diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 00000000..7202b37c
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,6 @@
+Part of <!-- 
+  Only for standalone PRs without Jira issue in the PR title: 
+    * Replace this comment with Epic ID to create a new Task in Jira
+    * Replace this comment with Issue ID to create a new Sub-Task in Jira
+    * Ignore or delete this note to create a new Task in Jira without a parent 
+-->
diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml
index 2957669b..b50896eb 100644
--- a/.github/workflows/PullRequestClosed.yml
+++ b/.github/workflows/PullRequestClosed.yml
@@ -8,6 +8,9 @@ jobs:
   PullRequestMerged_job:
     name: Pull Request Merged
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      pull-requests: read
     # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml
index f230b176..27379a8f 100644
--- a/.github/workflows/PullRequestCreated.yml
+++ b/.github/workflows/PullRequestCreated.yml
@@ -8,11 +8,11 @@ jobs:
   PullRequestCreated_job:
     name: Pull Request Created
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     # For external PR, ticket should be created manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
-    permissions:
-      id-token: write
     steps:
       - id: secrets
         uses: SonarSource/vault-action-wrapper@v3
diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml
index f24c0331..c891f3a1 100644
--- a/.github/workflows/RequestReview.yml
+++ b/.github/workflows/RequestReview.yml
@@ -8,11 +8,11 @@ jobs:
   RequestReview_job:
     name: Request review
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
-    permissions:
-      id-token: write
     steps:
       - id: secrets
         uses: SonarSource/vault-action-wrapper@v3
diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml
index 02d639a7..d5f22e62 100644
--- a/.github/workflows/SubmitReview.yml
+++ b/.github/workflows/SubmitReview.yml
@@ -8,6 +8,9 @@ jobs:
   SubmitReview_job:
     name: Submit Review
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      pull-requests: read
     # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository