NIIT Technologies Ltd

Admin Password Management Process

QMS-P002QMS-P002

Holcim Services (SouthHolcim Services (South Asia) Ltd.Asia) Ltd.

28 Dec 10

Admin Password Management Process Version 1.0 Page 1 of 6

NIIT Technologies Ltd

Document ControlDocument Control

1. Document InformationDocument Name

Admin Password Management Policy

Classification Internal use onlyAuthor Sandeep DeshpandeOwner NTL IT Operations ManagerOnline ReferenceStatus DraftFile Name & Path

\\10.235.0.155\HSSA_Support\NTL Infrastructure\Private\Quality\ Password Management Policy.doc

Created on 28th December 10Release onValid FromRe-validation DatePrinted on

RevisionVersion Revision Date Revision Description Author Sign-offDraft 28th Dec 10 Initial Version Sandeep

ApprovalRole Name Signature Date

Distribution ListRole Name Signature Date

HSSA Head IT infrastructure Govindamani

OpCos SPOC – ACC – ACL

– ACCCL – HSSA

Vinod Kumar,Sainath Iyer,Rajan PachchigarRajesh Lunawat

OpCos Location Head All SitesNTL Regional Coordinators

North/East/South & West. Gujrat for ACL. Thane/Churchgate

Other NTL Staff All Sites

Admin Password Management Process Version 1.0 Page 2 of 6

NIIT Technologies Ltd

INDEX

Admin Password Management Policy.....................................................................11. Document Information.....................................................................................22. Overview..........................................................................................................43. Scope................................................................................................................44. Owner..............................................................................................................45. Review of Procedure........................................................................................46. Admin Password Process controls...................................................................4

6.1. Admin Password Security and Account Verification...............................46.2. Additional Controls...................................................................................46.3. Confidentiality..........................................................................................56.4. Admin Password Administration..............................................................5

7. Process.............................................................................................................57.1. Procedure guideline for implementing Password policy.............................57.2. Operational Routine.....................................................................................58. Responsible......................................................................................................59. Glossary of Abbreviations...............................................................................610. Template for password storage....................................................................6

Admin Password Management Process Version 1.0 Page 3 of 6

NIIT Technologies Ltd

2. OverviewThe purpose of Admin Password Management Policy is to ensure administrator passwords are properly used to verify/authenticate the identity of a user, the first line of defence for access into IT Infrastructure. Also to ensure that built in administrator ID is used only for administration purpose by administrator. The password is also available with HSSA management which can be used in case of emergency.

3. ScopeThis policy is applicable to HSSA head office where administrator ID is maintained and used by administrators for Active directory, Lotus Notes, Anti-virus, Altiris software.

4. OwnerHSSA ITSM and NTL operations manager will be responsible for making changes to the process.

5. Review of ProcedureThis procedure will be reviewed for its issuance, maintenance and distribution. Yearly review of this procedure is essential to ensure that the procedure remain relevant.

6. Admin Password Process controls

6.1.Admin Password Security and Account VerificationChecking new passwords: password should not accept passwords found in

dictionary and is not a name or simple common word.Plausibility Test for password: Passwords should be constructed using a

mixture of different characters. This makes the guessing of passwords very difficult.

All admin User account passwords shall consist of a minimum length of 8 characters.

Days to password change password is Maximum is 180 days.

6.2.Additional ControlsDelay after Incorrect Login Attempts – In case user provides wrong

passwords for 3 times it provides delay in the login.Login details – It records following for login recordsRecords failed login attemptsRecord successful login attemptsInterpretation of Ctrl + Alt + Del is Ignore Privileged User login IDs and password will be with domain Team Leads

Admin Password Management Process Version 1.0 Page 4 of 6

NIIT Technologies Ltd

6.3.Confidentiality

Passwords will not be scribbled anywhere other than the Password Envelope.

Sharing of password is strictly prohibited.

6.4.Admin Password AdministrationChange Management needs to be followed for changing the passwords for administrator users by filling up Change request Form. One printed copy of passwords should be kept with HSSA SM & OP head.

7. Process

7.1. Procedure guideline for implementing Password policyAll administrators and their workforces shall follow password policy, keep all passwords secure, and keep passwords confidential.

Parameters ValuePassword History 5

Maximum Password Age 180 DaysPassword Must meet complexity Requirements EnabledMin Password length 8 chars

7.2.Operational Routine

Activity Schedule Task Responsibility Outcome

Admin ID maintenance

180 days. Cycle: Jan-July

Change of admin password for AD,LN,AV,Altiris

IT Operations TeamChanged list of admin ID is handed over to Head SM & OP

All admin ID passwords should be changed according to operational Routine and whenever the change request is raised. The printed copy to be handed over to SM & OP head HSSA in sealed envelope.

8. ResponsibleFollowing persons from NTL will be responsible for implementing and maintaining this process.

Area ResponsibleActive Directory System Team MemberLotus notes System Team MemberAnti-virus System Team MemberAltiris System Team Member

Admin Password Management Process Version 1.0 Page 5 of 6

NIIT Technologies Ltd

9. Glossary of AbbreviationsSr. Abbreviation Description1. IT Information Technology2. AV Anti Virus3. HSSA Holcim Services (South Asia) Ltd.4. ACC ACC Limited5. ACCCL ACC Concrete Limited6. ACL Ambuja Cements Limited7. NTL NIIT Technologies Ltd.8. OpCo Operating Company9. ITSM Information Technology Service Management

10. Template for password storage

Following template should be used while handing over password to HSSA SM & OP head. The envelope should be sealed while giving this document.

Admin Password Management Process Version 1.0 Page 6 of 6