The following guidelines provide a basic checklist for reviewing data models and entity descriptions.
Basic review of model
- Ensure each entity has a singular noun as a name.
- Ensure the diagram is well laid out. Topology guidelines include:
- relationship lines as direct as possible, but retaining clarity;
- master entities higher in the diagram than their details (so avoiding upward pointing relationship arrows);
- minimum crossing lines.
- The diagram should have no visible storage connotations, e.g.:
- indexes and arrays should not be shown unless logically significant;
- business relationships as opposed to physical access paths should be defined.

Review of business implications
Relationship review

Download Free Risk Register Template for IT & Project Management

1. BASIC RISK INFORMATION
Risk Number: Provide a unique identifier for risk

Risk Description / Risk Event Statement: A risk event statement states (i) what might happen in the future and (ii) its possible impact on the project. "Weather" is not a risk event statement. "Bad weather may delay the project" is a risk event statement.

Responsible: Name or title of team member responsible for risk

Date Reported

PCI DSS 1.1 Audit Work Program Templates Free Download

Control 1 - All cardholder-entered PINs are processed in equipment that conforms to the requirements for Tamper-Resistant Security Modules (TRSMs). PINs must never appear in the clear outside of a TRSM

Control 2 - All cardholder PINs processed online are encrypted and decrypted using an approved cryptographic technique that provides a level of security compliant with international and industry standards.

Download Free North American Reliability Corp (NERC) Critical Infrastructure Protection (CIP) standards or simply NERC/CIP is a set of Cyber Security Framework standard that force of by law by the Federal Energy Regulatory Commission (FERC). This standard consist of several domain such as:

CIP-001-1 Sabotage Reporting
Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.

CIP-002-1 Critical Cyber Asset Identification
NERC Standards CIP-002 through CIP-009 provides a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

CIP-002-2 Cyber Security - Critical Cyber Asset Identification
NERC Standards CIP-002-2 through CIP-009-2 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

1. Ensuring the confidentiality and integrity of your organization’s data-in-transit to and from your public cloud provider

2. Ensuring proper access control (authentication, authorization, and auditing) to whatever resources you are using at your public cloud provider

3. Ensuring the availability of the Internet-facing resources in a public cloud that are being used by your organization, or have been assigned to your organization by your public cloud providers