Tags allow you to add meta data to projects and tasks that you can later report on. Tags also provide a useful way to filter projects and tasks for administrators.Every new tag you add to projects creates overhead to project and task creation because users have to spend time thinking about which tags apply to their specific project / task. Be cognizant of the overhead and its potential impact on product adoption. In organizations which are particularly resistant to adding overhead to their processes, you will want to err on the side of fewer tags, while in organizations where security appetite is high, you will have more support for adding process overhead.
Before deploying SD Elements across the organization, you should define a set of common tags and apply them to initial projects / custom tasks to serve as examples. One best practice is to separate names and values with a common delimiter, such as a colon or underscore. For example "APPID:345” or “APPID_345”. Using the common delimiter makes it easier to parse tags in filters.
Here are some of the most common types of tags existing clients use:
- Classification: organizations often have a scheme for classifying applications or projects according to their risk of other factors. Example: CLASS:1, CLASS:2
- Compliance scope : sometimes a particular compliance framework is particularly important for driving security initiatives, such as the Payment Card Industry Data Security (PCI DSS) standards for retail organizations. In these cases, it may be useful to tag projects and custom tasks with these tags for easy filtering. In other cases, you may wish to include scope of compliance standards not yet included in SD Elements. Example: COMPLIANCE:PCIDSS, COMPLIANCE:HIPAA
- Geography or other company division: multinational companies often want to review data from particular geographies outside of the normal Business Unit and Group information that you may already capture in SD Elements. Example: GEO:ASIA, GEO:EUROPE
- Existing policies and standards: organizations often want to map SD Elements tasks to existing higher level policies or standards, such as an “Acceptable Encryption Policy”. These policies and standards often have IDs for individual sections. You may wish to tag tasks such that they map to the specific numbered sections of existing documents. Example: POLICY:AEP_3.1
- Common application metadata: Many large organizations have a series of proprietary attributes they attach to data in other systems. For example, an ID on a software asset management system. You can often get an idea of pertinent meta data by looking at custom fields/tags in other software such as Application Lifecycle Management (ALM) systems. Example: ASSETID:APP1452
Examples project tags
Note that tags and project settings can sometimes overlap. There are a few important distinctions to remember:
- Project settings can only be answered within the context of a project, and cannot be reflected on the Projects List page or the Customization:Tasks page. Tags appear on both of these pages
- Content rules can include project settings but not tags
- You can easily filter for tags in Dashboard: Project Reports, but not project settings
You may encounter situations where you want to use the same data for both tags and project settings. For example, you may want to use a tag like “COMPLIANCE:PCIDSS” which overlaps with the project setting “In scope for PCI-DSS”. Note that SD Elements is not designed to link tags with project settings, so you will be responsible for keeping both of these values up to date and in-synch. One possibility to work around this is to create an API script that automatically tags projects based on project settings.
- How does the organization want to report on data in SD Elements? Is the information they want to filter on already captured in Groups, Business Units, task titles and project names? If not, can you capture that data in tags?
- What custom fields/tags/other forms of metadata do other systems use for applications/projects?
- Is there any data that is important to automatically parse in projects or tasks using a custom script?