#80: assessment of GPC vs. data privacy and security standards
--------------------------+-----------------------------
Reporter: dconnolly | Owner: mish
Type: task | Status: assigned
Priority: major | Milestone: data-sec-check
Component: data-sharing | Resolution:
Keywords: security | Blocked By: 79
Blocking: |
--------------------------+-----------------------------
Comment (by mish):
As I read it,
* 3.9 lays out our security plan,
* 3.10 is an assessment of our performance to the plan,
* 3.11 is the risk assessment/mediation given our performance, and
* 3.12 is the actual "we're complete"
GPC has completed the plan, we still need to do a survey to ask each sites
their compliance with:
3.3.1 Compliance with Laws
3.3.2 Security Risk Assessment and Policies
3.3.3 Breaches
3.3.4 Training
For 3.10 - in the case of WISC, I can say that we comply with 3.3.1,
3.3.3, 3.3.4 in full. But 3.3.2 is lacking written documentation.
For 3.11 - for WISC the mitigation plan would be to complete the
documentation by Aug 31st.
Once the mitigation plans are in place, we can claim that we have achieved
3.12 Note: we do not have to have all of the risks mitigated, we simply
need to have mitigation plans in place to be complete.
--
Ticket URL:
<http://informatics.gpcnetwork.org/trac/Project/ticket/80#comment:33>
gpc-informatics <http://informatics.gpcnetwork.org/>
Greater Plains Network - Informatics
_______________________________________________
Gpc-dev mailing list
[email protected]
http://listserv.kumc.edu/mailman/listinfo/gpc-dev