CASE 01 Junior Developer — SaaS / AWS SOC 2 Org type: SaaS Startup Department: Engineering Systems: AWS S3, GitHub, Jira Role: Junior Developer Compliance: SOC 2 Type II Policy Statement This policy governs access rights granted to Junior Developers within the Engineering department. In alignment with SOC 2 Type II requirements and the principle of least privilege, access is restricted to resources directly required for assigned development tasks. Junior Developers are explicitly prohibited from accessing production environments, customer PII, or performing infrastructure modifications without senior approval. All access is time-bound to active employment status and subject to quarterly recertification by the Engineering Manager and the IAM team. Permissions Matrix Resource Permission Justification AWS S3 — dev-bucket READ/WRITE Dev environment only AWS S3 — prod-bucket DENIED No production access GitHub — dev branches READ/WRITE Feature development GitHub — main/release READ ONLY No direct merge rights Jira — Engineering board READ/WRITE Task tracking Conditions & Restrictions MFA required via Okta TOTP on all systems Access limited to corporate network or approved VPN Working hours restriction: Mon–Fri, 07:00–22:00 local time No access to customer data or PII at any time Recertification Quarterly — Engineering Manager + IAM Team Escalation Path Senior Dev → Engineering Manager → CISO (72h SLA)