Hi everyone,
please find below the current status update for the CCM AGs development activity and minutes from our recent call session.
Relevant documentation:
Agenda Items (AIs):1. Touch base on the progress status of Auditing Guidelines (AGs) development2. AoB
Participants (8):
Parminder Bawa
Angell Duran
Sanjeev Gupta
Damian Heal
Jan Jacobsen
Bilal Khattak
Agnidipta Sarkar
Lefteris Skoutaris (PM)
Meeting Minutes (MMs)
1. Touch base on the progress status of Auditing Guidelines (AGs) development
- The CCM WG Auditors have drafted the auditing guidelines for all the CCMv4.0 domains and their underlying control specifications (the drafted guidelines have also gone through a 2nd review where changes proposed were consolidated into the current final draft version),
- The AGs are to be placed under open peer review on Monday, June the 28th for a period of 30 calendar days, and until July 27th. Members of the CCM WG are welcome to review and comment. After that period the group will conduct the final review where changes will be applied to the AGs based on the received feedback.
- Lefteris is copying the AGs from the excel worksheet to an MS Word format version, which is to be shared during the peer review for the community to comment on.
- Sanjeev offered to generate the auditing guidelines in a word document format based on the structure of the document that was introduced during the call session (AP1).
- Sanjeev & Agni had a call session on BCR. Agni will be sharing the final changes to the AGs in BCR (AP2).
- Sanjeev & Agni: Discussed the inclusion of a concept of BIA prioritization into BCR-02, and specifically of 'disaster recovery actions prioritization'. Both recommended that BCR-02 must be edited to include this action as a requirement at the next revision of the CCM.
- Lefteris to note down the recommendation from both Agni and Sanjeev for an edit to BCR-02 control specification (incl. 'disaster recovery actions prioritization') and bring it to the attention of the group that will be handling the next CCMv4 major revision (AP3).
- Next steps to the AGs development, and specifically during the 30days period of the AGs peer review, will be discussed during the next call session of the group on June 25th.
Snapshot taken from 'progress status' tab of the AG workbook
2. AoB
- Next CCMv4.0 AG dev. call is scheduled on June 25th, 5 pm EEST (7am PST / 10am EST / 4pm CET).
- Please navigate to the 'Events' tab here in Circle to find the call information for all upcoming CCM WG meetings.
Action Points (APs)
AP1: Sanjeev offered to generate the auditing guidelines in a word document format based on the structure of the document that was introduced during the call session.
AP2: Agni will be sharing the final changes to the AGs in BCR.
AP3: Lefteris to note down the recommendation from both Agni and Sanjeev for an edit to BCR-02 control specification (incl. 'disaster recovery actions prioritization') and bring it to the attention of the group that will be handling the next CCMv4 major revision.
Please let me know if anything important is missed above.
Thank you all for your attendance and support.Best regards,------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------