Password Reset Policy

Policy Name: Password Reset Authorization Policy
Effective Date: 15th Oct 2024
Policy Owner: ICT Unit
Version: 1.1

1. Purpose

This policy establishes a clear and secure process for handling password reset requests to protect organizational resources and sensitive information. It ensures that any request for a password reset is verified through a user's direct supervisor before action is taken.

2. Scope

This policy applies to all employees and contractors using the organization's IT systems, including all ICT personnel who handle password reset requests.

3. Policy Statement

To maintain security and ensure accountability, the ICT team will not process any password reset requests unless authorization has been provided by the user's direct supervisor. All Heads of Division password resets would be approved by the ICT manager. This ensures that only valid requests are fulfilled.

4. Procedure Overview

Users requesting password resets must do so by contacting the ICT team via the Service Desk.
The ICT team will generate a confirmation ticket to the direct supervisor of the user requesting the reset.
Only upon receipt of confirmation from the supervisor will the password reset be executed.

5. Responsibilities

ICT Team: Ensures compliance with this policy and processes password reset requests only upon receiving valid confirmation.
Supervisors: Verify and approve legitimate password reset requests.
Employees: Request password resets through the proper channels and follow organizational guidelines.

6. Non-compliance

Failure to follow this policy may result in delayed response times or denial of password reset requests. Repeated violations may be subject to further review.

7. Review

This policy will be reviewed annually or as needed to accommodate changes in technology or security requirements.

Password Reset Policy