LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Question-Iron Mountain users
From:	Hugh Smith <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 3 May 2011 11:08:07 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (39 lines)

Snip from: Josee Dallaire <[log in to unmask]>
Sent: Monday, May 02, 2011 3:39 PM

On May 3, 2011, at 12:00 AM, RECMGMT-L automatic digest system wrote:

> Subject: Question-Iron Mountain users
>
> Hello, we use Iron Mountain as one of our offsite storage company to store our hard copy records. Each business area within the company has more than one person that has access to sending boxes while using the software ReQuest. One of the issues that we have come across lately is that when one of the employee requests a box that they do not have access to, the system responds with the message "no record found" instead of advising the employee that they do not have access.

In a way, I think this is a useful warning system for your company. If an employee requests a box they do not have security access to, it states "no record found" and they must come to you. If someone keeps trying to access records they should not have access to, they must come to you and you can evaluate "Why are they attempting to access records you clearly did not want them to have access to. Otherwise you would give everybody access to everything.

With all the articles about improper access, it seems this works to your advantage. Although it requires you do do more oversight.

I recently accompanied a large company on a tour of a potential offsite storage company and they specifically demanded that:
1) If an employee shows up for an emergency pick-up he be denied access and reported back to the client. (We know why. Can you say "Disgruntled"?)
2) If someone calls and asks if MegaGiant is a client they are not allowed to disclose any clients or use the client in question as a reference.
3) Everybody in sight has to sign "Non-Disclosure forms" and I typically have to sign these forms every time I visit and offsite storage company.
4) If an employee requests boxes or media for which they are not given authority to access, they are not even to acknowledge the record exists.

Mark Graves gave a great example too! Or KFC secret herbs and spices.......

If you have an employee in one department who then moves to a new department, who would have the responsibility to change the access levels?

If a saboteur attempts to have staff pull certain records not under their purview, the alarm going off would be a worthwhile event. I would talk to Legal and your Auditor before you make changes. Some company with higher security procedures than your company may have demanded that Iron Mountain deliberately make this security change.

Or if your company does not care, then give everyone access to anything they wish to look at. But I think more control is always better and makes everyone in the organization aware that records management alone controls the access to the records. Then you can determine case by case "Why is this person trying to review a record series they are not entitled to??

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US