What sort of data are you planning on populating it with? If it is personal data such as salary, home address or medical data, or if it is credit card data then you may be required to protect it appropriately (in the US see HIPAA, Gramm-Leech-Bliley, SoX and state data protection legislation; in the UK see DPA 1988, FSA regs; in Japan JSoX; Globally PCI-DSS)
Aside from those regulations (and a whole lot of others globally) how would your business cope if the data was deleted, or published on the Internet, or modified, or corrupted?
The answers should help you define an 'appropriate' level of protection, which should then be explained along with the possible risks to the board, who should then make the decision as to whether it should go in.
(tweak the above based on company size, country etc)
发布评论
评论(1)
考虑一下这里的风险:
您计划用什么类型的数据填充它?如果是工资、家庭地址或医疗数据等个人数据,或者信用卡数据,那么您可能需要对其进行适当保护(在美国,请参阅 HIPAA、Gramm-Leech-Bliley、SoX 和州数据保护立法) ;在英国,请参阅 DPA 1988、FSA 法规;在全球,请参阅 PCI-DSS)
除了这些法规(以及全球范围内的许多其他法规)之外,如果数据被删除或发布,您的企业将如何应对互联网,或者被修改,或者被破坏?
答案应帮助您定义“适当”的保护级别,然后应向董事会解释该保护级别以及可能存在的风险,然后由董事会决定是否应该加入。
(根据公司规模调整上述内容、国家等)
Think about the risks here:
What sort of data are you planning on populating it with? If it is personal data such as salary, home address or medical data, or if it is credit card data then you may be required to protect it appropriately (in the US see HIPAA, Gramm-Leech-Bliley, SoX and state data protection legislation; in the UK see DPA 1988, FSA regs; in Japan JSoX; Globally PCI-DSS)
Aside from those regulations (and a whole lot of others globally) how would your business cope if the data was deleted, or published on the Internet, or modified, or corrupted?
The answers should help you define an 'appropriate' level of protection, which should then be explained along with the possible risks to the board, who should then make the decision as to whether it should go in.
(tweak the above based on company size, country etc)