Later that morning, Nancy showed Basel her seven stacks of policy cards. Then she showed him the spreadsheet that Vic and she had filled in.
“What I can’t see,” said Basel, “is how you can take more than 100 regulations and policies and distil them down into only seven regulatory families. I’m lost there.”
“That’s the key breakthrough,” replied Nancy. “I looked at what actions you needed to enforce. Consider a database holding HIPAA information, customer information, PCI Credit Card data, and employee Personally Private Information.”
“The very idea of all that in one database is scary,” said Basel, “but each of those requires different and very specific protections,” Basel said.
“When do they require ...