The document discusses the importance of information security access models for agencies and outlines best practices for developing an effective access model. It recommends identifying security requirements, defining user groups, listing system permissions, and capturing permissions in a matrix to indicate who can access what. The access model should be developed prior to system implementation to properly control access and maintain security as an organization's information systems and needs evolve over time.