It is not permitted to capture records containing passwords to RAMS. RAMS must not be used for the capture and storage of passwords.
In line with UNSW’s Cyber Security guidelines on Identity and Access Management, passwords must never be stored in clear text. Please refer to the Cyber Security Guideline – Identity and Access Management which establishes the minimum standards related to user account management, including passphrase management.
In particular, section 3.3.3. Account passphrases must not be stored in clear text, displayed on the screen in clear text, printed in clear text, or transmitted in clear text. [Risk: Medium, High. Role: IO].
For advice on best practice management of passwords, please contact Cyber Security.
Personal information is defined as, “Information or an opinion about an individual whose identity is apparent or can be reasonably be ascertained from the information or opinion”.
Special consideration needs to be given to the management of personal information contained in records being captured and managed using the University’s business systems. This information will frequently be classified as Sensitive, sometimes Highly Sensitive, and should always be destroyed as soon as it is appropriate to do so. Capture and correct classification within RAMS ensures this is managed at a system level.