Visit Vendor Showcase

Data Security Tools
Welcome to the Data Security Tools site, where we present information you might consider when evaluating tools and the vendors who provide them. If you're preparing an RFP, RFI, or simply trying to compare market leaders with others appearing on a Magic Quadrant or other vendor comparison chart, we know it's challenging to learn about pricing, functionality, and features. We hope this site will help.

Tool Selection
Criteria

Project Management
Considerations

Sample RFI
Keywords
When evaluating tools, start with standard tool selection criteria:
  • functionality and features
  • suites versus best-of-breed
  • vendors
  • pricing
  • maintenance costs and other costs
  • customer service
  • implementation assistance
  • depth of consulting experience required
  • availability of consultants
  • training
  • vendor stability
  • merger and acquisition considerations.

You’ll need to consider the information you collect in the context of your organization’s culture and environment:
  • accountability and controls
  • processes and workflow
  • policies and standards that apply to these tools
  • architectural considerations
  • cross-project interdependencies
  • the expertise of your workforce.

You’ll also want to determine whether you need to collect requirements or approvals from business stakeholders. This may be necessary if the tools
  • are considered part of key control sets
  • are included in approved business processes or workflows that are subject to approval by your internal or external auditors
  • are part of processes or procedures subject to formal change control
  • fall subject to compliance or legal requirements
  • fall subject to approval by your IT Portfolio Management group
  • they could influence your ability to fulfill Service Level Agreements (SLAs) or other contractual requirements.


In many organizations, the Project Management Office (PMO) and/or the Application Portfolio Management group expect to be involved in the selection of software applications. They may very well have their own set of requirements. Following are some keywords often found in PMO-based requirements.

  • Assumptions
  • Availability Management
  • Back-out Plan
  • Balanced Scorecard
  • Baseline
  • Benchmarking
  • Business Case
  • Business Continuity Management (BCM)
  • Business Driver
  • Business Impact Analysis
  • Business Process Management
  • Business Process Modeling
  • Business Rule
  • Change Control
  • Change Management
  • Configuration Baseline
  • Configuration Management
  • Constraints
  • Contingency Plan
  • Cost Benefit Analysis
  • Critical Success Factor (CSF)
  • Deliverable
  • Deming Cycle
  • Deployment
  • Development Environment
  • Entry Criteria
  • Exit Criteria
  • Functional Requirements
  • IT Help Desk
  • IT Infrastructure
  • Iterative Process
  • Just in Time Development or Deployment
  • Key Performance Indicator (KPI)
  • Lessons Learned
  • Lifecycle
  • Metric
  • Milestone
  • Non-Functional Requirements
  • Outsourcing
  • Pareto Principle
  • Performance Testing
  • Plan-Do-Check-Act
  • Planned Downtime
  • Policies and Standard
  • Portfolio Management
  • Processes and Procedures
  • Regression Testing
  • Release Management
  • Request for Change (RFC)
  • Requirements Management
  • Requirements Traceability
  • Retirement Schedule
  • Return on Investment (ROI)
  • RFI, RFQ, RFP
  • Risk Analysis
  • Risk Assessment
  • Risk Identification
  • Risk Mitigation
  • Rollout
  • ROM estimate
  • Scalability
  • Scope
  • Scope Change
  • SDLC
  • Service Catalogue
  • Service Delivery
  • Service Desk Ticket
  • Service Level Agreement (SLA)
  • SME involvement
  • Software as a Service (SaaS)
  • Software Asset Management
  • Software Development Life Cycle (SDLC)
  • Specifications
  • Testing
  • Total Cost of Ownership (TCO)
  • Traceability
  • Unified Modeling Language (UML)
  • Unit Testing
  • Use Cases
  • User Acceptance Testing (UAT)
  • Versioning
  • Work Breakdown Structure
  • Workflows
  • Access Management
  • Anonymization
  • Authorization
  • Coding
  • Commercial Off the Shelf
  • COTS
  • Data Encryption
  • Data Integration
  • Data Masking
  • Data Privacy
  • De-identification
  • Digital Signature
  • Document Type Definition (DTD)
  • Electronic Data Interchange
  • Electronic Signature
  • Encryption
  • Enterprise Application Integration (EAI)
  • eSecurity
  • Extendibility
  • FIFO
  • File Transfer Protocol (FTP)
  • FTP
  • Grid Computing
  • Information Security Management
  • Information Technology (IT)
  • Intelligent Agent
  • Interface
  • Interoperability
  • ODBC
  • Open Database Connectivity (ODBC)
  • Pervasive Computing
  • PKI
  • Platform
  • Privacy
  • Private Data
  • Protocol
  • Pseudonymization
  • Public Key Infrastructure (PKI)
  • Publish And Subscribe
  • Push Technology
  • Records Management
  • Secure Sockets Layer (SSL)
  • Segregation of duties
  • Sensitive Data
  • Service-Oriented Architecture (SOA)
  • Vulnerability


Standardization Considerations

Often tools must comply with internal or external regulations, policies, or rules. Following are some keywords often found in regulatory or standardization requirements.

  • ANSI
  • Capability Maturity Model (CMM
  • COBIT
  • COSO
  • IEEE
  • ISO/IEC 20000, BS 7799
  • ITIL
  • (NIST
  • Six Sigma Standards
  • UML Processes
  • World Wide Web Consortium (W3C) Standards
  • XBRL (eXtensible Business Reporting Language)