please only sign if you have fully read the REPS Password Security Policy. By signing the acceptance form you are agreeing that you have fully understood the REPS Mobile Phone Policy.
I hereby confirm that I have read and fully understood the terms and conditions document attached and will strictly follow the REPS Mobile Phone Policy.