Lake Side Fulfillment
Back to Security Policies

Access Control and Authentication Policy

Ensuring the right individuals access the right data under the right conditions

The Access Control and Authentication Policy is designed to ensure that only the right individuals access the right data under the right conditions. Within our organization, all users—including internal staff, administrators, developers, and support representatives—operate under tightly scoped access permissions based on the principle of least privilege. This principle is embedded into our backend architecture, where every user action is verified and constrained based on their assigned role.

Role-Based Access Control

For instance, project administrators have access only to the user accounts and data under their direct management and cannot view or modify unrelated datasets or customer records. Developers are given access to deploy and maintain the codebase and server infrastructure, but they do not interact with production databases that contain user data.

Server Access Security

All access to the VPS is strictly limited to the core system developer and is conducted through secure shell (SSH) connections using key-pair authentication. No passwords are used for server access, eliminating risks from password reuse or brute force attacks.

Password and Authentication Requirements

For the web dashboard and internal tools, we require strong password configurations with a minimum of 12 characters, a mix of upper- and lowercase letters, numbers, and symbols. Passwords are hashed using secure cryptographic algorithms. In addition, we enforce two-factor authentication on GitHub, our deployment tools, and our internal access panels. Session management is automated to require reauthentication after a defined period of inactivity.

Accountability and Monitoring

To further strengthen accountability, we maintain logs of administrator and support-level actions, including time-stamped activity records. These logs are reviewed periodically. The authentication systems are updated as part of our vulnerability response plan, and any deviation from standard policy results in temporary suspension of user access until corrected. Our organization does not support account sharing, and internal training reinforces the importance of secure credential handling.

For any security concerns or questions about this policy, please contact:

privacy@lakesidefulfillment.com