Controls
- 2FA required
- Session timeout
- IP allowlist for admins
- Audit log reviews
Quarterly review
Run a quarterly access review. Confirm role assignments still reflect current job functions and remove stale privileged access.
Security baseline
Enable 2FA before onboarding your full team. It is the highest-impact control with the lowest rollout friction.