Hop And Haul Policies

Appearance

Access Control Matrix

Document ID: PLCY-ACC-001
Effective Date: December 22, 2025
Last Review: December 22, 2025
Owner: Hop And Haul Team

CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This document defines role-based access controls (RBAC) for the Hop And Haul system, ensuring least-privilege access and data visibility aligned with SOC II Security and Confidentiality criteria.

2. Role Definitions

2.1 User Roles

RoleDescriptionAuthentication Method
Operations/SafetyDispatch coordinators, safety managersSSO + MFA
Pickup DriverDriver who accepts transport requestMobile SSO + PIN
Passenger DriverDriver requesting transportMobile SSO + PIN
System AdministratorIT/DevOps technical personnelSSO + MFA + VPN
AuditorInternal/external compliance reviewerSSO + MFA (read-only)

2.2 Service Accounts

AccountPurposeAccess Scope
svc-samsaraTelematics integrationRead: vehicle GPS, routes
svc-payrollPayment reconciliationWrite: credit/debit transactions
svc-hrDriver verificationRead: employment status, CDL
svc-insuranceCoverage verificationRead: endorsement status

3. Data Visibility Matrix

3.1 Operational Data Access

Data CategoryOps/SafetyPickup DriverPassengerAdminAuditor
All ride requestsFullNoneOwn onlyNoneRead-only
Match candidatesFullOffered onlyNoneNoneRead-only
Active ride trackingFullOwn rideOwn rideNoneRead-only
Historical ridesFullOwn historyOwn historyNoneRead-only

3.2 GPS & Location Data

Data CategoryOps/SafetyPickup DriverPassengerAdminAuditor
Real-time GPSFull fleetOwn vehicleNoneNoneNone
Route historyFullOwn routesNoneNoneAggregated
Pickup locationPrecisePrecise (after match)FuzzedNoneAnonymized
Drop-off locationPrecisePreciseDirection onlyNoneAnonymized

3.3 Driver PII

Data CategoryOps/SafetyPickup DriverPassengerAdminAuditor
Full nameYesNoNoNoTokenized
Driver IDYesMatched onlyMatched onlyNoTokenized
Phone numberYesMaskedMaskedNoNo
EmailYesNoNoNoNo
CDL statusYesNoNoNoAggregated
HOS statusYesNoNoNoAggregated

3.4 Rating Data

Data CategoryOps/SafetyPickup DriverPassengerAdminAuditor
Individual ratingsFullOwn ratingsNoneNoneAggregated
Aggregated scoresFullOwn scoreNoneNoneFull
Rating commentsFullNoneNoneNoneSampled

3.5 Financial Data

Data CategoryOps/SafetyPickup DriverPassengerAdminAuditor
Individual transactionsFullOwn creditsOwn debitsNoneFull
Settlement historyFullOwn historyOwn historyNoneFull
Payment disputesFullOwn disputesOwn disputesNoneFull

4. System Access Controls

4.1 Technical Access

System ComponentOps/SafetyDriversAdminAuditor
Production databaseNoneNoneRead (via jump host)None
Application serversNoneNoneFullNone
Log aggregationReadNoneFullRead
Monitoring dashboardsReadNoneFullRead
Configuration managementNoneNoneFullNone

4.2 Administrative Functions

FunctionOps/SafetyDriversAdminAuditor
User provisioningRequestNoneApprove/ExecuteView
Role assignmentRequestNoneExecuteView
Access reviewsParticipateNoneExecuteVerify
Audit log accessOwn actionsOwn actionsFullFull

5. Least Privilege Enforcement

5.1 Principles

  1. Default Deny: No access unless explicitly granted
  2. Need to Know: Access limited to job function requirements
  3. Time-Bounded: Session tokens expire after inactivity
  4. Contextual: Some access requires active ride state

5.2 Contextual Access Rules

ScenarioAccess GrantedAccess Duration
Ride offeredFuzzed pickup locationUntil offer expires/rejected
Ride acceptedPrecise pickup, masked contactUntil drop-off + 15 min
Ride activeReal-time trackingUntil drop-off
Ride completedRating submission24 hours
Post-completionOwn history onlyPer retention schedule

5.3 Access Expiration

Token TypeExpirationRenewal
Session token8 hours or inactivityRe-authentication
Ride tracking tokenDrop-off + 15 minNone (auto-expire)
API service token24 hoursAutomated rotation
Admin access token4 hoursMFA re-verification

6. Access Review Procedures

6.1 Review Schedule

Review TypeFrequencyResponsible Party
User access certificationQuarterlyDepartment managers
Privileged access reviewMonthlySecurity team
Service account reviewQuarterlyIT operations
Role definition reviewAnnuallyCompliance + HR

6.2 Access Revocation Triggers

EventActionTimeline
Employment terminationImmediate revocationSame day
Role changeAccess modificationWithin 24 hours
Security incidentPrecautionary suspensionImmediate
Inactivity (90 days)Account suspensionAutomated

7. Segregation of Duties

7.1 Incompatible Functions

Function AFunction BSeparation Required
Approve ride matchExecute paymentYes
Create user accountAssign admin roleYes
Modify audit logsReview audit logsYes
Configure systemAccess production dataYes

7.2 Compensating Controls

Where full segregation is not possible:

  • Dual approval required
  • Enhanced logging
  • Management review of actions

8. Document Control

VersionDateAuthorChanges
1.0[DATE][NAME]Initial release

CONFIDENTIAL - Internal Use Only - Hop And Haul Policy Documentation

Hop And Haul Team - Do Not Distribute