Attendees:
John DiMaria
Claude Baudoin
Morris# Jason
Rachelle Summers
Eric Hibbard
David Harris
Hamid ?
Agenda:
- Standards Report: Eric Hibbard (Chair)
- ISO/IEC 22123-1 Final document sent out for approval
- -2 : Some comments still being resolved. Expect FDIS in about 2 weeks
- Next SC/38 meeting is scheduled for the week of February 14th in Australia
- ISO/IEC 27017 and 27018 are expected to be revised due to the 2022 version of ISO/IEC 27001. No word yet.
- ISO/IEC 27701-1 Ballot is underway
- SC 38 Liason Report (Attached)
- Reviewed the SC 38 Liason Report - CSA would also like to explore taking ISO/IEC TR 3445; Information technology - Cloud computing - Audit of cloud services to an IS, and would like to suggest a PWI. We will be making a formal package in the coming weeks. We think it has great potential for the auditing community and can fill a gap that has existed for many years.
- 2023 Charter - Objectives
- ACTION: John DiMaria is to post the current charter to google docs for sharing and gathering comments for 2023
- Peer Review ResultsOMG Comment Period: Proposal for a Standard Cloud Service Agreement Template
- Peer Review is now closed, and Claude Baudoin will revise and submit a final draft over the coming weeks.
- Open dialogue
- Data Governance
- David Harris reported that due to a lack of collaborative interest in the topic, from a Data Governance paper, he will be shifting to what appears to be missing from all Data Governance papers, that being Domain Vocabularies/Taxonomies/rules.
The intent is to publish domain-specific vocabularies such that existing data governance practices and initiatives like Master Data Management can elect to include OMG standard domain vocabularies; the approach will initiate with focusing on (4) domains, Privacy, Trade Control, Intellectual Property and Information Security.
- There will be a call for volunteers to author once David is ready with the outline.
The next call is scheduled for Thursday, February 16th
This will be a 'referenceable' standards document to fill the gap existing frameworks and standards papers do not deliver what is required to execute at an extended scale.
------------------------------
JOHN DIMARIA
ME
CSA
[email protected]------------------------------