SIP Communications Limited/SIP Communications Corporation Customer Password Management Policy
This is our customer password management policy. If you use our services it means that the policy applies to you and that you agree with it as part of our terms and conditions of use.
We may change this policy, so we expect you to check this page from time to time as the changes will be binding on you. There may also be changes elsewhere on our site.
The purpose of this Policy is to establish a standard for creation of strong passwords, the protection of those passwords and establishing a minimum frequency between changes to passwords. This policy is designed to protect the organizational resources, systems and assets for you.
2.Who we are
www.sipcom.com is operated by SIP Communications Limited and SIP Communications Corporation, both are part of the SIP Communications Group Limited.
Some important details about us:
- Our HQ is The Northern and Shell Building, 10 Lower Thames Street, London EC3R 6EN.
- Our regulator is: Ofcom (UK) and FCC (USA)
3.What you must do
You must ensure you adopt a password management policy that meets or exceeds the standards detailed here;
The details below form the baseline set of policies which are enforced on most Sipcom systems. There are some systems where this may vary for technical or commercial reasons, therefore it is your responsibility to ensure you adhere to the following.
- All User accounts and Administrator passwords must be changed on at least a 30 day cycle.
- All User-level passwords (e.g. Microsoft Teams & SfB, hosted voice, handsets, web portals etc.) must be changed at least every 30 days.
- User accounts that have Administrator privileges granted through group memberships or programs must have a unique password from all other accounts held by that user.
- Passwords must not be inserted into email messages or other forms of electronic communication.
- All user-level and system-level passwords must conform to the guidelines described below.
- Minimum Password length is 8 characters
- At least one letter (latin characters)
- At least one number (0-9)
- One upper case letter or special character (e.g. !, @, $, #)
- No sequential characters (e.g. “1234”, “7890”, “Abcd”)
- No repeating characters (e.g. “222”, “Aaa”, “###”)
- No account information (e.g. first/last name, phone number)
- Only digits
- No sequential digits (e.g. “1234”, “7890”)
- No repeating digits (e.g. “222”, “050505”)
- No account information (e.g. extension number, phone number)
- Minimum PIN length is 6
Password Protection Standards
Do not use the same password for Sipcom accounts as for other non-Sipcom access (e.g. personal email account, bank details, etc.). Where possible, don’t use the same password for various Sipcom service access needs. For example, select one password for Sipcom provided SfB service and another for Sipcom provided email, web portal, voicemail or handset.
- Never write passwords down.
- Never send a password through email.
- Never include a password in a non-encrypted stored document.
- Never tell anyone your password.
- Never talk about a password in front of others
- Never share a password with family members
- Never reveal your password over the telephone.
- Never hint at the format of your password.
- Never reveal or hint at your password on a form on the internet.
- Never use the “Remember Password” feature of application programs such as Internet Explorer, your email program, or any other program.
- Report any suspicion of your password being broken to the Sipcom Incident Desk and Information security Manager.
- If anyone asks for your password, refer them to the Sipcom Incident Desk and Information Security Manager.
- Never use common acronyms as part of your password.
- Never use common words or reverse spelling of words in part of your password.
- Never use names of people or places as part of your password.
Sipcom may at attempt for the purpose of penetration testing, conduct password cracking or guessing and this may be performed on a periodic or random basis. If a password is guessed or cracked during one of these scans, the user will be required to change it.
4.Important Notice about Liability
Sipcom cannot accept liability for any issues experienced or subsequent costs or any loses incurred by you if your password fails to prevent a non authorized user from gaining access to and utlising your services. If you believe this could or may occur you must ensure your password meets or exceeds the recommendations set out in this document, and notify the Sipcom incident team.
5.What might we do if this is breached?
If we think you have breached this policy, we will take whatever steps we think are necessary to protect the services.
These might include:
- Suspending the service
- Sending you a warning
- Taking legal action
- Telling the right authorities.
We exclude legal responsibility and cost for actions we take to deal with your breach of our policy.
6.Who owns this document
The Information Security Officer is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the ISMS.
A copy of the Policy is available on our website or by emailing firstname.lastname@example.org.