Back

Establish, implement, and maintain data completeness controls.


CONTROL ID
11649
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain records management procedures., CC ID: 11619

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Robust information is at the heart of risk management processes in a bank. Inadequate data quality is likely to induce errors in decision making. Data quality requires building processes, procedures and disciplines for managing information and ensuring its integrity, accuracy, completeness and timel… (Introduction ¶ 2, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Completeness— ensuring that the total number of records from the source database is transferred to the new database (assuming the number of fields is the same) (Critical components of information security 12) (ii) b., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Interbank payments can be abused by criminals. International policymakers have taken steps intended to increase the transparency of interbank payments, allowing law enforcement agencies to more easily trace payments related to, for example, drug trafficking or terrorism. The Funds Transfer Regulatio… (3.2.13 ¶ 2, Financial Crime Guide: A Firm’s Guide to Countering Financial Crime Risks, Release 11)
  • Ensure that transactions are accurate, complete and valid. Validate data that were input, and edit or send back for correction as close to the point of origination as possible. (AC3 Accuracy, Completeness and Authenticity Checks, CobiT, Version 4.1)
  • Information entered into business applications should be checked to ensure its completeness (e.g., comparison with control balances or original documentation). (CF.04.03.01-2, The Standard of Good Practice for Information Security)
  • Information entered into business applications should be checked to ensure its completeness (e.g., comparison with control balances or original documentation). (CF.04.03.01b, The Standard of Good Practice for Information Security, 2013)
  • systems and processes are in place to ensure the accuracy and completeness of information; (§ 9.1.7 ¶ 1 d), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • ensure that assurance is provided over the integrity of the data and information received, and in particular its accuracy and completeness; (§ 6.8.3.2.1 ¶ 1 g), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • systems and processes are implemented to ensure the accuracy and completeness of information; (§ 9.1.4 ¶ 1 d), ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • systems and processes are implemented to ensure the accuracy and completeness of information; (§ 9.1.4 ¶ 1 d), ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • Disclosures should be specific and complete (§ F. Principle 2, Implementing the Recommendations of the Task Force on Climate-related Financial Disclosures, October 2021)
  • Procedures related to completeness, accuracy, timeliness, and authorization of inputs are consistent with the system processing integrity policies. (Processing Integrity Prin. and Criteria Table § 3.2, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The entity's procedures include checking each request or transaction for accuracy and completeness, if the system is an electronic commerce system. (Processing Integrity Prin. and Criteria Table § 3.2 a, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The service auditor identifies the information produced by the service organization while performing procedures to assess the design, implementation, and operating effectiveness of controls within the system. When assessing the information produced, the service auditor should consider the reliabilit… (¶ 3.125, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • When using analytics, the service auditor would need to perform procedures to validate the completeness and accuracy of the information received from the entity, as discussed beginning in paragraph 3.138. (¶ 3.130 ¶ 2, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • Depending on the means by which the service auditor obtains the information, the service auditor develops a plan to assess the completeness and accuracy of such information. The following factors may be relevant when assessing the information used in the execution of controls: (¶ 3.142, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • System output is complete, accurate, distributed, and retained to meet the entity’s processing integrity commitments and system requirements. (PI1.5, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Data is processed completely, accurately, and timely as authorized to meet the entity’s processing integrity commitments and system requirements. (PI1.3, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Correctly interpret empty sections and null combinations. (§ 170.315 (b) (1) (ii) (A) (4), 45 CFR Part 170 Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology, current as of January 2024)
  • Correctly interpret empty sections and null combinations. (§ 170.315 (b) (1) (ii) (A) (4), 45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, current as of July 14, 2020)
  • Processes to verify that incoming data transmissions and processing are complete and accurate. (App A Objective 16:2a Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Evaluate the effectiveness of internal clearance and settlement activities as it relates to customer ATM transactions. Consider whether: (App A Tier 1 Objectives and Procedures Objective 7:5, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • The accuracy and completeness of outgoing instructions should be verified. (Pg 32, FFIEC IT Examination Handbook - Wholesale Payment Systems, July 2004)
  • The system should be examined to ensure inputs to the system are checked for accuracy, completeness, validity, and authenticity; rules are used to check that the syntax of inputs matches the definitions for format and content; and inputs are prescreened to prevent information from being unintentiona… (SI-10, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The smart grid Information System must use mechanisms to check inputted information for completeness, accuracy, authenticity, and validity. (SG.SI-8 Requirement, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)