The DSP Toolkit guide section 4 covers passwords and 4.5.4 asks the specific question:
How does your organisation make sure that staff, directors, trustees, and volunteers use good password practice?
NHS Digital’s tip states:
- If your organisation has any IT systems or computers, it should provide advice for setting and managing passwords
- Each person should have their own password to access the computer, laptop or tablet that they are using and a separate password for other systems
- These passwords should be ‘strong’ i.e. hard to guess. This could be enforced through technical controls i.e. your system(s) require a minimum number of characters or a mixture of letters and numbers in a password. If your organisation does not use any IT systems, computers, or other devices, write “Not applicable” in the text box
- Information about good password practice is available from Digital Social Care here
If you don’t already have individual email addresses for your team, you have two options:
- Host a chargeable domain with an email account suitable for your organisation
- Choose a free email provider and agree the format of the emails for users such as [email protected]
Option 1 will attract a cost however with you hosting the email account you are safe in the knowledge that for as long as you continue to pay, the emails will remain active. A couple of well known hosting providers are godaddy.com and ionos.
Option 2 is free to use however you may run the risk of the server ceasing to trade so you are advised to choose a larger provider. Here is a great article to help you to choose, with Proton and Gmail coming out top clear contenders for a free service.
Managing Change model
For change to be successful, you will need to devote some time and energy and bring everyone with you. This model below identifies the key stages to go through including the reinforcement stage, so you know the change remains in place.