AUDITING DATABASE SYSTEMS
This topic focuses on the compliance regarding the security
and control of an organization database.
Data Management Approaches
The Flat-File Approach. Flat files are data files that contain
records with no structured relationships to other files. The
flat-file approach is most often associated with so-called
legacy systems.
Problems arising from Flat-File Approach:
Data Storage. Efficient data management captures and stores
data only once and makes this single source available to all
users who need it. In the flat-file environment, this is not
possible. To meet the private data needs of diverse users,
organizations must incur the costs of both multiple collection
and multiple storage procedures. Some commonly used data
may be duplicated dozens, hundreds, or even thousands of
times within an organization.
Data Updating. Organizations store a great deal of data on
master files and reference files that require periodic updating
to reflect changes. For example, a change to a customer's
name or address must be reflected in the appropriate master
files. When users keep separate and exclusive files, each
change must be made separately for each user. These
redundant updating tasks add significantly to the cost of data
management.
Currency of Information. In contrast to the problem of
performing multiple updates is the problem of failing to
update all the user files that are affected by a change in
status. If update information is not properly disseminated,
the change will not be reflected in some users' data, resulting
in decisions based on outdated information.
Task-Data Dependency. Another problem with the flat-file
approach is the user's inability to obtain additional
information as his or her needs change: this is known as task-
data dependency. In other words, a user's task is limited and
decision-making ability constrained by the data that he or she
possesses and controls.
The Database Approach. This approach centralizes the
organization's data into a common database that is shared by
other users. With the enterprise's data in a central location,
all users have access to the data they need to achieve their
respective objectives. Through data sharing, the traditional
problems associated with the flat-file approach may be
overcome.
Elimination of Data Storage Problem. Each data element is
stored only once, thereby eliminating data redundancy and
reducing data collection and storage costs.
Elimination of Data Update Problem. Because each data
element exists in only one place, it requires only a single
update procedure, This reduces the time and cost of keeping
the database current.
Elimination of Currency Problem. A single change to a
database attribute is automatically made available to all users
of the attribute. For example, a customer address change
entered by the billing clerk is immediately reflected in the
marketing and product services views.
Elimination of Task-Data Dependency Problem. With access
to the full domain of entity data, changes in user information
needs can be satisfied without obtaining additional private
data sets. Users are constrained only by the limitations of the
data available to the entity and the legitimacy of their need to
access them. Therefore, the database method eliminates the
limited access that flat files, by their nature, dictate to users.
Key Elements of the Database Environment
This section discusses the key elements of the database
environment. These include the (1) database management
system (DBMS), (2) users, (3) the database administrator, (4)
the physical database, and (5) the DBMS models.
1. Database Management System. A database
management system (DBMS) is a software application
that allows users to manage and organize data in a
database. It provides an interface for users to interact
with the database, perform operations such as storing,
retrieving, updating, and deleting data, and ensures the
integrity and security of the data.
Typical Features
The DBMS provides a controlled environment to assist (or
prevent) access to the database and to efficiently manage the
data resource. Each DBMS is unique in the way it
accomplishes these objectives, but some typical features
include:
1. Program development. The DBMS contains application
development software. Both programmers and end users
may employ this feature to create applications to access the
database.
2. Backup and recovery. During processing, the DBMS
periodically makes backup copies of the physical database. In
the event of a disaster (disk failure, program error, or
malicious act) that renders the database unusable, the DBMS
can recover to an earlier version that is known to be correct.
Although some data loss may occur, without the backup and
recovery feature the database would be vulnerable to total
destruction.
3. Database usage reporting. This feature captures statistics
on what data are being used, when they are used, and who
uses them. This information is used by the database
administrator (DBA) to help assign user authorization and
maintain the database. We discuss the role of the DBA later in
this section.
4. Database access. The most important feature of a DBMS is
to permit authorized user access, both formal and informal,
 to the database. There are three software modules that
facilitate this task. These are the data definition language, the
data manipulation language, and the query language.
Data Definition Language. Data definition language (DDL) is a
programming language used to define the database to the
DBMS. The DDL identifies the names and the relationship of
all data elements, records, and files that constitute the
database. This definition has three levels, called views: the
physical internal view, the conceptual view (schema), and the
user view (subschema).
Database Views
Internal View/Physical View.
 The physical arrangement of records in the database is
presented through the internal view.
