Changing Passwords: Individual passwords are used which consist of a combination of
letters, numbers and symbols that cannot be personal identifiers. Passwords must be
changed at least every 90 days, cannot be reused and are deactivated if the password is
not changed. An alert message is generated at a predetermined number of days before the
password expires.
System lockout: All users have a login code, station number and password to access the
system. After a number of unsuccessful attempts to login, the user is locked out of the
system and must contact IT to reinstate user access to system.
Establishing and Reviewing Access Levels: levels of access to the computer system are
assigned by job category. Access levels are periodically evaluated by management.