CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

1. Integrating data
and systems with
third parties.

2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of expertise Industry Certifications
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

3. Page 3
PACE-IT.
– Evaluate the risks of integration.
– Considerations of integration.

4. Page 4
Integrating data and systems with third parties.

5. Page 5
There are multiple reasons
why systems and data may
be integrated with third
parties. The key is to know
the risks.
Systems and data may be required to be integrated because of a
joint venture with another entity. When implementing a cloud
computing solution, there will be a need to integrate systems and
data.
In some cases, the need for integration is well known and
intentional, while, in other cases, it may not even be recognized
as happening. When people are using social media, they may
actually be integrating company data with a third party.
In all cases, there are risks associated with integration of systems
and data with third parties.
Integrating data and systems with third parties.

6. Page 6
Integrating data and systems with third parties.

7. Page 7
Integrating data and systems with third parties.
– Risk awareness.
» Always evaluate the risks when thinking about integrating
systems and data with third parties.
• Data may reside out of the control of the business.
• Network transmissions may be vulnerable.
• The other side of the integration may not be secure.
• The third party may go out of business.
– Onboarding and offboarding of business
partners.
» Procedures and systems need to be put in place that will allow
authorized people from the third party business partner to
access the appropriate systems and data—the onboarding
process.
• Implementing an identity and access management (IAM)
system can help ease the burden.
» Procedures and systems also need to be put in place to
remove access once the partnership is terminated or the
authorized person leaves the business partner—the offboarding
process.

8. Page 8
Integrating data and systems with third parties.
– Interoperability agreements.
» If the risks of integration are deemed acceptable, some
additional agreements should be created to help the process.
• Memorandum of understanding (MOU): a document that is
created that establishes an agreement between two parties.
• Blanket purchase agreement (BPA): a document created and
used to cover repetitive needs for products or services.
• Service level agreement (SLA): an agreement that specifies
the guaranteed uptime of a system.
• Internet service agreement (ISA): specifies any data limits
placed on an Internet connection and should also contain a
guarantee of the amount of uptime of the Internet connection.
– Data backups.
» Cloud storage of data backups may be the best solution to off
site storage for the backups—mitigating the risk of data loss in
the case of a disaster.
• A risk associated with this is the loss of control of the data; all
backups stored offsite should be encrypted.

9. Page 9
Integrating data and systems with third parties.
– Data ownership.
» There needs to be a clear understanding of data ownership
before integration of systems and data is undertaken.
• Some third parties consider all data stored on their systems
as being their data—no matter where it originated from.
– Compliance and performance standards.
» Read all agreements with third parties carefully to ensure that
what they offer and/or provide meets with the compliance
standards that are required.
• In some cases, it is not only inappropriate to integrate data
with a third party, it may actually be in violation of the law.
– Follow security policies and procedures.
» In all cases of systems and data integration, security policies
and procedures should be in place to protect the integrity of the
business’s systems.
• At least one of the policies needs to define what is considered
to be unauthorized sharing of data.

10. Page 10
Social media represents a
type of data integration that
may be difficult to control.
With the increased use of social media networks
and applications, company data may not necessarily
be under the control of the proper entities.
Companies should strive to train personnel on what
is appropriate to share on social media, and what
should not be placed out in the open. It is possible
for sensitive company information to be placed on
the Internet through the use of social media.
Integrating data and systems with third parties.

11. Page 11
Integrating data and systems with third parties.
While there may be reasons for integrating systems and data with third
parties, there are always risks associated with it. Whenever integration is
being considered, a careful evaluation of the risks should be undertaken.
Some integration is intentional, while some may actually be unintentional.
Topic
Evaluate the risks of
integration.
Summary
Always be aware of the possible risks associated with system and data
integration. If integration is determined to be beneficial, an onboarding and
offboarding process should be implemented. Interoperability agreements
should also be in place. Data backups and data ownership should be
considered. In addition, the integration should not violate any regulation that
governs the company. Security policies and procedures should be put in
place to help secure integrated systems and data. Social media represents
a difficult to control type of data integration. Personnel should be trained on
what is appropriate to share and what is not appropriate.
Considerations of integration.

12. Page 12
THANK YOU!

13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.