Moving to theGuidewire Cloud Platform (GWCP)introduces a set of mandatory "Cloud Delivery Standards" designed to ensure that customer implementations are secure, upgradeable, and performant. Two of the most critical pillars in these standards areMetadata Naming ConventionsandData Privacy/Security.
First, naming conventions (Option D) are essential for maintaining the "Upgrade-Safe" nature of the cloud. In Guidewire Cloud, the base product is updated frequently. To prevent custom metadata (new entities or columns) from conflicting with future Guidewire base product releases, all extensions must use a unique customer suffix. While the standard example is _Ext, insurers often use their specific company initials, such as _Si for Succeed Insurance. This ensures that the custom data model remains distinct from the gw namespace.
Second, theObservabilityandSecuritystandards strictly forbid the logging ofPersonally Identifiable Information (PII)in plain text (Option E). In the cloud, logs are aggregated and viewed via tools like CloudWatch or Kibana. If sensitive data like Social Security Numbers, Credit Card numbers, or personal addresses are logged as clear text, it constitutes a major security risk and a violation of compliance standards like GDPR or SOC2. Guidewire's automatedQuality Gateswill often block a deployment if it detects potential PII leakage in the Gosu logging code.
Options A and B are general development practices but not the primary delivery standards that block deployment. Option C is actually a security risk; hardcoding the "su" (Super User) in bundle management is generally discouraged in favor of more granular permission handling.
