Access control & least privilege
Per-team vaults with roles, so each person only reaches the logins their job needs — and you can show it.
Maps to Cyber Essentials user access control and SOC 2 CC6 logical access. The questionnaire line “how do you restrict access to sensitive systems?” is answered by your vault structure.