¶ Pre-loaded Semantics
Elementrix comes with comprehensive pre-configured semantic collections covering data classification, regulatory compliance, and common data semantics.
¶ Overview
Purpose of Pre-loaded Semantics:
- Accelerate semantic registry setup and time-to-value
- Provide industry-standard terminology and definitions
- Ensure compliance with regulatory frameworks
- Maintain consistency across organizations
- Follow data governance best practices
Pre-loaded Collections:
- Metadata Semantics collection - Data classification and sensitivity levels
- Regulatory & Compliance - Regulatory frameworks and compliance obligations
- Data semantics - Common data element types and meanings
¶ Available Pre-Shipped Collections
¶ 1. Metadata Semantics Collection
Standard information-classification levels used to label sensitivity, confidentiality, and handling requirements.
¶ Classification Levels
Public
- Definition: Information authorized for public release with no confidentiality restrictions
- Tags: classification, low sensitivity
- Synonyms: Open Data, Public Information
- Use Cases: Marketing materials, public announcements, published reports
- Example: Company press releases, public product documentation
Internal
- Definition: Information intended for internal organizational use but not harmful if disclosed
- Tags: classification, internal use
- Synonyms: Internal Use Only
- Use Cases: Internal memos, employee directories, meeting notes
- Example: Department budgets, internal policies
Confidential
- Definition: Information that requires protection from unauthorized access due to business or regulatory reasons
- Tags: classification, sensitive data
- Synonyms: Sensitive, Private
- Use Cases: Business plans, contracts, employee records
- Example: Financial forecasts, customer lists, strategic plans
Restricted
- Definition: Information requiring strict access controls because unauthorized disclosure could cause significant harm
- Tags: classification, high sensitivity
- Synonyms: Restricted Access
- Use Cases: Trade secrets, merger plans, sensitive customer data
- Example: Proprietary algorithms, M&A documents, executive compensation
Highly Restricted
- Definition: Information accessible only to a very limited number of authorized individuals due to critical risk if disclosed
- Tags: classification, critical sensitivity
- Synonyms: Top-Restricted, Highly Sensitive
- Use Cases: National security data, critical business secrets, executive-level strategic plans
- Example: Classified government data, board-level confidential discussions
¶ Data Privacy Types
PII (Personally Identifiable Information)
- Definition: Any information that can identify a specific individual, either directly or indirectly
- Tags: data privacy, identity data, sensitive
- Synonyms: Personal Data
- Examples: Names, email addresses, phone numbers, social security numbers, IP addresses
- Regulations: GDPR, CCPA, PDPL
PHI (Protected Health Information)
- Definition: Individually identifiable health information protected under healthcare privacy laws
- Tags: health data, privacy, sensitive
- Synonyms: Health Data, Medical Information
- Examples: Medical records, diagnoses, treatment plans, health insurance information
- Regulations: HIPAA (US), GDPR (EU)
PCI (Payment Card Information)
- Definition: Cardholder data protected under PCI-DSS, such as card numbers, CVV, and expiration dates
- Tags: finance, payment security
- Synonyms: Cardholder Data, PCI Data
- Examples: Credit card numbers, CVV codes, card expiration dates, cardholder names
- Standards: PCI-DSS
Financial Sensitive
- Definition: Financial information that could lead to loss or fraud if exposed
- Tags: finance, sensitive
- Synonyms: Sensitive Financial Data
- Examples: Bank account numbers, wire transfer details, financial forecasts
Regulated Data
- Definition: Any information governed by laws or regulations requiring specific handling or protection
- Tags: compliance, regulated
- Synonyms: Compliance-Controlled Data
- Examples: Tax records, audit trails, regulatory filings
¶ Business Data Types
Client-Specific Data
- Definition: Information associated with a specific client and governed by contractual confidentiality
- Tags: client data, business sensitive
- Synonyms: Customer Data, Client Confidential Data
- Examples: Client contracts, project deliverables, client communications
Partner Data
- Definition: Information shared with or originating from business partners and requiring joint protection
- Tags: partner data, shared data
- Synonyms: Third-Party Data
- Examples: Partner agreements, shared customer data, co-marketing materials
Secret (Gov/Defense environments)
- Definition: Classified government or defense information requiring strict national-security-level controls
- Tags: government classified, defense
- Synonyms: Classified, Secret-Level Data
- Use Cases: Government and defense organizations only
¶ 2. Regulatory & Compliance
Regulatory frameworks and compliance obligations applicable to data, systems, or business operations.
