Hi everyone, please find below the minutes from our recent AGs development call session.
Relevant documentation:
• CCMv4.0 Auditing Guidelines worksheet (Input document)
• CCAK extract: module 7 CCM Auditing Guidelines (supportive documentation)
• CCAK extract: CCM Audit Workbook (supportive documentation)
Agenda Items (AIs):
- Touch base on progress status of Auditing Guidelines (AGs) development for the CCMv4.0 domains selected as pilot exercises
- Need professionals to sign up to CCMv4.0 AGs development (call for participation)
- AoB
Participants (10):
Parminder Bawa
Glenn Bluff
Angell Duran
Sanjeev Gupta
Johan Olivier
Tennille Robinson
Agnidipta Sarkar
Steve Sparkes
Lefteris Skoutaris (PM)
Ashish Vashishtha
Meeting Minutes (MMs)
1. Touch base on progress status of Auditing Guidelines (AGs) development for the CCMv4.0 domains selected as pilot exercises
- AGs for TVM and GRC have been reviewed by both the 2 reviewers (Ashish and Renu) and are delivered,
- Sanjeev and Agni discussed and updated the 'reference' tab of the workbook, that is used to define the content of the 'control audit objectives' and 'audit criteria' columns per CCM control (i.e., F, G under the 'Audit Workbook' tab),
- Group agreed on the definitions proposed in the aforementioned columns to be used as baseline for AGs development,
- Sanjeev offered to continue drafting the AGs for A&A, now that has become more clear of what the content should be,
- Renu continues to work on the AGs for the CCC and LOG domains,
- Agni is kindly invited to start drafting the AGs for the BCR domain used as pilot (AP1),
- All professionals are kindly invited to review the drafted auditing guidelines (currently written for TVM, GRC and DSP) to discuss during our next meeting (AP2),
- Hard Deadline for delivering a final draft of all CCMv4.0 AGs is set on 30/4.
Snapshot taken from 'progress status' tab of the AG workbook
2. In search of professionals to sign up for CCMv4.0 AGs development (call for participation)
- Glenn was invited and accepted to contribute on the development of AGs for the IVS domain (AP3),
- Glenn asked the group if the audit management is going to be based on the IIA auditing program for internal audits or 3rd party ISO-based (ISO27006) that is currently followed by some of the STAR-level 2 auditors (and which is supported currently by the group but need to discuss further),
- Would like to invite any Auditors that are interested in contributing to the AGs development for HRS, IPY, UEM (see red '?' in progress status tab above) to contact me (Lefteris).
3. AoB
- Next CCMv4.0 AG dev. call is scheduled on March 26th, 5 pm EEST (7am PST / 10am EST / 4pm CET).
Action Points (APs)
AP1: Agni is kindly invited to start drafting the AGs for the BCR domain used as pilot,
AP2: All professionals are kindly invited to review the drafted auditing guidelines (currently written for TVM, GRC and DSP) to discuss during our next meeting,
AP3: Glenn was invited and accepted to contribute on the development of AGs for the IVS domain.
Please let me know if anything important is missed above.
Thank you all for your attendance and support.Best regards,------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------