 The lowest level of representation, which is one step
removed from the physical database.
 Describes the structures of data records, the linkages
between files, and the physical arrangement and
sequence of records in a file.
 There is only one internal view for the database.
 Indicates how the data will be stored
 Describes the complex data structures and access
methods to be used by the database
 Used to describe the entire database architecture.
Conceptual View/Logical View (Schema).
 Describes the entire database
 This view represents the database logically and abstractly,
rather than the way it is physically stored. There is only one
conceptual view for a database.
 Also called the logical structure because it defines the
logical relations between the data.
External View/User View (Subschema).
 Defines the user's section of the database-the portion that an
individual user is authorized to access.
 Unlike the internal and conceptual views, there may be
many distinct user views.
Users
Formal Access: Application Interfaces
Users access the database in two ways (Formal and Informal
Access). First, access is possible by the formal application
interfaces. User programs, prepared by systems
professionals, send data access requests (calls) to the DBMS,
which validates the requests and retrieves the data for
processing.
Data Manipulation Language. Data manipulation language
(DML) is the proprietary
programming language that a particular DBMS uses to
retrieve, process, and store data. Entire user programs may
be written in the DML or, alternatively, selected DMI
commands can be inserted into programs that are written in
universal languages, such as JAVA, C++, and even older
languages such as COBOL and FORTRAN.
Inserting DML commands enables standard programs, which
were originally written for the flat-file environment, to be
easily converted to work in a database environment. The use
of standard language programs also provides the organization
with a degree of independence from the DBMS vendor. If the
organization decides to switch vendors to one that uses a
different DML, it will not need to rewrite all user programs.
By replacing the old DML commands with the new
commands, user programs can be modified to function in the
new environment.
DBMS Operation. The DBMS and user applications work
together. Let's consider the typical sequence of events that
occur while accessing data. The following description is
generic and certain technical details are omitted.
I. A user program sends a request for data to the DBMS. The
requests are written in a special data manipulation language
that is embedded in the user program.
2. The DBMS analyzes the request by matching the called
data elements against the user view and the conceptual view.
If the data request matches, it is authorized, and processing
proceeds to Step 3. If it does not match the views, access is
denied.
3. The DBMS determines the data structure parameters from
the internal view and passes them to the operating system,
which performs the actual data retrieval. Data structure
parameters describe the organization and access method for
retrieving the requested data. This topic is discussed later.
4. Using the appropriate access method (an operating system
utility program), the operating system interacts with the disk
storage device to retrieve the data from the physical
database.
5. The operating system then stores the data in a main
memory buffer area managed by the DBMS.
6. The DBMS transfers the data to the user's work location in
main memory. At this point, the user's program is free to
access and manipulate the data.
7. When processing is complete, Steps 4, 5, and 6 are
reversed to restore the processed data to the database.
Informal Access: Query Language
Definition. The second method of database access is the
informal method of queries. A query is an ad hoc access
methodology for extracting information from a database.
Users can access data via direct query, which requires no
formal user programs using the DBMSs built-in query facility.
This feature allows authorized users to process data
independent of professional programmers by providing a
"friendly" environment for integrating and retrieving data to
produce ad hoc management reports.
SQL. The query capability of the DBMS permits end users and
professional programmers to access data in the database
directly without the need for conventional programs. IBM's
Structured Query Language (SQL), has emerged as the
standard query language for both mainframe and
microcomputer DBMSs. SQL is a fourth-generation,
nonprocedural language with many commands that allow
users to input, retrieve, and modify data easily. The SELECT
command is a powerful tool for retrieving data.
The Database Administrator
The DBA is responsible for managing the database resource.
The sharing of a common database by multiple users requires
organization, coordination, rules, and guidelines to protect
the integrity of the database.
In large organizations, the DBA function may consist of an
entire department of technical personnel under the database
administrator. In smaller organizations, DBA responsibility
may be assumed by someone within the computer services
group.
The duties of the DBA fall into the following areas: database
planning; database design; database implementation,
operation, and maintenance; and database growth and
change.
Organizational Interactions of the DBA
Of particular importance is the relationship among the DBA,
the end users, and the systems professionals of the
organization.
When information systems need arise, users send formal
requests for computer applications to the systems
professionals (programmers) of the organization. The
requests are handled through formal systems development
procedures; if they have merit, they result in programmed
applications.
