Integrity
Definition
Integrity is the assurance that information remains accurate, complete, and unaltered except through authorized, intended changes. In ISO/IEC 27001-based information security management, integrity is a core security objective alongside confidentiality and availability, and it is addressed by identifying integrity risks, applying appropriate controls, and maintaining evidence that changes to information and systems are legitimate and traceable. Integrity covers both data (records, transactions, logs, configurations) and the processes that create, transmit, store, and modify it. Practical integrity measures include strong access control and segregation of duties to prevent unauthorized edits; change management and version control to ensure modifications are reviewed, approved, and reversible; cryptographic integrity checks (hashes, checksums, digital signatures) to detect tampering; and logging, monitoring, and audit trails to provide accountability and support investigations. Integrity is also supported by resilient backups and restoration testing so corrupted or altered information can be recovered. Equivalent concepts appear across other security frameworks through controls for change control, audit logging, secure software delivery, and tamper detection, even when expressed with different control identifiers or assurance criteria.
Real-World Examples
CI/CD artifact integrity
A startup signs release artifacts and verifies hashes in deployment to ensure only approved builds reach production.
Database integrity controls
An SMB enforces constraints and writes immutable audit logs so critical records can’t be silently altered.
File integrity monitoring
An enterprise monitors key system files and configuration baselines to detect unauthorized changes on servers.
Controlled changes to sensitive records
A regulated team requires dual approval for updates to billing and access records to prevent unauthorized modification.
Integrity means information stays accurate, complete, and trustworthy, and any change is intentional, authorized, and traceable rather than accidental or malicious.
In the CIA triad, integrity focuses on preventing unauthorized or improper modification of data and systems, and on detecting and correcting tampering or corruption.
Confidentiality prevents unauthorized disclosure, availability ensures information is accessible when needed, and integrity ensures information is not altered in an unauthorized or incorrect way.
Use access controls, input validation, transactions, constraints, versioning, change approvals, and auditable logs, plus backups and integrity checks to detect and recover from corruption.
Checksums and hashes detect unintended changes, while digital signatures add authentication and non-repudiation so recipients can confirm who signed data and that it was not modified.
Audit trails record who changed what and when, enabling accountability, detection of unauthorized edits, and evidence for investigations, reviews, and compliance assessments.
FIM continuously checks critical files against approved baselines and alerts on unexpected changes, commonly used for servers, security tools, and regulated or high-risk environments.
Common causes include software defects, misconfigurations, weak permissions, insider misuse, malware, transmission errors, storage failures, and incomplete or unreviewed changes.
Least privilege limits who can modify data and configurations, reducing the chance of accidental edits and preventing unauthorized changes by restricting write access to approved roles.
Validate integrity with monitoring and alerts, periodic reviews of privileged changes, checksum or signature verification, baseline comparisons, and restoration tests to confirm recovery from tampering.
| Version | Date | Author | Description |
|---|---|---|---|
| 1.0.0 | 2026-02-26 | WatchDog Security GRC Wiki Team | Initial publication |
