October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Twenty Nine: Admin controls
Awareness Day Twenty Nine: Admin controls

Consider regularly reviewing who is control of the admin passwords.  Make it part of the onboarding and leavers process with staff.  If an admin staff member leaves, ensure the password is changed and kept securely.
Are the senior leadership aware of who has the admin passwords or at least know how to access them?
If IT is outsourced, ensure that the organisation still has copies of all admin passwords locally.
If the IT provider is changed, ensure relevant passwords are changed, once the new provider takes over.
Review: NCSC Password administration for system owners

Review DPE's previous articles about admin controls:
October is Cyber Security Awareness Month: 17. Access Control (Users)

Read more …

More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):