Hi,
There are few accounts which are used by CCM and changing them might adversely affect different services. Apart from that I don't think there is any policy or best practice to apply passwords. The local technology team or client can always have their own policies. But as aground rule remember the accounts from the following link-
Administrative Accounts and Passwords-
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00803edb07.html
How to Change the DC Directory Password-
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a00800942be.shtml
There are also docs for SQLSVC passwords problems but might be very specific situations.
Let me know if this helps,
rgds,
subhrojyoti