Cloud Controls Matrix

Auditing Guidelines dev. Team Call - July 30th [Meeting Minutes]

  • 1.  Auditing Guidelines dev. Team Call - July 30th [Meeting Minutes]

    Posted Aug 04, 2021 01:38:00 AM
    Edited by Lefteris Skoutaris Aug 04, 2021 01:45:03 AM
    Hi everyone,
                        please find below the current status update for the CCM AGs development activity and minutes from our recent call session.

    Relevant documentation:


    Agenda Items (AIs):

    1. Progress status of Auditing Guidelines (AGs) development
    2. AoB


    Participants (8):
    Parminder Bawa
    Renu Bedi
    Madhav Chablani
    Angell Duran
    Sanjeev Gupta
    Agnidipta Sarkar
    Lefteris Skoutaris (PM)
    Mariela

     

    Meeting Minutes (MMs)

    1. Progress status of Auditing Guidelines (AGs) development,
    • The open peer review of the auditing guidelines ended on 27.7,
    • The WG has moved on to the next phase, which is addressing the feedback that was received from the community,
    • The panel agreed to split CCM into 4 groups of domains and equal number of reviewers groups, each tasked to drive the final review and resolve comments at the corresponding auditing guidelines,
    • With respect to this final review and methodology that is to be followed, it is recommended that the teams go over comment by comment, discuss, accept/reject suggestions and justify decisions taken (no comments are to be deleted/removed), and finally apply changes to the guidelines where deemed necessary,
    • Sanjeev offered to lead on Group A and the final review for the CCM domains under the same group (see snapshot below),
    • Agnidipta offered to lead on Group D and the final review for the CCM domains under the same group (see snapshot below),
    • Lefteris (PM) to contact the auditors under groups B and C, looking for an expert to lead on the reviews on the AGs in those domains (AP1),
    • Sanjeev proposed that leaders of the teams present a status update on the progress and approach followed per group every 2 weeks. Objective is the more efficient alignment between the groups and parallel works,
    • The deadline for the final review is set approx. to 6 weeks, until September 17th.


    Snapshot taken from the auditing guidelines document

    2. AoB

    • Next CCMv4.0 AG dev. call is scheduled on August 6th, 5 pm EEST (7am PST / 10am EST / 4pm CET).
    • Please navigate to the 'Events' tab here in Circle to find the call information for all upcoming CCM WG meetings.

    Action Points (APs)

    Lefteris (PM) to contact the auditors under groups B and C, looking for an expert to lead on the reviews on the AGs in those domains.


    Please let me know if anything important is missed above. 

    Thank you all for your attendance and support.
    Best regards,

    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------