I've found that a locked bit isnt enough, I want to know who locked. Lots of times an app/connection will drop, leaving the lock bit set. We go with the userid of the user locking the record, either NT login or some internal login. To update you have to be that user, which means if you do drop the connection and come back later, that user can still edit it.
Andy