Authentication Policy

This policy is the Authentication Policy referred to in the UK Participation Agreement between Digital Completion UK Limited and (as applicable) the Participant or the Customer (Participation Agreement).

Terms which are defined in the Participation Agreement have the same meaning when used in this Authentication Policy.

The Participant or Customer (as applicable) must ensure that:

1. User passwords contain a minimum of eight (8) characters and satisfy at least three of the following:
   1. the password includes at least one (1) uppercase letter;
   2. the password includes at least one (1) lowercase letter;
   3. the password includes at least one (1) number (0-9); and
   4. the password includes at least one (1) special character;
2. Users cannot use a previously used password when setting a new password;
3. Users are locked out after multiple consecutive incorrect login attempts;
4. the unlock process is secure and involves User verification;
5. the password reset process is secure;
6. password expiry periods are enforced;
7. there is a system idle lockout duration in place;
8. Multi-factor authentication is required for application access;
9. Users require an organisational VPN for application access; and
10. Users who have left the organisation are deactivated from the organisation’s network in a timely manner.