Difference between revisions of "2013-06-05 TRAC"

From HL7 TSC
Jump to navigation Jump to search
 
Line 23: Line 23:
 
|colspan="2"|Chair/CTO ||colspan="2"|Members ||colspan="2"|Members  
 
|colspan="2"|Chair/CTO ||colspan="2"|Members ||colspan="2"|Members  
 
|-
 
|-
| ||Pat Van Dyke|| ||Rick Haddorff|| ||Melva Peters
+
|x ||Pat Van Dyke|| x||Rick Haddorff|| x ||Melva Peters
 
|-
 
|-
| ||John Quinn || ||Austin Kreisler||.|||
+
| ||John Quinn ||x ||Austin Kreisler||.|||
  
 
|-
 
|-
Line 46: Line 46:
 
***Describe feedback loop
 
***Describe feedback loop
 
***Review Security Risk Assessment Cookbook model
 
***Review Security Risk Assessment Cookbook model
 
 
 
 
  
  
Line 55: Line 51:
 
===Minutes===
 
===Minutes===
  
'''Minutes/Conclusions Reached:'''<br/>
+
'''Minutes/Conclusions Reached:'''<br/> convened 10:02 AM
 
+
*Agenda review and approval - Pat Van Dyke
 +
*Areas submitted where review still needs to occur
 +
**(Assigned to Melva) T3F Strategic Initiative TSC Self Assessment [http://lists.hl7.org/read/attachment/223431/2/T3F_Assessment_survey_results20121024.pdf results] (See [http://gforge.hl7.org/gf/download/docmanfileversion/7262/10203/Survey_30497710.pdf Original survey]) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
 +
*Review minutes of [[2013-05-29 TRAC]] Rick moves and Melva seconds approval. Unanimously approved.
 +
*Review the Risk assessment projects 890 and 901 for the TRAC role.
 +
**See [[TRAC]] page - #901 is raison d'etre - "Risk Assessment and Governance for HL7 Architecture Program "
 +
**[http://www.hl7.org/Special/committees/tsc/projects.cfm?action=edit&ProjectNumber=890 Project 890] what is relationship of "TSC Governance System for HL7 Business Architecture" - what it doesn't say is that Risk assessment is vital to creating governance points. 901 talks about doing the work. Austin suggests modifying 890 to accommodate the risk assessment to identify risks that need to be managed by governance points, and close 901. 890 tasks TSC and not ArB with setting those governance points from risk assessments but it doesn't make sense to track the two projects separately. Indicate the risk assessment is the input into the generation of governance points and shut down 901.
 +
**We still need to identify if changes to the GOM are needed based on the governance points identified.
 +
**ACTION ITEM: Rick will create changes to 890 as discussed for further review.
 +
*Build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium
 +
**Refer to [http://gforge.hl7.org/gf/download/docmanfileversion/7363/10517/ConsolidatedRiskAssessment20130529.xlsx Risk Assessment reports]
 +
**Critical/Medium on submission of ANS (7, 8, 9) mitigation strategies in place for staff to reminders.
 +
**Further updates made to [http://gforge.hl7.org/gf/download/docmanfileversion/7369/10564/ConsolidatedRiskAssessment20130605.xlsx  spreadsheet]
 +
*for next week: Rick review 901 scope change, Melva bring review of T3F in two weeks.
 +
*Review critical / high and look at governance on those.
  
 +
Adjourned 10:59 AM
  
 
===Next Steps===
 
===Next Steps===
Line 63: Line 74:
 
|-
 
|-
 
|colspan="4" |'''Actions''' ''(Include Owner, Action Item, and due date)''<br/>
 
|colspan="4" |'''Actions''' ''(Include Owner, Action Item, and due date)''<br/>
*  
+
* Melva review T3F red and yellow against existing risk items; if there isn't one then develop new risk items
 +
* Rick will create changes to 890 as discussed for further review
 
|-  
 
|-  
 
|colspan="4" |'''Next Meeting/Preliminary Agenda Items'''<br/>
 
|colspan="4" |'''Next Meeting/Preliminary Agenda Items'''<br/>
 
*[[2013-06-12 TRAC]].
 
