How do companies going public set passwords for accessing the ERP system?

Setting passwords for the systems of a company preparing to go public usually involves requirements and practices to comply with data security standards and Internal Audit.

The various requirements are as follows.

1. Password Length

Passwords should have a defined minimum length, such as at least 8 to 12 characters.

2. Password Complexity

A password must include uppercase and lowercase letters,

include numbers, as well as special characters such as !, @, #, $.

3. Password Change Policy

Users must change their password regularly, such as every 60 or 90 days.

The same password cannot be reused within a certain period — for example, the last 5–10 passwords cannot be reused.

4. Automatic Logout

If there is no activity for a defined period, such as 15 or 30 minutes, the system should log out automatically.

5. Account Lockout

If there are login attempts with an incorrect password exceeding a defined number, such as 3 or 5 times, the system should lock the account and alert the administrator.

6. Audit Logging and Monitoring

Logins and important activities in the system should be logged for later auditing and analysis.

7. Access Control

System access permissions should follow the principle of Role-Based Access Control (RBAC), including limiting access only to those who genuinely need to use it.

8. Training and Awareness

Users should be regularly trained on password-setting policies and data security.

Complying with these requirements helps the company maintain robust data security that conforms to strict internal audit standards — which is essential for companies wanting to go public.