← All controls

35 Witnessed ceremonies + tamper-evident custody

Recovery credentials — break-glass backup codes, hardware keys, key material — are stored in tamper-evident packaging and handled only in witnessed ceremonies that are logged: which seal serial, opened by whom, before which witnesses, on what date. The safe-and-seal inventory is the auditable record, and it is the evidence layer that every offline-custody control in this catalog leans on.

Caveats

This is a process control — it is carried out offline, so there is no Admin Console walkthrough to show.

Ongoing maintenance

How to verify

  1. Inspect the most recent ceremony record: witnesses signed, tamper-evident bag serials match the register, and the record is within its scheduled interval.

v0.0.2Assure policy #16 · #13 ↗