Data File Controls

Four basic types of data protection controls:

 Standing Data Controls

Standing data refers to information contained in a file or database table. The information should
possess controls commensurate with the data value or regulatory requirement. Standing data
can be found in file cabinets, on disk drives, and on tape backups. Standing data may require
additional controls such as storage in encrypted format within the database.

 System Control Parameters

Data files should be protected from system control parameters that would change the way the
files are processed. System control parameters are used to customize the configuration settings
and software applications. These settings can alter performance, logging, or file security.
Improper implementation can lead to the loss of data, unauthorized access, or undetected
errors.

 Logical Access Controls

All access to data files should be forced through authentication in a user rights management
program (access control program). Direct access to data files through Open Database
Connectivity (ODBC) should be prohibited unless controlled by a rights management program
with user authentication. It is common for a user to request direct access to the database for the
purpose of reading data from another program. This type of uncontrolled direct access should
be discouraged.

 Transaction Processing Controls

All transactions involving data files should be controlled with authentication and validation
checks. The data transformation procedure must be officially approved and managed as part of
the system application life cycle. Transaction processing monitors (TP monitors) are frequently
used to ensure that database activity does not overload the processing capacity of the available
hardware.