Provide a basis for determining who in the organization should control access to a particular item of information.

Corporate information produced, used or maintained by the University of Houston.

Information that is in a computer-based application has an owner identified for it, and is clearly identified and secured based on its permissions granted in the profile system.

1. Procedures should ensure privacy and confidentiality of information that might affect an individual's civil liberties, and ensure compliance with applicable privacy laws.
2. Measures must be in place to prevent misappropriation of or unauthorized access to proprietary or confidential programs that are leased or used under non-disclosure or protective agreements.
3. Systems development projects have formal checkpoints addressing output data access control throughout the system design effort.