Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners

BSBRKG604 Mapping and Delivery Guide
Determine security and access rules and procedures

Version 1.0
Issue Date: May 2024


Qualification -
Unit of Competency BSBRKG604 - Determine security and access rules and procedures
Description
Employability Skills
Learning Outcomes and Application This unit describes the skills and knowledge required to determine and establish the rules for access and use of records in an organisation, including classifications and procedures for managing access over time.It applies to experienced individuals who use specialist knowledge of business and record-keeping operations and apply analytical and problem- solving skills relevant to organisational risk. The individual may have responsibility for a team or sole responsibility for their work within the business system.No licensing, legislative or certification requirements apply to this unit at the time of publication.
Duration and Setting X weeks, nominally xx hours, delivered in a classroom/online/blended learning setting.
Prerequisites/co-requisites
Competency Field
Development and validation strategy and guide for assessors and learners Student Learning Resources Handouts
Activities 		Slides
PPT 		Assessment 1 Assessment 2 Assessment 3 Assessment 4
Elements of Competency Performance Criteria              
Element: Analyse access risks, rules and responsibilities
  • Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation
  • Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations
  • Review risk analyses and existing access rules for currency, and determine and document any necessary modifications
  • Analyse usage patterns of records taking into account identified risks and existing access rules
  • Determine specific restrictions and other responses to regulatory obligations for records and activities
  • Determine responsibility for reviewing access decisions from collected organisational documentation and information
       
Element: Develop access strategy, classifications and rules
  • Consider factors impacting on access rights in developing an access strategy from collected information, based on established responsibilities for access to records, and in response to identified difficulties and risks
  • Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and usage patterns of records within the jurisdiction
  • Compile criteria for applying access classifications to records, based on collected information and performed analyses
  • Develop rules for applying classifications
  • Circulate access classifications and draft rules to users of the business or records system for comment, identifying and analysing exceptions, and modifying classifications where appropriate
  • Determine compliance regime and jurisdictional access regime
  • Seek authorisation from appropriate body for access classifications and procedures
       
Element: Develop procedures to integrate into business or records system
  • Determine access permissions and restrictions for records by applying access rules
  • Establish and document categories of users using analyses of access rules and records usage
  • Document access permissions and restrictions in relation to categories of users
  • Establish mechanisms to control user access applying to records and to users
  • Develop and document specifications for recording authorised use of records
  • Integrate authorised access procedures into business or records system rules and procedures, and document changes
       
Element: Review and amend access classifications and rules
  • Develop procedures for reviewing access decisions and for responding to exceptions
  • Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime
  • Communicate changes to access rules and procedures to all users
       


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse access risks, rules and responsibilities

1.1 Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation

1.2 Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations

1.3 Review risk analyses and existing access rules for currency, and determine and document any necessary modifications

1.4 Analyse usage patterns of records taking into account identified risks and existing access rules

1.5 Determine specific restrictions and other responses to regulatory obligations for records and activities

1.6 Determine responsibility for reviewing access decisions from collected organisational documentation and information

2. Develop access strategy, classifications and rules

2.1 Consider factors impacting on access rights in developing an access strategy from collected information, based on established responsibilities for access to records, and in response to identified difficulties and risks

2.2 Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and usage patterns of records within the jurisdiction

2.3 Compile criteria for applying access classifications to records, based on collected information and performed analyses

2.4 Develop rules for applying classifications

2.5 Circulate access classifications and draft rules to users of the business or records system for comment, identifying and analysing exceptions, and modifying classifications where appropriate

2.6 Determine compliance regime and jurisdictional access regime

2.7 Seek authorisation from appropriate body for access classifications and procedures

3. Develop procedures to integrate into business or records system

3.1 Determine access permissions and restrictions for records by applying access rules

3.2 Establish and document categories of users using analyses of access rules and records usage

3.3 Document access permissions and restrictions in relation to categories of users

3.4 Establish mechanisms to control user access applying to records and to users

3.5 Develop and document specifications for recording authorised use of records

3.6 Integrate authorised access procedures into business or records system rules and procedures, and document changes

4. Review and amend access classifications and rules

4.1 Develop procedures for reviewing access decisions and for responding to exceptions

4.2 Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime

4.3 Communicate changes to access rules and procedures to all users

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assignment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse access risks, rules and responsibilities

1.1 Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation

1.2 Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations

1.3 Review risk analyses and existing access rules for currency, and determine and document any necessary modifications

1.4 Analyse usage patterns of records taking into account identified risks and existing access rules

1.5 Determine specific restrictions and other responses to regulatory obligations for records and activities

1.6 Determine responsibility for reviewing access decisions from collected organisational documentation and information

2. Develop access strategy, classifications and rules

2.1 Consider factors impacting on access rights in developing an access strategy from collected information, based on established responsibilities for access to records, and in response to identified difficulties and risks

2.2 Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and usage patterns of records within the jurisdiction

2.3 Compile criteria for applying access classifications to records, based on collected information and performed analyses

2.4 Develop rules for applying classifications

2.5 Circulate access classifications and draft rules to users of the business or records system for comment, identifying and analysing exceptions, and modifying classifications where appropriate

2.6 Determine compliance regime and jurisdictional access regime

2.7 Seek authorisation from appropriate body for access classifications and procedures

3. Develop procedures to integrate into business or records system

3.1 Determine access permissions and restrictions for records by applying access rules

3.2 Establish and document categories of users using analyses of access rules and records usage

3.3 Document access permissions and restrictions in relation to categories of users

3.4 Establish mechanisms to control user access applying to records and to users

3.5 Develop and document specifications for recording authorised use of records

3.6 Integrate authorised access procedures into business or records system rules and procedures, and document changes

4. Review and amend access classifications and rules

4.1 Develop procedures for reviewing access decisions and for responding to exceptions

4.2 Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime

4.3 Communicate changes to access rules and procedures to all users

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation 
Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations 
Review risk analyses and existing access rules for currency, and determine and document any necessary modifications 
Analyse usage patterns of records taking into account identified risks and existing access rules 
Determine specific restrictions and other responses to regulatory obligations for records and activities 
Determine responsibility for reviewing access decisions from collected organisational documentation and information 
Consider factors impacting on access rights in developing an access strategy from collected information, based on established responsibilities for access to records, and in response to identified difficulties and risks 
Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and usage patterns of records within the jurisdiction 
Compile criteria for applying access classifications to records, based on collected information and performed analyses 
Develop rules for applying classifications 
Circulate access classifications and draft rules to users of the business or records system for comment, identifying and analysing exceptions, and modifying classifications where appropriate 
Determine compliance regime and jurisdictional access regime 
Seek authorisation from appropriate body for access classifications and procedures 
Determine access permissions and restrictions for records by applying access rules 
Establish and document categories of users using analyses of access rules and records usage 
Document access permissions and restrictions in relation to categories of users 
Establish mechanisms to control user access applying to records and to users 
Develop and document specifications for recording authorised use of records 
Integrate authorised access procedures into business or records system rules and procedures, and document changes 
Develop procedures for reviewing access decisions and for responding to exceptions 
Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime 
Communicate changes to access rules and procedures to all users 

Forms

Assessment Cover Sheet

BSBRKG604 - Determine security and access rules and procedures
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

BSBRKG604 - Determine security and access rules and procedures

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: