This article aims to describe guidelines for the creation of service accounts that should be correctly configured to allow a SharePoint 2013 Farm to run using least-privilege administration.
The goal is to provide a per-Farm set of credentials, this approach will offer a good security isolation level. In most cases a service account failure will not make the complete Farm to go down but should make a single service to be unavailable. The worse a unique Farm can go down but certainly not other ones.
A suggestion is also to create Farms depending on their SLA level, indeed maintenance windows, support action or release management might need to be managed differently based on their criticality.
Click on following link to have a per-service account description of minimum required security.