What are the 3 principles of information security?

Information can only be accessed by individuals, groups or processes authorized to do so

Information is maintained, so that it is up to date, accurate, complete and fit for purpose.

Information is always available to and usable by the individuals, groups or processes that need to use it.

Organisations should ensure that their information systems and associated hardware and software, work as intended.

If data is not easily accessible users may decide to make their own copies. This is a security risk, as the more copies of data there are, the harder the data is to protect.

Organisations should have a culture of checking and reporting when data is an accurate. EG. A teacher contacting a parent to find that the telephone number is out of use, should inform the schools data manager.