The Data Dictionary
Another important function of the DBA is the creation and
maintenance of the data dictionary. The data dictionary
describes every data element in the database. This enables all
users (and programmers) to share a common view of the data
resource, thus greatly facilitating the analysis of user needs.
The data dictionary may be in both paper form and online.
Most DBMSs employ special software for managing the data
dictionary.
The Physical Database
The fourth major element of the database approach is the
physical database. This is the lowest level of the database and
the only level that exists in physical form. The physical
database consists of magnetic spots on metallic coated disks.
The other levels of the database (the user view, conceptual
view, and internal view) are abstract representations of the
physical level.
Data Structures
Data structures are the bricks and mortar of the database.
The data structure allows records to be located, stored, and
retrieved, and enables movement from one record to
another. Data structures have two fundamental components;
organization and access method.
Data Organization
The organization of a file refers to the way records are
physically arranged on the secondary storage device. This
may be either sequential or random.
The records in sequential files are stored in contiguous
locations that occupy a specified area of disk space. Records
in random files are stored without regard for their physical
relationship to other records of the same file. Random files
may have records distributed throughout a disk.
If we say sequential files, these is like a long list of files that is
stores in a specific order. Each record is stored one after the
other, and they can only be accessed in the order they were
stored. To find a specific record, you have to start from the
beginning and go through each record until you find the one
you're looking for.
Let’s relate it into flipping a through the pages of a book from
the beginning until you find the info or file that you are
looking for.
On the other hand, random files allow direct access to any
record in the file. Each record is assigned a unique identifier
called a key, which is used to locate and retrieve the record
quickly.
Kasla metlang tay panaglukib ti libro. But this time, adda
table of contents na dijay libro nga katulungam mangsapol
tay info or file nga masapol mo. Agjump ka latta idjay nga
page nukwan, then nalpasen.
Data Access Methods
The access method is the technique used to locate records
and to navigate through the database.
The criteria that influence the selection of the data structure
include:
1. Rapid file access and data retrieval
2. Efficient use of disk storage space
3. High throughput for transaction processing
4. Protection from data loss
5. Ease of recovery from system failure
6. Accommodation of file growth
DBMS Models
A data model is an abstract representation of the data about
entities, including resources, events, and agents and their
relationships in an organization. The purpose of a data model
is to represent entity attributes in a way that is
understandable to users.
Database Terminology
Before introducing these models formally, we need to review
some important database terms and concepts:
Data Attribute/Field: A data attribute/field is a single item of
data, such as customer's name, account balance, or address.
Entity. An entity is a database representation of an individual
resource, event, or agent about which we choose to collect
data. Entities may be physical (inventories, customers, and
employees) or conceptual (sales, accounts receivable, and
depreciation expense).
For example: Employee = Employee ID, Name, Address, Age
Record Type (Table or File). When we group together the
data attributes that logically define an entity, they form a
record type.
Database. A database is the set of record types that an
organization needs to support its business processes.
Associations. Record types that constitute a database exist in
relation to other record types. This is called an association.
Three basic record associations are: one-to-one, one-to-
many, and many-to-many.
• One-to-one association. This means that for every
occurrence in Record Type X, there is one (or possibly zero)
occurrence in Record Type Y.
 In a one-to-one association, one record in a table is
associated with exactly one record in another table,
and vice versa.
 This association is typically used when two entities
have a unique and singular relationship.
 Example: Consider a database for a hospital. In this
scenario, we have two entities: "Patient" and
"Medical History."
o Each patient can have only one medical
history, and each medical history is
associated with only one patient.
o The "Patient" entity will contain information
such as the patient's name, date of birth,
contact details, and other personal
information.
o The "Medical History" entity will contain
information about the patient's medical
conditions, allergies, previous surgeries,
medications, and other relevant medical
data.
• One-to-many association. For every occurrence in Record
Type X, there are zero, one, or many occurrences in Record
Type Y.
 This association is commonly used when one entity
can have multiple related entities.
 Example: Consider a database for a university. In this
scenario, we have two entities: "Department" and
"Professor."
 Each department can have multiple
professors, but each professor is associated
with only one department.
 The "Department" entity will contain
information such as the department name,
location, contact details, and other
department-specific information.
 The "Professor" entity will contain
information about the professor, including
their name, email address, specialization,
and other relevant details.
