Audit Meeting 20090115

Present: iang, Philipp D.

Security Manual

• Concern that SecurityManual is too big

• Should be broken up into a series of documents
• no objection, perhaps Background Check is first of those?

Background checks

• Background checks should be done on all core groups
  • sysadms
  • board
  • software persons
  • support
• New sysadms for critical team
  • Philipp Dunkel contact Teus to discuss
  • Teus email of today (too late for meeting)

Disaster Recovery

• Distributed list with full contact details for Disaster Recovery
  • sysadms
  • board
  • software persons
  • support
• Same group as background check
  • Info is determined in background check.
  • Each person: phone number + chat + email + physical address.
• People in team give up privacy for the privacy of others.
• The tech of how the doc is distributed is for another day.
• Need to have these people react fast.
• This should be documented in the Disaster Recovery section of SM.

Software development

• define the responsibility for software development
• "and at this point it gets handed over to sysadm"
• "patches cannot be installed by softdev"

Support

• should be very simple, only half a page for now
• contact G and check it out.

Roots / OA

• Assume a subroot for Organisation. Contact G and T.
• PD uncomfortable with lack of progress on OA.

• list of problems is at PolicyDrafts/OrganisationAssurance

• should not be so much work to bang together a manual for Orgs that addresses these issues.

Misc

• Matthias Subik. Kill those drives. iang to call.
• Text for notifying CCA to people.
  • look at what should be in there.
  • Make the text. board to set.