Skip to main content
Last reviewed: [Date] — Next review due: [Date]

Password requirements

RequirementStandard
Minimum length14 characters
ComplexityMix of upper, lower, numbers, symbols
ReuseNo reuse of last 10 passwords
RotationEvery 90 days for privileged accounts
MFARequired on all company accounts
Use a company-approved password manager. Do not store passwords in browsers, spreadsheets, or sticky notes.

Device security

  • Enable full-disk encryption on all devices used for company work
  • Keep operating systems and software up to date — do not defer updates beyond 7 days
  • Do not connect company devices to unknown or public Wi-Fi without using the company VPN
  • Report lost or stolen devices to IT immediately: it@blevinsholdings.com

Access control

Access to systems and data is granted on a least-privilege basis — you receive only the access needed for your role. Access is reviewed quarterly and revoked promptly upon role changes or departure. Requesting additional access: 
# Submit via the IT helpdesk portal
# Include: system name, access level needed, business justification, manager approval

Phishing and social engineering

If you receive a suspicious email:
1

Do not click links or download attachments

Even if the sender appears to be someone you know.
2

Report it

Forward the email to security@blevinsholdings.com or use the “Report Phishing” button in your email client.
3

Delete it

After reporting, delete the email from your inbox and trash.
IT will never ask for your password via email, phone, or chat. If someone does, report it immediately.
Policy owner: IT Security