2013-05-29 TRAC
Jump to navigation
Jump to search
TSC Risk Assessment Committee (TRAC) Agenda/Minutes
back to TRAC page
Meeting Info/Attendees
| TRAC Meeting Minutes Location: call 770-657-9270 using code 985371# |
Date: 2013-05-22 Time: 10:00 AM U.S. Eastern | |
| Facilitator: Pat Van Dyke | Note taker(s): Lynn Laakso | |
| Quorum | n/a | ||||
| Chair/CTO | Members | Members | |||
| x | Pat Van Dyke | x | Rick Haddorff | x | Melva Peters |
| John Quinn | x | Austin Kreisler | . | ||
Agenda
- Agenda review and approval - Pat Van Dyke
- Review minutes of 2013-05-01 TRAC
- Review action items:
- Lynn will create reports of "Issues" and those with impact=critical and likelihood=high that are not issues. These feed into the development of governance points and the development of mitigation strategies.
- Overview of work to date - Risk assessment 20130501
- What areas where review has been submitted and completed
- Set review schedule for known sources of risk
- Plan for review of GOM on regular basis (2013May version just released this week)
- Describe feedback loop
- Review Security Risk Assessment Cookbook model
- What areas where review has been submitted and completed
- How to address "issues"
- Look at issues for mitigation and development of governance points for TSC
- Areas submitted where review still needs to occur
- T3F Strategic Initiative TSC Self Assessment results (See Original survey) - review red and yellow against existing risk items; if there isn't one then develop new risk items.
- Plan for review of impact: critical and likelihood: High
Minutes
Minutes/Conclusions Reached:
- Agenda review and approval - Pat Van Dyke
- Austin comments that TRAC needs to look at Risk Assessment Governance project # 901 as discussed at the WGM.
- Review minutes of 2013-05-01 TRAC Austin moves approval of 5/1/minutes, Melva seconds. Melva and Rick abstain, approved.
- Review reports of "Issues" and those with impact=critical and likelihood=high that are not issues. These feed into the development of governance points and the development of mitigation strategies.
- Need to start thinking about how to mitigate these risks. Walk through the impact=critical, likelihood=high for familiarization.
- Noted that these are mostly related to SI 2
- RiskID 30-31 regarding Tooling Strategy should be reviewed in light of the new Tooling Strategy but constrained by budget considerations. Pat suggests we define expectations for what we can accomplish with existing Tooling budget. A realistic perspective is also needed to address expectations of what updated tooling would attract for membership. Melva clarifies that the need for tools to implement is apparent but would compete with members/affiliates. Discovered risk added (207).
- RiskID 31 it's no longer a high likelihood but now medium
- Role of MU adoption in process impacts discussed.
- RiskID 27 RE streamlined processes discussed with reference to SAIF and FHIR.
- Risk assessment is not restricted to V3, needs to encompass all product families. Will Strong product family organization help developers streamline standards production. Governance points/mitigation may be to identify high-priority sets of products and creating product families around them. We don't need to wait until FHIR goes DSTU to see if it works.
- Mitigations for RiskID25 discussed and plans for future education on reconciliation. To create a governance point we need to measure the success of the mitigation strategies.
- Need to start thinking about how to mitigate these risks. Walk through the impact=critical, likelihood=high for familiarization.
For next time, build out process for setting governance points and metrics e.g. RiskID 25 and look at critical/medium. Review the Risk assessment projects 890 and 901 for the TRAC role.
Adjourned 11:08 AM
Next Steps
| Actions (Include Owner, Action Item, and due date) | |||
Next Meeting/Preliminary Agenda Items
|
