Principles

When designing this system we always need to take in account these basic principles:

1. Dual Control, every action has to be controlled by two people.
   1. 1. Four eyes is a variation where every action is seen by two people.
2. Privacy, reduce the private information we keep to the minimal.
3. File a dispute, everything that is too complex for documentation or software should be kicked across to Dispute resolution (Arbitration)

Subsidiary Principles

1. Every support action should be authorised by a token.
2. There is no direct database query access provided to anyone.
3. The Arbitrator has no direct access to the information.
4. The system is not perfect nor complete; undefined or exceptional cases will be handled in an emergency by the sysadms.

Additionally there are other principles we have to consider.