This is the most time consuming aspect to securing a product. It involves identifying sensitive data and determining the best way to secure that data. For products, sensitive data is captured as evidence, is extracted from existing tables and used by rules (e.g. participant data) and is displayed in decisions, including new decision details pages, and as key decision factors.
Some data is secured at the page level, some is secured at the entity level, and some secured at the attribute level. For example, information about a household's income may be accessible to a wide range of users, but with the actual income amounts visible to only a small range of those users.
Security is not only about ensuring only authorized users can see sensitive data. It can also be about protecting that data from being changed by unauthorized users. For example, it may be possible for a range of users to see a person's address history, but only certain users will be authorized to maintain address information.