PO2.4 Integrity Management
CobiT definition:
Define and implement procedures to ensure the integrity and consistency of all data stored in electronic form, such as databases, data warehouses and data archives.
Bill says,
“All data stored in electronic form” is one hell of a big task, but if you are to implement the proper level of controls that is truly what you are on the hook for. Once you have classified your data you will have a list of what is important to your business and what you need to control. Now you have to design and implement the procedures that ensure that data is what you think it is and it has the visibility that you think it should have.
Integrity of the data is fairly simple for static data, you really just need to be able to maintain an archived version that you can compare it to proving it’s integrity, assuming of course that you have the security of that data established properly.
The biggest challenge to integrity management is in your transactional database where your staff, and perhaps even your customers, are responsible for maintain some aspect of that data. This is where you need to automate as much as possible so that you are not relying on human nature, but no matter how much of that you do you will still be on the heck for documenting those processes and controls.
Integrity management is difficult but important. If you have followed the steps within this control objective you should be well on your way to achieving a good level control.
The fourth step in Defining the Information Architecture is integrity management.
Post a Comment