T7.3.2 - CONTROL OF INTERNAL PROCESSING Implementation Guidance
The entity shall incorporate validation checks into applications to detect any corruption of information through processing errors or deliberate acts.
Back to T7.3.2 - P2 - CONTROL OF INTERNAL PROCESSING
The design and implementation of applications should ensure that the risks of processing failures leading to a loss of integrity are minimized. Specific areas to consider include:
- A. The use of add, modify, and delete functions to implement changes to data
- B. The procedures to prevent programs running in the wrong order or running after failure of prior processing
- C. The use of appropriate programs to recover from failures to ensure the correct processing of data
- D. Protection against attacks using buffer overruns/overflows
An appropriate checklist should be prepared, activities documented, and the results should be kept secure. Examples of checks that can be incorporated include the following:
- A. Session or batch controls, to reconcile data file balances after transaction updates
- B. Balancing controls, to check opening balances against previous closing balances, namely
1- Run-to-run controls
2- File update totals
3- Program-to-program controls
- C. Validation of system-generated input data
- D. Checks on the integrity, authenticity or any other security feature of data or software downloaded, or uploaded, between central and remote computers
- E. Hash totals of records and files
- F. Checks to ensure that application programs are run at the correct time
- G. Checks to ensure that programs are run in the correct order and terminate in case of a failure, and that further processing is halted until the problem is resolved
- H. Creating a log of the activities involved in the processing
