Question 1

What is in the SAP PII Redaction architecture pack?

Accepted Answer

Two artifacts: an SVG architecture diagram showing the prod-to-dev copy pipeline with deterministic masking and LLM redaction stages, and a markdown brief documenting each stage's purpose, the tools that fit, the data flow, and the compliance touchpoints. You configure the SAP modules in scope, your existing masking tool, and the free-text/OCR sources &mdash; the diagram and brief regenerate live.

Question 2

Why two redaction layers instead of one?

Accepted Answer

The deterministic masking tools you already own (TDMS, Delphix, Informatica TDM, IBM InfoSphere Optim) cover roughly 95% of PII: schema-aware, row-level columns with known types. Running an LLM over that is a thousand times the compute for no extra coverage. The remaining 5% is where every program leaks: free-text NOTES columns, unclassified Z-tables, OCR'd attachments, long-tail entity types. That 5% is what the LLM stage is for &mdash; and only for that.

Question 3

What free-text sources should I route to the LLM stage?

Accepted Answer

Three categories. First, NOTES columns on customer, vendor, case, and ticket tables &mdash; agents type names, phone numbers, IBANs, internal IDs into them. Second, Z-tables (customer-built extensions) that the masking tool was never configured for. Third, OCR'd attachments: invoices, IDs, insurance cards, scanned letters. A small classifier sits in front of the LLM and decides which rows actually need it &mdash; most do not, which keeps cost down.

Question 4

Does this work without changing my existing masking tool?

Accepted Answer

Yes. The LLM redactor plugs in **after** the deterministic masker, not instead of it. Your existing tool's column rules, pseudonym dictionaries, and referential-integrity guarantees stay intact. The LLM stage only sees columns the masking tool either skipped or could not classify. Pseudonyms are kept consistent across both stages by passing the deterministic tool's mapping into the LLM as context.

Question 5

Where does the LLM stage run?

Accepted Answer

On the client's own GPU, not a third-party API. The fine-tuned redactor is a 1.5B-parameter model with a LoRA adapter &mdash; small enough for a single consumer GPU, fast enough for a nightly copy job, no data egress. The architecture diagram makes the deployment boundary explicit so security and compliance can sign off on data-residency without surprises.

SAP PII-Redaktion Architektur-Diagramm SAP PII Redaction Architecture Diagram

ErforderlichRequiredSAP-Module im ScopeSAP modules in scope

Deterministisches Maskierungs-ToolDeterministic masking tool

Freitext-/OCR-Quellen (die 5%)Free-text / OCR sources (the 5%)

Deployment-BoundaryDeployment boundary

LLM-ModellLLM model

Ziel-UmgebungenTarget environments

Generierte ArtefakteGenerated artifacts

PII-Redaktor in 4 Wochen DSGVO-konform livePII redactor DSGVO-compliant in 4 weeks

Warum die Boundary wichtiger ist als das ModellWhy the boundary matters more than the model