Elements and Performance Criteria
- Analyse access risks, rules and responsibilities
- Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation
- Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations
- Review risk analyses and existing access rules for currency, and determine and document any necessary modifications
- Analyse usage patterns of records in light of identified risks and existing access rules
- Determine specific restrictions and other responses to regulatory obligations for records and activities
- Determine responsibility for reviewing access decisions from gathered organisational documentation and information
- Develop access strategy, classifications and rules
- Consider factors impacting on access rights in developing an access strategy from gathered information, based on established responsibilities for access to records, and in response to identified difficulties and risks
- Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and patterns of use of records within the jurisdiction
- Compile criteria for applying access classifications to records based on gathered information and performed analyses
- Develop rules for applying classifications
- Circulate access classifications and draft rules to users of the business or records system for comment, identify and analyse exceptions, and modify classifications where appropriate
- Determine compliance regime and jurisdictional access regime
- Seek authorisation from appropriate body for access classifications and procedures
- Develop procedures to integrate into business or records system
- Determine access permissions and restrictions for records by applying access rules
- Establish and document categories of users using analyses of access rules and records usage
- Document access permissions and restrictions in relation to categories of users
- Establish mechanisms to control user access applying to records and to users
- Develop and document specifications for recording authorised use of records
- Integrate authorised access procedures into business or records system rules and procedures, and document changes
- Review and amend access classifications and rules