Cyber Security Policy Manual

16) Users have the ability to reset their passwords using the City’s password reset tool. If the IT Service Desk or local IT team is required to reset user’s password, they must verify the use r identity and provide the user with a temporary password to be changed upon user logging into the system or application. 17) Accounts for terminated users must be disabled immediately upon receiving a notification from Human Resources or Division Managers or Supervisors or Technology Liaisons. Disabled accounts must be removed after 30 days unless specified otherwise. 18) Upon termination, Human Resources or Division Managers or Supervisors or Technology Liaisons must ensure that access badges and technology assets are collected from terminated employees. 19) All account creation, deletion, and privilege change activities must be logged and reviewed on regular basis. Failed and successful login attempts must also be logged and reviewed on regular basis to identify unauthorized login attempts.

Cyber Security Policy Manual

27