Tribe AccredAI
Tribe AccredAICompliance OS
 Back to home
Trust Center

Access Review Policy

Guidance for Organization Admins on reviewing user permissions, role assignments, and external access to protect institutional information on Tribe AccredAI.

Last Updated: May 2026

Purpose & scope

Periodic access reviews reduce the risk of stale permissions, unauthorized access, and over-privileged accounts. This policy describes recommended practices for institutions using Tribe AccredAI and applies to all user types: employees, consultants, reviewers, and executive viewers.

User access verification

  • Confirm each active user still requires access to the organization workspace.
  • Verify that the user's institutional email is current and that the account is associated with the correct person.
  • Disable or remove accounts that no longer correspond to active institutional roles.

Role review

  • Confirm that each user's role (Organization Admin, Program Director, Contributor, Reviewer, Accreditation Expert, Read-Only Executive) matches their current responsibilities.
  • Adjust roles to apply least privilege — grant only the access needed for the user's current work.

Permission updates

  • Update workspace, program, or project-level access when staff transition between teams.
  • Revoke elevated permissions immediately when a project closes or a review cycle ends.

User removal

Remove access promptly in the following situations:

  • Departing employees: disable access on the user's last day and confirm removal during the next review.
  • Role changes: adjust or remove access when an employee moves to a role that no longer requires Tribe AccredAI.
  • Consultant access: end-date external Accreditation Expert access at the conclusion of the engagement.
  • Temporary project access: remove project-scoped permissions once the project, review, or audit is complete.

Recommended cadence

Organizations should review user access at least every six months, or whenever staffing changes occur. Institutions subject to additional accreditation, regulatory, or internal-audit obligations should adopt a cadence that satisfies the stricter of the applicable requirements.

Where to perform reviews in the product

Organization Admins manage user roles and remove access from the in-product Team and Settings areas. The activity log records role changes and removals for audit support.

Questions

Contact security@tribeaccredai.com for help designing an access-review process for your institution.