The Elsmar Cove Wiki More Free Files The Elsmar Cove Forums Discussion Thread Index Post Attachments Listing Failure Modes Services and Solutions to Problems Elsmar cove Forums Main Page Elsmar Cove Home Page
Go Back   The Elsmar Cove Forum > ISO (International Organization for Standardization) Standards > ISO/IEC 27000 Series - Information Security Management Systems (ISMS)
Forum Username

Elsmar Cove Forum Visitor Notice(s)


Search the Elsmar Cove
Custom Search
Monitor the Elsmar Forum
Follow Marc & Elsmar
Elsmar Cove Forum RSS Feed  Marc Smith's Google+ Page  Marc Smith's Linked In Page   Marc Smith's Elsmar Cove YouTube Page  Marc Smith's Facebook Page  Elsmar Cove Twitter Feed
Elsmar Cove Groups
Elsmar Cove Google+ Group  Elsmar Cove LinkedIn Group  Elsmar Cove Facebook Group
Sponsor Links





Donate and $ Contributor Forum Access
Courtesy Quick Links

Links that Elsmar Cove visitors will find useful in your quest for knowledge:

Howard's
International Quality Services
Marcelo Antunes'
SQR Consulting
Bob Doering's
Correct SPC - Precision Machining

NIST's Engineering Statistics Handbook
IRCA - International Register of Certified Auditors
SAE - Society of Automotive Engineers
Quality Digest Portal
IEST - Institute of Environmental Sciences and Technology
ASQ - American Society for Quality

Related Topic Tags
data control
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  #1  
Old 24th August 2010, 12:19 PM
deeparam deeparam is offline
Shy Poster (1 to 5 Posts)

 
Registration Date: Jun 2010
 
Posts: 3
Thanks Given to Others: 1
Thanked 0 Times in 0 Posts
Karma Power: 16
Karma: 10
deeparam has less than 100 Karma points so far.
Please Help! How to implement Control of Employee Access to Client Data

Dear all,
Just came across a below given situation.

In my organization we deal with many clients, wherein creating MIS for the clients based on the inputs given by them. All the employees who are involved in creating a MIS have access to all the client information! (the employees are not restricted based on the clients) I’m wondering is this a risk or not. It seems that this is a business requirement; the business cannot allocate each employee for each clients

Please advice
Thanks in advance
Regards,
Deepa

Sponsored Links
  #2  
Old 24th August 2010, 01:10 PM
Umang Vidyarthi Umang Vidyarthi is offline
Inactive Registered Visitor

 
Registration Date: Mar 2007
Location: Gurgaon / India
 
Posts: 875
Thanks Given to Others: 374
Thanked 448 Times in 249 Posts
Karma Power: 124
Karma: 4371
Umang Vidyarthi is appreciated, and has over 1700 Karma points.
Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.Umang Vidyarthi is appreciated, and has over 1700 Karma points.
Let Me Help You Re: confused - how to implement access control!!!!

Quote:
In Reply to Parent Post by deeparam View Post

Dear all,
Just came across a below given situation.
In my organization we deal with many clients, wherein creating MIS for
the clients based on the inputs given by them. All the employees who
are involved in creating a MIS have access to all the client
information! (the employees are not restricted based on the clients)
Iím wondering is this a risk or not. It seems that this is a business
requirement; the business cannot allocate each employee for each
clients
Please advice
Thanks in advance
Regards,
Deepa
In vogue today is a 'single window' system for each client. If every one is entitled to have access to every client then the situation is fraught with cross communications, which could breed confusion.

Umang

__________________

Quality has to be caused, not controlled.-Philip Crosby
Success comes in cans, failure in can'ts
Sponsored Links

  #3  
Old 8th September 2010, 10:42 PM
John Martinez's Avatar
John Martinez John Martinez is offline
Involved in Discussions

 
Registration Date: Oct 2009
Location: Atlanta, GA
 
Posts: 302
Thanks Given to Others: 120
Thanked 83 Times in 64 Posts
Karma Power: 49
Karma: 425
John Martinez is appreciated, and has over 400 Karma points.John Martinez is appreciated, and has over 400 Karma points.John Martinez is appreciated, and has over 400 Karma points.John Martinez is appreciated, and has over 400 Karma points.John Martinez is appreciated, and has over 400 Karma points.
Re: How to implement Control of Employee Access to Client Data

Do your employees sign a non disclosure agreement?
Are your employees allowed to bring personal portable media?
Are your employees allowed to transport customer data off site without encryption?
When several employees are working on one project, how do you control change management?
Has your IT department figured out how to restrict access to specific users?
You can restrict access to specific users for specific clients if your organization has different customer projects on different drives or servers.

IF ANY OR ALL NO, YES, BIG RISK.
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Forum > ISO (International Organization for Standardization) Standards > ISO/IEC 27000 Series - Information Security Management Systems (ISMS)

Do you find this discussion thread helpful and informational?


Bookmarks


Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
I.T. Management in Clause 4.2.3? Control of Computer Data Backup and Access Security Kirin ISO 9000, ISO 9001, and ISO 9004 - Questions and Discussions 4 2nd December 2011 12:49 PM
Employee Access to various Documents of our QMS System TJC1015 ISO 9000, ISO 9001, and ISO 9004 - Questions and Discussions 12 4th November 2011 03:11 PM
Client Order Data Error Tracking cc4583 ISO 9000, ISO 9001, and ISO 9004 - Questions and Discussions 7 4th August 2011 01:09 PM
Document Control of client-specific instructions fheatherly ISO 9000, ISO 9001, and ISO 9004 - Questions and Discussions 6 17th December 2008 03:47 AM
An old client has come back looking to implement AS9000 barb butrym Various Other Specifications, Standards, and related Requirements 1 27th February 1999 05:22 AM



The time now is 11:24 PM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


   


Marc Timothy Smith - Elsmar.com
8466 LeSourdsville-West Chester Road, Olde West Chester, Ohio 45069-1929
513 341-6272