Professional Documents
Culture Documents
Data Masking For Non-Prod Applications Project - Scope of Work (SOW) V 1.0
Data Masking For Non-Prod Applications Project - Scope of Work (SOW) V 1.0
prod Applications
Project - Scope of Work
(SOW)
Department: BAS
PR no: XXX
CRC no: XXX
In response to the increasing need for data privacy and compliance, the project focuses on implementing
data masking techniques for PII, and sensitive data in non-production environments after data is
refreshed from production. This is critical for safeguarding sensitive information across applications such
as Oracle Fusion (Cloud), Oracle PaaS database (Cloud), Datix, CAFM, MD Staff, and other clinical
applications.
We scramble element entries for all Oracle fusion person records using HDL load. This is a manual and
time-consuming process where our admin has to monitor the error and fix and reload it until all records
are scrambled. This impacts the timely delivery of instances to the developer and business users.
2. Objectives
3. Scope of Work
• Analyzing and identifying PII and sensitive data (Patient data, pay data, National ID, etc.) across all
involved systems.
• Developing masking rules and logic appropriate to each data type and system.
• Implementing data masking solutions tailored to Oracle Fusion, Oracle PaaS database, Datix, CAFM, MD
Staff, and other clinical systems.
• Ensuring that data masking does not disrupt the integrity and usability of the data for testing, validation,
and development.
• Conducting regular updates and maintenance of the data masking rules as per compliance changes and
system updates.
• Collaborating with IMT security, compliance, and database teams to align the data masking strategies.
• The tool should have the capability to work with Cloud and On-Prem applications.
• Masked data should not disturb the data validation process. It should represent the correct mapping.
This will be required while signing off UATs with business based on project requirements.
• Flexibility to configure masking rules at our own.
• Tool should be driven through proper access control matrix and also should be integrated with our
LDAP/MFA authentication
5. Deliverables