Users are responsible for creating and protecting passwords that grant them access to resources. Passwords should not be shared, displayed in plain view, or stored in computers. Passwords used to access systems must meet password length, complexity, and longevity requirements. All passwords must be a minimum of 14 characters long, and must contain at least one of each of the following:

If a user’s password is compromised or discovered, the password should be immediately changed, and the security incident reported to Armanino.

​

Users are responsible for ensuring that other users are assigned roles appropriately. Only the level of access required to perform authorized tasks should be approved, following the concept of “least privilege”. Users should not use shared accounts under any circumstances. Accounts must be disabled and/or deleted in a timely manner following employment termination, according to a documented employee termination process. System administrators are responsible for modifying and/or removing the accounts of individuals who change roles with the Company or are separated from their relationship with the Company.

​