July 23, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
- Mary Ellen Condon
- Adam Migus
- Adam Madlin
- Ann Racuya-Robbins
- Christopher Spottiswoode
- Ryan Galluzzo
- Steve Orrin
- Paul Knight, FMO
- Suzanne Lightman
- Martin Smith
- Sal D’Agostino
- Linda Braun, Global Inventures
- Mary Ellen led the call. Notes taken by Linda Braun.
Agenda Review – as distributed by Mary Ellen in advance of the call (approved)
- Roll call; Quorum determination. Quorum was met.
- IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Minutes for July 9, 2015 and July 16, 2015 meetings were approved.
- Redress Task Force work – any feedback?
- Adam Migus did not have any additional feedback this week.
- FMO updates
- An update to the dashboard will be done at the end of the month. Any updates should be sent to Paul.
- Standards list update
- Ryan indicated that a smaller group of volunteers has been identified to work on a standards list that the Security Committee would like to put forward for potential adoption by IDESG. These include those standards that we would map to. Ryan reviewed the listed that included standards we were already looking at adopting.
- Ryan to send email to listserv to start conversation about other standards we might include in the spreadsheet to start the mapping process and other standards we should consider.
- When folks suggest a standards please also provide a justification for it.
- Objective of exercise: (1) make them permitted or required as part of the framework implementation (2) address supplemental guidance and supply examples on how the requirements might be implemented (3) distinguish among a standard and how to test a standard; does each standard that we have, come with an associated test plan. All three valid, but purpose is to:
- Define a set of standards so we can map our requirements onto to inform people who are going to attest to our requirements, that if they implement a given standard they already attest to a set or all of our requirements.
- Ryan read the Standards Adoption Policy to clarify purpose of determining standards for the Security Committee. Inventory form needs to be filled out as one of the first steps. Ryan showed a previous example.
- FMO feedback from pilots
- FMO shared comments from pilots along with existing supplemental guidance. Material extracted by pilots. There are three requirements that the pilots wanted clarification on. Pilots haven’t seen the supplemental guidance yet. There is a question on how to choose what to do; do a risk assessment and then part of the controls. Suggestion was to clarify further in supplemental guidance and have the Supplemental Guidance Task Force reconvene for one meeting next week. Volunteers: Adam Migus, ARR, Ryan, Martin Smith to meet on Tuesday, at 1:00p.m.
- HIMSS Policy - it is the Management Council’s decision as to whether or not to adopt the HIMSS Policy. The Security Committee submitted their response last week. Not all committees have submitted their response yet.
Wrap up and actions for next week
- Linda to schedule WebEx for Tuesday, July 28, 2015 for the Supplemental Task Force.
- Next meeting: July 30, 2015
- Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015.
- Meeting was adjourned at 2:06 p.m. EDT.
- Paul Knight to forward feedback from pilots with redlines to listserv.