This tool provides questions to consider while reviewing general IT controls password standards.

Sample questions include: Are user rights to this platform or software system assigned based on group rights (versus individual rights)? Are user rights for this platform or software system reviewed regularly (segregation of duties review)? Are user access rights reviews performed by the business process owners? Does this platform or software system use a smart card, digital certificate, biometric identification, or some other technique for user authentication that replaces user IDs and passwords? Do user IDs follow a standard structure (example: John Smith would be user ID “jsmith”) for this platform or software system?