User Access Credentials and Passwords Clause Samples
User Access Credentials and Passwords. 1.7.1 Requests for access shall be made following access provisioning procedures.
1.7.2 Applications and network resources access shall be activated\deactivated in accordance with Avangrid activation\ deactivation procedures.
1.7.3 Users requiring duly justified privileged access rights will be assigned a specific “Privileged User ID”
a. Privileged User IDs shall be reviewed and confirmed at least semi-annually.
b. Regular professional activities shall not be performed from a privileged ID.
1.7.4 Users shall use strong, complex passwords and securely maintain secret authentication information (e.g. passwords, cryptographic keys, smart cards that produce authorization codes), including:
a. Not sharing or disclosing their Avangrid credentials (log on IDs-user names and/or passwords) with others inside or outside the company.
b. Keeping secret authentication information confidential, ensuring that it is not divulged to any other parties, including senior management and technical support.
c. Not recording (e.g. on paper, software file or hand-held device) secret authentication information, unless this can be stored securely, and the method of storing has been approved (e.g. password vault) by Corporate Security.
d. Changing secret authentication information when there is any indication of a possible compromise.
e. Reporting any incidents or suspected compromises by following Avangrid incident reporting procedures.
User Access Credentials and Passwords. Following registration for Services by a User, Tera will issue one or more User log on names and passwords (collectively, the “User Access Credentials”) for use exclusively by User and/or its Authorized Users on behalf of the User for Transactions and the use and access of the Services. Passwords must be changed periodically, as determined by Tera, but in the absence of any security concerns identified by Tera, User shall not be required to change them more frequently than every ninety days. User will be solely responsible for controlling and monitoring the use of the User Access Credentials and will not disclose, or permit any other person to disclose, the User Access Credentials to any third party. User will promptly notify Tera of: (i) any known unauthorized disclosure or use of a User Access Credential; (ii) any known unauthorized access to the Services; and (iii) any loss of a User Access Credential to the extent it becomes aware of any of the foregoing. User shall be bound by any actions taken through the use of its User Access Credentials, including the execution of Transactions through the Services, and when applicable, using TeraCheck for risk management or order management, whether or not such actions were authorized by User, unless any such unauthorized use is due to the willful misconduct, fraud or negligence of Tera.