Skip to content
  • nomenclature
  • projects
  • clients

Customers

Customer engagements follow the Umbrella + Triplet model. Umbrella groups persist for the duration of the customer relationship. Project triplets are created and destroyed per engagement.

Lifecycle

Section titled “Lifecycle”

New Customer

Section titled “New Customer”
  1. Create umbrella groups (prosrv, sales, mktg, cpoc, announce, optionally all, archive).
  2. Provision COLLAB / TEAM / STRICT drives with correct naming, labels, and colors.
  3. Add thin-root files + 00_inbox/ at each drive root.
  4. Optionally grant COLLAB landing Viewer to ...-cpoc.

New Project

Section titled “New Project”
  1. Create triplet (...-{prjslug}-dri, ...-{prjslug}-delivery, ...-{prjslug}-client).
  2. Create NN_{cusslug}_{prjslug}/ folder in each drive.
  3. Apply Limited Access ACLs (groups only; individuals for M365 ROSTER mode).
  4. Seed phase folders + 00_inbox/. Set labels. Update INDEX.md.

Close Project

Section titled “Close Project”
  1. Freeze project folders (read-only).
  2. Remove triplet from ACLs. Grant ...-archive if needed.
  3. For STRICT: verify hashes and custody logs.
  4. Publish archive links under 07_closeout/05_links_to_archives/.
  5. Delete triplet groups.

Retire Customer

Section titled “Retire Customer”
  1. Convert drives to _ARCH_{YYYY} (read-only retention).
  2. Remove externals from ...-cpoc / ...-all. Disable umbrella groups.
  3. Delete umbrellas after retention window.

ACL Rules

Section titled “ACL Rules”
  • Groups-only ACLs everywhere (no individuals except M365 ROSTER mode).
  • Never add ...-announce or ...-all to any ACL.
  • Umbrellas may receive COLLAB landing Viewer for navigation only.
  • Project folders use Limited Access: only manager roles and the project triplet.

STRICT Chain-of-Custody

Section titled “STRICT Chain-of-Custody”

For STRICT drives, every file follows an intake-to-evidence workflow:

  1. Intake: Compute SHA-256 hash. Write sidecar .sha256 file.
  2. Manifest: Append to 10_hashes/manifest_YYYYMMDD.txt.
  3. Log: Append to 11_chain_of_custody/INTAKE_LOG.md (append-only).
  4. Quarantine: Scan. Log result. Verify hash.
  5. Evidence: Move to evidence folder with verified hash.

ROSTER Mode (M365 Customers)

Section titled “ROSTER Mode (M365 Customers)”

M365 externals must be added as individuals (not groups). Treat ...-prj-...-client and ...-cus-...-cpoc as ROSTER sources. A sync bot reconciles individual access weekly.

desired = members(prj-...-client) + members(cus-...-cpoc)
actual  = external users on project folder
drift   = desired - actual (add) + actual - desired (remove)
target  = drift = 0

Patterns & Anti-Patterns

Section titled “Patterns & Anti-Patterns”

Do:

  • Use the three-drive model (COLLAB/TEAM/STRICT)
  • Keep customer slugs short and immutable
  • Use phase-ordered folder structures
  • Hash everything in STRICT

Don’t:

  • Put working content at drive root (use thin root)
  • Grant customer users access to TEAM or STRICT
  • Add umbrella announcement groups to ACLs
  • Change customer slugs after registration