Login   |   Secure Purdue > Information Security Standards

Data Integrity

The following policies define data security issues that specifically relate to Data Integrity. The policies address the authorization, validation, modification controls, and consistency of data.

Awareness of Integrity Status

  1. Production Input Must Be Linked to Source Documents

To facilitate tracking and problem resolution processes for applications, each batch input transaction submitted to a production accounting type system must be assigned a unique sequence number or identifier linking it back to the source. Other critical applications must support an indirect link between the source and the input transaction by means of a log file.

Audience: Management, Technical

Integrity of Information Sources

  1. Authorization Required for All Production System Input

Methods must be in place to ensure that all input to production computer systems, which has been submitted for processing has been properly authorized. This requires that an access control system be in place to ensure the submitter has rights for the action requested.

Audience: Technical

  1. Input Data Validation and Rejected Item Handling

All transactions to be input to a multi-user computer system must first be subjected to reasonableness checks, edit checks and/or validation checks. Transactions, which fail such checks, must either be (a) rejected with a notification of the rejection sent to the submitter (b) corrected and resubmitted or (c) suspended pending further investigation.

Audience: Management, Technical

  1. Input to Data Warehouse Requires Source, Classification, and Other Labels

All information included in the Purdue University data warehouse must be accompanied by metadata describing the origin, sensitivity classification, reliability, and the date of most recent revision. The metadata for the data warehouse should contain background information that will allow those using the warehouse to determine the information's relevance for specific decision-making purposes.

Audience: Management, Technical

Modification Controls

  1. Acceptable Risk of Undetected Information Alteration

Management must establish and maintain sufficient controls to ensure that Purdue University computing information is free from a significant risk of undetected changes. The intention of this policy is to clearly guide systems designers, network specialists, and others to implement adequate control measures to prevent undetected information alteration.

Audience: Management, Technical

  1. Handling of Rejected Batch Input Transactions Via Suspense Files

All rejected batch input transactions must be placed in a suspense file and listed in exception reports until such time as they are successfully resubmitted for processing or otherwise handled.

Audience: Management, Technical

  1. Input Validation Procedures for Rejected or Suspended Input

Input transactions which are corrected for resubmission, or which are suspended and later approved for resubmission, must be subjected to the same validation procedures that original input transactions receive.

Audience: Technical

Consistent Representation of Data

  1. Misrepresentation of Identity on Electronic Communication Systems

Misrepresenting, obscuring, suppressing, or replacing a user's identity on an electronic communications system is forbidden. The user name, electronic mail address, organizational affiliation, and related information included with messages or postings must reflect the originator of the messages or postings

Audience: End-User, Management, Technical

  1. New Information Types Must Be Reflected in Master Data Dictionary

All new types of Purdue University computing information that are created and/or stored by core administrative applications must be promptly reflected in the master data dictionary.

Audience: End-User, Management, Technical