¶ Privacy Regulations
GDPR-Relevant
- Definition: Information subject to the General Data Protection Regulation governing personal data of individuals in the EU
- Tags: GDPR, privacy, regulation
- Synonyms: GDPR Data
- Scope: EU residents' personal data
- Key Requirements: Consent, right to erasure, data portability, breach notification
- Penalties: Up to 4% of annual global turnover or €20 million
KSA-PDPL-Relevant
- Definition: Information regulated under the Saudi Personal Data Protection Law
- Tags: PDPL, privacy, KSA regulation
- Synonyms: Saudi PDPL Data
- Scope: Personal data of individuals in Saudi Arabia
- Authority: Saudi Data & AI Authority (SDAIA)
¶ Healthcare Regulations
HIPAA-Relevant
- Definition: Information regulated under the U.S. Health Insurance Portability and Accountability Act, primarily PHI
- Tags: HIPAA, health data, compliance
- Synonyms: HIPAA Data
- Scope: Protected Health Information (PHI)
- Requirements: Privacy Rule, Security Rule, Breach Notification Rule
- Covered Entities: Healthcare providers, health plans, healthcare clearinghouses
¶ Financial Regulations
SOX-Controlled
- Definition: Financial or operational records subject to the Sarbanes–Oxley Act's audit and retention controls
- Tags: SOX, financial compliance
- Synonyms: SOX Data
- Scope: Publicly traded companies in the US
- Requirements: Financial reporting accuracy, internal controls, audit trails
- Sections: 302 (CEO/CFO certification), 404 (internal controls), 802 (record retention)
BCBS-239
- Definition: Risk data governed by the Basel Committee's principles for effective risk data aggregation and reporting
- Tags: banking, risk management
- Synonyms: Risk Data Aggregation
- Scope: Global systemically important banks (G-SIBs)
- Principles: 14 principles covering governance, architecture, accuracy, completeness, timeliness
Basel II / III
- Definition: Banking regulatory frameworks defining capital, liquidity, and risk requirements
- Tags: banking, risk compliance
- Synonyms: Basel Framework
- Scope: International banking institutions
- Focus: Capital adequacy, stress testing, market liquidity risk
¶ Security & Information Management Standards
ISO-27001 Controlled
- Definition: Information managed under ISO/IEC 27001 controls for information security management
- Tags: ISO-27001, security controls
- Synonyms: ISMS Controlled Data
- Scope: Information Security Management System (ISMS)
- Controls: 114 security controls across 14 domains
- Certification: Third-party audited and certified
¶ Audit & Records Management
Audit-Critical
- Definition: Data essential for audit evidence, verification, and compliance review
- Tags: audit, compliance
- Synonyms: Audit Evidence Data
- Examples: Transaction logs, approval records, access logs, change history
- Requirements: Immutability, completeness, retention
Retention-Required
- Definition: Information that must be stored for a mandatory duration due to legal or business rules
- Tags: records management, retention
- Synonyms: Mandatory Retention Data
- Examples: Tax records (7 years), employment records (varies by jurisdiction)
- Considerations: Storage costs, legal hold, secure deletion after retention period
¶ 3. Data Semantics
Semantic types describing the meaning, category, or structural role of specific data elements.
