Identity comes first
Before accessing systems or accounts, verify the requester is authorized. This can include ticket history, email confirmation, a callback, or admin verification for sensitive actions.
Explicit consent for remote access
Remote access should never be assumed. The standard is explicit consent recorded in the ticket, with scope: what will be accessed, what will be changed, and when the session ends.
Least privilege and scoped changes
- Request only the access needed to fix the issue.
- Prefer time-bound or role-based credentials where possible.
- Document changes so they can be reversed if needed.
What clients should expect
A structured workflow builds trust and prevents disputes. “What was authorized,” “what was done,” and “what was the outcome” should be clear at every step.