The correct answer is C. both (a) and (b).
Changes to the database should only be made by authorized personnel who have been granted access to the database. This access should be controlled by departmental security codes and individual passwords. This will help to ensure that only authorized personnel can make changes to the database and that any changes made are recorded.
Option A is incorrect because it does not mention individual passwords. Option B is incorrect because it does not mention departmental security codes. Option D is incorrect because it states that neither (a) nor (b) are correct. Option E is incorrect because it states that none of the above are correct.