Access security and password management

E-LEARNING PLATFORM – ACCESS SECURITY AND PASSWORD MANAGEMENT – ELE-PRO-012-A

Version: 1.0  |  Last update: 03/11/2025  |  Department: IT & E-learning

🎯 Objective

Define the standardized process for securing access credentials and managing passwords on the
Dubai Precious Metals University e-learning platform
(dubai-precious-metals-university.com),
built with the MasterStudy LMS theme.
The purpose is to ensure confidentiality, prevent unauthorized access, and maintain a traceable system of password lifecycle management for all users (students, instructors, administrators).

👤 Who

  • IT & E-learning Administrator
  • Academic Coordinator (for user validation)
  • Administrative Assistant (for CRM follow-up)

🧩 Inputs / Outputs

Inputs:

  • List of active users (students, instructors, admins)
  • Zoho CRM records containing official email addresses
  • Access rights and user roles within WordPress

Outputs:

  • Secure password creation and delivery process
  • Traceable password updates in Zoho CRM
  • Immediate access withdrawal in case of departure or completion

⚙️ Process Steps

  1. Account Creation and Initial Password
    When a new user (student or instructor) is created in WordPress:

    • The IT Administrator generates a strong password using the built-in generator (minimum 12 characters, with uppercase, lowercase, numbers, and symbols).
    • The password is stored temporarily in a secure internal file until delivery.
    • The credentials are then sent manually via Zoho CRM (see ELE-PRO-004-A / ELE-PRO-005-A) for traceability.
    • After sending, the temporary password is deleted from local storage.
  2. Password Renewal
    Passwords must be renewed:

    • Every 6 months for administrators and instructors
    • Every 12 months for students

    Renewal steps:

    • Go to Users → All Users
    • Select the user → click Set New Password
    • Generate a new secure password
    • Send manually via Zoho CRM (with confirmation note saved)

    Each renewal must be recorded in ELE-LOG-006 (Password Management Register).

  3. Lost or Forgotten Passwords
    If a user requests a password reset:

    • Confirm the user’s identity via Zoho CRM email address or ID verification
    • Use the “Lost your password?” link on the login page
    • Ensure that the reset email has been sent successfully from the WordPress mail system
    • Once reset, update Zoho CRM with the date and note “Password Reset Requested – [date]”
  4. Access Removal
    When a user leaves or completes a program (see ELE-PRO-009-A):

    • Log in to Users → All Users
    • Change role to Alumni (for students) or Inactive (for staff)
    • If full removal is required, delete the user only after confirming all records are archived
    • Record the action in Zoho CRM → Notes (Account Closed / Access Removed)
  5. Security Controls and Best Practices
    The following rules apply to all platform users:

    • Passwords must be unique to DPMU and not reused across other platforms
    • Passwords must never be sent in plain text outside Zoho CRM
    • All user sessions must use HTTPS (SSL enforced)
    • Multi-factor authentication (2FA) must be activated for all administrator accounts
  6. Incident Handling
    In case of a suspected credential compromise:

    • Immediately suspend the affected user’s access
    • Force password reset for all roles potentially affected
    • Perform a full security scan using Wordfence
    • Log the incident in ELE-LOG-005 (Incident Register)
    • Notify the Academic Coordinator within 24 hours

✅ Controls

  • Quarterly review of password compliance and update dates
  • 2FA verification for all administrator accounts
  • CRM traceability check for all password communications

📁 Records

  • Password management log (ELE-LOG-006)
  • Zoho CRM notes and email confirmations
  • Security audit reports (Wordfence / OVH logs)
  • Stored in WorkDrive › IT › Security › ELE-PRO-012-A
0
137

Related Knowledgebase