¶ System Behavior
Auto populated
- Definition: A field automatically generated by the system without manual input
- Tags: system generated, data behavior
- Synonyms: System-Generated
- Examples: Created timestamp, auto-increment IDs, calculated fields
- Usage: Mark fields that should not be manually edited
Identifier (ID, Code, Key)
- Definition: A unique value used to distinguish a specific record or entity
- Tags: identifier, primary key
- Synonyms: ID, Key, Unique Identifier
- Examples: Customer ID, Order ID, Product SKU, Transaction ID
- Properties: Uniqueness, immutability, referential integrity
¶ Classification & Categorization
Category
- Definition: A high-level grouping used to classify items or data elements
- Tags: taxonomy, classification
- Synonyms: Classification
- Examples: Product Category, Customer Segment, Department
- Usage: Top-level taxonomic grouping
Subcategory
- Definition: A more specific grouping within a broader category
- Tags: taxonomy
- Synonyms: Sub-classification
- Examples: Product Subcategory, Customer Type, Division
- Hierarchy: Category → Subcategory → Item
Enum
- Definition: A predefined list of allowed values for a field
- Tags: enumeration, allowed values
- Synonyms: Enumeration
- Examples: Status (Active, Inactive, Pending), Priority (High, Medium, Low)
- Constraints: Fixed value set, validation enforced
StatusCode
- Definition: A code representing the state or condition of a record or process
- Tags: code, status
- Synonyms: Status Code
- Examples: Order Status, Approval Status, Processing Status
- Values: Typically short codes (e.g., PEND, APPR, REJT)
Type Code
- Definition: A coded value used to identify a type or classification of data
- Tags: code, classification
- Synonyms: Type Identifier
- Examples: Transaction Type, Document Type, Account Type
Priority Level
- Definition: A value indicating the urgency or importance of an item
- Tags: priority, ranking
- Synonyms: Priority
- Examples: Ticket Priority, Task Urgency, Risk Level
- Scale: High/Medium/Low or 1-5 numeric scale
¶ Geographic & Location
Region
- Definition: A geographic area used to group countries, markets, or operational zones
- Tags: geography, location
- Synonyms: Geographical Region
- Examples: EMEA (Europe, Middle East, Africa), APAC, Americas
- Usage: Regional sales, market analysis, compliance zones
Region / Geography
- Definition: A data element indicating geographic grouping or segmentation
- Tags: geography, location
- Synonyms: Geographic Region
- Examples: Sales Region, Service Area, Coverage Zone
¶ Financial & Metrics
Currency
- Definition: A code representing monetary units used in financial transactions (e.g., USD, EUR)
- Tags: finance, monetary
- Synonyms: Currency Code
- Standard: ISO 4217 (3-letter currency codes)
- Examples: USD, EUR, GBP, SAR, AED
Metric
- Definition: A quantifiable measure used for performance, analytics, or reporting
- Tags: measurement, analytics
- Synonyms: Measure, KPI
- Examples: Revenue, Conversion Rate, Customer Lifetime Value
- Properties: Measurable, aggregatable, time-bound
Transaction Code
- Definition: A code representing a type of transaction or business event
- Tags: transaction, code
- Synonyms: Txn Code
- Examples: Payment (PAY), Refund (REF), Transfer (TRF)
¶ Data Architecture
Reference Data
- Definition: Stable, non-transactional data used across systems for consistency and lookup
- Tags: reference, masterdata
- Synonyms: Lookup Data
- Examples: Country codes, product categories, status values
- Characteristics: Low volatility, shared across systems, centrally managed
Master Data
- Definition: Core business entities that remain consistent across applications (e.g., customer, product)
- Tags: masterdata, core data
- Synonyms: Golden Record, Core Entity Data
- Examples: Customer Master, Product Master, Supplier Master
- Requirements: Single source of truth, data quality rules, governance
¶ Using Pre-Shipped Semantics
¶ Immediate Availability
