ISO27001: Passwords and Screen Locking

Growing the Business

Dear colleagues,

Sensible use of passwords enhances information security.  However, failing to lock your screen when away from your desk defeats this security immediately.

The Password and Screen Locking policies are part of the ISO 27001 changes and apply to all Wilson James staff and IT assets.

The Policy

  • Passwords must be a minimum of 8 characters and must include upper and lower case letters and at least one number.
  • Passwords must be changed at least every 90 days
  • Passwords must not be re-used for at least 10 occurrences
  • Do not share your password with anyone, keep it confidential
  • Do not include a password in any automated log-on procedures
  • Do not use the same password for different services, in particular passwords for personal and Wilson James accounts must be different.
  • Avoid easily guessable passwords (e.g. any word or phrase in any dictionary, based on dates, month or year, family names, initials or car registration, Wilson James names, user id or user name, any sporting activities or clubs, etc.)
  • Lock your screen whenever you leave your desk.

What You Need to Do Now

  • Consider your passwords:
    • Are they the same as personal ones?  If so, change them.
    • Are they easily guessable?  If so, change them.
    • Have you allowed your computer to remember them?  If so, change them.
    • Have you shared your them with anyone ? If so, change them.
  • ​If you aren’t sat at your desk your computer screen should be locked!

Click here to download and display this poster

As a reminder, if your feel you or your department need some assistance in adhering to this policy, please contact your designated champion to make your needs known. You can find your list of champions here.

Recent Tweets