Security Policy v2.1 1. All access is logged 2. Sessions expire after 30 minutes 3. Two-factor authentication required for admin