# Recommended Best Practices

* **Use Service Control Policies (SCPs):**\
  SCPs let you set permission guardrails for all (or a subset of) accounts in your AWS Organization. For your Savings Pods, set an SCP that explicitly *denies* all actions except those required for cost and usage reporting. This helps enforce “read-only” and blocks creation/modification of workloads or network changes in the pod accounts. [Read more about SCPs](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html).
* **Monitor Pod Activity Regularly:**\
  North.Cloud continuously self-monitors all savings pods for unauthorized actions or unexpected spend spikes. You can review this monitoring data directly in your North.Cloud app for additional transparency and auditing.
* **Review Audit Logs:**\
  Enable CloudTrail or AWS account activity monitoring to view all actions performed within your organization. Regularly review for unexpected changes or access patterns.

Following these practices, along with North's built-in monitoring and least-permissive configuration, maximizes your security and control.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.north.cloud/docs/getting-started/security/recommended-best-practices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.