I've been working on a desktop product, that's shipped and installed to customer sites. It's a CRM/Case Management system. The system has a 'God Level Password', that has full access rights to the system. I'm used to systems that have this being disabled as soon as and other user is created on the system (I think that's reasonable).

I don't think the current situation is reasonable, if there were some form of data protection issue at a customer site, any of my team (dev and test) could be suspects. There's also ex-staff members who'll know the password. The password regularly gets used by support and training for some activities.

So, I want the product management team to define the requirements for non-client access to the system, so the 'God Level Password' can be removed. I'd like to trigger that by logging a defect about how the system access is not correctly protected. Anybody got key risks/legality issues they'd include in the defect?