Setting up a data compliance program

IBM Guardium® Data Security Center is designed to automatically create a compliance program and help you adhere to compliance regulations. Follow the prompts in the UI to set up an end-to-end compliance workflow quickly and efficiently.

Before you begin

Data compliance This content is available through the IBM Guardium Data Compliance module.

  • Identify the data sources that contain sensitive data and connect them to Guardium Data Security Center. Connect at least one data source before you set up your compliance program.
  • Gather information such as lists of admin and authorized users, authorized IP addresses, and table names that contain sensitive objects.
  • Identify one or more internal reviewers and collect their email IDs to configure the delivery of reports. The reviewer must be an auditor, compliance officer, or an admin to access the scheduled reports.
    Tip: Any compliance-related data is classified as a sensitive object.
Begin your compliance journey with the information that is available to you. You can access the Compliance milestones page later to schedule your reports, define where your alerts are sent, and add or replace your entries with new information.

About this task

This procedure helps you to set up your compliance program and get started on your compliance journey. After you answer a few questions, Guardium Data Security Center automatically creates your data compliance program for you:

Procedure

  1. Click Add connection to add one or more connections to data sources, native activity logs, or event streams. Guardium Data Security Center will monitor these connections. Then click Get started to begin the set up of your data compliance program.
  2. Select a compliance regulation. You can revisit this page and select a different compliance regulation at a later time.
  3. Provide the list of admin users, authorized users, sensitive table names, and source IPs manually, by uploading a .CSV file, or by copying from another group. If you do not have all the information, you can revisit your compliance milestones and provide the information later. Click Next to view the list of artifacts that will be automatically installed.
  4. After you click Create your program, Guardium Data Security Center automatically creates and installs policies, reports, groups and compliance dashboards for you. You are then taken to the Compliance milestones page to configure alerts and refine your data.
  5. Refine alerts by configuring the recipients for each predefined alert. You can enter email IDs or connect to a third-party service that can capture the alerts. Then, test the connection before you save your settings. When a policy rule is triggered, the configured recipient receives a notification.
  6. Set up compliance and and data security report scheduling.
    If applicable, you can also set up Data security report scheduling.
    1. Assign one or more internal reviewers. The reviewer must be an auditor, compliance officer, or an admin to access the scheduled reports.
    2. Optional: Assign an approver who approves the audit when all the reports are reviewed.
    3. Preview the email that is sent to reviewers.
    4. Set up a schedule for delivery of the emails. You can select when and how often you'd like to run the reports and deliver them to the reviewers.
    Tip: To satisfy compliance requirements, you must set up a system of review to stay on top of the activity in your database environment and create an audit trail. This system of review and sign off is also called as the "audit process". The guided compliance program helps you set up the audit process quickly and easily from the Compliance milestones.
  7. View your predefined reports and provide any missing information.

What to do next

After you create your compliance program, you can access the Compliance milestones page at anytime to create schedule or reschedule reports, reconfigure alert recipients, and enter any new information that becomes available to you. You can also create another compliance program by clicking Add new program on the top right corner of the page.

Access your dashboards from the main menu for a snapshot of all important information related to your reports, groups, open tasks and more.