I think I need to be able to change the password immediately, without consultation, should the need arise.
Only Myself and the Head [by means of access to the safe where I keep it] can know the password. Then the ICT Co-ordinator and the Head of IT, in that order, have access in an emergency in my absence, and then only after consulting the Head before any action takes place, that action having to be documented.
Only I should actually use the password without prior permission from the Head.
If the password needed changing - this has to be AFTER consultation with the Head. I would then change it, and update the safe record.