Workday ISU passwords and compliance policies
​
Hey everyone,
I am looking for some insights on how your organizations manage Integration System Users (ISUs) and password management, specifically regarding compliance policies. Our security/compliance team is currently auditing us and has requested a list of our Workday ISUs. They are also insisting that all ISU passwords must be rotated/reset every 90 days to align with general corporate password policies. As you know, rotating dozens of ISU passwords every 90 days can be an administrative nightmare and risks breaking critical, time-sensitive integrations if not synced perfectly with downstream systems.
I’m curious to know:How do you handle ISU password rotations? Do you rotate them manually?
How do you handle compliance pushback? Have you successfully argued for policy exceptions for system accounts?
What are your best practices? If you do rotate every 90 days, how do you prevent integrations from breaking?
Would love to hear how your teams handle the balance between strict compliance and operational stability.
TIA!!