Email Service Notes (Samara)

Demo StudentLyon

Your Original Email

Dear Franklin,

As this request will be deem as a high priority, we’d like to launch and finish it as soon as possible.
So your provided proposal is too complex especially for Technical Security Assessment (TSA) execution section and seems it’s hard to complete in a short time. Hence, at the moment we intend to change the focus point to PII information handling in non-production environment. From this point of view, we can carry out some audit works as well to ensure entire data security.

For your better understanding of our focus, I’ve listed some examples as below.
– Is there any PII information stored in non-production environment?
Ps: I’m not sure if it can be scanned via some given tools to quickly identify some PII information exists.
– For any system or environment hosting PII information, what’s the current policy for account management and access control, whatever through technical or procedure.
– For those not hosting PII information’s system and environment, what’s the procedure or technical method to restrict unauthorized activity occurs, for instance, copy data from other system or environment, etc.

Besides above all, other sections if necessary to have, you can also include as well. Please modify ASAP and give us feedback. Thanks very much!

Your Edited Email

Dear Franklin,

As this request will be deemed as a high priority, we’d like to launch and finish it as soon as possible.
Your provided proposal is too complex especially for the Technical Security Assessment (TSA) execution section and we feel the time constraint is too limited. Hence, we intend to change the focus point to PII information handling in non-production environment. In this way, we can carry out some audit works as well to ensure entire data security in a timely manner.

Please see the following perspective examples of our newly shifted focuses:

  • Is there any PII information stored in the non-production environment?
    • I’m not sure if it can be scanned via some given tools to quickly identify if  certain PII information exists.
  • For any system or environment hosting PII information, what’s the current policy for account management and access control, whatever through technical or procedure.
  • For those not hosting PII information’s system and environment, what’s the procedure or technical method to restrict unauthorized activity, for instance, copy data from other system or environment, etc.If you have any input besides the above examples, that you would like to add, you can also include them as well. Please send your modifications ASAP as we are on limited time line. Thank you very much for your time!