A credible and trustworthy information system (TIS) is one that provides a reliable, cost-effective, interoperable, and secured information system for a company. Yagüe, Maña & Lopez (2005) carried out research that aimed to provide a secure solution for web services through the development of an interoperable and distributed access control system. They separated access control and authorization functions and used an XML language to stipulate the policies for access. Fernández, Mehlau & Pernul (2004) leveraged previously established software patterns to develop a robust metadata-based access control system. They recommend access control to be based on current metadata, and access to be granted only when mandatory attributes and properties are satisfied by users. Supporting the metadata-based access control system with a graphical password system, such as the ‘draw-a-secret’ scheme, can make the system stronger as it allows for imagination on the part of the user to gain access and adds to their memory of the access criterion.