🛡️ Privileged Access Policy

1. Purpose

This document describes how Nemu Inc. manages privileged accounts with elevated access to systems, infrastructure, or sensitive data.

2. Scope

Applies to:

• Administrators of Supabase, Render, Google Workspace, and other CSPs.
• Users with elevated permissions in production systems.

3. Privileged Account Management

• Privileged access is granted only to personnel who require it for their job.
• Separate accounts for administrative tasks are used where supported.
• MFA is mandatory for privileged accounts.
• Privileged actions are logged via CSP auditing features whenever possible.

4. Approval and Review

• Creation or elevation of privileged accounts requires explicit approval from the Security Lead or system owner.
• Privileged access is reviewed more frequently than standard user access.
• Privileged access is revoked immediately upon role change or separation.

5. Audit Evidence

• List of privileged roles and users in CSP consoles.
• Access review documentation for admin accounts.
• Logs of privileged activity where available.

6. Compliance Mapping

• SOC 2: CC6.2, CC6.3
• ISO 27001:2013: A.9.2.3, A.9.4.1

Contact: support@mynemu.com
© 2025 Nemu Inc.. All rights reserved.