How to implement Control of Employee Access to Client Data

Dear all,
Just came across a below given situation.

In my organization we deal with many clients, wherein creating MIS for the clients based on the inputs given by them. All the employees who are involved in creating a MIS have access to all the client information! (the employees are not restricted based on the clients) I’m wondering is this a risk or not. It seems that this is a business requirement; the business cannot allocate each employee for each clients

Please advice
Thanks in advance
Regards,
Deepa

Re: confused - how to implement access control!!!!

deeparam said:

Dear all,
Just came across a below given situation.
In my organization we deal with many clients, wherein creating MIS for
the clients based on the inputs given by them. All the employees who
are involved in creating a MIS have access to all the client
information! (the employees are not restricted based on the clients)
I’m wondering is this a risk or not. It seems that this is a business
requirement; the business cannot allocate each employee for each
clients
Please advice
Thanks in advance
Regards,
Deepa

Click to expand...

In vogue today is a 'single window' system for each client. If every one is entitled to have access to every client then the situation is fraught with cross communications, which could breed confusion.

Umang

Do your employees sign a non disclosure agreement?
Are your employees allowed to bring personal portable media?
Are your employees allowed to transport customer data off site without encryption?
When several employees are working on one project, how do you control change management?
Has your IT department figured out how to restrict access to specific users?
You can restrict access to specific users for specific clients if your organization has different customer projects on different drives or servers.

IF ANY OR ALL NO, YES, BIG RISK.