- How do you ensure data security and compliance while automating a process?
How we get aligned with the banking security protocols while developing a process?
What are the best practices while dealing with banking data !!
Best practice would be avoid log message to log any sensitive information.
If you are adding any sensitive information to orchestrator be it queue item or storage make sure to encrypt it and then store.
Thanks,
Ashok 
Hi @Ritaman_Baral ,
Role-Based Access Control (RBAC): Restrict access to sensitive data and processes based on user roles.
Sensitive Data Masking: Mask/encrypt sensitive data in logs, reports, and during data processing.
Storing credentials in Orch as assets and retrieving accordingly when need in process
Removing screenshot in activities during the automation development
For banking clients below are the best practices:
- Storing credentials in assets.
- Storing the queue item related data in a separate excel file that will be stored in client provided secured shared location instead of adding to queue item. If not using data services with encryption (Cryptography activities) and deleteing after successful processing.
- Do not log any sensitive information
- Do not save any screenshots that have sensitive information
- Maintaining a separate orchestractor folder with role based restriction to folders.
- Do not attach exception screenshot via email as it might reveal client sensitive information instead store in client secured shared location.
- Do not save any sensitive data or pii data
- Always make sure to encrypt data if adding to queue
- Avoid logging any sentitive information
- Check the infosec rules specific to the client we are working for
Cheers
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.