*[[2013-06-12 TRAC]].
 
*Lynn may be at jury duty on the 12th.
 
*Lynn may be at jury duty on the 12th.
 +
*Melva offers regrets since she's attending the Pharmacy OOC
 
|}
 
|}

Latest revision as of 15:07, 5 June 2013

TSC Risk Assessment Committee (TRAC) Agenda/Minutes

back to TRAC page

Meeting Info/Attendees

TRAC Meeting Minutes

Location: call 770-657-9270 using code 985371#
GoToMeeting ID: 660-939-197

Date: 2013-06-05
Time: 10:00 AM U.S. Eastern
Facilitator: Pat Van Dyke Note taker(s): Lynn Laakso
Quorum n/a
Chair/CTO Members Members
x Pat Van Dyke x Rick Haddorff x Melva Peters
John Quinn x Austin Kreisler .

Agenda

  • Agenda review and approval - Pat Van Dyke
  • Review minutes of 2013-05-29 TRAC
  • Review the Risk assessment projects 890 and 901 for the TRAC role.
    • See TRAC page - #901 is raison d'etre - "Risk Assessment and Governance for HL7 Architecture Program "
    • Project 890 what is relationship of "TSC Governance System for HL7 Business Architecture"
  • Build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium
  • Areas submitted where review still needs to occur
    • T3F Strategic Initiative TSC Self Assessment results (See Original survey) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
  • Overview of work remaining
    • What areas where review has been submitted and completed
      • Set review schedule for known sources of risk
      • Plan for review of GOM on regular basis (2013May version just released this week)
      • Describe feedback loop
      • Review Security Risk Assessment Cookbook model


Minutes

Minutes/Conclusions Reached:
convened 10:02 AM

  • Agenda review and approval - Pat Van Dyke
  • Areas submitted where review still needs to occur
    • (Assigned to Melva) T3F Strategic Initiative TSC Self Assessment results (See Original survey) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
  • Review minutes of 2013-05-29 TRAC Rick moves and Melva seconds approval. Unanimously approved.
  • Review the Risk assessment projects 890 and 901 for the TRAC role.
    • See TRAC page - #901 is raison d'etre - "Risk Assessment and Governance for HL7 Architecture Program "
    • Project 890 what is relationship of "TSC Governance System for HL7 Business Architecture" - what it doesn't say is that Risk assessment is vital to creating governance points. 901 talks about doing the work. Austin suggests modifying 890 to accommodate the risk assessment to identify risks that need to be managed by governance points, and close 901. 890 tasks TSC and not ArB with setting those governance points from risk assessments but it doesn't make sense to track the two projects separately. Indicate the risk assessment is the input into the generation of governance points and shut down 901.
    • We still need to identify if changes to the GOM are needed based on the governance points identified.
    • ACTION ITEM: Rick will create changes to 890 as discussed for further review.
  • Build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium
    • Refer to Risk Assessment reports
    • Critical/Medium on submission of ANS (7, 8, 9) mitigation strategies in place for staff to reminders.
    • Further updates made to spreadsheet
  • for next week: Rick review 901 scope change, Melva bring review of T3F in two weeks.
  • Review critical / high and look at governance on those.

Adjourned 10:59 AM

Next Steps

Actions (Include Owner, Action Item, and due date)
  • Melva review T3F red and yellow against existing risk items; if there isn't one then develop new risk items
  • Rick will create changes to 890 as discussed for further review
Next Meeting/Preliminary Agenda Items
  • 2013-06-12 TRAC.
  • Lynn may be at jury duty on the 12th.
  • Melva offers regrets since she's attending the Pharmacy OOC