In this case, the association between the "Department" and
"Professor" entities is a one-to-many association. Each
department can have multiple professors, but each professor
is linked to a specific department.
• Many-to-many association. For each occurrence of Record
Types X and Y, there are zero, one, or many occurrences of
Record Types Y and X respectively.
 In a many-to-many association, multiple records in
one table are associated with multiple records in
another table, and vice versa.
 This association is used when multiple entities can
have multiple related entities.
 For example, Consider a database for a social media
platform. In this scenario, we have two entities:
"User" and "Groupchat."
 Each user can be a member of multiple
groupchats, and each groupchat can have
multiple users as members.
 The "User" entity will contain information
such as the user's username, email address,
profile information, and other user-specific
details.
 The "Groupchat" entity will contain
information about the group, including the
group name, description, members, and
other relevant group details.
In this case, the association between the "User" and "Group"
entities is a many-to-many association. Each user can be a
member of multiple groups, and each group can have
multiple users as members.
The Hierarchical Model
The hierarchical model is constructed of sets that describe
the relationship between two linked files. This structure is
also called a tree structure. Each set contains a parent and a
child. Files at the same level with the same parent are called
siblings. The highest level in the tree is the root segment, and
the lowest file in a particular branch is called a leaf.
The Network Model
Like the hierarchical model, the network model is a
navigational database with explicit linkages between records
and files. The distinction is that the network model permits a
child record to have multiple parents.
Navigational Databases. The hierarchical data model is called
a navigational database because traversing the files requires
following a predefined path. This is established through
explicit linkages (pointers) between related records. The only
way to access data at lower levels in the tree is from the root
and via the pointers down the navigational path to the
desired records.
The hierarchical and network models are termed navigational
models because of explicit links or paths among their data
elements.
The Relational Model
The relational model portrays data in the form of two-
dimensional tables. The most apparent difference between
the relational model and the navigational models is the way
in which data associations are represented to the user.
Databases in a Distributed Environment
Centralized Databases
This approach involves retaining the data in a central location.
Remote IT units send requests for data to the central site,
which processes the requests and transmits the data back to
the requesting IT unit. The actual processing of the data is
performed at the remote IT unit. The central site performs
the functions of a file manager that services the data needs of
the remote sites. A fundamental objective of the database
approach is to maintain data currency. This can be a
challenging task in a DDP environment.
Data Currency in a DDP Environment
During data processing, information pass through a state of
temporary inconsistency where their values are incorrectly
stated. This occurs during the execution of a transaction.
Distributed Databases
Distributed databases can be either partitioned or replicated:
Partitioned Databases
The partitioned database approach splits the central database
into segments or partitions that are distributed to their
primary users. The advantages of this approach follow:
• Having data stored at local sites increases users' control.
• Transaction processing response time is improved by
permitting local access to data and reducing the volume of
data that must be transmitted between IT units.
• Partitioned databases can reduce the potential effects of a
disaster; By locating data at several sites, the loss of a single
IT unit does not eliminate all data processing by the
organization.
The partitioned approach works best for organizations that
require minimal data sharing among their distributed IT units.
The primary user manages data requests from other sites. To
minimize data access from remote users, the organization
needs to carefully select the host location. Identifying the
optimum host requires an in-depth analysis of user data
needs.
The Deadlock Phenomenon. In a distributed environment, it
is possible for multiple sites to lock out each other from the
database, thus preventing each from processing its
transactions. A deadlock is a permanent condition that must
be resolved by special software that analyzes each deadlock
condition to determine the best solution. Because of the
implication for transaction processing, accountants should be
aware of the issues pertaining to deadlock resolutions.
Deadlock Resolution. Resolving a deadlock usually involves
terminating one or more transactions to complete processing
of the other transactions in the deadlock. The preempted
transactions must then be reinitiated. In preempting
transactions, the deadlock resolution software attempts to
minimize the total cost of breaking the deadlock. Some of the
factors that are considered in this decision follow:
Replicated Databases
Replicated databases are effective in companies where there
exists a high degree of data sharing but no primary user. Since
common data is replicated at each IT unit site, the data traffic
between sites is reduced considerably.
The primary justification for a replicated database is to
support read-only queries. With data replicated at every site,
data access for query purposes is ensured, and lockouts and
delays due to data traffic are minimized.
