Password Reset Policy
Password Reset Policy
Policy Name: Password Reset Authorization Policy
Effective Date: 15th Oct 2024
Policy Owner: ICT Unit
Version: 1.01
1. Purpose
This policy establishes a clear and secure process for handling password reset requests to protect organizational resources and sensitive information. It ensures that any request for a password reset is verified through a user's direct supervisor before action is taken.
2. Scope
This policy applies to all employees and contractors using the organization's IT systems, including all ICT personnel who handle password reset requests.
3. Policy Statement
To maintain security and ensure accountability, the ICT team will not process any password reset requests unless authorization has been provided by the user's direct supervisor. All Heads of Division password resets would be approved by the ICT manager. This ensures that only valid requests are fulfilled.
4. Procedure Overview
- Users requesting password resets must do so by contacting the ICT team via the Service Desk.
- The ICT team will generate a confirmation ticket to the direct supervisor of the user requesting the reset.
- Only upon receipt of confirmation from the supervisor will the password reset be executed.
5. Responsibilities
- ICT Team: Ensures compliance with this policy and processes password reset requests only upon receiving valid confirmation.
- Supervisors: Verify and approve legitimate password reset requests.
- Employees: Request password resets through the proper channels and follow organizational guidelines.
6. Non-compliance
Failure to follow this policy may result in delayed response times or denial of password reset requests. Repeated violations may be subject to further review.
7. Review
This policy will be reviewed annually or as needed to accommodate changes in technology or security requirements.