Records administration is a complex and challenging task for any organization, and that’s without worrying about unauthorized or inappropriate users interfering with records. In fact, users with unnecessary access rights create more than just security and privacy risks, they can complicate or even damage the entire records management process by interfering in the administration of those records
In other words, it’s bad enough when a user can see records even when it’s not necessary to their work, but it’s an outright administrative nightmare if those users have the power to move, change, or even destroy those records.
Enter Records-Based Access Controls (RABC), a concept that refers to establishing clearly defined access rights per record or record type. RABC imposes limits on:
- Who can see what records; and
- What they can do with those records.
What kind of rights are controlled?
The specific kinds of rights that can be controlled depend on the technology used, but in general the most common rights include:
|Access Right||Can the User:||Notes|
|Read||Access and read the record?||Only users who need to see a record to complete their work duties can do so; and those who need to see the record but shouldn’t make changes to it will be able to access without editing privileges.||Write||Update the record?||Some workers may need to be able to edit or otherwise update the records. With “Write” permissions, they can do so|
|Move||Move the record?||One of the greatest dangers of unnecessary access is lost records due to error if inappropriate users move records around. This right ensures only approved users can do so.|
|Assign or Share||Make the record available to other users?||Different records management platforms handle this type of right differently, but it basically ensures that only certain personnel have the power to share records or change record ownership.|
|Delete||Destroy the record?||With this permission set, only authorized users will be able to destroy the record.|
Why use Records-Based Access Controls?
RBAC is a powerful way to protect records against both hackers and insider threats. For example, if a hacker gains control of an employee’s account, but that account doesn’t have access to the organization’s most sensitive records, those records will still be safe from the hacker. They’ll also be safe from prying eyes and potential complications from workers doing things with the records that they shouldn’t, either by accident or intention.
What’s the ROI of RBAC?
A study into “The Economic Impact of Role-Based Access Control” found that an RBAC program can yield significant efficiencies and cost savings: up to $24,000 in labor and $300,000 in employee downtime per year for a hypothetical financial services firm of 10,000 employees. In other words, any records management platform that incorporates some form of RBAC into their records administration system has the power to generate serious instant ROI. Make sure your current solutions – or potential providers being vetted – include RBAC functions.
PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit https://www.penielsolutions.com or email email@example.com.