Provide a basis for determining who in the organization should control access to a particular item of information.Scope
Corporate information produced, used or maintained by the University of Houston.Standard
Information that is in a computer-based application has an owner identified for it, and is clearly identified and secured based on its permissions granted in the profile system.Guidelines
- Procedures should ensure privacy and confidentiality of information that might affect an individual's civil liberties, and ensure compliance with applicable privacy laws.
- Measures must be in place to prevent misappropriation of or unauthorized access to proprietary or confidential programs that are leased or used under non-disclosure or protective agreements.
- Systems development projects have formal checkpoints addressing output data access control throughout the system design effort.