Assessor Resource

BSBRKG604B
Determine security and access rules and procedures

Assessment tool

Version 1.0
Issue Date: March 2024


This unit applies to individuals with understanding and specialist knowledge, with depth in some areas of business or records systems. The application is in relation to individuals with specialist knowledge in business or records systems. These people will generally be senior staff in a specialist recordkeeping environment with responsibility for a team, though they may also be individuals with sole responsibility for recordkeeping systems within larger enterprises.

This unit describes the performance outcomes, skills and knowledge required to determine and establish the rules for access and use of records in an organisation, including classifications and procedures for managing access over time.

No licensing, legislative, regulatory or certification requirements apply to this unit at the time of endorsement.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)

Employability Skills

This unit contains employability skills.




Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The Evidence Guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the following is essential:

documenting usage and conducting a risk analysis of policies and procedures for implementing security and access rules

reporting on a recordkeeping access strategy, classifications and rules

documenting policies and procedures for recordkeeping in an organisation including access permissions, restrictions, and control mechanisms

reporting on success of implementation and amendments made in response to monitoring the implementation of the recordkeeping system

knowledge of organisational policies, strategies and procedures, particularly those relating to sensitive information.

Context of and specific resources for assessment

Assessment must ensure:

access to an actual workplace or simulated environment

access to examples of records, recordkeeping system and policies

access to office equipment and resources.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

assessment of written reports on the risk management plans, plans, strategies and monitoring reports

direct questioning combined with review of portfolios of evidence and third party workplace reports of on-the-job performance by the candidate

observation of presentations of reports on the recordkeeping requirements, strategies, policies and procedures

oral or written questioning to assess knowledge and understanding

review of authenticated documents from the workplace or training environment

review of testimony from team members, colleagues, supervisors or managers.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, for example:

administration units

other knowledge management units.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

Required skills

communication and negotiation skills to explain complex relationships and processes effectively to users and management, and to consult with relevant stakeholders

information management skills to analyse and synthesise documentation, verbally delivered information, and observed behaviours

information management skills to identify recordkeeping specifications to implement access control and records of use

information management skills to use judgement and discretion with sensitive and confidential information

leadership skills to create and implement achievable recordkeeping mechanisms and practices for others to follow

literacy skills to prepare, compile, and write complex documents and reports, and to document complex relationships and processes

problem-solving skills to solve recordkeeping problems

technology skills to use equipment relevant to conducting recordkeeping activities.

Required knowledge

key provisions of relevant legislation from all forms of government, regulations, standards and documentation that may affect aspects of business operations, such as:

AS 5044.1:2002 AGLS Metadata element set

AS 5090:2003 Work process analysis for recordkeeping

AS ISO 15489:2004 Records management

AS ISO 23081.1:2006 Information and documentation - Records management processes - Metadata for records - Principles

AS/NZS 4360:2004 Risk management

Australian Stock Exchange(ASX) Principles of Good Corporate Governance

ethical principles

codes of practice

archives and records legislation

privacy and freedom of information

occupational health and safety (OHS)

general principles and processes of records management and records management systems, such as:

systems of control

records continuum theory

mandate and ownership of business process

organisational business functions, structure and culture

organisational policies, strategies and procedures, particularly those relating to sensitive information

principles and practices of diversity and cross-cultural communication.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Legal and regulatory framework may include:

anti-discrimination legislation

AS 1203:1996 Microfilming of engineering documents

AS 2840:1986 Microfilming newspapers for archival purposes

AS 3674:1989 Storage of microfilm

AS 4003:1996 Permanent paper

AS ISO 15489:2004 Records management

award and enterprise agreements and relevant industrial instruments

codes of practice

corporation law

ethical principles

freedom of information legislation and principles

healthcare

tax, including income tax

industrial relations

OHS

privacy laws

statutory access

superannuation

Organisational documentation and information may include:

guidelines

legislation, regulations, case law and ethical codes of conduct

policies and standards

precedents

recordkeeping requirements

records disposal status and retention periods

records themselves

risk analyses

rules

strategic plans for recordkeeping and for maintaining usability and availability of records over time

Factors impacting on access rights may include:

codes of conduct

common law rights protecting confidentiality

copyright and intellectual property rights

corporation law

freedom of information legislation

government records legislation

power of attorney legislation

privacy protection laws

professional privilege

Reason for access restrictions may include:

age of records

commercial value and intellectual property rights

confidentiality (personal, professional or commercial)

cultural protocols

investigatory and law enforcement requirements

monetary value

physical integrity, state, fragility

political, personal and physical sensitivity

security classifications

Appropriate body may include:

external body designated by legislation governing recordkeeping for the jurisdiction

senior manager responsible for recordkeeping policy for whole organisation

statutory office holder designated by organisation's legislative warrant

Categories of users may include:

groupings according to:

delegated authority

identified categories of external stakeholders

level within organisational hierarchy

location within organisational structure

professional grouping

public access rights

security clearance codes

Users may include:

staff members from:

across the whole organisation or external

internal business area

parties to the business transactions

those requiring the records for use unrelated to the original business recorded

Mechanisms to control user access may include:

electronic keys

external stakeholders

individual permissions

legislative permissions

pass-codes

passwords

redaction

other physical means of restricting access

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation 
Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations 
Review risk analyses and existing access rules for currency, and determine and document any necessary modifications 
Analyse usage patterns of records in light of identified risks and existing access rules 
Determine specific restrictions and other responses to regulatory obligations for records and activities 
Determine responsibility for reviewing access decisions from gathered organisational documentation and information 
Consider factors impacting on access rights in developing an access strategy from gathered information, based on established responsibilities for access to records, and in response to identified difficulties and risks 
Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and patterns of use of records within the jurisdiction 
Compile criteria for applying access classifications to records based on gathered information and performed analyses 
Develop rules for applying classifications 
Circulate access classifications and draft rules to users of the business or records system for comment, identify and analyse exceptions, and modify classifications where appropriate 
Determine compliance regime and jurisdictional access regime 
Seek authorisation from appropriate body for access classifications and procedures 
Determine access permissions and restrictions for records by applying access rules 
Establish and document categories of users using analyses of access rules and records usage 
Document access permissions and restrictions in relation to categories of users 
Establish mechanisms to control user access applying to records and to users 
Develop and document specifications for recording authorised use of records 
Integrate authorised access procedures into business or records system rules and procedures, and document changes 
Develop procedures for reviewing access decisions and for responding to exceptions 
Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime 
Communicate changes to access rules and procedures to all users 

Forms

Assessment Cover Sheet

BSBRKG604B - Determine security and access rules and procedures
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

BSBRKG604B - Determine security and access rules and procedures

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: