Question APPL-03
Does the system provide data input validation and error messages?
Weight | 20 |
High Risk | No |
Required | Yes |
Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State plans to implement data input validation and error messaging across all components of your system.
Answering "YES"
Describe how your system(s) provide data input validation and error messages.
Reason for Question
Input validation is a secure coding best practice, so confirming its implementation is normally a high priority. Error messages (to the system and user) can be used to detect abnormal use and to better protect institutional data. Depending on the criticality of data and the flow of said data, an institution's risk tolerance will be unique to their environment.
Follow-Up Inquiries
Inquire about any planned improvements to these capabilities. Ask about their product(s) roadmap, and try to understand how they prioritize security concerns in their environment.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]