Skip to content

🛂 Access control


Maintain security and control of internal team tools and to segment access according to role



These apply to the tools we use as a team. These do not describe processes or procedures about customer data.

  • Google Apps ( is used for identity management - only full time employees may have access
  • When a full-time employee joins, they are granted an identity that must revoked immediately should employment end for any reason
  • Where available, we make use of SSO capabilities from third party vendors to support using our logins
  • Where available, we enable and require 2FA to be used
  • Where available, we enable and require password complexity
  • When employment ends, all access must be terminated promptly

Access control requests

During on-boarding and off-boarding a formal access control request must be created on GitHub. This request takes the form of a Github issue on the flexpa/flexpa repository.

The access control request is our log of what access we granted or revoked and when. It is critically important that it is created and processed in a timely manner.


For off-boarding specific processes and tasks please also review Off-boarding