ISC Meeting September 15, 2022
Andreas Fuchsberger - CSA
- Approve previous minutes
- Review recent response to SC27 on CSA and ISC activities
- Update on Data Governance White Paper
- Standards update (could be part of item 1)
- Previous minutes were reviewed and approved with no changes.
- Reviewed and discussed the recent response to SC27 on CSA and ISC activities (files attached), Both incoming and outgoing reports.
- Discussed Data Governance white paper and DG working group
David Harris to send an outline and information so a formal "Call for participation" can be sent out.ACTION:
John Yeoh will send David the call for the participation form template.
- ISO/IEC 27001 is still expected to be released in November. Another complete update of 27001 is going has been proposed. The US delegation has requested more details as to what the program scope will look like. How is the 4th addition going to be addressed? There has been some hard lobbying by some to eliminate Annex A. This would have the potential for some disastrous results. The current target for release is April 2025, which is very aggressive.
- The IoT project with CTA is stalled until we get a formal project plan. The committee has strongly recommended that the CTA focuses on the international community as well as the US. Staying close to the US government and allowing them to provide oversight may kill any program uptake.
John DiMaria will follow up with the CTA on progress.
- An inquiry from a member asked about ISO/IEC TR 3445:2022 Information technology - Cloud computing - Audit of cloud services, and the ISC interest. TRs are typically informational only, but there is an opportunity to submit a request to have this turned into a guidance document. If successful, it could provide some much-needed guidance.
- We may even be able to suggest an IS or TS. Great opportunity for CSA to provide guidance and input, allowing for the inclusion of CSA best practices.
Eric Hibbard track this one, procure a copy and investigate on the possibilities of turning this into guidance.
The next meeting is scheduled for October 20th 2022