Data integrity is a measurement of the requirement for the data to be accurate and to not be changed except by authorized individuals. The amount of damage that can be done when the data is not accurate or modified will be used to determine the level of data integrity. Consider the possible damage if data is modified in a way to cause organizational staff to take some incorrect action.
4. Data Integrity
To determine data integrity, evaluate the data based on the damage if it is modified, is not accurate, or is faked as though it is from a credible source. The owners of the data must determine the level of the data integrity unless the project uses a copy of the data, in which case the project manager must make this determination. Useful categories include:
- None - If this information is not accurate there is no damage.
- Low - If this information is not accurate, it could cause minor embarrassment and/or damage and only require administrative action for correction.
- Medium - If this information is not accurate, it could cause significant embarrassment and/or damage in money, property, or personnel to the organization or require legal action.
- High - Affecting the organization seriously - If this information is not accurate, it could cause grave damage, loss of life, or major monetary damage.
Consider whether there additional data requirements such as:
- Non-repudiation - Ability to be sure of the originator of a message
- Authenticity - The data has not been modified by unauthorized parties.
- Accountability - Can you tell who or what group modified data and is it required?
These options may need to be built into the application and should be part of the application requirements for the project.
When requiring data integrity, logging of changes to data and user privileges is very important. The data owners and project manager should consider what events should be logged by the application and the computer system when discussing data integrity requirements.