Sunteți pe pagina 1din 3

** FREE PREVIEW VERSION **

[Organization logo] Commented [EU GDPR1]: All fields in this document marked
by square brackets [ ] must be filled in.
[Organization name]

Commented [EU GDPR2]: This Policy need not constitute a


PASSWORD POLICY separate document if the same rules are prescribed in the IT
Security Policy and in the Access Control Policy.

Code: Commented [EU GDPR3]: The document coding system


should be in line with the organization's existing system for
document coding; in case such a system is not in place, this line
Version: may be deleted.

Date of version:

Created by:

Approved by:

Confidentiality level:

©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.
[organization name] [confidentiality level]

Change history
Date Version Created by Description of change

dd.mm.yyyy 0.1 EUGDPRAcademy Basic document outline

Table of contents
1. PURPOSE, SCOPE AND USERS ..............................................................................................................3

2. REFERENCE DOCUMENTS ....................................................................................................................3

3. USER OBLIGATIONS ............................................................................................................................3

4. USER PASSWORD MANAGEMENT......................................................ERROR! BOOKMARK NOT DEFINED.

5. VALIDITY AND DOCUMENT MANAGEMENT........................................ERROR! BOOKMARK NOT DEFINED.

Password Policy ver [version] from [date] Page 2 of 3

©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.
[organization name] [confidentiality level]

1. Purpose, scope and users


The purpose of this document is to prescribe rules to ensure secure password management and
secure use of passwords.

This document is applied to the entire Information Security Management System (ISMS) scope, and
to all personal data processing activities.

Users of this document are all employees of [organization name].

2. Reference documents
 ISO/IEC 27001 standard, clauses A.9.2.1, A.9.2.2, A.9.2.4, A.9.3.1, A.9.4.3
 EU GDPR Article 32
 Information Security Policy
 Statement of Acceptance of ISMS documents

3. User obligations Commented [EU GDPR4]: Delete this whole section if the
rules are already prescribed in the IT Security Policy.

Users must apply good security practices when selecting and using passwords: Commented [EU GDPR5]: Adapt these rules according to
assessed risks.

 passwords must not be disclosed to other persons, including management and system
administrators
 passwords must not be written down, unless a secure method has been approved by [job
title]
 user-generated passwords must not be distributed through any channel (by oral, written or
electronic distribution, etc.); passwords must be changed if there are indications that
passwords or the system might be compromised – in that case a security incident must be
reported
 strong passwords must be selected, in the following way:

** END OF FREE PREVIEW **

To download full version of this document click here:


https://advisera.com/27001academy/documentation/password-policy/

Password Policy ver [version] from [date] Page 3 of 3

©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.