In part 6 of “Memoirs of an Enterprise Architect” I discussed how integration relates to Big Data. In part 7, I will discuss data classification and compliance.
This time I will test your knowledge. Are you ready?
It’s game time!
Troux or false?
- Data Classification assigns risk based on impact to the business if data is disclosed?
- Applications should not be classified?
- I have taken off my pants twice writing this blog series?
- NC-17 is a movie rating and not a Classification rating?
- Not all SOX are red?
- Compliance are policies, procedures, and controls when dealing with customer data?
If you answered “Troux” to all of the above then you are a genius. For the rest of you, I’m sorry….
Can an Application be Classified?
This is a trick question because the answer is yes and no. Part of effectively managing your Application Portfolio is capturing classification and compliance details, but the real question is, “Where do these details need to be captured?” Does your organization have regulatory requirements such as Sarbanes-Oxley (SOX) or Payment Card Industry (PCI)?
Many organizations store compliance and classification information on the application record. This is not the right place because an application may use one or more types of structured or unstructured data sources where the actual customer data resides.
There are solutions that help manage classification and compliance information that can be used as an integration point into your Enterprise Portfolio Management (EPM) solution, such as Troux. However, Troux can manage this directly as well. Remember, customer data has to be in compliance with all regulatory requirements for your type of business. Also, customer data gets classified not the application that creates it. Nevertheless, when your applications are related to all of their structured and unstructured data sources, key questions about the business can be answered.
- What applications in the organization store PCI data?
- How many applications store Restricted data?
So, the bottom line is that Troux can easily enable you to understand where your level of risk to the business is and ensures you are in compliance with all applicable regulatory requirements.
How are you managing your application compliance and classification data?
See you next week, same time, same place where I will discuss Application Portfolio Rationalization.