Access by role and relationship
Permissions are designed around responsibilities and legitimate care context, with regular review in mind.
Security is not a badge added at the end. It is a set of product, technical and operational decisions made throughout delivery.
Permissions are designed around responsibilities and legitimate care context, with regular review in mind.
Fields, retention and exports are mapped to an explicit service need.
Important changes and actions can be traced with context appropriate to the service.
Monitoring, incident routes and ownership are agreed before launch.
| Question | Expected answer |
|---|---|
| Who owns each type of data? | Roles and responsibilities are documented across the service and suppliers. |
| What can each user role see and change? | Access rules are testable and reviewed against real workflow scenarios. |
| How is a security event identified and handled? | Monitoring, severity, contacts and response steps are defined. |
| What happens when a dependency fails? | The user experience, retry behaviour and operational fallback are understood. |
| How is the product safely changed? | Changes pass through review, testing and controlled deployment appropriate to risk. |