Skip to content
  • nomenclature
  • groups
  • teams

Teams

Teams are the day-to-day collaboration units at Provisionr. Individuals join Teams (not Departments). Each Team nests into exactly one Department and is used for working access to shared drives, chat spaces, and routine collaboration.

Privileges do not live in Teams — use Role groups for permissions.

Pattern

Section titled “Pattern”
prv-{dept}-team@{domain}              # top-level (one team per department)
prv-{dept}-team-{teamslug}@{domain}   # sub-team (when you split)

Display name: PRV – Team – {Department Title}[ – {Team Title}]

Hard Rules

Section titled “Hard Rules”
  1. A Team must have one Department parent (prv-{dept}-dept).
  2. Teams contain users only — no Role or Department groups nested inside.
  3. Do not add Teams to admin Role groups (Segregation of Duties).
  4. External members are rare — prefer Client/Project groups for cross-company work.

Day-1 Starter Teams

Section titled “Day-1 Starter Teams”

Start with one Team per function. Split later when workload demands it.

TeamDisplay NameScope
prv-plt-teamPlatform EngineeringIdentity, workspace, infra, automation
prv-it-teamITEndpoints, helpdesk, networks
prv-sec-teamSecuritySecOps, GRC, detections/IR
prv-ops-teamOperationsDelivery, staffing, QA
prv-eng-teamEngineeringBuild/ship products and solutions
prv-hr-teamHRPeople policies, recruiting
prv-legal-teamLegalContracts, IP, privacy
prv-fin-teamFinanceFP&A, AR/AP, billing
prv-mktg-teamMarketingBrand, content, demand gen
prv-sal-teamSalesPipeline, accounts, CRM
prv-exec-teamExecutiveStrategy, OKR approval, board prep
prv-archive-teamArchive & RecordsRetention, discovery, closeout

When to Split

Section titled “When to Split”

Split a Team into sub-teams only when clear criteria are met. Otherwise keep the single Team.

Platform Engineering

Section titled “Platform Engineering”

Split prv-plt-team into prv-plt-team-ws and prv-plt-team-platform when:

  • 2+ FTE dedicated to Platform, and
  • Automation backlog > 20% of capacity for 2+ sprints

IT

Section titled “IT”

Split prv-it-team into prv-it-team-helpdesk and prv-it-team-endpoints when:

  • Managed devices > 60, or
  • Median ticket age > 3 business days for a month

Security

Section titled “Security”

Split prv-sec-team into prv-sec-team-ops and prv-sec-team-grc when:

  • Ongoing compliance cycles (SOC2/ISO) and dedicated on-call for detections/IR

Engineering

Section titled “Engineering”

Add sub-teams (e.g., prv-eng-team-apps, prv-eng-team-data) when:

  • Distinct codebases with separate release cadences and differing on-call/skills

Operations

Section titled “Operations”

Split into prv-ops-team-pmo, prv-ops-team-resourcing, prv-ops-team-qa when:

  • Active billable projects > 8 or headcount > 25

Marketing

Section titled “Marketing”

Split when 3+ concurrent campaigns for 2+ months or 1+ webinar/month with distinct content pipeline:

  • prv-mktg-team-content — copy/design, editorial calendar
  • prv-mktg-team-demandgen — paid, email, SEO, funnel ops
  • prv-mktg-team-events — webinars, conferences, logistics

Sales

Section titled “Sales”

Split when AEs >= 4 or AM book > 20 accounts:

  • prv-sal-team-ae — net new business
  • prv-sal-team-am — account management / expansions
  • prv-sal-team-ops — CRM hygiene, reporting, pricing

Finance

Section titled “Finance”

Split when monthly txn volume > 300, multi-entity consolidation, or audit/close overlap:

  • prv-fin-team-accounting — GL/close
  • prv-fin-team-fpa — budgeting/forecasting
  • prv-fin-team-ap / prv-fin-team-ar — payables / receivables
Section titled “Legal”

Split when contract throughput > ~25/month or parallel privacy/regulatory workstreams:

  • prv-legal-team-commercial — MSAs/SOWs/vendor terms
  • prv-legal-team-privacy — DPAs, DPIAs, policy updates

HR

Section titled “HR”

Split when headcount > 25 or 6+ concurrent open reqs:

  • prv-hr-team-talent — recruiting, employer brand
  • prv-hr-team-peopleops — onboarding/JML, policies, HRIS

Description Format

Section titled “Description Format”
PRV – Team – {Dept Title}[ – {Team Title}]: {purpose} | {participants}
  | {typical work/notes} | Security group (internal team coordination)

Example:

PRV – Team – Engineering – Apps: Application delivery & features | App engineers
  | Repos, pipelines, code quality | Security group (internal team coordination)

Group Settings

Section titled “Group Settings”
  • Security label: ON
  • Membership: Only invited (or “Anyone can ask” for some internal teams)
  • External members: OFF (rare exceptions documented)
  • Locked: OFF (unless SCIM-managed)

Lifecycle

Section titled “Lifecycle”

Create

Section titled “Create”
  1. Pick {dept} and optional {teamslug}.
  2. Create group with canonical email/name/description.
  3. Label as Security group.
  4. Nest into the parent Department group.
  5. Add initial members.
  6. Wire to shared drives (typically as Editor on TEAM drives).

Operate

Section titled “Operate”
  • Quarterly: owners confirm membership is current.
  • Movers: update team membership within 1 business day via JML automation.

Retire

Section titled “Retire”
  • Remove from Department. Lock group. Keep 1 year for audit. Delete.

Patterns & Anti-Patterns

Section titled “Patterns & Anti-Patterns”

Do:

  • Keep Team names short and descriptive
  • Start with one Team per Department
  • Nest every Team into exactly one Department

Don’t:

  • Add individuals to Departments instead of Teams
  • Nest a Team into multiple Departments
  • Use Teams for system permissions (use Roles)
  • Create a sub-team for fewer than 2 people