Embedded Files
1. Purpose & Scope
1. Purpose & Scope
This policy explains how ACLED staff should share passwords using LastPass. It ensures that password sharing is done securely and only with the approval of the person responsible for the password.
Passwords will continue to be shared via LastPass and the majority of ACLED team members will only need access to the free version of LastPass to accept shared passwords. Some team members may require admin access to ACLED’s LastPass Business Account. Those team members should refer to the LastPass Admin Policy.
2. Roles and Responsibilities
2. Roles and Responsibilities
Information Owner:
The person responsible for a specific password.
Approves or denies password-sharing requests via Asana.
Operations Team:
Manages the LastPass system and handles password-sharing requests.
Contacts the Information Owner for approval when needed.
Shares passwords after approval and keeps records for auditing.
Ensures passwords are shared only with authorized people approved by the Information Owner.
Requester:
Submits a password-sharing request using the Asana form.
Uses the password only for its intended purpose and reports any issues.
3. Password Sharing Process - Asana Form
3. Password Sharing Process - Asana Form
Request Initiation:
The Requester fills out the Asana Password Share Request form with their details and reason for access.
The Requester can either submit a request for themselves or for one of their direct reports (if they are a supervisor)
Operations Processes Request:
The Operations Team checks if the requester is the Information Owner.
If they are, the request is automatically approved.
If not, the Information Owner is asked to approve or deny the request.
Information Owner Approves Request:
The Information Owner approves or denies the request in Asana.
Operations Proceeds with Sharing:
If approved, the Operations Team shares the password via LastPass.
4. Auditing and Compliance
4. Auditing and Compliance
All password-sharing activities are logged and reviewed regularly to ensure security and compliance.
5. Policy Enforcement and Violations
5. Policy Enforcement and Violations
Violating this policy can lead to disciplinary actions, including loss of password-sharing privileges.
6. Policy Review
6. Policy Review
This policy will be reviewed annually to keep it up-to-date and effective.
Further readings:
Page updated
Report abuse