...
- Identify key actors in Blueprint Architecture (Membership Manager, Proxy Operator, etc)
- Identify Policies Required for Compliance with Snctfi
- Identify Example Policies from other infrastructures to serve as inspiration
- Produce a training module to enable Research Communities to have a basic starter pack for policies
- Introduce the concept of frameworks and policies, why are they important
- Introduce Snctfi
- Encourage RC actors to make policy decisions (e.g. log retention, minimum assurance etc)
- Translate those decisions into policy templates
- Q & A
- Place templates on the AARC Website and produce an AARC Guideline document that links to each piece
Assumptions
- RCs/Infrastructures may not have a security focussed person, could just be a PI. Definitely can't assume CSIRT body
- Those using this policy pack are following the AARC blueprint
...
| Action | Status | Who |
|---|---|---|
| Reword "Research Community" to Infrastructure | Hannah | |
| IR Procedure Template | Hannah | |
| AUP Template | Ian | |
| Membership Management Template | Uros | |
| CoCov2 Privacy Policy Template | Hannah | |
| Check whether CoCov2 can be our "policy" | Uros | |
| Send an update to Irina | Hannah | |
| Consider DPIA | Uros | |
| Put on AARC Website in a modular format | ... | |
| Ask David about RAF and Assurance Profiles | Uros |