This Standard Operating Procedure (SOP) outlines our comprehensive approach to managing client login credentials in a secure, consistent, and accessible manner. This protocol ensures we maintain proper access control while efficiently performing client tasks across multiple platforms.
Following these guidelines will help us maintain security standards, improve team coordination, and reduce the risk of unauthorized access to sensitive information.
DC
by Dexter Crawford
Purpose & Objectives
Our primary goal is to securely manage access to client platforms by creating and storing account logins in a consistent, protected manner. This protocol enables both solo and team-based execution of tasks without exposing sensitive client information.
By implementing standardized credential handling practices, we enhance security while maintaining efficient workflows. This approach also creates scalability as our team grows and supports more clients across various platforms.
Security
Protect sensitive client login information through standardized storage and access protocols.
Consistency
Maintain uniform approaches to credential creation and management across all client accounts.
Accessibility
Ensure authorized team members can access necessary platforms while maintaining security controls.
Scope of Protocol
This protocol covers the complete lifecycle of credential management from initial creation when a client agreement is finalized through secure storage and ongoing usage. It provides clear guidelines for standardizing our approach across all client accounts.
By clearly defining what falls within this protocol, we ensure comprehensive coverage of credential management while avoiding overlap with other SOPs like document storage processes.
Included
Email and phone setup for platform creation
Password standardization approaches
Google Sheet-based login vault management
Rules for sharing vs retaining access
Excluded
Document storage (covered in document folder SOP)
Client-facing dashboard or app access (future addition)
Target Audience
CFO (Dexter Crawford)
Admin/Assistant roles (future hires)
Roles & Responsibilities
Clear delineation of responsibilities ensures accountability and consistency in our credential management process. The CFO currently handles most aspects, with future administrative staff taking on maintenance duties as the team expands.
This division of responsibilities creates a scalable system that maintains security while distributing workload effectively as our organization grows.
Tools & Resources
Our credential management system relies on several key digital tools that enable secure account creation, verification, and storage. These resources form the foundation of our approach to maintaining client platform access.
While we currently utilize Google's ecosystem for most functionality, we plan to incorporate dedicated password management solutions in the future as budget permits.
Generic Gmail
Create clientname.mmm@gmail.com accounts for each client to maintain separation and traceability.
Google Voice
Dedicated phone numbers linked to Gmail accounts for verification and account recovery.
Google Sheets
Primary storage location for the Login Vault with tabs organized by client.
Password Manager
Future implementation of LastPass or Bitwarden when budget permits.
Credential Handling Policy
Our policy establishes clear guidelines for creating, storing, and managing client credentials. Whenever possible, our organization creates and controls all login information using dedicated email addresses and phone numbers.
This approach gives us maximum control over account access while maintaining security. A standardized password format simplifies management while maintaining adequate security for most platforms.
Preferred Method
MMM creates logins using generic email + voice number it controls, ensuring complete management of credentials.
Secondary Method
Client creates account using provided instructions and standardized password: Funding4me$
Vault Location
Master Google Sheet with dedicated tab for each client, structured with consistent column format.
Security Measures
Sheet viewable/editable only by core team; backup optional in secure Google Drive folder.
Procedure Steps
The credential management process follows a structured sequence that ensures consistency and security. The CFO currently handles most steps, with administrative support taking over recording duties as the team expands.
This process must be followed for each new client platform to maintain our security standards and ensure all team members can access necessary systems when required.
Create Gmail Account
Set up clientname.mmm@gmail.com for client system access (CFO, 10 mins)
Set Up Google Voice
Configure phone number to enable text verification (CFO, 10 mins)
Create Platform Logins
Use email + phone for NAV, FairFigure, DnB, Experian, IRS, etc. (CFO, varies)
Apply Password Standard
Use Funding4me$ unless otherwise directed (CFO, ongoing)
Record in Vault
Document all details in Google Sheet (Admin, ongoing)
Grant Team Access
Share via password manager when available (Admin, future)
Version Control
Tracking changes to this protocol ensures we maintain an accurate record of policy evolution. The current version represents our initial implementation of the credential handling system, with future updates expected as our tools and team expand.
All revisions should be documented with clear notes explaining the changes made and their rationale. This documentation helps maintain consistency across team members and provides context for policy decisions.
Version 1.0
Initial login SOP implementation
Release Date
May 11, 2025
Author
Dexter Crawford, CFO
Review & Updates
Regular reviews ensure this protocol remains current and effective. We maintain a six-month review cycle to assess security practices and incorporate new tools or processes as they become available.
Updates should be triggered by significant changes in our operational approach, adoption of new security tools, or identification of potential vulnerabilities in our current processes.
Initial Review
May 11, 2025
Next Review
November 11, 2025
Update Triggers
Password manager adoption
Policy Changes
Password standard updates
Best Practices & Tips
Following these additional guidelines will enhance our credential management system and maintain security as our team expands. These practices reflect industry standards for protecting sensitive account information.
As we bring on new team members, education about these security practices becomes increasingly important. All staff should understand both the technical and behavioral aspects of credential security.
Avoid Personal Information
Never use personal emails or phone numbers
Maintain Separation
Use separate Gmail/Voice per client when possible
Track Status
Include login status in sheet (Active/Disabled/Pending)
Team Education
Train on security etiquette (no forwarding credentials)