Security / SEC-004
Security Standard

SEC-004 — Credential Backup & Recovery

Defines protected primary and offline recovery copies, annual testing, and the emergency account-recovery sequence.

Document: SEC-004Type: StandardStatus: ApprovedOwner: Cloudberrie LeadershipVersion: 4.2.0Updated: 2026-07-17

Recovery Objective

Cloudberrie must be able to recover access to critical infrastructure if the primary Mac, browser session, authenticator, or administrator is unavailable.

Required Copies

CopyLocationContents
PrimaryApple PasswordsCredential, account identity, recovery codes and notes
SecondaryEncrypted offline storage in a physically secure locationTier 1 recovery codes and emergency ownership references
Not permittedEmail, unencrypted cloud drive, screenshots or chatAny usable secret

Recovery Test

At least annually, and after major account changes, verify:

Emergency Sequence

  1. Use the official platform recovery process.
  2. Verify the legal and operational owner before changing access.
  3. Reset the password and MFA factors.
  4. Revoke unknown sessions and tokens.
  5. Document the event without recording secrets in the manual.
  6. Replace stored recovery codes after use.