May 2021 | Electrical Service Professionals, Inc.

Access controls limit access to information and information processing systems. When implemented effectively, they mitigate the risk of information being accessed without the appropriate authorization, unlawfully, and the risk of a data breach. They apply anywhere access is required to perform a business activity and should be adhered to when accessing information in any format, on any device.

In practice it is not uncommon for access to information to be overly restrictive, resulting in information silos. Whilst a focus on security and privacy is obviously needed to protect business information and meet data protection legislation obligations, there must also be a balance with accessibility. Opening up information assets supports collaboration and innovation, and in our experience supports successful eDRMS (electronic document and records management system) projects.

To implement an effective access control environment, we recommend the following six areas are given careful consideration:

1. ACCESS CONTROL PRINCIPLES

Guiding principles that provide rules for all implementations of access to networks, systems, information, and data. This can include principles relating to:

Access approval by a registered owner (e.g. an information, business, or system owner)
The sharing of personal data
Role and group-based access

2. WHO DETERMINES ACCESS?

What roles understand and approve access requests? Do you have Information on Asset Owners? In practice will they delegate responsibility for determining access to a Line Manager?

3. WHO ENSURES APPROPRIATE ACCESS IS IMPLEMENTED?

Is this your helpdesk? Do you have Information Champions who can ensure access is implemented correctly and that it is appropriate?

4. HOW ACCESS WILL BE DOCUMENTED

Access controls must be documented to provide evidence of the controls implemented. This can be in an Information Asset Register, helpdesk system, or even Active Directory

5. HOW THE ACCESS CONTROLS WILL BE IMPLEMENTED

Do you have a Business Classification Scheme or an eDRMS that will support the implementation of access controls? Do your new starter, transfers and leaver processes ensure access is set up, amended, or revoked where and when necessary?

6. PERIODIC AUDIT PROCEDURE

Access controls should be audited on a periodic basis to ensure controls align to what is needed and is documented. Would this be done by your helpdesk?

Access controls are an essential part of an information security framework. Reviewing these six areas will give your organization a solid foundation for controlling user access to information and systems, that meets your legislative, statutory, regulatory, and contractual requirements.

If you would like to know how to go about articulating access controls in a model or policy, get in touch with Electrical Service Professionals!

On March 25, 1911, 146 workers were killed in a fire at the Triangle Shirtwaist factory. The impact of this industrial disaster resulted in fire-prevention legislation, factory inspections and better working conditions for all workers. Eighty years later, on Sept. 25, 1991, a fire at the Imperial Foods Processing Plant left 25 victims dead and 54 injured. Despite the efforts of insurance companies, government agencies and volumes of codes and regulations, workplace fires still kill an average of 200 workers each year. An additional 5,000 workers are injured from these predictable and preventable accidents.

Fire safety tends to be overlooked. Contractors cannot assume that their hosts have implemented effective fire prevention and protection programs. Even when these programs are in place, contractors must ensure that their workers have received the necessary training. Special attention must be given to residential construction and maintenance operations where it may be more likely to encounter uncontrolled and less predictable hazards.

Managers, supervisors and workers must be trained to recognize fire hazards. They should also know what actions to take when responding to a fire emergency. This is not an easy task when work locations and job site conditions change on a daily basis.

The recognition of fire hazards is the first step in preventing fires. Electrical fires account for 22 percent of workplace fires. They are frequently caused by defects in wiring, motors, switches, lamps and heating elements. Electrical workers performing maintenance on faulty or failed equipment are at risk. The heat or sparks generated by the defects can easily ignite combustible and flammable materials.

It is important to consider both the sources that ignite a fire as well as the combustible and flammable substances they ignite. Smoking, open flames, sparks and heated surfaces are all obvious ignition sources. It is sometimes not as easy to predict when an ignition source may develop. A damaged or misaligned table saw can generate enough heat to ignite sawdust. Also keep in mind that some materials can create enough heat by chemical reaction to ignite. Basic rubbish, oily waste and combustible scrap are all potential sources of spontaneous heating.

Other sources include lightning strikes, hazardous chemical reactions, static electricity and fires spreading from nearby buildings. These miscellaneous causes account for 10 percent of workplace fires.

Fire prevention must also address the identification and control of flammable and combustible substances. They must be transported, stored and used safely, observing all regulations and safety practices.

The basic tools for communicating fire safety procedures include a Fire Prevention Plan and Emergency Action Plan. These documents should be developed around OSHA requirements and the best practices of the industry. Checklists can also be valuable tools to ensure all necessary components are addressed and in place. Management, supervisors and workers should use these checklists to ensure that fire prevention and protection controls are applied every minute of every day on the job.

Fire Prevention Plans, Emergency Action Plans and safety checklists are only effective if they are applied. The other half of the equation is competency-based training. Ensure that your workers have a good working knowledge of fire safety practices. They should check each workplace to ensure there are at least two means of escape. Doorways should be kept clear and unlocked and they should be able to find the way to each exit even if the lights go out.

On construction sites, OSHA requires a 2A fire extinguisher or equivalent protection for every 3,000 square feet. Travel distance from any point to the fire extinguisher must be no more than 100 feet. If 5 gallons of a flammable or combustible liquid is present, a 10B extinguisher must be within 50 feet.

Workers should know the location of the fire extinguishers and know the host’s policy for fighting small, controllable fires. Your workers should be instructed in the identification, selection and use of portable fire extinguishers. This training will have much more meaning if they are allowed to actually extinguish fires in the training process.

Workers should be instructed to read the Emergency Action Plan used in the facility in which they are working. They must understand evacuation signals, escape routes, the method that accounts for workers and their role in the plan. You must also ensure that any special needs of your workers are addressed.

This training should be re-enforced in job site safety talks. Job briefings are an effective way to address fire safety specifics. Workers can be apprised of the unique hazards that are present, the fire prevention program of the host, and the emergency action plan to be followed.

It is not difficult to protect your employees from workplace fires. It does require a commitment from management. This may someday prevent another industrial disaster and protect the people you employ and on whom you depend.

– – – – – – –

Reference: www.ecmag.com – Joe O’Conner

WHY IS ACCESS CONTROL IMPORTANT?