Concurrency Control
Database concurrency is the presence of complete and
accurate data at all user sites. System designers need to
employ methods to ensure that transactions processed at
each site are accurately reflected in the databases of all the
other sites.
Because of the implication for the accuracy of accounting
records, the concurrency problem is a matter of concern for
auditors. A commonly used method for concurrency control is
to serialize transactions.
Controlling and Auditing Data Management Systems
Controls over data management systems fall into two general
categories: access controls and backup controls.
Access controls are designed to prevent unauthorized
individuals from viewing, retrieving, corrupting, or destroying
the entity's data.
Backup controls ensure that in the event of data loss due to
unauthorized access, equipment failure, or physical disaster
the organization can recover its database.
Access Controls
In the shared database environment, access control risks
include corruption, theft, misuse, and destruction of data.
These threats originate from both unauthorized intruders and
authorized users who exceed their access privileges. Several
control features are now reviewed:

User Views
Access privileges to the database, as defined in their views,
should be commensurate with the user’s legitimate needs.
Although user views can restrict user access to a limited set of
data, they do not define task privileges such as read, delete,
or write. Often, several users may share a single user view but
have different authority levels.
Database Authorization Table
The database authorization table contains rules that limit the
actions a user can take. This technique is similar to the access
control list used in the operating system. Each user is granted
certain privileges that are coded in the authority table, which
is used to verify the user's action requests.
User-Defined Procedures
A user-defined procedure allows the user to create a personal
security program or routine to provide more positive user
identification than a single password. Thus, in addition to a
password, the security procedure asks a series of personal
questions (such as the user's mother's maiden name), which
only the legitimate user should know.
Data Encryption
Database systems also use encryption procedures to protect
highly sensitive stored data, such as product formulas,
personnel pay rates, password files, and certain financial data
thus making it unreadable to an intruder "browsing" the
database.
Biometric Devices
The ultimate in user authentication procedures is the use of
biometric devices, which measure various personal
characteristics, such as fingerprints, voice prints, retina prints,
or signature characteristics. These user characteristics are
digitized and stored permanently in a database security file or
on an identification card that the user carries.
Inference Controls
One advantage of the database query capability is that it
provides users with summary and statistical data for decision
making.
To preserve the confidentiality and integrity of the database,
inference controls should be in place to prevent users from
inferring, through query features, specific data values that
they otherwise are unauthorized to access. Inference controls
attempt to prevent three types of compromises to the
database.
The goal of inference controls is to prevent unauthorized
individuals or entities from drawing accurate conclusions or
making inferences about sensitive information based on
available data.
Audit Objective Relating to Database Access
 Verify that database access authority and privileges
are granted to users in accordance with their
legitimate needs.
Audit Procedures for Testing Database Access Controls
Responsibility for Authority Tables and Subschemas. The
auditor should verify that database administration (DBA)
personnel retain exclusive responsibility for creating authority
tables and designing user views.
Evidence may come from three sources:
(1) by reviewing company policy and job descriptions, which
specify these technical responsibilities;
(2) by examining programmer authority tables for access
privileges to data definition language (DDL) commands; and
(3) through personal interviews with programmers and DBA
personnel.
Appropriate Access Authority.
The auditor can select a sample of users and verify that their
access privileges stored in the authority table are consistent
with their job descriptions organizational levels.
Biometric Controls
The auditor should evaluate the costs and benefits of
biometric controls.
Generally, these would be most appropriate where highly
sensitive data are accessed by a very limited number of users.
Inference Controls
The auditor should verify that database query controls exist
to prevent unauthorized access via inference. The auditor can
test controls by simulating access by a sample of users and
attempting to retrieve unauthorized data via inference
queries.
Encryption Controls
The auditor should verify that sensitive data, such as
passwords, are properly encrypted. Printing the file contents
to hard copy can do this.
Backup Controls
Data can be corrupted and destroyed by malicious acts from
external hackers, disgruntled employees, disk failure,
program errors, fires, floods, and earthquakes. To recover
from such disasters, organizations must implement policies,
procedures, and techniques that systematically and routinely
provide backup copies of critical files.
Backup Controls in the Flat-File Environment
Sequential files (both tape and disk) use a backup technique
called grandparent-parent-child (GPC). This backup technique
is an integral part of the master file update process. Direct
access files, by contrast, need a separate backup procedure.
