access password recovery


Computer System Level Security

Users are given individual password to enter into data entry/verification mode. Each user must change the password every 30 days. To protect unauthorized access to the user computer while it is logged in, the screen saver gets activated after 10 minutes of idleness and can be activated back only by using screen saver password. Thrice failed login attempt will lock the computer and can be reactivated only through system administrator after having proper enquiry.

  • The SA allocates access rights to new employees based on the inputs received from HR Executive through User Registration form.
  • Access to Operating system, network, and applications is in line with controls defined in active directory configurations.
  • The privileges such as admin rights, VNC, etc. are available to only SA and in no case, such privileges are provided to any employee.
  • For access control password is the normally practiced mechanism at Cygnet.
  • However where authentication hardware (Smart Cards/Plastic Cards/Bio Metric Devices) are required, the same are used to access the application.
  • Such requirements are part of contractual requirement or specifically advised by the management.
  • Strong passwords are enforced using system level utilities.
  • The password should be at least 6 characters having alphanumeric combinations and needs to be changed every month. Also, the system should not accept the previously used last 3 passwords.
  • Users are also made aware not to use easily guessable passwords such as their name, birth date, spouse name etc.
  • Access rights to be reviewed and version controlled every quarter for ADS, SharePoint as well as the other applications, which are not synchronized with the ADS for example Mantis.
  • Mantis (Bug Tracking System) user access rights to be maintained in the excel sheet and the same to be version controlled and verified with the access rights available on the application every quarter.
  • Access request for any application which is restricted but specifically required by the user will be asked from the SA through an email specifying the reason and the time duration for which it is required. The approval for the access is to be taken from the reporting manager/ISO/MD. In case of one time access, a policy to be created on the firewall or ADS for a limited access and the same to be revoked after the end of requested duration. Users have to request again to the SA for the extension of the facility.
  • SA and PM are given administrator rights on the ADS.