Chapter 6. Compliance—Risk Management Perspective

Governance, risk, and compliance (GRC) and enterprise risk management (ERM) professionals (see Figure 6-1) concern themselves with the things that could go terribly wrong. To prevent a disaster, like a leak of customers’ private data, or the loss of customer confidence that could be caused by a denial-of-service attack, positive steps need to be taken. A more integrated relationship between information systems and risk involves both the real-time monitoring of situations, as well as the forensic re-creation of historic situations.

Data-driven developers need to be aware of these requirements and threats and be able to build architectures and deploy systems that meet these demands. Solutions to issues in other domains can impact compliance adversely. Security and privacy violations can be damaging whether they pass through online transaction processing (OLTP) or through online analytical processing (OLAP) processes (see Figure 6-2). Compliance needs to be universally applied whether working with a single multi-model database or with multiple persistence mechanisms in a polyglot persistence architecture.

Figure 6-1. Software developer and compliance

Figure 6-2. Data access through OTLP and OLAP