As an American owned company we have to comply with the Sarbannes Oxley requirements to ensure our processes and internal controls are secure. We have been working on a risk control tracking system and will be audited on this very shortly. HR have been asigned an action item which reads we are to devise and implement a formal data release form to ensure that access to sensitive employee information is restricted to prevent unauthorized use of the information.

Obviously we have to follow Data Protection but I wondered if any other companies use a similar form and if so could I have examples that I could utilise rather than re-inventing the wheel.

Thanks.
kirsa edwards