c. Documents. The document providing the historical reference record of data file systems and
programs should be given the same degree of physical security as the computer terminals.
4. Procedures and Controls.
Procedures and controls encompass the entire area of operation
concerning the complex.
a. Separation of Duties. In most complexes personnel are divided into several functional
groupings. It is not necessary or possible for these groupings to be separate and distinct in all facilities,
but in large operations they should be grouped. The security classification of these personnel must be
equal to the level of classification of the data or program that they are processing or developing. These
functional groupings, in addition to the internal audit personnel and the security force, include the
following:
(1) Programs.
(2) Operators.
(3) Librarians.
(4) Data preparers.
(5) Data controllers.
b. Rotation of Duties. This is sound personnel management and essential to control production
data.
c. Production Schedules. All production work would be run according to the schedules, and all
program development should be controlled separately. Production schedules should contain the
following:
(1) Line authorizations.
(2) Time estimates.
(3) Data file and program library release memorandum.
(4) Data preparation and instructions.
(5) Output routing.
(6) Input/output checking guides.
5. Maintain Run Control Log. For sensitive operations, a console printer recording all data may be
located remotely or in a secured part of the computer complex. Copies of these logs and all run control
logs will be maintained for 90 days. This log contains detailed records of all:
a. Runs.
MP1003
2-6
Previous Page
