The following information is extracted from the internal document “Uso Aceptable de Activos” which is part of our security policies. The document is aimed to help employees to know the right usage of the company assets.
Passwords are a critical element for company security. Each person has a unique username to access the systems that uniquely identifies their actions, you must keep your passwords a secret. Do not write them or share them with other people.
If in the absence of a person, legitimate access to a certain system or certain information is required, the person in charge of the affected area must request a written or email authorization from the Safety Officer to demonstrate the proper authorization of this change.
No passwords will be shared with other users, nor will generic or group passwords be used. All passwords must identify uniquely the user who uses it and who is responsible for compliance with this policy.
All user passwords, including temporary passwords, must meet the following characteristics:
- Have a minimum length of 20 characters
- Have at least 15 numeric character
- Include uppercase and lowercase letters (at least 4)
- Not to be part of dictionaries (Spanish or foreign)
- Should not be portions of the identifier or username
- Must not include the name of the company or any of its products
- Must not be easily deductible patterns (abc, 123, qwerty, etc ...)
- Should not contain personal information such as date of birth, family names, pets, hobbies, etc ...
The configuration of access to the systems of the company forces that the passwords are changed automatically with a frequency of 3 months. Passwords used previously can not be reused. When these changes can not be performed automatically, the responsibility for changing the password rests with the user.
If you suspect that your password may have been compromised or used improperly by another person, you should report this incident to the Security Officer immediately.
To avoid leaving sensitive information exposed, always leave your PC locked before leaving your desk.
Passwords will not be visible on the screen, written on paper or on any other physical media. Passwords can only be stored in secure repositories approved by the Management.