Organization: Control Alt Growth
System: File Logic
Effective: December 2025
Access Principles
- Least privilege
- Need-to-know
- Role-based access control (RBAC)
Roles
- CAG Admin: Limited PHI access for support
- Org Admin: Manages users within their organization
- Org Member: Access to documents in their org only
- Engineers: No PHI access unless explicitly granted
Access Review Schedule
Quarterly review by the Security Officer.
Authentication Requirements
- Google/MFA for admins
- Unique Firebase Auth ID for all users
Termination Controls
- Same-day access removal
- Token invalidation
- Key rotation if needed