I know the term is not politically correct, but I'm looking for some insight into how other organizations handle situations where records need to be kept separate from different groups in an organization. I know this happens with broker-dealers a lot and with some law firms. Essentially, what I need are strategies that people have followed to ensure that physical records that exist in an office cannot get into the hands of employees who are obligated not to see or touch those records.
 
Clearly, the starting point is policy backed up by binding employee agreements and action when policy is violated. But if records are in file cabinets or in common storage areas with no physical controls, that is a problem, so I'm looking for some flexible, but secure, means to restrict access on physical records. 
 
We've looked at simple things like keeping people on separate floors / buildings (not always possible -- and not foolproof). Locking cabinets and keycarded file rooms are other ideas (someone will always know where the keys are and people can tailgate into file rooms). RFID is really expensive. Imaging is where we may have to go, coupled with a secure file space.
 
Any other ideas?
 
Patrick Cunningham, CRM
Records Management Strategist
Hewitt Associates

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance