#80: assessment of GPC vs. data privacy and security standards
--------------------------+-----------------------------
 Reporter:  dconnolly     |       Owner:  mish
     Type:  task          |      Status:  assigned
 Priority:  major         |   Milestone:  data-sec-check
Component:  data-sharing  |  Resolution:
 Keywords:  security      |  Blocked By:  79
 Blocking:                |
--------------------------+-----------------------------

Comment (by mish):

 As I read it,
 * 3.9 lays out our security plan,
 * 3.10 is an assessment of our performance to the plan,
 * 3.11 is the risk assessment/mediation given our performance, and
 * 3.12 is the actual "we're complete"

 GPC has completed the plan, we still need to do a survey to ask each sites
 their compliance with:
 3.3.1 Compliance with Laws
 3.3.2 Security Risk Assessment and Policies
 3.3.3 Breaches
 3.3.4 Training


 For 3.10 - in the case of WISC, I can say that we comply with 3.3.1,
 3.3.3, 3.3.4 in full. But 3.3.2 is lacking written documentation.

 For 3.11 - for WISC the mitigation plan would be to complete the
 documentation by Aug 31st.

 Once the mitigation plans are in place, we can claim that we have achieved
 3.12 Note: we do not have to have all of the risks mitigated, we simply
 need to have mitigation plans in place to be complete.

--
Ticket URL: 
<http://informatics.gpcnetwork.org/trac/Project/ticket/80#comment:33>
gpc-informatics <http://informatics.gpcnetwork.org/>
Greater Plains Network - Informatics
_______________________________________________
Gpc-dev mailing list
[email protected]
http://listserv.kumc.edu/mailman/listinfo/gpc-dev

Reply via email to