Hi All - Can I be invited to this meeting, please?
Thank You!
------------------------------
Ashish Vashishtha
CISSP, CRISC, CISM, CISA, CDPSE, HITRUST CCSFP, AWS Cloud Practitioner
------------------------------
Original Message:
Sent: Jul 01, 2020 11:01:44 AM
From: Tony Snook
Subject: CAIQv4 7/1/20 Minutes
Please see the minutes below from today's CAIQv4 meeting.
Feel free to check out our living notes/minutes document here anytime. We are also looking for additional reviewers, so please reach out to me if you'd like to help!
Attendees:- Harish
- Roberto
- Lefteris
- Tony
- Erik
- Michael
Agenda:- Status Check on previous assignments. Two domains Done!
- Re: "risk-based approach", decide if we adding additional column(s) or methodology. Also are we publishing "Objective" and/or "Risk"?
- Re: SSRM, need to decide/adopt headers, decisions, need leadership to weigh in
- Continue discussion on multiple questions implying there should be more than one control. Update from ERT's call earlier today: controls will likely be broken up in this case, as they should be discreetly testable.
AIs:- Re: objective and risk columns, we should publish "Objective" and consider "Risk" optional and only for reviewers' benefit (Methodology updated accordingly). Need to get leadership's input on publishing "Objective"
- Re: SSRM columns, verbiage is good, except need to decide on final title for primary/aggregate header, also need to clean up, add drop-downs, and tag leadership for review
- Might need to add guidance for: if one CAIQ response is a No, the control response should also be No. That said, we might end up with 1:1 for control:question after ERT makes their pass.
- All attendees have domain assignments for additional CAIQv4 inputs, tracked on the Status tab.
Next Meeting: Wednesday, July 8, 5:00 - 6:00 PM UTC https://zoom.us/j/185125060
Inputs Document - remember to follow the review methodology on the Introduction tab.