Update on Conditional Access to Internal Client Records
---

Access to internal client records has historically been granted through role-based permissions, with approvals issued at the departmental level. While this model has ensured operational continuity, it has also resulted in access being extended beyond immediate project requirements in certain instances.

Following a recent compliance review, the Information Governance Committee has authorized a revised access framework that introduces conditional limitations tied to active assignments and documented business need. Under this framework, credentials will be periodically revalidated, and access privileges may be modified or suspended automatically if associated project status changes.

This adjustment does not imply misconduct or performance concerns. Rather, it reflects a shift toward minimizing residual access exposure across systems handling sensitive client information. The revised framework is currently active within the Risk Advisory Division and will be evaluated for broader implementation after an initial assessment period.

Employees who anticipate workflow disruption as a result of these changes should consult their project supervisors for guidance. Requests for exception will be reviewed, but approval is not guaranteed.

---

(1) Why was the revised access framework introduced?

(2) What is a key feature of the new access framework?

(3) What can be inferred about requests for exception?

(4) In the notice, the word “residual” is closest in meaning to