In one case, could not read the radio, could not write to the radio, the service tech couldn't find docs to give me the password to unlock the radio. Luckily, I had to do a firmware upgrade anyway and it cleared the way. In another case, a vendor had password protected the comments with THEIR name and telephone number, but we obtained it and modified the comments to our purposes.
IF the customer stated they were putting the whole system management in the vendor's hands, then the vendor should still provide the customer with the details in case of future changes. To not do so is, in my opinion, unacceptable. When customers have their own techs and the initial load is completed by the vendor, then all arrangements should be clearly stated and documented BEFORE loading any data.
Any vendor who does not clearly work with the customer on these security details will not get any business--or future business in case of violation of those agreements.
This of course applies to customer-owned systems, and may also apply in case of leased systems, depending on the system management agreements in place. Key issue: agreements in place--and documented--before installation.
