Access Control Policy (A.5.15)
Document ID: access-control-policy
Version: 1.0
Effective from: 2025-01-01
Owner: Founder / CEO
Review cycle: Quarterly (access review) + Annual (policy review)
Purpose
Define the rules for granting, managing, and revoking access to SigmaShake systems and data.
Access provisioning
- Identity provider — All human access to production systems is authenticated through
sigmashake-sso(self-hosted OIDC/SAML). Direct credential access is prohibited. - MFA required — All accounts with access to production or customer data must have TOTP/WebAuthn MFA enabled. Verified weekly by
sso-mfa-coveragecollector. - Role-based access — Access is scoped by role (admin / staff). No shared accounts.
- Least privilege — API tokens and service accounts are granted the minimum permissions required. Token scopes are audited weekly by
oauth-scopesandcf-members.
Access review
Formal access review is conducted quarterly:
- All GitHub organisation members reviewed against active-employee list
- All Cloudflare account members reviewed
- All Stripe and Resend API keys reviewed
- Results recorded as evidence by
access-reviewcollector
Access revocation
Upon role change or offboarding: all access revoked within 24 hours. Automated detection: github-members and cf-members collectors open a gap if an unknown member appears.
Privileged access
- No persistent privileged sessions. Staff portal sessions expire after 8 hours.
- Break-glass IP allowlist override (
IP_ALLOWLIST_BREAK_GLASS) is logged and triggers a Discord alert.
Remote access
Remote working is the default operating model. See Remote Working Procedure (A.6.7) for device requirements.
Evidence
| Collector | Cadence | Control |
|---|---|---|
sso-mfa-coverage | Daily | A.5.15, A.5.17, A.8.2, A.8.5 |
github-members | Daily | A.5.15, A.5.18, A.6.5 |
cf-members | Daily | A.5.15, A.5.18 |
oauth-scopes | Weekly | A.5.18, A.8.4 |
access-review | Quarterly | A.5.18, A.8.2 |