In our company, we are using SAP system for our operations. Inside of this system, there is a whole set of authorization managed by a team to authorize people to the only data they should access, Transaction, company, plants, everything is divided into special authorization object. To make sure that we are securing all the data, there is a physical backup everyday (on other server) and a running backup that would help to go back to systems stats at any minute in time.
The CIA experience from my previous experience with an accounting practice.
Confidentiality, all client’s financial information is confidential. The access granted to staff members is a role based access control. Junior staff such as accounting clerks are given limited access to client’s data, their access involved access to posting (data entry), reconciliations and other low level tasks.
Integrity was maintained by daily back-ups of the transactions to a cloud server, so that clients’ accounting records were up-date with only a one day lag in the data.
The computerized accounting system was available to the senior staff members, such as account managers and partners, who were authorized to access and process closing and adjusting entries to produce the final accounts for the clients.
In our company, we keep a community DropBox folder to obtain all of our files, important documents, and pictures. The CIA components are important because we keep things confidential as far as staff being the only ones with the access. For integrity, we have a on your honor policy where certain things should not be shared to the public. For availability, there’s a feature where things can be accessed by certain groups and it also gives permission to let certain people edit, delete, or modify information within that folder.