• Success
    Manage your Success Plans and Engagements, gain key insights into your implementation journey, and collaborate with your CSMs
    Success
    Accelerate your Purchase to Value engaging with Informatica Architects for Customer Success
    All your Engagements at one place
  • Communities
    A collaborative platform to connect and grow with like-minded Informaticans across the globe
    Communities
    Connect and collaborate with Informatica experts and champions
    Have a question? Start a Discussion and get immediate answers you are looking for
    Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
  • Knowledge Center
    Troubleshooting documents, product guides, how to videos, best practices, and more
    Knowledge Center
    One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
    Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
    Information library of the latest product documents
    Best practices and use cases from the Implementation team
  • Learn
    Rich resources to help you leverage full capabilities of our products
    Learn
    Role-based training programs for the best ROI
    Get certified on Informatica products. Free, Foundation, or Professional
    Free and unlimited modules based on your expertise level and journey
    Self-guided, intuitive experience platform for outcome-focused product capabilities and use cases
  • Resources
    Library of content to help you leverage the best of Informatica products
    Resources
    Most popular webinars on product architecture, best practices, and more
    Product Availability Matrix statements of Informatica products
    Monthly support newsletter
    Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
    End of Life statements of Informatica products
Last Updated Date May 26, 2021 |

Data security and compliance weigh heavily on any organization handling sensitive, regulated, and high-value information. Regulatory mandates are nothing new, but in most organizations the pressure, cost, and effort required to sustain data compliance is reaching unprecedented levels. Depending on the industry, there are regulations that dictate which kinds of data need to be protected while there are also industry-specific metrics that an organization must produce to demonstrate thresholds of quality, compliance, or performance. As a result, compliance is both about protecting sensitive data to meet the interests of consumer/individual privacy as well as providing relevant data to external oversight bodies.

Given the vast number and variety of privacy and compliance regulations, organizations need to be able to apply industry-specific process and quality rules regardless of whether data resides on-premise, in the cloud, at the point of data collection, at various points during the data lifecycle, or even in archives. The Informatica platform contains a number of tools to assist with  compliance efforts.

 

Five Principles to Developing Compliance Capabilities

1. Ensure High Quality Data

Poor quality data can lead to inaccurate or inconsistent reporting and inaccurate triggers that events have occurred either in the form of false positive or false negative results. False positives can lead organizations to inaccurately count too many trigger events, ultimately creating noise around the true events. False negatives can lead to missing an event of concern. High quality data ensures that identifying compliance risk becomes easier and more accurate, reporting becomes more efficient, and results are more accurate. Poor quality data can also lead to missed aggregation results in analytics and therefore downstream decision-making processes.

Another aspect of high-quality data is eliminating duplicate data and finding the best source of truth for individuals, products, suppliers, etc. This ensures that when compliance reports are being created on a per subject basis, that all the necessary information is aggregated under that single mastered record.

To discover the quality of your data, Informatica Data Quality (IDQ) is used to profile the data and create scorecards. These scorecards can be integrated into Axon as part of the overall Data Governance visualizations and reporting. Axon can also be used to document the business definition of data quality rules which can then be integrated with IDQ and turned into executable rules.

Creating the best source of truth for individuals, products and suppliers can be achieved with Informatica’s Master Data Management (MDM) tools; Multi-Domain MDM, Customer360 (C360), Product 360 (P360), Supplier 360 (S360), and if transactional information needs to also be associated with the mastered subject, Customer 360 Insights (C360i). If transactional data needs to be included in the compliance report (e.g., medical records for patient requests Payer Risk Adjustment reporting for the Affordable Care Act, products purchased, membership club benefits consumed, call center interactions for Privacy Act reporting, etc.) then Customer 360 Insights (C360i) may be a better option for the registry of subject data.

 

2. Establish Enterprise Data Governance

To identify data that needs to be protected or reported, one needs to find it at any point in the data lifecycle. Data (and metadata) need clear, standardized definitions; and integrated information about data lineage needs to be available to business users who are responsible for assembling compliance reports. This will vastly reduce the time to achieve compliance and the level of effort involved.

The Axon data governance product is used to capture those standardized definitions as Glossary items and establish policies related to the data, systems, processes, and 3rd parties the data is shared with or sold to.

Metadata and lineage can be obtained with Enterprise Data Catalog (EDC) scans and that information can be integrated in Axon and tied to the Glossary definitions. 

