Solved

database design questions

Posted on 2014-09-13
3
164 Views
Last Modified: 2014-09-19
I'm working on designing a new database for a web application that accepts online credit card applications from businesses.  I have put together the following series of questions during the design phase:

•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
•Do you need to be able to audit record changes?
•What internal controls do you need reflected in the database?
•What business rules must be followed under what circumstances?
•How large to you expect the data to get?
•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
•Do you need a separate data warehouse for reporting?
•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
•What databases do you currently have license for? Already know this one...Sql Server 2012.
•Will different groups of users need different accesses?
•How is the process currently being handled?  I believe the current process is handled manually.
•Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?

I was interested in any additional feedback on other questions I should consider?

Thanks in advance for any help!
Regards.
0
Comment
Question by:-Dman100-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 40321418
PCI (Payment Card Industry) standards since you're dealing with credit card related data.  https://www.pcisecuritystandards.org/
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40321482
•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
See above.  Confidentiality must be insured at database level.


•Do you need to be able to audit record changes?
Yes

•What internal controls do you need reflected in the database?
Generally, the ones concerning privacy, confidentiality and showing that you have control over credit.

•What business rules must be followed under what circumstances?
See above.

•How large to you expect the data to get?
Depends on the amount of people using the system.

•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
Design a proper database.  Do not *ever* create tables and columns on the fly.  Declarative constraints with proper error management is the key.

•Do you need a separate data warehouse for reporting?
No.

•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
A database is supposed to take input/give output from any application.

•What databases do you currently have license for? Already know this one...Sql Server 2012.
Yes make sure you are not breaking the law.

•Will different groups of users need different accesses?
As little as possible.  Even on reading data.  

•How is the process currently being handled?  I believe the current process is handled manually.
Is there a point comparing an absence of security/process to something structured.  Build a secure process to get in agreement with the law.  The current process is probably illegal.

•Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?
Actually, the answer is yes.  

Security Auditors will look for consistency onto the handling of privacy.  If they realize that some customers do not have the same level of security than others, you are exposing for punishment.
0
 
LVL 69

Accepted Solution

by:
Scott Pletcher earned 250 total points
ID: 40323348
The questions below have either nothing to do with logical database design or only tangentially relevant to it.  If you're just doing a design, ignore non-design qs until such time as they become relevant:

"
How large do you expect the data to get?
How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
What databases do you currently have license for?
How is the process currently being handled?  I believe the current process is handled manually.
Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?
"
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question