SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Software Password Storage

  Quote
Guest
Guest user Created:   Feb 28, 2022 Last commented:   Feb 28, 2022

Software Password Storage

Hi Guys Regarding Software Assets, we have identified a risk that if the passwords/keys for the software are misplaced we no longer be able to use that asset. The control we have implemented is to store all such passwords/keys in a password safe. My question is which document should this control be recorded in? The “Password Policy” document seems to be focused solely on user passwords, not software/keys.
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 28, 2022

I’m assuming you want to know where to record the information about where passwords/keys are stored.

Considering that, please note that the Password policy has an item which defines that “files containing passwords must be stored separately from the application's system data”. 

Since the Password policy does not have a section for record management, I suggest you use Access Control Policy for this purpose.

This Access control policy Integrates the use of the Password Policy in section 3.8, and from this section you can include in its section 4 - Managing records kept on the basis of this document, a record describing how you implement this storage.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 28, 2022

Feb 28, 2022

Suggested Topics

Guest user Created:   Jun 09, 2018 ISO 27001 & 22301
Replies: 1
0 0

BYOD Policy

Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 3
0 0

Storage of password