database design questions
I'm working on designing a new database for a web application that accepts online credit card applications from businesses. I have put together the following series of questions during the design phase:
•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
•Do you need to be able to audit record changes?
•What internal controls do you need reflected in the database?
•What business rules must be followed under what circumstances?
•How large to you expect the data to get?
•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
•Do you need a separate data warehouse for reporting?
•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
•What databases do you currently have license for? Already know this one...Sql Server 2012.
•Will different groups of users need different accesses?
•How is the process currently being handled? I believe the current process is handled manually.
•Do you need to migrate data from the old system? Also, I believe the answer is no for this one?
I was interested in any additional feedback on other questions I should consider?
Thanks in advance for any help!
Regards.
•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
•Do you need to be able to audit record changes?
•What internal controls do you need reflected in the database?
•What business rules must be followed under what circumstances?
•How large to you expect the data to get?
•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
•Do you need a separate data warehouse for reporting?
•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
•What databases do you currently have license for? Already know this one...Sql Server 2012.
•Will different groups of users need different accesses?
•How is the process currently being handled? I believe the current process is handled manually.
•Do you need to migrate data from the old system? Also, I believe the answer is no for this one?
I was interested in any additional feedback on other questions I should consider?
Thanks in advance for any help!
Regards.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
See above. Confidentiality must be insured at database level.
•Do you need to be able to audit record changes?
Yes
•What internal controls do you need reflected in the database?
Generally, the ones concerning privacy, confidentiality and showing that you have control over credit.
•What business rules must be followed under what circumstances?
See above.
•How large to you expect the data to get?
Depends on the amount of people using the system.
•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
Design a proper database. Do not *ever* create tables and columns on the fly. Declarative constraints with proper error management is the key.
•Do you need a separate data warehouse for reporting?
No.
•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
A database is supposed to take input/give output from any application.
•What databases do you currently have license for? Already know this one...Sql Server 2012.
Yes make sure you are not breaking the law.
•Will different groups of users need different accesses?
As little as possible. Even on reading data.
•How is the process currently being handled? I believe the current process is handled manually.
Is there a point comparing an absence of security/process to something structured. Build a secure process to get in agreement with the law. The current process is probably illegal.
•Do you need to migrate data from the old system? Also, I believe the answer is no for this one?
Actually, the answer is yes.
Security Auditors will look for consistency onto the handling of privacy. If they realize that some customers do not have the same level of security than others, you are exposing for punishment.