Not sure if this belongs in Security or in E-Banking/Technology but here goes:

I recently found that our IT group has been including key codes (e.g. for Windows XP) in build documents for new computers. These are internal documents that are typically only used by IT personnel, however are printed out occasionally for 'ease of reference'. I'm personally not comfortable with this practice. I feel that there is a risk of the document being printed, left somewhere and used inappropriately. It seems to me like a risk to the Bank, not only reputationally but legally.

I haven't found any guidelines relating to this sort of thing, just passwords. I would like others input on this subject, and if possible some references to guidance on the matter (if there is any).

Thanks.
_________________________
Everyone has to make a living, mine just happens to involve thumbscrews.