SI-9 — Information Input Restrictions

Restrict who can input information into systems based on their authorization and the sensitivity of the data. Not everyone should be able to enter data into every system.

Example 1: Configure your financial system so only authorized accounts payable staff can enter payment transactions. Use role-based access control to restrict data entry forms to specific user groups. Separate data entry from data approval (segregation of duties).

Example 2: In your HR system, restrict who can create new employee records or modify salary information. Only HR administrators should have write access to personnel data. Other staff can view their own records but cannot modify them.