Tooling Provisioning

Provisioning Model

• Maintain an approved tool catalog and versions.
• Provide role-based access (developer, reviewer, security).
• Enforce SSO and MFA for AI tool access.
• Define data handling policy per tool.

Onboarding Checklist

• Tool access approved
• Data policy acknowledged
• Prompt attribution fields configured in PR template
• Secure defaults enabled in IDE integrations
• Initial training completed

Deprovisioning Requirements

• Remove access within 24 hours of role change/offboarding.
• Revoke API keys and rotate shared tokens.
• Archive audit logs per retention policy.