>> how others are protecting PII, OUO, and other sensitive records (excluding classified records) in electronic records systems.  <<

If you have a small organization, AD controlled, role based security may be sufficient.  However, if at all possible, I would highly recommend use of proxy access in conjunction with a workflow system.  

RAIN has entries on a regular basis of individuals who have role based permissions abusing their access privileges.  Examples include tax department staff looking at the tax returns of politicians, medical staff reviewing the medical records of celebrities or law enforcement personnel accessing driver records.  In virtually every case, the user was part of an AD group that had security authorization to review the records.  However, the authorization was only to used when there was a "need to know." 

Implementing proxy access in conjunction with a workflow application virtually eliminates this type of unauthorized access.  In this instance, the user has no permissions to access the secured information, only access to the specific workflow steps that they are responsible for completing.  The specific work step has proxy permissions to access the content necessary to complete the required work.  The user can see that content and no more.

The proxy access permissions model provides stronger security and is much easier to implement, especially if the proxy access management is done using AD or other LDAP solution.

Bill Roach, CRM

Opinions are my own and not those of my employer or any other individual or entity.

This message may contain confidential information. If you are not the intended recipient, please notify the sender immediately and delete this email from your system.

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]