Change Your Passwords

I received an email from a colleague today requesting that I change my password in the shared application that we are using. I really appreciate the effort of reminding me to change my password since the system doesn't give out password expiration warnings. Once your password expires, that's it. You're locked out.

What baffles me is the the accompanying note that came with the reminder: Send an email confirmation stating that you have changed your password. This can be used as an article of evidence of your compliance for our security standards.

Compliance tracking, that's fine with me. But um.. Through email?

Sure, that will be cool if we were only a handful of resources doing this email confirmation thing. Put it this way, there are almost 200 resources who would be sending this email. Isn't it so much of an overkill to offer your inbox as a drop box for these confirmations? Well, if the email is for tracking purposes, and since this occurs in a regular interval, wouldn't it be wise to devise an alternative way to track these? I mean, the FIRM offers solutions to clients by streamlining their processes, developing/customizing applications suited for the client's needs. Why can't teams within the firm develop something that can streamline our own process?

Assuming resources are not an issue, our situation is very much comparable to  a very skilled carpenter capable of creating masterpieces for others from the ground up and yet is incapable of building something for himself. Pfft!