Difference between revisions of "2013-05-29 TRAC"

From HL7 TSC
Jump to navigation Jump to search
(Created page with '__NOTOC__ ==TSC Risk Assessment Committee (TRAC) Agenda/Minutes == back to TRAC page ===Meeting Info/Attendees=== Category:2013 TSC Minutes {|border="1" cellpad…')
 
 
(2 intermediate revisions by the same user not shown)
Line 23: Line 23:
 
|colspan="2"|Chair/CTO ||colspan="2"|Members ||colspan="2"|Members  
 
|colspan="2"|Chair/CTO ||colspan="2"|Members ||colspan="2"|Members  
 
|-
 
|-
| ||Pat Van Dyke||.||Rick Haddorff|| ||Melva Peters
+
|x ||Pat Van Dyke||x||Rick Haddorff||x ||Melva Peters
 
|-
 
|-
| ||John Quinn || ||Austin Kreisler||.|||
+
| ||John Quinn ||x ||Austin Kreisler||.|||
  
 
|-
 
|-
Line 40: Line 40:
 
***Plan for review of [http://www.hl7.org/permalink/?GOM GOM] on regular basis (2013May version just released this week)
 
***Plan for review of [http://www.hl7.org/permalink/?GOM GOM] on regular basis (2013May version just released this week)
 
***Describe feedback loop
 
***Describe feedback loop
 +
***Review Security Risk Assessment Cookbook model
 
*How to address "issues"
 
*How to address "issues"
 
**Look at issues for mitigation and development of governance points for TSC  
 
**Look at issues for mitigation and development of governance points for TSC  
Line 51: Line 52:
 
===Minutes===
 
===Minutes===
 
'''Minutes/Conclusions Reached:'''<br/>
 
'''Minutes/Conclusions Reached:'''<br/>
 +
*Agenda review and approval - Pat Van Dyke
 +
** Austin comments that TRAC needs to look at Risk Assessment Governance project # 901 as discussed at the WGM.
 +
*Review minutes of [[2013-05-01 TRAC]] Austin moves approval of 5/1/minutes, Melva seconds. Melva and Rick abstain, approved.
 +
*Review [http://gforge.hl7.org/gf/download/docmanfileversion/7353/10487/ConsolidatedRiskAssessment20130501_reporting.xlsx reports] of "Issues" and those with impact=critical and likelihood=high that are not issues. These feed into the development of governance points and the development of mitigation strategies.
 +
**Need to start thinking about how to mitigate these risks. Walk through the impact=critical, likelihood=high for familiarization.
 +
***Noted that these are mostly related to SI 2
 +
***RiskID 30-31 regarding Tooling Strategy should be reviewed in light of the new Tooling Strategy but constrained by budget considerations. Pat suggests we define expectations for what we can accomplish with existing Tooling budget. A realistic perspective is also needed to address expectations of what updated tooling would attract for membership. Melva clarifies that the need for tools to implement is apparent but would compete with members/affiliates. Discovered risk added (207).
 +
***RiskID 31 it's no longer a high likelihood but now medium
 +
***Role of MU adoption in process impacts discussed.
 +
***RiskID 27 RE streamlined processes discussed with reference to SAIF and FHIR.
 +
***Risk assessment is not restricted to V3, needs to encompass all product families. Will Strong product family organization help developers streamline standards production. Governance points/mitigation may be to identify high-priority sets of products and creating product families around them.  We don't need to wait until FHIR goes DSTU to see if it works.
 +
***Mitigations for RiskID25 discussed and plans for future education on reconciliation. To create a governance point we need to measure the success of the mitigation strategies.
  
 +
For next time, build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium. Review the Risk assessment projects 890 and 901 for the TRAC role.
  
 +
Adjourned 11:08 AM
  
 
===Next Steps===
 
===Next Steps===
Line 61: Line 76:
 
|-
 
|-
 
|colspan="4" |'''Next Meeting/Preliminary Agenda Items'''<br/>
 
|colspan="4" |'''Next Meeting/Preliminary Agenda Items'''<br/>
*[[2013-05-29 TRAC]].
+
*[[2013-06-05 TRAC]].
 +
*Review the Risk assessment projects 890 and 901 for the TRAC role.
 +
* build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium.
 
|}
 
|}

Latest revision as of 15:09, 29 May 2013

TSC Risk Assessment Committee (TRAC) Agenda/Minutes

back to TRAC page

Meeting Info/Attendees

TRAC Meeting Minutes

Location: call 770-657-9270 using code 985371#
GoToMeeting ID: 660-939-197

Date: 2013-05-22
Time: 10:00 AM U.S. Eastern
Facilitator: Pat Van Dyke Note taker(s): Lynn Laakso
Quorum n/a
Chair/CTO Members Members
x Pat Van Dyke x Rick Haddorff x Melva Peters
John Quinn x Austin Kreisler .

Agenda

  • Agenda review and approval - Pat Van Dyke
  • Review minutes of 2013-05-01 TRAC
  • Review action items:
    • Lynn will create reports of "Issues" and those with impact=critical and likelihood=high that are not issues. These feed into the development of governance points and the development of mitigation strategies.
  • Overview of work to date - Risk assessment 20130501
    • What areas where review has been submitted and completed
      • Set review schedule for known sources of risk
      • Plan for review of GOM on regular basis (2013May version just released this week)
      • Describe feedback loop
      • Review Security Risk Assessment Cookbook model
  • How to address "issues"
    • Look at issues for mitigation and development of governance points for TSC
  • Areas submitted where review still needs to occur
    • T3F Strategic Initiative TSC Self Assessment results (See Original survey) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
    • Plan for review of impact: critical and likelihood: High



Minutes

Minutes/Conclusions Reached:

  • Agenda review and approval - Pat Van Dyke
    • Austin comments that TRAC needs to look at Risk Assessment Governance project # 901 as discussed at the WGM.
  • Review minutes of 2013-05-01 TRAC Austin moves approval of 5/1/minutes, Melva seconds. Melva and Rick abstain, approved.
  • Review reports of "Issues" and those with impact=critical and likelihood=high that are not issues. These feed into the development of governance points and the development of mitigation strategies.
    • Need to start thinking about how to mitigate these risks. Walk through the impact=critical, likelihood=high for familiarization.
      • Noted that these are mostly related to SI 2
      • RiskID 30-31 regarding Tooling Strategy should be reviewed in light of the new Tooling Strategy but constrained by budget considerations. Pat suggests we define expectations for what we can accomplish with existing Tooling budget. A realistic perspective is also needed to address expectations of what updated tooling would attract for membership. Melva clarifies that the need for tools to implement is apparent but would compete with members/affiliates. Discovered risk added (207).
      • RiskID 31 it's no longer a high likelihood but now medium
      • Role of MU adoption in process impacts discussed.
      • RiskID 27 RE streamlined processes discussed with reference to SAIF and FHIR.
      • Risk assessment is not restricted to V3, needs to encompass all product families. Will Strong product family organization help developers streamline standards production. Governance points/mitigation may be to identify high-priority sets of products and creating product families around them. We don't need to wait until FHIR goes DSTU to see if it works.
      • Mitigations for RiskID25 discussed and plans for future education on reconciliation. To create a governance point we need to measure the success of the mitigation strategies.

For next time, build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium. Review the Risk assessment projects 890 and 901 for the TRAC role.

Adjourned 11:08 AM

Next Steps

Actions (Include Owner, Action Item, and due date)
Next Meeting/Preliminary Agenda Items
  • 2013-06-05 TRAC.
  • Review the Risk assessment projects 890 and 901 for the TRAC role.
  • build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium.