Template

Access Reference Register

The Access Reference Register is a template for documenting where important access is managed without recording secret values.

It is designed to help small organizations understand which accounts, services, tools, and systems exist, who owns them, where credentials are securely managed, and how access should be reviewed.

The template should not be used as a password list.

Purpose

The purpose of this template is to help an organization keep a safe, practical record of access-related information.

It helps answer questions such as:

The template is meant to point people toward the approved secure system. It should not contain the credential value itself.

Important safety notice

Do not record passwords, API keys, MFA recovery codes, private keys, seed phrases, payment card data, or other sensitive credential values in this template.

Credential values should remain in the approved systems your organization uses to protect them.

Use references such as:

The template is for access references, not secret storage.

Who this template is for

This template is designed for:

Larger organizations may adapt it, but they may need more formal identity, access, security, compliance, and review processes.

Use this template to create a register of important accounts and services.

Start with the most important accounts first, such as:

Do not try to document every minor account on the first pass. Begin with the accounts that would create confusion if no one knew where access was managed.

Template fields

The Access Reference Register may include the following fields.

Service or account name

Record the name of the account, service, vendor, tool, or system.

Examples:

Purpose

Describe why the account exists.

Examples:

The purpose should be clear enough for someone unfamiliar with the account to understand why it matters.

Responsible owner

Record the person, role, team, or provider responsible for the account.

Examples:

Where possible, use both a role and current person.

Credential storage reference

Record where credentials are securely stored.

Examples:

Do not record the credential value.

MFA status

Record whether multi-factor authentication is enabled, if known.

Examples:

MFA method note

Record a general note about the MFA method.

Examples:

Do not record recovery codes.

Recovery owner

Record who owns access recovery or escalation.

Examples:

Record the related vendor or service, if applicable.

Examples:

This helps connect the access reference to the vendor inventory.

Record related internal documentation.

Examples:

Use safe references only.

Last reviewed

Record the date the access reference was last checked.

Review frequency

Record how often the reference should be reviewed.

Examples:

Status

Record the current status of the access reference.

Examples:

Notes

Use notes for neutral, non-sensitive context.

Examples:

Do not use notes for secrets or sensitive evidence.

Minimum version

A very small organization can begin with only these fields:

Field Purpose
Service/account What the access reference applies to
Owner Who is responsible
Credential storage reference Where credentials are securely stored
MFA note General MFA status or method
Recovery owner Who handles recovery or escalation
Last reviewed Date last checked
Status Active, needs review, unknown, or archived

This minimum version is enough to reduce confusion while avoiding unsafe credential storage.

Example entry

Field Example
Service/account Primary domain registrar
Purpose Manages the organization’s main domain name
Owner Website maintainer
Credential storage reference Password manager item: “Primary Domain Registrar”
MFA status Enabled
MFA method note Authenticator app
Recovery owner Founder
Related vendor Domain registrar
Related records Vendor inventory, continuity notes
Last reviewed 2026-07-08
Review frequency Quarterly
Status Active

When to update this template

Update the Access Reference Register when:

What not to include

Do not include:

If sensitive information must be preserved, store it in an approved secure location and reference it safely.

This template supports the Access References standard.

It also connects to:

License

This template is intended to be provided as a free public resource.

Unless otherwise stated on the project license page, the standards and templates are made available for use, adaptation, and sharing under the project’s open content license.

The project name, logo, and official identity are not included in the template license.

Download template

This template is provided as a free public resource. Review the guidance on this page before using it, especially the notes about sensitive information.

Download Access Reference Register

Status: Draft · Version: 0.1 · Last updated: 7/8/2026

Do not record passwords, API keys, MFA recovery codes, private keys, seed phrases, payment card data, confidential customer records, or other sensitive values in general templates.