Difference between revisions of "2013-06-05 TRAC"
Jump to navigation
Jump to search
(Created page with '__NOTOC__ ==TSC Risk Assessment Committee (TRAC) Agenda/Minutes == back to TRAC page ===Meeting Info/Attendees=== Category:2013 TSC Minutes {|border="1" cellpad…') |
|||
(One intermediate revision by the same user not shown) | |||
Line 10: | Line 10: | ||
| width="0%" colspan="2" align="left" style="background:#f0f0f0;"|'''TRAC Meeting Minutes''' <br/> | | width="0%" colspan="2" align="left" style="background:#f0f0f0;"|'''TRAC Meeting Minutes''' <br/> | ||
'''Location: call 770-657-9270 using code 985371#'''<br/> GoToMeeting ID: [https://www.gotomeeting.com/join/660939197 660-939-197 ] | '''Location: call 770-657-9270 using code 985371#'''<br/> GoToMeeting ID: [https://www.gotomeeting.com/join/660939197 660-939-197 ] | ||
− | | width="0%" colspan="1" align="left" style="background:#f0f0f0;"|'''Date: 2013-05 | + | | width="0%" colspan="1" align="left" style="background:#f0f0f0;"|'''Date: 2013-06-05 '''<br/> '''Time: 10:00 AM U.S. Eastern''' |
|- | |- | ||
| width="0%" colspan="2" align="right"|'''Facilitator''': Pat Van Dyke | | width="0%" colspan="2" align="right"|'''Facilitator''': Pat Van Dyke | ||
Line 23: | Line 23: | ||
|colspan="2"|Chair/CTO ||colspan="2"|Members ||colspan="2"|Members | |colspan="2"|Chair/CTO ||colspan="2"|Members ||colspan="2"|Members | ||
|- | |- | ||
− | |x ||Pat Van Dyke||x||Rick Haddorff||x ||Melva Peters | + | |x ||Pat Van Dyke|| x||Rick Haddorff|| x ||Melva Peters |
|- | |- | ||
| ||John Quinn ||x ||Austin Kreisler||.||| | | ||John Quinn ||x ||Austin Kreisler||.||| | ||
Line 46: | Line 46: | ||
***Describe feedback loop | ***Describe feedback loop | ||
***Review Security Risk Assessment Cookbook model | ***Review Security Risk Assessment Cookbook model | ||
− | |||
− | |||
− | |||
− | |||
Line 55: | Line 51: | ||
===Minutes=== | ===Minutes=== | ||
− | '''Minutes/Conclusions Reached:'''<br/> | + | '''Minutes/Conclusions Reached:'''<br/> convened 10:02 AM |
− | + | *Agenda review and approval - Pat Van Dyke | |
+ | *Areas submitted where review still needs to occur | ||
+ | **(Assigned to Melva) T3F Strategic Initiative TSC Self Assessment [http://lists.hl7.org/read/attachment/223431/2/T3F_Assessment_survey_results20121024.pdf results] (See [http://gforge.hl7.org/gf/download/docmanfileversion/7262/10203/Survey_30497710.pdf Original survey]) - review red and yellow against existing risk items; if there isn't one then develop new risk items. | ||
+ | *Review minutes of [[2013-05-29 TRAC]] Rick moves and Melva seconds approval. Unanimously approved. | ||
+ | *Review the Risk assessment projects 890 and 901 for the TRAC role. | ||
+ | **See [[TRAC]] page - #901 is raison d'etre - "Risk Assessment and Governance for HL7 Architecture Program " | ||
+ | **[http://www.hl7.org/Special/committees/tsc/projects.cfm?action=edit&ProjectNumber=890 Project 890] what is relationship of "TSC Governance System for HL7 Business Architecture" - what it doesn't say is that Risk assessment is vital to creating governance points. 901 talks about doing the work. Austin suggests modifying 890 to accommodate the risk assessment to identify risks that need to be managed by governance points, and close 901. 890 tasks TSC and not ArB with setting those governance points from risk assessments but it doesn't make sense to track the two projects separately. Indicate the risk assessment is the input into the generation of governance points and shut down 901. | ||
+ | **We still need to identify if changes to the GOM are needed based on the governance points identified. | ||
+ | **ACTION ITEM: Rick will create changes to 890 as discussed for further review. | ||
+ | *Build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium | ||
+ | **Refer to [http://gforge.hl7.org/gf/download/docmanfileversion/7363/10517/ConsolidatedRiskAssessment20130529.xlsx Risk Assessment reports] | ||
+ | **Critical/Medium on submission of ANS (7, 8, 9) mitigation strategies in place for staff to reminders. | ||
+ | **Further updates made to [http://gforge.hl7.org/gf/download/docmanfileversion/7369/10564/ConsolidatedRiskAssessment20130605.xlsx spreadsheet] | ||
+ | *for next week: Rick review 901 scope change, Melva bring review of T3F in two weeks. | ||
