Awareness Day Twenty Nine: Admin controls
Awareness Day Twenty Nine: Admin controls
Consider regularly reviewing who is control of the admin passwords. Make it part of the onboarding and leavers process with staff. If an admin staff member leaves, ensure the password is changed and kept securely.
Are the senior leadership aware of who has the admin passwords or at least know how to access them?
If IT is outsourced, ensure that the organisation still has copies of all admin passwords locally.
If the IT provider is changed, ensure relevant passwords are changed, once the new provider takes over.
Review: NCSC Password administration for system owners
Review DPE's previous articles about admin controls:
October is Cyber Security Awareness Month: 17. Access Control (Users)
More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):