S 4.134 Selection of suitable data formats

Initiation responsibility: Head of IT

Implementation responsibility: Head of IT, User

There are many different data formats that are supported by different IT applications. In general, however, they are not compatible, i.e. they are not interchangeable. Often, unfortunately, not even IT applications with the same tasks (e.g. word processing systems) can handle the data formats of similar products. This problem is aggravated by the fact that application programs are often no longer able to process the data formats of their predecessors after the version has been changed.

Therefore, it must be examined when purchasing new application programs which data formats are supported and how widespread the supported data formats are. Since many important processes are to be stored electronically permanently, it is equally important to examine which "service life" is expected to be reached by a data format. In general, it should be checked for each system change whether all stored data can still be processed using the new IT systems or applications.

Whenever an application program is used, it must also be considered in which format the processed data is to be stored. In this respect, it should always be taken into consideration by whom and at what time this data is to be read.

When selecting data formats for the exchange of files, it should also be examined whether or not they might involve security risks. For example, certain data formats might contain undesired additional information in the files (see also S 4.64 Verification of data before transmission / elimination of residual information). Files which were created in certain data formats can also result in other security-related problems such as macros and thus in the risk of macro viruses (see S 4.3 Use of virus protection programs).

The considerations of which data formats are suitable for which purposes and are to be supported in the organisation should be suitably documented and communicated.

Review questions:

• When purchasing application programs, is attention paid to which data formats are supported?
• When purchasing application programs, is attention paid to whether the supported data formats meet the organisation's requirements with respect to the service life of the format?
• When selecting the data format for the exchange of files, is it taken into consideration which additional information is stored?