The term “access” has a number of different senses, including access by users to the repository system---for example, physical security and user authentication), and the different stages of accessing records (making a request, verifying the rights of the requester, and preparing and sending a Dissemination Information Package (DIP). This section is concerned with all of these. It is divided into two main requirements: one concerned with the existence and implementation of access policies, and one with the capacity of the repository to provide demonstrably authentic objects as DIPs. Thus the first requirement relates to requests initiated by a user and how the repository handles them to ensure that rights and agreements are respected, that security is monitored, that requests are fulfilled, etc. The second requirement relates to what is delivered to the Consumer and the trust that can be placed in it.
It must be understood that the capabilities and sophistication of the access system will vary depending on the repository’s Designated Community and the access mandates of the repository. Because of the variety of repositories and access mandates, these criteria may be subject to questions about applicability and interpretation at a local level.