 

3. Automation

Discovery and profiling are essential to knowing where data resides, who accesses it, how often it is updated and whether it’s valid -- not only for the data you know and are familiar with, but more importantly for the data you don’t know about. Data Privacy Manager (DPM) is an automated and AI-driven tool that can reveal where the data lives, what business processes it supports, who uses it, who controls it, how well it’s protected, and what risk it carries. The DPM protection information can also be integrated into Axon for a complete view of quality, lineage, and protection.

 

4. Reusability

If data is defined, standardized, or fixed in one system, those rules need to persist either with the data itself or in the systems where the data lives. Any updates should be reusable across any other data stores. And data should be standardized across the enterprise, thus making reporting more accurate and improving reporting efficiency.

Using Axon as the central place where the business defines the rules and integrating them with IDQ allows those rules to be reused across other applications such as Master Data Management (MDM), data movement tools such as Power Center (PC) and Informatica Intelligent Cloud Services (IICS).

Using Axon as the central place where the business defines data protection policies and integrates them with DPM, provides a streamlined mechanism for policy definition and enforcement.

 

5. Include Both Business and IT

Business stakeholders define the data and the processes the data is used in, translate the compliance mandates, and prepare compliance reports and analytics in Axon. IT supports the data management practices whereby data is ingested and travels across different applications and systems. IT applies data transformation rules via IDQ as defined by business users. DPM in conjunction with Test Data Management (TDM), Persistent Data Masking (PDM), Dynamic Data Masking (DPM), and Data Archive can automate many of the processes whereby data is protected or modified as needed by end-users, and eventually archived according to record retention schedules established by the business and legal/compliance teams. It is critical that IT understand the business reasons for knowing where the data is stored and how it moves during the data lifecycle. IT can provide visibility into the data lineage via either EDC or DPM information integrated into Axon, thus enabling business stakeholders to readily respond to compliance mandates.

While a full regulatory compliance initiative across multiple Informatica tools is always customer-specific based on an organization’s requirements, below is a possible outline of what capabilities can be implemented with each tool. Not all capabilities/tools are needed for every customer:

Getting started: Regulatory Compliance Base

Axon

Design and load facets/relationships

IDQ

Profile data and create quality rules

EDC

Domain curation and scanner connectors

DPM

Domain curation and scanner connectors

MDM

MDM requirements/discovery documented in Axon and initial load in MDM with DQ rules applied

C360i

MDM requirements/discovery documented in Axon and initial load in MDM with DQ rules applied

IICS

Source to Target data movement to MDM

PDM/DPM

Identify masking/obscuring rules based on security measure policies

Archive

Identify and configure record retention rules based on retention policies

TDM

Create sub-sets of data to archive/ delete based on retention policies

 

The above capabilities can each be implemented as standalone projects or as sub-projects in an overall program in parallel with each other depending on resource and budget availability. 

Once success has been achieved with each tool individually, they can be integrated together to provide a more powerful and automated compliance platform:

Integration

IDQ

Integrate IDQ/AXON:

  • Business Rules in Axon to DQ
  • Scorecards from DQ to Axon

EDC

Integrate EDC/AXON:

  • Data Sets and Attributes from EDC to Axon

DPM

Integrate DPM/AXON:

  • Policies in Axon to DPM
  • Risk data from DPM to Axon

MDM

Design interfaces for consuming mastered data

C360i

Design interfaces for consuming mastered data and transactions

IICS

Any process orchestration or data movement between Informatica or other Products/ Systems

PDM/DPM

Integrate masking activities with DPM

Archive

Integrate archiving activities with DPM

TDM

Integrate sub-setting with DPM & Archive

 

The final outcome in any regulatory compliance initiative is providing reports and dashboards that visualize the information of interest to compliance.

Audit Reporting/Dashboards

Axon

Data Quality and Data Governance dashboards
and API calls for 3rd party reporting tools

IDQ

Quality dashboard monitoring over time

EDC

Metadata and lineage monitoring over time

DPM

Risk monitoring over time, Subject Registry design and API calls for 3rd party reporting tools

MDM

MDM operational statistics over time

C360i

MDM operational statistics over time

IICS

Process orchestration to obtain data from multiple products, transform, combine, and make available for 3rd party reporting tools

Table of Contents

RESOURCES

Data Governance & Privacy

Article

PLAN

Best Practice

IMPLEMENT

Article

MONITOR

Article

OPTIMIZE

Success

Link Copied to Clipboard