ABSTRACT
Access to electronic records should be restricted and monitored by the system’s software through its log-on requirements, security procedures, and audit trail records. The electronic records must not be altered, browsed, queried, or reported by external software applications that do not gain entry through the protective system software. In addition to the logical security built into the system, physical security must be provided to ensure that access to computer systems and, consequently, to electronic records is prevented for unauthorized personnel.
