Professional Documents
Culture Documents
Standing data refers to information contained in a file or database table. The information should
possess controls commensurate with the data value or regulatory requirement. Standing data
can be found in file cabinets, on disk drives, and on tape backups. Standing data may require
additional controls such as storage in encrypted format within the database.
All access to data files should be forced through authentication in a user rights management
program (access control program). Direct access to data files through Open Database
Connectivity (ODBC) should be prohibited unless controlled by a rights management program
with user authentication. It is common for a user to request direct access to the database for the
purpose of reading data from another program. This type of uncontrolled direct access should
be discouraged.
All transactions involving data files should be controlled with authentication and validation
checks. The data transformation procedure must be officially approved and managed as part of
the system application life cycle. Transaction processing monitors (TP monitors) are frequently
used to ensure that database activity does not overload the processing capacity of the available
hardware.