Neftaly Staff

NeftalyApp COURSES Partner INVEST Corporate CHARITY Divisions

[Contact SayPro] [About SayPro][Services] [Recruit] [Agri] [Apply] [Login] [Courses] [Corporate Training] [Study] [School] [Sell Courses] [Career Guidance] [Training Material[ListBusiness/NPO/Govt] [Shop] [Volunteer] [Internships[Jobs] [Tenders] [Funding] [Learnerships] [Bursary] [Freelancers] [Sell] [Camps] [Events&Catering] [Research] [Laboratory] [Sponsor] [Machines] [Partner] [Advertise]  [Influencers] [Publish] [Write ] [Invest] [Franchise] [Staff] [CharityNPO] [Donate] [Give] [Clinic/Hospital] [Competitions] [Travel] [Idea/Support] [Events] [Classified] [Groups] [Pages]

Email: info@neftaly.net Call/WhatsApp: + 27 84 313 7407

Neftaly Human Capital Password Management Policy, Procedures, Processes,Templates, Documents and Forms NeftalyP346

Document Code: NeftalyP346
Approved By: Neftaly Malatjie, Chief Executive Officer
Date Approved: 28 October 2025
Review Date: 29 November 2026

Policy Owner: Neftaly Chief Human Capital Officer, NeftalyCHCR

NeftalyP346-1 Overview

NeftalyP346-1-1 The Neftaly Human Capital Password Management Policy (NeftalyP346) provides a structured framework for creating, storing, maintaining, and protecting passwords within Neftaly’s systems, applications, and digital platforms. This policy ensures the security of sensitive data and access control, reducing the risk of unauthorized access to Neftaly’s Human Capital, Royal, and operational resources.

NeftalyP346-2 Purpose

The purpose of this policy is to:

  • NeftalyP346-2-1 Protect Neftaly’s digital assets and sensitive information from unauthorized access.
  • NeftalyP346-2-2 Establish standardized procedures for password creation, storage, sharing, and change management.
  • NeftalyP346-2-3 Ensure Human Capital adhere to best practices in password security.
  • NeftalyP346-2-4 Support regulatory compliance and Neftaly’s internal security standards.

NeftalyP346-3 Scope

This policy applies to:

  • NeftalyP346-3-1 All Neftaly Human Capital, including Officers, Deputy Chiefs, Royal Directors, and Non-Executive Members.
  • NeftalyP346-3-2 All accounts, systems, applications, and devices used to access Neftaly resources, including websites, apps, portals, and internal servers.
  • NeftalyP346-3-3 Any third-party systems accessed on behalf of Neftaly where passwords are required.

NeftalyP346-4 Policy Statement

NeftalyP346-4-1 Neftaly is committed to securing its digital resources by enforcing robust password management practices. All Human Capital are responsible for maintaining the confidentiality, integrity, and security of their passwords in compliance with this policy. Unauthorized sharing, weak passwords, or failure to update passwords may result in restricted access or disciplinary action.

NeftalyP346-5 Core Principles

NeftalyP346-5-1 Confidentiality: Passwords must never be shared or disclosed.

NeftalyP346-5-2 Complexity: Passwords must meet minimum security standards.

NeftalyP346-5-3 Periodic Change: Passwords must be updated regularly.

NeftalyP346-5-4 Authentication: Access is granted based on verified credentials only.

NeftalyP346-5-5 Accountability: Users are accountable for all actions performed using their accounts.

    NeftalyP346-6 Procedures and Processes

    NeftalyP346-6-1 Password Creation

    • NeftalyP346-6-1-1 Passwords must be at least 12 characters long, combining uppercase letters, lowercase letters, numbers, and special characters.
    • NeftalyP346-6-1-2 Avoid using easily guessable information such as birthdays, names, or sequential numbers.
    • NeftalyP346-6-1-3 Temporary passwords issued by IT must be changed immediately upon first login.
    • NeftalyP346-6-1-4 Use NeftalyF346-01 Password Registration Form to document initial password setup for system records.

