Provider Registry
Purpose
Group-level source of truth for external providers, service scope, ownership, and access controls.
Registry
| Provider | Domain | Scope Summary | Contract Owner | Technical Owner | Access Pattern | Canonical Doc |
|---|---|---|---|---|---|---|
| IT Anywhere | ICT | Managed IT support, endpoint maintenance | Group ICT | ICT Lead | RBAC + ticket-bound privileged access | docs/provider-governance/it-anywhere.md |
| Iridium | ICT/Connectivity | Connectivity and network support | Group ICT | Network Custodian | Network-segment scoped accounts | docs/provider-governance/iridium.md |
| LabourNet | HR/Compliance | Payroll compliance and labor advisory | Group HR | HR Operations Lead | Need-to-know HR data access | docs/provider-governance/labournet.md |
Mandatory Access Controls
- Least privilege by role and system boundary.
- Named accounts only for privileged actions.
- Access review cadence: quarterly minimum.
- Offboarding SLA: revoke within 24 hours of provider role termination.