Identification and Authentication

Purpose

We must avoid personally identifiable information ending up in the hands of unwanted users. Therefore, the human resources department shall assign identification names based on a random sequence of characters.

Scope

For services that do not require a login, the usernames must not allow them to log in. Similarly, users who no longer need support should have their access removed from the system. Following policy, replacement usernames and passwords will replace system default usernames and passwords preloaded and required by the operating system.

The following remark should be included in the banners displayed during the login and authentication procedure: “By logging into this system, you agree to follow the company’s security rules and procedures.”

Users and Visitors Network Access

An organization’s sponsor and designated systems or network administrator will offer visitors and other non-organizational users access to the network and its resources. The administrator must create policies and procedures for granting, terminating, and assessing access to non-organizational visitors and users. When a guest user seeks access to their organization’s security policies and procedures, the sponsor’s responsibility is to ensure that they are followed. The activity of the guest user is held accountable by the sponsor and administrator. Guest usernames should be supplied only when access is required. When access to corporate resources is no longer necessary, account access is canceled.

  • Authorized users are only eligible to hold an active account while employed at Zeta Alpha Medical. Access will be revoked immediately upon separation.  All employees must sign the acceptable use policy.
  • Approved contractors will be granted access via a role-based approval and signed acceptable use policy. Entry must be approved by the Director of Security.

Procedures for Signing In

Login services shall provide positive authentication to ensure only legitimate users can access the system and network environment.

Users must log off and safeguard their workstations while not in use. Administrators must develop policies to guarantee that underutilized workstations are closed when left unattended for an appropriate length of time.

Procedures for granting special privileges must be devised to be handled appropriately inside the organization’s technology environment. In addition, these processes must spell out how the access requirements will establish, maintain, and evaluate security controls.

Recommendations for Password Creation

Passwords are a vital aspect of information technology security. Unauthorized access or abuse of our resources may occur as a result of careless password selection. Therefore, all workers, including contractors and vendors, who have access to Zeta alpha systems must adhere to the password selection and the methods for protection outlined in this policy.

The system, network, or application should dictate how passwords are kept. These requirements should include maintaining reasonable password security practices. Following is a list of suggested account policy password requirements.

  • The user’s name should not be included in passwords.
  • You are not permitted to change your password to previously used passwords.
  • A valid password must contain letters, numbers, or special characters, be at least eight characters long, and be valid for 90 days. 
  • Passwords must never include an employee’s identification number, Social Security number, birth date, phone number, or personal information.
  • Usernames and names of close friends and family members should never be used as passwords.
  • Never use a well-known proper name in a password, especially the name of a fictional character.
  • Never use terms from an English dictionary or any other language dictionary.
  • You should never use a basic pattern like XXYYZZAA as a password.
  • After supplying alternate authentication credentials, a forgotten password can be retrieved using the organization’s internal password recovery application.
  • Once a user is no longer linked with the business or requires granted access, the user account will be instantly deactivated.

Policy Compliance

Zeta Alpha will ensure policy compliance using various means, including but not limited to periodic walkthroughs, video surveillance, management reporting, internal and external audits, and reporting to the policy owner.

When users work remotely, they must use only legally licensed software, implement specified backup procedures, and comply with all operational regulations.

Exceptions

Any deviation from the policy must be agreed upon in advance by Zeta Alpha Cheff Information Security Officer.

Non-Compliance

If an employee is determined to have violated this policy, they may face disciplinary action, up to and including termination, civil litigation, and criminal prosecution.

Revision History

Date of Change  Responsible Summary
_____________ _____________ _____________
_____________ _____________ _____________

 

Manager Signature                                                        Date

 

IT Administrator Signature                                             Date

 

 

Previous    Home