IBM
Guardium® Data Security Center is designed to automatically create
a compliance program and help you adhere to compliance regulations. Follow the prompts in the UI to
set up an end-to-end compliance workflow quickly and efficiently.
Before you begin
Data compliance This content is
available through the IBM
Guardium Data Compliance module.
Begin your compliance journey with the information that is available to you. You can access the
Compliance milestones page later to schedule your reports, define where your
alerts are sent, and add or replace your entries with new information.
About this task
This procedure helps you to set up your compliance program and get started on your compliance
journey. After you answer a few questions, Guardium Data Security Center automatically creates your data compliance program for you:
Procedure
- Click Add connection to add one or more connections to data
sources, native activity logs, or event streams. Guardium Data Security Center will monitor these connections. Then click
Get started to begin the set up of your data compliance program.
- Select a compliance regulation. You can revisit this page and select a different
compliance regulation at a later time.
- Provide the list of admin users, authorized users, sensitive table names, and source IPs
manually, by uploading a .CSV file, or by copying from another group. If you do not have all the
information, you can revisit your compliance milestones and provide the information later. Click
Next to view the list of artifacts that will be automatically
installed.
- After you click Create your program, Guardium Data Security Center automatically creates and installs policies,
reports, groups and compliance dashboards for you. You are then taken to the Compliance
milestones page to configure alerts and refine your data.
- Refine alerts by configuring the recipients for each predefined
alert. You can enter email IDs or connect to a third-party service that can capture the alerts.
Then, test the connection before you save your settings. When a policy rule is triggered, the
configured recipient receives a notification.
- Set up compliance and and data
security report scheduling.
If applicable, you can also
set up Data security report scheduling.
- Assign one or more internal reviewers. The reviewer must be an auditor, compliance
officer, or an admin to access the scheduled reports.
- Optional: Assign an approver who approves the audit when all the reports
are reviewed.
- Preview the email that is sent to reviewers.
- Set up a schedule for delivery of the emails. You can select when and how often you'd
like to run the reports and deliver them to the reviewers.
Tip: To satisfy compliance requirements, you must set up a system of review to stay on
top of the activity in your database environment and create an audit trail. This system of review
and sign off is also called as the "audit process". The guided compliance program helps you set up
the audit process quickly and easily from the Compliance milestones.
- View your predefined reports and provide any missing information.
What to do next
After you create your compliance program, you can access the Compliance
milestones page at anytime to create schedule or reschedule reports, reconfigure alert
recipients, and enter any new information that becomes available to you. You can also create another
compliance program by clicking Add new program on the top right corner of the
page.
Access your dashboards from the main menu for a snapshot of all important information related to
your reports, groups, open tasks and more.