Governance
Tenant-First Model
Section titled “Tenant-First Model”Provisionr’s governance is tenant-first — every decision starts with “which tenant does this belong to?” and flows from there. Each tenant has its own identity boundary, and cross-tenant access is explicitly brokered.
Organization Prefix
Section titled “Organization Prefix”The first octet of every identifier declares the tenant:
prv-... → Provisionr (primary)ocs-... → Our Collaborative Spacepqx-... → Piqued Xpai-... → Piqued AIpsl-... → Piqued Solutionspst-... → Piqued StudiosCross-Tenant Access
Section titled “Cross-Tenant Access”Cross-tenant access is never implicit. It requires:
- An explicit bridge (Infra router) or shared role group.
- Documentation of the business justification.
- Approval from both tenant owners.
- Quarterly review of the cross-tenant grant.
Security Invariants (Non-Negotiables)
Section titled “Security Invariants (Non-Negotiables)”These rules are never waived:
- OUs never grant access. OUs are policy buckets. Access flows only through Role groups.
- Minimum two owners on every group.
- Security label is irreversible. If you need to change it, recreate the group.
- No individuals on drive ACLs (except M365 ROSTER mode).
- Admin roles are time-boxed. No permanent elevated access without quarterly attestation.
- Breakglass requires two-person rule and evidence.
- Mail pipe groups never appear on ACLs.
- People/Identity rosters never grant access.
- Automation accounts never own content.
- STRICT drives: no externals, ever.
Compliance Mapping
Section titled “Compliance Mapping”The nomenclature system supports evidence generation for common compliance frameworks:
| Framework | Relevant Controls | Evidence Source |
|---|---|---|
| SOC 2 | Access control, change management | Role attestations, JML logs, quarterly reviews |
| ISO 27001 | A.9 (Access), A.12 (Operations) | Group audits, OU policy drift, breakglass tests |
| CMMC | AC (Access Control), IA (Identification) | Role membership exports, MFA enforcement, DLP |
| Function | Accountable | Responsible | Consulted | Informed |
|---|---|---|---|---|
| OU Policy | PLT | PLT-WS | SEC | All |
| Group Creation | Group owner | PLT | SEC | Affected teams |
| Role Grants | Role owner | PLT | SEC | Grantee |
| Mail Pipe Config | PLT | PLT-WS | SEC, Function | Users |
| Customer Engagement | Ops | Ops + Eng | PLT, SEC | Sales |
| Tenant Governance | Exec | PLT + SEC | Legal, Fin | All |
Data Governance
Section titled “Data Governance”Classification Levels
Section titled “Classification Levels”| Level | Label | Who Can Access | Examples |
|---|---|---|---|
| Public | Public | Anyone | Marketing assets, OSS |
| Private | Private | Internal (all active) | Internal docs, TEAM drives |
| Confidential | Confidential | Need-to-know | Finance, HR, client TEAM |
| Restricted | Restricted | Named individuals only | STRICT drives, legal holds |
Retention
Section titled “Retention”- Default: 3-7 years depending on content type.
- Legal holds override retention schedules.
- STRICT content: retain per engagement contract + legal requirements.
- Offboarded accounts: retain Vault holds as required.
Review Cadences
Section titled “Review Cadences”| Cadence | What | Who |
|---|---|---|
| Monthly | Admin role attestation, probation promotions | PLT, Role owners |
| Quarterly | Full controls review (see Lifecycle page) | PLT + SEC |
| Annually | Tenant governance review, compliance audit prep | Exec + PLT + SEC + Legal |
Change Control for the Framework
Section titled “Change Control for the Framework”This nomenclature system itself is versioned and governed:
- Versioning: Semantic versioning (e.g.,
v001,v002). - Changes: Proposed via PR. Reviewed by PLT + SEC.
- Deprecation: Old patterns get a 90-day sunset with migration guide.
- Breaking changes: Require Exec + PLT + SEC approval.