    NeftalyP346-6-2 Password Storage and Security

    • NeftalyP346-6-2-1 Passwords must not be written down or stored in unsecured digital locations.
    • NeftalyP346-6-2-2 Use approved password management tools if necessary.
    • NeftalyP346-6-2-3 Never share passwords via email, chat, or unencrypted communication.

    SayProP346-6-3 Password Change and Expiration

    • NeftalyP346-6-3-1 Passwords must be changed every 90 days.
    • NeftalyP346-6-3-2 Avoid reusing previous passwords for at least five cycles.
    • NeftalyP346-6-3-3 Forgotten passwords must be reset through the official IT support channel and logged using NeftalyF346-02 Password Reset Form.

    SayProP346-6-4 Access Control

    • NeftalyP346-6-4-1 Accounts are assigned according to the role and access level required.
    • NeftalyP346-6-4-2 Access rights are reviewed quarterly by Royal Directors and CHCO.
    • NeftalyP346-6-4-3 Unauthorized access attempts must be reported immediately using NeftalyF346-03 Security Incident Form.

    NeftalyP346-6-5 Monitoring and Compliance

    • NeftalyP346-6-5-1 IT and CHCO monitor account activity for suspicious behavior.
    • NeftalyP346-6-5-2 Audit trails are maintained for all password changes and system access events.
    • NeftalyP346-6-5-3 Non-compliance may result in temporary account suspension or other corrective action.

    SayProP346-7 Roles and Responsibilities

    RoleResponsibilities
    Chief Executive Officer (CEO)Provides final approval for password security policy and enforcement.
    Chief Human Capital Officer (CHCO)Oversees implementation, monitors compliance, and coordinates with IT Security.
    Royal DirectorsEnsure password policy is enforced within their divisions.
    Deputy ChiefsAssist with monitoring, awareness, and reporting of password-related issues.
    OfficersSupport password compliance, maintain records, and provide guidance to Human Capital.
    Human CapitalFollow password creation, storage, and change procedures; report incidents promptly.

    NeftalyP346-8 Documentation and Templates

    • NeftalyP346-8-1 NeftalyF346-01: Password Registration Form
    • NeftalyP346-8-2 NeftalyF346-02: Password Reset Form
    • NeftalyP346-8-3 NeftalyF346-03: Security Incident Form
    • NeftalyP346-8-4 NeftalyR346-01: Password Compliance Audit Report

    NeftalyP346-9 Compliance and Monitoring

    • NeftalyP346-9-1 Regular audits are conducted to ensure adherence to this policy.
    • NeftalyP346-9-2 Violations such as password sharing, weak passwords, or unauthorized access are subject to disciplinary measures.
    • NeftalyP346-9-3 CHCO and IT Security coordinate corrective measures and periodic awareness training.

    NeftalyP346-10 Review and Evaluation

    NeftalyP346-10-1 This policy will be reviewed annually by the CHCO in collaboration with IT Security and approved by the CEO to ensure alignment with emerging security standards, regulatory requirements, and best practices.

    NeftalyP346-11 Frequently Asked Questions (FAQs)

    Q1: Can I share my password with my deputy or team member?
    A: No. Passwords must remain confidential and are not to be shared under any circumstances.

    Q2: What if I forget my password?
    A: Submit a reset request via the official IT support channel using NeftalyF346-02 Password Reset Form.

    Q3: How often must I change my password?
    A: Every 90 days, or sooner if prompted by IT security alerts.

    Q4: Can I use the same password for multiple Neftaly accounts?
    A: No. Each account must have a unique password to maintain security.

    Q5: What should I do if I suspect unauthorized access?
    A: Immediately report using NeftalyF346-03 Security Incident Form and notify your Officer or CHCO.

    Approved By:
    Neftaly Malatjie
    Chief Executive Officer