Is a Password Policy in place?

Yes. We utilize and manage passwords in accordance with current security standards and our comprehensive Password Policy.

• Our password policy applies to all systems that transmit, process or store Scoped systems and data,
• and to all constituent and client passwords.
• It has been approved by management, communicated to relevant employees and is enforced on all platforms and network devices.
• It allows for Multy-factor Authentication (2FA), if activated on clientside.
• Initial and temporary passwords are random and complex and have to be changed upon first/next login.
• The password reset authority is restricted to authorized personell and an automated password reset tool.
• User IDs and passwords are communicated via separate media channels, like E-Mail or phone.

• Our password policy defines specific length and complexity requirements (e.g. at least eight characters) and prohibits a PIN or secret question as a possible stand-alone method of authentication.
• It defines requirements for provisioning, resetting and storing passwords (encrypted/hashed).
• It also requires password changes in regular intervals or when there is an indication of possible system or password compromise.
• And it requires users to keep their passwords confidential and prohibts them from sharing passwords, keeping an unencrypted record of passwords and from storing unencrypted passwords in automated logon processes (e.g. Macros).