Security specific requirements for the project. Assessment of changes on existing system security.
The confidentiality, integrity, and availability (CIA) model is widely used by organisations to implement appropriate security controls and policies, which helps identify key problem areas and the necessary solutions to resolve these issues.
- the data can be accessed, altered, disclosed or deleted only by those you have authorised to do so (and that those people only act within the scope of the authority you give them);
- the data held is accurate and complete in relation to why we are processing it; and
- the data remains accessible and usable.
Access Control and Authorisation:
Role-based access mechanisms and strict authentication measures SHALL be enforced by IT Security and Data Engineering to mitigate unauthorised access risks.
Data Accuracy and Completeness:
Data Specialists SHALL conduct regular audits and validations to ensure that the data aligns with the intended purpose of processing, thereby upholding data integrity.
Data Recovery and Resilience:
Data Engineering SHALL facilitate the timely restoration of data in the event of accidental loss, alteration, or destruction.
Encryption and Data Protection:
Data encryption techniques SHALL be used to safeguard data both at rest and in transit, thereby maintaining data confidentiality.
Monitoring and Incident Response:
Data Engineering and IT Security SHALL develop incident response procedures to swiftly address any security incidents and mitigate their impact on data confidentiality, integrity, and availability.
Compliance and Governance:
Data Engineering SHALL implement governance frameworks to enforce data protection policies and procedures, thereby fostering accountability and transparency in data handling practices.