Privacy and Security - Account Management - EBUS.06

Last updated on February 27, 2019

Ensuring the security of ministry technology resources and data holdings is critical. User access is controlled through appropriate account management. It is critical to have strict controls in place for creating and managing accounts.

All users are assigned either a unique user ID and password; or a two-factor token (when two-factor authentication is used). It is important not to reveal or share their passwords and tokens with others.
Implement a strong password standard by identifying the minimum number of characters and the complexity of the characters selected (upper-lower case letters, numbers and special characters) allowed for passwords. Note: this may be already controlled through your application.
When electronically transmitting passwords, passphrases and passcodes to users they must be securely communicated and separated from the user ID. A user's role will determine the level of access they have to electronic health information. Access will reflect the user's "need to know", providing the least privilege necessary based on their job function.

All accounts that have been inactive for 90 days or more must be removed or disabled to prohibit login to the system.

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Privacy and Security - Account Management - EBUS.06