(a) Each licensee shall be responsible for:
- (1) Continuing effectiveness of the access authorization program;
- (2) Ensuring that access authorization programs are reviewed to confirm compliance with the requirements of He-P 4038.07 through He-P 4038.13 and that comprehensive actions are taken to correct any noncompliance that is identified;
- (3) Evaluating all program performance objectives and requirements; and
- (4) Reviewing annually the access program content and implementation.
(b) The results of the reviews, along with any recommendations, shall:
- (1) Be documented;
- (2) Identify conditions that are adverse to the proper performance of the access authorization program, the cause of the condition(s), and, when appropriate, recommend corrective actions, and corrective actions taken; and
- (3) Review the finding and take any additional corrective actions necessary to preclude repetition of the condition, including reassessment of the deficient areas where indicated.
- (c) Review records shall be maintained for 3 years.
Source. #11105, eff 5-25-16; amd by #12744, eff 3-20-19