After Elementrix Installation:
✓ All pre-loaded collections are immediately available
✓ All terms are ready to use in data product mapping
✓ No configuration or setup required
✓ Marked with "Pre-Shipped" badge in UI
¶ Applying to Data Products
Step 1: Navigate to Data Product
- Go to your data product schema definition
- Select the field you want to tag
Step 2: Search Pre-Loaded Terms
Field: customer_email
Search Semantic Terms: [PII]
Results from Pre-Loaded Collections:
┌─────────────────────────────────────────────────┐
│ PII (Personally Identifiable Information) │
│ Collection: Metadata Semantics collection │
│ Badge: 🏷️ Pre-Shipped │
│ Definition: Any information that can identify │
│ a specific individual... │
│ [Apply to Field] │
└─────────────────────────────────────────────────┘
Step 3: Apply Term
- Click "Apply to Field"
- Term is linked to your data product field
- Classification and compliance metadata automatically inherited
¶ Benefits of Pre-Loaded Terms
Compliance Automation:
When you tag a field with pre-loaded terms:
Field: credit_card_number
Applied Term: PCI (Payment Card Information)
Automatically Enforced:
✓ PCI-DSS compliance flag set
✓ Encryption required
✓ Access logging enabled
✓ Audit trail mandatory
✓ Restricted access rules applied
Data Discovery:
Search: "Find all datasets with GDPR-relevant data"
Results:
- Customer Contact Information (PII, GDPR-Relevant)
- Marketing Preferences (PII, GDPR-Relevant)
- Website Analytics (PII, GDPR-Relevant)
¶ Customizing Pre-Shipped Terms
While pre-shipped terms cannot be modified directly, you can create organization-specific versions:
¶ Customization Process
Step 1: Navigate to Term
Semantic Registry → Metadata Semantics collection → PII
Term Details:
Name: PII (Personally Identifiable Information)
Status: 🏷️ Pre-Shipped (Read-Only)
Definition: Any information that can identify...
[Create Organization Version]
Step 2: Click "Create Organization Version"
Create Organization-Specific Term
Based On: PII (Personally Identifiable Information)
Name: [PII - Company Name Standard]
Definition: [Any information that can identify a specific individual
according to Company Name's data privacy policy.
This includes our organization-specific classifications
such as employee badges, internal customer IDs, and
biometric access data.]
Tags: [data privacy] [identity data] [sensitive] [company-specific]
Synonyms:
- Personal Data
- Customer Identifiable Data
- Employee Personal Information
Organization-Specific Examples:
- Employee Badge Numbers
- Internal Customer Reference IDs
- Biometric Access Data
- Company Email Addresses
[Save as Organization Term]
Step 3: Use Organization Version
- Organization version appears alongside pre-shipped version
- Can be edited and customized
- Linked to pre-shipped term for traceability
¶ Collection Details
¶ Metadata Semantics Collection
Purpose: Data classification and sensitivity levels
Total Terms: 13
- Classification Levels: 5 (Public, Internal, Confidential, Restricted, Highly Restricted)
- Data Privacy Types: 5 (PII, PHI, PCI, Financial Sensitive, Regulated Data)
- Business Data Types: 3 (Client-Specific Data, Partner Data, Secret)
Primary Use Cases:
- Data classification and labeling
- Access control policies
- Data loss prevention (DLP)
- Privacy impact assessments
¶ Regulatory & Compliance
Purpose: Regulatory frameworks and compliance obligations
Total Terms: 9
- Privacy Regulations: 2 (GDPR, KSA-PDPL)
- Healthcare: 1 (HIPAA)
- Financial: 3 (SOX, BCBS-239, Basel II/III)
- Security Standards: 1 (ISO-27001)
- Records Management: 2 (Audit-Critical, Retention-Required)
Primary Use Cases:
- Compliance reporting
- Regulatory gap analysis
- Audit preparation
- Data governance frameworks
¶ Data Semantics
Purpose: Common data element types and meanings
Total Terms: 15
- System Behavior: 2 (Auto populated, Identifier)
- Classification: 7 (Category, Subcategory, Enum, StatusCode, Type Code, Priority Level)
