Chapter 6





                           Privacy and security





               10.1  Controls


                                   IT and IS controls safeguard the privacy
                                   and security of data as well as ensuring
                                   complete and accurate processing of data.





                   General controls – ensure                      Application (program) controls –
                   organisation has overall control over          performed automatically and ensure
                   IS.                                            data input is accurate and complete.


                       Personnel controls (for                        Completeness checks to
                        example, policy of usage).                      ensure all data processed.

                       Access controls (for example,                  Validity checks to ensure only
                        passwords).                                     valid data included.

                       Computer equipment controls                    Identification and authorisation
                        (for example, protection from                   checks to ensure only
                        theft).                                         authorised access occurs.

                       Business continuity planning                   Problem management facilities
                        (for example, risk assessment                   to enable timely recording and
                        looking at business critical                    management of problems.

                        systems).

























               76