= Audit Meeting 20090115 =

Present: iang, Philipp D.

== Security Manual ==
 * Concern that SecurityManual is too big
 * Should be broken up into a series of documents
 * no objection, perhaps Background Check is first of those?

=== Background checks ===

 * Background checks should be done on all core groups
   * sysadms
   * board
   * software persons
   * support
 * New sysadms for critical team
   * Philipp Dunkel contact Teus to discuss
   * Teus email of today (too late for meeting)

=== Disaster Recovery ===

 * Distributed list with full contact details for Disaster Recovery
   *   sysadms
   *   board
   *   software persons
   *   support
 * Same group as background check
   * Info is determined in background check.
   * Each person: phone number + chat + email + physical address.
 * People in team give up privacy for the privacy of others.
 * The tech of how the doc is distributed is for another day.
 * Need to have these people react fast.
 * This should be documented in the Disaster Recovery section of SM.

=== Software development ===
 *  define the responsibility for software development
 * "and at this point it gets handed over to sysadm"
 * "patches cannot be installed by softdev"

=== Support ===
 * should be very simple, only half a page for now
 * contact G and check it out.

== Roots / OA ==

 * Assume a subroot for Organisation.  Contact G and T.
 * PD uncomfortable with lack of progress on OA.
 * list of problems is at [[PolicyDrafts/OrganisationAssurance]]
 * should not be so much work to bang together a manual for Orgs that addresses these issues.

== Misc ==

 * Matthias Subik.  Kill those drives.  iang to call.
 * Text for notifying CCA to people.
   * look at what should be in there.
   * Make the text.  board to set.