(K) Interrelationships Between Controls
Controls are interrelated. Lack of controls in one area may affect other interrelated areas. Similarly, what is an accepted control in one area may not be applicable to another area. This is because life cycles of a system or data are different. For example, a life cycle of an application system can take the phases shown in Exhibit 1.6.
System development requires different controls from operation and maintenance. For example, the system development process requires more project management controls, system operation requires more operational controls, and system maintenance requires strict program change and configuration controls. However, documentation is common to all these phases, and it acts as a preventive, detective, and corrective control as well. Weak controls during system development impact both operations and maintenance activities.
For example, the life cycle of a data item (or element) can take the phases shown in Exhibit 1.7.
Different controls are required in each of the phases shown in the exhibit. For example, processing of data requires more data editing and validation controls, and data disposition requires more physical security controls, ...