Our company has a policy where the SQL Force Encryption must be set when PII is stored in the SQL database, regardless of how temporary or transient the data is. We have been told by support that Force Encryption cannot be set to yes if SSL is being used.
We have been told by Infor that we must customize the BOD to encrypt the PII in the BOD coming out of the source system and decrypted on the receiving system.
The ERP is Infor (XA) and the receiving system is Infor (SCE) AND the middleware wear is Infor (OS).
How are you convincing your security office that the PII data being stored is protected in the entire stream.
