Solved

database design questions

Posted on 2014-09-13
3
160 Views
Last Modified: 2014-09-19
I'm working on designing a new database for a web application that accepts online credit card applications from businesses.  I have put together the following series of questions during the design phase:

•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
•Do you need to be able to audit record changes?
•What internal controls do you need reflected in the database?
•What business rules must be followed under what circumstances?
•How large to you expect the data to get?
•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
•Do you need a separate data warehouse for reporting?
•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
•What databases do you currently have license for? Already know this one...Sql Server 2012.
•Will different groups of users need different accesses?
•How is the process currently being handled?  I believe the current process is handled manually.
•Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?

I was interested in any additional feedback on other questions I should consider?

Thanks in advance for any help!
Regards.
0
Comment
Question by:-Dman100-
3 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 40321418
PCI (Payment Card Industry) standards since you're dealing with credit card related data.  https://www.pcisecuritystandards.org/
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40321482
•Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)?
See above.  Confidentiality must be insured at database level.


•Do you need to be able to audit record changes?
Yes

•What internal controls do you need reflected in the database?
Generally, the ones concerning privacy, confidentiality and showing that you have control over credit.

•What business rules must be followed under what circumstances?
See above.

•How large to you expect the data to get?
Depends on the amount of people using the system.

•How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules)?
Design a proper database.  Do not *ever* create tables and columns on the fly.  Declarative constraints with proper error management is the key.

•Do you need a separate data warehouse for reporting?
No.

•How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
A database is supposed to take input/give output from any application.

•What databases do you currently have license for? Already know this one...Sql Server 2012.
Yes make sure you are not breaking the law.

•Will different groups of users need different accesses?
As little as possible.  Even on reading data.  

•How is the process currently being handled?  I believe the current process is handled manually.
Is there a point comparing an absence of security/process to something structured.  Build a secure process to get in agreement with the law.  The current process is probably illegal.

•Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?
Actually, the answer is yes.  

Security Auditors will look for consistency onto the handling of privacy.  If they realize that some customers do not have the same level of security than others, you are exposing for punishment.
0
 
LVL 69

Accepted Solution

by:
ScottPletcher earned 250 total points
ID: 40323348
The questions below have either nothing to do with logical database design or only tangentially relevant to it.  If you're just doing a design, ignore non-design qs until such time as they become relevant:

"
How large do you expect the data to get?
How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
What databases do you currently have license for?
How is the process currently being handled?  I believe the current process is handled manually.
Do you need to migrate data from the old system?  Also, I believe the answer is no for this one?
"
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Server 2008 Cluster Fail-over Errors 5 53
Powershell SMO script not working. 18 102
sql query Help 12 34
Join vs where 2 11
Introduction In my previous article (http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SSIS/A_9150-Loading-XML-Using-SSIS.html) I showed you how the XML Source component can be used to load XML files into a SQL Server database, us…
Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
Viewers will learn how the fundamental information of how to create a table.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now