SI-01-727 System and Information Integrity Policy and Procedures

System and Information Integrity Policy and Procedures

SI-01-727
System and Information Integrity Policy and Procedures
System and Information Integrity
Protect
Enterprise Architecture, Roadmap and Emerging Technology
LOW, MOD, HIGH
P1
Yes
May 20, 2016

Information resource owners, working with the responsible information resource custodians and information technology staff, shall ensure all appropriate system and information integrity controls are implemented on the information resource consistent with the resource's risk level.

Applications fail to process correctly and accurately due to a failure to design control during application development.
The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and b. Reviews and updates the current: 1. System and information integrity policy [Assignment: organization-defined frequency]; and 2. System and information integrity procedures [Assignment: organization-defined frequency].
The organization has documented information integrity policies and procedures in place.
The integrity of data, its source, its destination, and processes applied to it shall be assured. Changes to data shall be made only in an authorized manner.
Obtain system and information integrity policy and procedures; other relevant documents or records and ascertain if : (I)the organization develops and documents system and information integrity policy and procedures. (ii)the organization disseminates system and information integrity policy and procedures to appropriate elements within the organization. (iii)responsible parties within the organization periodically review system and information integrity policy and procedures. (iv)the organization updates system and information integrity policy and procedures when organizational review indicates updates are required. (iv)the system and information integrity policy addresses purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, and compliance. (v)the system and information integrity policy is consistent with the organization’s mission and functions and with applicable laws, directives, policies, regulations, standards, and guidance. (vi)the system and information integrity procedures address all areas identified in the system and information integrity policy and address achieving policy-compliant implementations of all associated system and information integrity controls.