Skip to content

🛂 Access control

Goal

Maintain security and control of internal team tools and to segment access according to role

Process

Note

These apply to the tools we use as a team. These do not describe processes or procedures about customer data.

  • Google Apps (@flexpa.com) is used for identity management - only full time employees may have access
  • When a full-time employee joins, they are granted an @flexpa.com identity that must revoked immediately should employment end for any reason
  • Where available, we make use of SSO capabilities from third party vendors to support using our @flexpa.com logins
  • Where available, we enable and require 2FA to be used
  • Where available, we enable and require password complexity
  • When employment ends, all access must be terminated promptly

Access control requests

During on-boarding and off-boarding a formal access control request must be created on GitHub. This request takes the form of a Github issue on the flexpa/flexpa repository.

The access control request is our log of what access we granted or revoked and when. It is critically important that it is created and processed in a timely manner.

Warning

For off-boarding specific processes and tasks please also review Off-boarding