Password policy


The password policy defines requirements for passwords.

The policy is applicable to all internal and external personnel and Systems and (cloud) services holding information classified as Confidential or Sensitive.


  • Passwords should be strong (at least 8 characters, usage of lowercase/uppercase/numbers/symbols)
  • Do not use the same password for more than one service or system
  • Change the password at least twice per year
  • Do not use variants of the old password (e.g. adding a number to the old password)
  • The use of Bitwarden password manager is mandatory.