In accordance with the Risk Assessments undertaken by Sage Bionetworks and external auditors of Bridge, the team will take the following steps to control administrative access to the production instance of Bridge Server.
- Only individuals who directly report to the Director of Technology Services (Michael Kellen) may be granted administrative access to Bridge Server, or any of the technology services it depends on (AWS, Stormpath, Heroku). Currently, this group includes
- Alx Dark (Bridge Server Engineer)
- Dwayne Jeng (Bridge Server Engineer)
- Xavier Schildwachter (Sage Principle System Administrator)
- Shannon Young (Bridge Server Engineer)
- All engineers with IAM access to the Bridge AWS account will enable 2 factor authentication on their accounts.
- Only the Director of Technology Services and Principle System Administrator will have the ability to create IAM accounts for the engineering team.