+ | *Review critical / high and look at governance on those. | ||
+ | Adjourned 10:59 AM | ||
===Next Steps=== | ===Next Steps=== | ||
Line 63: | Line 74: | ||
|- | |- | ||
|colspan="4" |'''Actions''' ''(Include Owner, Action Item, and due date)''<br/> | |colspan="4" |'''Actions''' ''(Include Owner, Action Item, and due date)''<br/> | ||
− | * | + | * Melva review T3F red and yellow against existing risk items; if there isn't one then develop new risk items |
+ | * Rick will create changes to 890 as discussed for further review | ||
|- | |- | ||
|colspan="4" |'''Next Meeting/Preliminary Agenda Items'''<br/> | |colspan="4" |'''Next Meeting/Preliminary Agenda Items'''<br/> | ||
*[[2013-06-12 TRAC]]. | *[[2013-06-12 TRAC]]. | ||
*Lynn may be at jury duty on the 12th. | *Lynn may be at jury duty on the 12th. | ||
+ | *Melva offers regrets since she's attending the Pharmacy OOC | ||
|} | |} |
Latest revision as of 15:07, 5 June 2013
TSC Risk Assessment Committee (TRAC) Agenda/Minutes
back to TRAC page
Meeting Info/Attendees
TRAC Meeting Minutes Location: call 770-657-9270 using code 985371# |
Date: 2013-06-05 Time: 10:00 AM U.S. Eastern | |
Facilitator: Pat Van Dyke | Note taker(s): Lynn Laakso |
Quorum | n/a | ||||
Chair/CTO | Members | Members | |||
x | Pat Van Dyke | x | Rick Haddorff | x | Melva Peters |
John Quinn | x | Austin Kreisler | . | ||
Agenda
- Agenda review and approval - Pat Van Dyke
- Review minutes of 2013-05-29 TRAC
- Review the Risk assessment projects 890 and 901 for the TRAC role.
- See TRAC page - #901 is raison d'etre - "Risk Assessment and Governance for HL7 Architecture Program "
- Project 890 what is relationship of "TSC Governance System for HL7 Business Architecture"
- Build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium
- Refer to Risk Assessment reports
- Areas submitted where review still needs to occur
- T3F Strategic Initiative TSC Self Assessment results (See Original survey) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
- Overview of work remaining
- What areas where review has been submitted and completed
- Set review schedule for known sources of risk
- Plan for review of GOM on regular basis (2013May version just released this week)
- Describe feedback loop
- Review Security Risk Assessment Cookbook model
- What areas where review has been submitted and completed
Minutes
Minutes/Conclusions Reached:
convened 10:02 AM
- Agenda review and approval - Pat Van Dyke
- Areas submitted where review still needs to occur
- (Assigned to Melva) T3F Strategic Initiative TSC Self Assessment results (See Original survey) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
- Review minutes of 2013-05-29 TRAC Rick moves and Melva seconds approval. Unanimously approved.
- Review the Risk assessment projects 890 and 901 for the TRAC role.
- See TRAC page - #901 is raison d'etre - "Risk Assessment and Governance for HL7 Architecture Program "
- Project 890 what is relationship of "TSC Governance System for HL7 Business Architecture" - what it doesn't say is that Risk assessment is vital to creating governance points. 901 talks about doing the work. Austin suggests modifying 890 to accommodate the risk assessment to identify risks that need to be managed by governance points, and close 901. 890 tasks TSC and not ArB with setting those governance points from risk assessments but it doesn't make sense to track the two projects separately. Indicate the risk assessment is the input into the generation of governance points and shut down 901.
- We still need to identify if changes to the GOM are needed based on the governance points identified.
- ACTION ITEM: Rick will create changes to 890 as discussed for further review.
- Build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium
- Refer to Risk Assessment reports
- Critical/Medium on submission of ANS (7, 8, 9) mitigation strategies in place for staff to reminders.
- Further updates made to spreadsheet
- for next week: Rick review 901 scope change, Melva bring review of T3F in two weeks.
- Review critical / high and look at governance on those.
Adjourned 10:59 AM
Next Steps
Actions (Include Owner, Action Item, and due date)
| |||
Next Meeting/Preliminary Agenda Items
|