Engagement Access Isolation Policy¶

Classification: Internal
Document status: Effective
Version: 1.0
Owner: Management / Security Owner
Effective date: 2026-05-13
Review cycle: Annual; interim revision upon material change to prime contractor or customer access models

Purpose¶

This policy defines how Cloudnaut separates access across customers, contracts, and concurrent engagement workstreams.

Scope¶

This policy applies when Cloudnaut maintains more than one commercial relationship with the same end customer, or when Cloudnaut performs work as a subcontractor under a prime contractor-led engagement.

Policy¶

Personnel use only accounts, repositories, credentials, VPN paths, and permissions approved for the specific engagement. Access obtained under a direct Cloudnaut contract with a customer is not used to perform work under a separate prime contractor-led or customer-led engagement unless that access is expressly authorized in writing for the second engagement.

Technical controls¶

Customer and engagement separation uses GitHub organization features and GitLab group, project, and repository boundaries.
Repositories and identities are provisioned per engagement where practicable.
Access grants follow role definition and need-to-know.
Personnel escalate immediately when overlapping or ambiguous access could violate contract or customer separation expectations.

Records¶

Typical evidence includes organization and group membership, repository access lists, customer invitations, access approval tickets, and access revocation at engagement end.