SB.10.009 Password Monitoring
There is security monitoring on organisational credentials appearing in (publicized) data-breaches.
If there are indications of compromise of passwords, or risks that the credentials of individuals are compromised, passwords will be forcibly changed and the users informed.
Services such as "Have i been pwned" can be used to monitor for the appearance of organisational accounts in breaches.
Losing a device on which ongoing sessions may be active should also qualify as cause for password rotation.