Attendees

Agenda Items

Time ItemWho
2 minWelcome & Antitrust Policy NoticeTrev
2 minAssignment of a "glossarist"Trev

Draft Review

Everyone

Notes

  • IP and antitrust notification.
  • Determined who would act as our “glossarist”. The glossary is found at: https://docs.google.com/document/d/1Kznth0dRg2xdFe9MX0p4rE-FLI0w_Nmt1ceip9gdMmo/
  • The group decided to start the review of our draft with Problem #8 (Information Security).
  • We decided that the “MUST” language around standards such as 2700x would be too exclusionary for smaller companies, and so changed it to a “SHOULD”.
  • We discussed the difference between the statements regarding the disclosure of what standards people are following vs. the specific policies used to enact those policies.
  • We discussed the different ways that the word “audit” might be being used. There is a need for auditability, but we also want to make sure that PII isn’t accidentally being leaked through debugging pathways, such as system logs.
  • Chuck noted that some of our language may be repeats of implied or explicit requirements mandated elsewhere in our draft.
  • We discussed how prescriptive we wanted to be on some topics, such as audit requirements, beyond the looser requirement that organizations have detailed their security plans.

Chat Log

00:14:56	Trev Harmon:	Glossary Documents:
https://docs.google.com/document/d/1Kznth0dRg2xdFe9MX0p4rE-FLI0w_Nmt1ceip9gdMmo/edit#

https://docs.google.com/presentation/d/1fM-EpIdLGdKniFjHR4ZhdgFA-HBSEmpMai8ljqti4Gw/edit#slide=id.gcbdd182e9d_0_144
00:19:17	Trev Harmon:	https://docs.google.com/document/d/1H6hsVVeTfe9YnhKTnqV6h_Q1-KR0659cVelORuF8E-I/edit#
01:07:35	Ken Adler | ThoughtWorks | San Francisco | He/Him:	Got to jump
01:07:59	Chuck Curran:	sorry me too
01:10:50	Trev Harmon:	Rules Engine Draft: https://docs.google.com/document/d/12YcZDff3qHlNN7QdLh-v8ohkZGYrJgFN1IWgxNtt1c8/edit#heading=h.49j4td4elsbe


Action Items

  1. Continue work on the draft.