- Geographic: 2 (Region, Region/Geography)
- Financial: 3 (Currency, Metric, Transaction Code)
- Data Architecture: 2 (Reference Data, Master Data)
Primary Use Cases:
- Data modeling
- Schema design
- Data integration
- Business intelligence
¶ Best Practices
¶ Leveraging Pre-Loaded Semantics
1. Start with Pre-Loaded Terms
Before Creating Custom Terms:
✓ Search pre-loaded collections first
✓ Use pre-loaded terms for standard concepts
✓ Only create custom terms for organization-specific needs
✓ Extend pre-loaded terms rather than replacing them
2. Compliance Tagging
For Regulated Data:
✓ Always use pre-loaded compliance terms
✓ Tag all PII fields with "PII" term
✓ Tag healthcare data with "PHI" and "HIPAA-Relevant"
✓ Tag payment data with "PCI"
✓ Combine classification and compliance terms
3. Consistent Classification
Classification Hierarchy:
1. Choose primary classification (Public/Internal/Confidential/Restricted/Highly Restricted)
2. Add data type if applicable (PII/PHI/PCI/Financial Sensitive)
3. Add regulatory compliance if applicable (GDPR/HIPAA/SOX)
4. Add data semantic type (Identifier/Master Data/Reference Data)
Example:
Field: customer_ssn
Tags: Highly Restricted + PII + GDPR-Relevant + Identifier
¶ Organization-Specific Extensions
When to Create Organization Versions:
- Adding company-specific examples
- Clarifying definitions for your industry
- Adding internal policy references
- Including organization-specific synonyms
- Linking to internal documentation
When to Create New Terms:
- Domain-specific concepts not covered by pre-loaded terms
- Industry-specific terminology
- Organization-specific metrics or KPIs
- Custom data types unique to your business
¶ Term Visibility and Management
¶ Pre-Shipped Term Properties
Cannot Be:
- ✗ Deleted
- ✗ Renamed
- ✗ Modified (definition, tags, synonyms)
- ✗ Moved to different collection
Can Be:
- ✓ Hidden from users (if not relevant to organization)
- ✓ Extended with organization-specific versions
- ✓ Referenced in documentation
- ✓ Used in data product mappings
¶ Hiding Irrelevant Terms
For terms not applicable to your organization:
Example: "Secret (Gov/Defense environments)"
If not a government/defense organization:
Settings → Semantic Registry → Pre-Loaded Terms
☐ Show "Secret (Gov/Defense environments)"
Result: Term hidden from search and selection
but still available if needed in the future
¶ Compliance & Regulatory Mapping
¶ Automatic Compliance Flagging
When pre-loaded compliance terms are applied to fields:
Data Product: Customer Database
Field: email_address
Applied Terms: PII + GDPR-Relevant
Automatic Compliance Actions:
✓ GDPR compliance flag enabled
✓ Consent tracking required
✓ Right to erasure workflow enabled
✓ Data portability support flagged
✓ Breach notification rules applied
✓ Retention policy review triggered
¶ Multi-Regulation Compliance
Field: health_insurance_number
Applied Terms: PHI + PII + HIPAA-Relevant + GDPR-Relevant
Compliance Requirements:
✓ HIPAA Privacy Rule (US)
✓ HIPAA Security Rule (US)
✓ GDPR Article 9 - Special Categories (EU)
✓ Encryption at rest and in transit
✓ Access audit logging
✓ Breach notification (both regulations)
¶ Reporting and Analytics
¶ Pre-Loaded Term Usage Reports
Semantic Term Usage Report:
Most Used Pre-Loaded Terms:
1. PII - 234 fields across 45 data products
2. Internal - 189 fields across 38 data products
3. Confidential - 156 fields across 32 data products
4. GDPR-Relevant - 98 fields across 18 data products
5. Identifier - 87 fields across 41 data products
Compliance Coverage:
- GDPR-tagged fields: 98 (42% of PII fields)
- HIPAA-tagged fields: 23 (100% of PHI fields)
- PCI-tagged fields: 12 (100% of payment fields)
- SOX-tagged fields: 45 (78% of financial fields)
[Download Full Report] [Export to CSV]
¶ Next Steps
- Start using pre-shipped terms immediately in your data products
- Review Creating Collections for custom organization terms
- Learn about Mapping Terms to Fields
- Understand Compliance Automation