Both methods are outlined below.
GPC Backup Technique. This backup procedure begins when
the current master file (the parent) is processed against the
transaction file to produce a new updated master file (the
child). With the next batch of transactions, the child becomes
the current master file (the parent), and the original parent
becomes the backup (grandparent) file. The new master file
that emerges from the update process is the child. This
procedure is continued with each new batch of transactions,
creating generations of backup files. When the desired
number of backup copies is reached, the oldest backup file is
erased (scratched). If the current master file is destroyed or
corrupted, processing the most current backup file against
the corresponding transaction file can reproduce it.
This is a backup strategy used to create and manage backup
copies of a database or other critical data. It involves creating
multiple generations or versions of backups to ensure data
availability and recovery in case of data loss or system
failures.
Direct Access File Backup. Data values in direct access files
are changed in place through a process called destructive
replacement. Therefore, once a data value is changed, the
original value is destroyed, leaving only one version (the
current version) of the file.
This is a backup strategy that involves creating a complete
copy or image of a database or file system at a specific point
in time. It is a form of backup that captures the entire data
structure, including files, folders, and system settings.
If the current version of the master file is destroyed through a
disk failure or corrupted by a program error, it can be
reconstructed with a special recovery program from the most
current backup file.
Off-Site Storage. As an added safeguard, backup files created
under both the GPC and direct access approaches should be
stored off-site in a secure location.
Audit Objective Relating to Flat-File Backup
 Verify that backup controls in place are effective in
protecting data files from physical damage, loss,
accidental erasure, and data corruption through
system failures and program errors.
Audit Procedures for Testing Flat-File Backup Controls
• Sequential File (GPC) Backup. The auditor should select a
sample of systems and determine from the system
documentation that the number of GPC backup files specified
for each system is adequate. If insufficient backup versions
exist, recovery from some types of failures may be
impossible.
• Backup Transaction Files. The auditor should verify through
physical observation that transaction files used to reconstruct
the master files are also retained. Without corresponding
transaction files, reconstruction is impossible.
• Direct Access File Backup. The auditor should select a
sample of applications and identify the direct access files
being updated in each system. From system documentation
and through observation, the auditor can verify that each of
them was copied to tape or disk before being updated.
• Off-Site Storage. The auditor should verify the existence
and adequacy of off-site storage. This audit procedure may be
performed as part of the review of the disaster recovery plan
or computer center operations controls.
Backup Controls in the Database Environment
Since data sharing is a fundamental objective of the database
approach, this environment is particularly vulnerable to
damage from individual users. One unauthorized procedure,
one malicious act, or one program error can deprive an entire
user community of its information resource. Also, because of
data centralization, even minor disasters such as a disk failure
can affect many or all users. When such events occur, the
organization needs to reconstruct the database to pre-failure
status. This can be done only if the database was properly
backed up in the first place.
Backup. The backup feature makes a periodic backup of the
entire database. This is an automatic procedure that should
be performed at least once a day. The backup copy should
then be stored in a secure remote area.
Transaction Log (Journal). The transaction log feature
provides an audit trail of all processed trans-actions. It lists
transactions in a transaction log file and records the resulting
changes to the database in a separate database change log.
Checkpoint Feature. The checkpoint facility suspends all data
processing while the system reconciles the transaction log
and the database change log against the database. At this
point, the system is in a quiet state. Checkpoints occur
automatically several times an hour. If a failure occurs, it is
usually possible to restart the processing from the last
checkpoint. Thus, only a few minutes of transaction
processing must be repeated.
Recovery Module. The recovery module uses the logs and
backup files to restart the system after a failure.
Audit Objective Relating to Database Backup
• Verify that controls over the data resource are sufficient to
preserve the integrity and physical security of the database.
Audit Procedures for Testing Database Backup Controls
• The auditor should verify that backup is performed
routinely and frequently to facilitate the recovery of lost,
destroyed, or corrupted data without excessive reprocessing,
Production databases should be copied at regular intervals
(perhaps several times an hour). Backup policy should strike a
balance between the inconvenience of frequent backup
activities and the business disruption caused by excessive
reprocessing that is needed to restore the database after a
failure.
• The auditor should verify that automatic backup procedures
are in place and functioning, and that copies of the database
are stored off-site for further security.