Owner: CISO
Effective Date: May 8, 2026
Reviewed: Annually
Frameworks: Implements the Access Control Policy; SOC 2 CC6.1–CC6.3 (logical access provisioning, modification, removal); ISO/IEC 27001 A.5.15–A.5.18.
Effective Date: May 8, 2026
Reviewed: Annually
Frameworks: Implements the Access Control Policy; SOC 2 CC6.1–CC6.3 (logical access provisioning, modification, removal); ISO/IEC 27001 A.5.15–A.5.18.
Provisioning
At completion of HR onboarding, CHRO triggers a series of access tickets in Linear (the “Access” team queue). IT provisions access for company-wide systems (Rippling for IdP/SSO, MDM, EDR, and HRIS; Microsoft 365 for Outlook and SharePoint; Slack, Linear, GitHub, Dashlane) and the standard access bundle for the new hire’s role. Engineering hires receive the additional engineering access bundle — production read access via SSO, repository access, deploy permissions per role. Additional access beyond the standard pre-approved bundle requires a request approved by the system owner or the new hire’s manager.Change requests
When a user changes role, their manager submits an access-change request via the Access Change intake form, which files into the Access project in Linear. The system owner approves; IT executes. Privileged-access elevation requires explicit approval from the CISO or the system owner.Deprovisioning
At termination, access is revoked on the tiered SLA in the Offboarding Procedure (within 1 hour for involuntary / for-cause separations; by end of the last business day for voluntary separations), which controls where the two documents differ. CHRO triggers offboarding which:- Disables the user in the IdP.
- Revokes session tokens across SaaS apps.
- Removes from group membership.
- Returns or wipes company devices.
Standard access bundles
The current standard-access matrix lives at the Standard Access Matrix. Roles include:- Employee (baseline)
- Engineering (read/write)
- Engineering (production)
- Sales / GTM
- Customer support
- Finance / People
Version history
| Version | Date | Description | Author | Approved by |
|---|---|---|---|---|
| 1.0 | May 8, 2026 | Initial version | Cameron Wolfe | Ishan Jadhwani |