Dear members,
Below you can find the minutes from our resumed working group call on the 23rd of April.
Minutes:
The team discussed the adoption of the European Cloud Code of Conduct by CSA and the potential distribution of this working group to other groups, that might have a privacy focus. A second option was creating a mapping document between the CSA Code of Conduct and new EU code of conduct to ease the transition for the organizations that had originally implemented the CSA CoC.
Implementing CSA Code of Conduct Transition
Two main activities for the group, were proposed: one that could be started immediately and another more general one. The first activity is to implement the transition from the CSA Code of Conduct to the European Cloud Code of Conduct. The second activity, still in the planning stage, is to establish a PLA working group to serve as a shared resource for other groups requiring data protection expertise. Paolo suggested creating a privacy report to showcase the group's work, which would need to be experimentally evaluated for feasibility. The group agreed to proceed with the first activity and to consider the second one based on future workload and needs.
Code of Conduct Controls and Gaps Discussion
Martim presented a plan to list all code of conduct controls in one column, followed by a column for working group members to identify scope and gaps. This approach was to be the same as the CCPA mapping. Mark discussed the potential of using this method to identify how many organizations might benefit from the new scope. Louis found value in finding gaps and mapping.
Balancing Privacy and EU Code Adoption
Louis expressed concerns about the team losing focus on privacy matters. He emphasized that privacy is a crucial aspect of governance and that the team has members with expertise in this area. Louis suggested that the team should continue to prioritize privacy issues while also contributing to other teams, especially those dealing with legislation. He highlighted the importance of balancing tasks to avoid overloading the team.
Working Group's Shift to Privacy Focus
The group agreed that the current mapping of the CSA code and the EU one should be the final mapping activity. After this exercise, the group plans to concentrate on broader privacy topics across CSA's various working groups.
Next steps:
Martim, Isabella, and Jacopo will set up a comparison table for this mapping, assigning specific controls to individuals. It will be a comparison table between the CSA Code of Conduct controls and the European Cloud Code of Conduct. The group will then review the initial findings, similar to previous mapping efforts.
Next working group call:
Date: Thursday, 9 May
Time: 08:00 a.m PDT / 11:00 a.m. EDT / 15:00 GMT
URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09 (Meeting ID: 829 8738 2695, Passcode: 794440)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------