Question OPAP-05

Does the system provide data input validation and error messages?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

State plans to implement data input validation and error messaging across all components of your system.

Answering "YES"

Provide a reference to documentation of your data input validation and error messaging capabilities.

Reason for Question

Input validation is a secure coding best practice, so confirming its implementation is normally a high priority. Error messages (to the system and user) can be used to detect abnormal use and to better protect institutional data. Depending on the criticality of data and the flow of said data, an institution's risk tolerance will be unique to their environment.

Follow-Up Inquiries

Inquire about any planned improvements to these capabilities. Ask about their product(s) roadmap and try to understand how they prioritize security concerns in their environment.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]