35 Witnessed ceremonies + tamper-evident custody
Recovery credentials — break-glass backup codes, hardware keys, key material — are stored in tamper-evident packaging and handled only in witnessed ceremonies that are logged: which seal serial, opened by whom, before which witnesses, on what date. The safe-and-seal inventory is the auditable record, and it is the evidence layer that every offline-custody control in this catalog leans on.
Documentation: Security best practices for administrator accounts ↗ · Recover an account protected by 2-Step Verification ↗
Caveats
This is a process control — it is carried out offline, so there is no Admin Console walkthrough to show.
Ongoing maintenance
- requires a human Per schedule: run the witnessed ceremony and update the custody register.
How to verify
Inspect the most recent ceremony record: witnesses signed, tamper-evident bag serials match the register, and the record is within its scheduled interval.
v0.0.2Assure policy #16 · #13 ↗