Which sequence best describes handling access requests to restricted documents under UAP Document 301?

• A. Automatically grant access to all authorized requests.
• B. Deny all access requests.
• C. Identity verification, justification, supervisor approval, and a documented response within specified timelines.
• D. Offer access without logging.

Answer: (C)

Access control for restricted documents requires a disciplined, auditable process. Verifying the requester’s identity confirms who is asking and helps prevent impersonation. Requiring justification ensures there is a legitimate need for access rather than granting access casually. Securing supervisor approval adds oversight and confirms the request is appropriate and proportional to the risk. Providing a documented response within specified timelines creates accountability, supports consistency, and leaves a traceable record for audits. Taken together, these steps protect sensitive information while allowing legitimate work to proceed in a controlled, transparent way.

Automatic granting bypasses verification and oversight, increasing the risk of inappropriate disclosures. Denying all requests blocks legitimate needs. Offering access without logging eliminates the audit trail that supports accountability and traceability.