Managing data integrity
Data integrity is about protecting data against improper maintenance, modification, or alteration. It includes data authenticity.
Integrity has to do with the accuracy of information, including its authenticity and trustworthiness. Information with low integrity concerns may be considered unimportant to precise operational functions or not necessary to vigorously check for errors. Information with high integrity concerns is considered critical and must be accurate in order to prevent negative impact on University activities.
Examples of data with high integrity concerns include:
- application code, which must be accurate and unaltered in order to ensure proper application function.
- system logs, which must be accurate and unaltered in order to ensure proper detection of intrusions and system changes.
Consider the following when managing data integrity:
- Whether data must remain accurate and uncorrupted
- Whether data must be modified only by certain people or under certain conditions
- Whether data must come only from specific, trusted sources
Data integrity and data availability are both factors in data's criticality, or how essential that data is to the University's operations.
Guidelines for data integrity
When managing data integrity, follow these guidelines:
- Back up data.
Backup copies of data are essential in the event that data is lost or corrupted. If the data can't be restored—even partially—from a backup, then you may need to start from scratch!
- Manage data access.
By limiting who can access data and what permissions apply to their access, you can help preserve the integrity of that data. In particular, it's important to manage permissions that allow users to write, edit, or delete data to ensure that only those authorized and qualified to perform those tasks correctly are able to create or change data.
- Enable logging.
Logs can be used to detect changes to data. In incidents where data was added, modified, or deleted incorrectly or without authorization, a log can help identify what data may have been affected and even who is responsible for the change.
- Verify and validate data.
By ensuring that data is correct and appropriate at the time of acquisition and around the time of utilization, you can reduce the risk that University activitieses or other data-dependent applications will be affected by inaccuracies or missing data.