As an American owned company we have to comply with the Sarbannes Oxley requirements to ensure our processes and internal controls are secure. We have been working on a risk control tracking system and will be audited on this very shortly. HR have been asigned an action item which reads we are to devise and implement a formal data release form to ensure that access to sensitive employee information is restricted to prevent unauthorized use of the information.
Obviously we have to follow Data Protection but I wondered if any other companies use a similar form and if so could I have examples that I could utilise rather than re-inventing the wheel.
Thanks.
kirsa edwards