Solved

database design questions

Posted on 2014-09-13
3
165 Views
Last Modified: 2014-09-19
I'm working on designing a new database for a web application that accepts online credit card applications from businesses.  I have put together the following series of questions during the design phase:

•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
•Do you need to be able to audit record changes?
•What internal controls do you need reflected in the database?
•What business rules must be followed under what circumstances?
•How large to you expect the data to get?
•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
•Do you need a separate data warehouse for reporting?
•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
•What databases do you currently have license for? Already know this one...Sql Server 2012.
•Will different groups of users need different accesses?
•How is the process currently being handled?  I believe the current process is handled manually.
•Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?

I was interested in any additional feedback on other questions I should consider?

Thanks in advance for any help!
Regards.
0
Comment
Question by:-Dman100-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 40321418
PCI (Payment Card Industry) standards since you're dealing with credit card related data.  https://www.pcisecuritystandards.org/
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40321482
•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
See above.  Confidentiality must be insured at database level.


•Do you need to be able to audit record changes?
Yes

•What internal controls do you need reflected in the database?
Generally, the ones concerning privacy, confidentiality and showing that you have control over credit.

•What business rules must be followed under what circumstances?
See above.

•How large to you expect the data to get?
Depends on the amount of people using the system.

•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
Design a proper database.  Do not *ever* create tables and columns on the fly.  Declarative constraints with proper error management is the key.

•Do you need a separate data warehouse for reporting?
No.

•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
A database is supposed to take input/give output from any application.

•What databases do you currently have license for? Already know this one...Sql Server 2012.
Yes make sure you are not breaking the law.

•Will different groups of users need different accesses?
As little as possible.  Even on reading data.  

•How is the process currently being handled?  I believe the current process is handled manually.
Is there a point comparing an absence of security/process to something structured.  Build a secure process to get in agreement with the law.  The current process is probably illegal.

•Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?
Actually, the answer is yes.  

Security Auditors will look for consistency onto the handling of privacy.  If they realize that some customers do not have the same level of security than others, you are exposing for punishment.
0
 
LVL 69

Accepted Solution

by:
Scott Pletcher earned 250 total points
ID: 40323348
The questions below have either nothing to do with logical database design or only tangentially relevant to it.  If you're just doing a design, ignore non-design qs until such time as they become relevant:

"
How large do you expect the data to get?
How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
What databases do you currently have license for?
How is the process currently being handled?  I believe the current process is handled manually.
Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?
"
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Via a live example, show how to shrink a transaction log file down to a reasonable size.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question