Versions Compared

Old Version 13

changes.mady.by.user Ann West (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Ann West (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Click on the column headings to sort.

{:=
Wiki Markup
Advanced Tables - Table Plus
columnTypes
I,/,S,S,S,S

#

Date

Doc

Who/When

What

Comments

1

April 18

IAAF

Audit Community Call

Line 484: Replace audit with engagement in first sentence of 4.2 Audit Process and Report

 

2

April 18

IAAF

Audit Community Call

Add IIA Standard to section 4.2 as an option as well.

The wording doesn't have to reflect all the standards available. The doc uses such as to allow for flexibility and enable schools to use other standards. However, the standard used must be included in the summary report sent to InCommon.

3

April 19

IAP

Community Call

Clarify that

} || \# || Date || Doc || Who/When || What || Comments || | 1 | April 18 | IAAF | Audit Community Call | Line 484: Replace {color:#888888}audit{color} with {color:#888888}engagement{color} in first sentence of 4.2 Audit Process and Report | | | 2 | April 18 | IAAF | Audit Community Call | Add IIA Standard to section 4.2 as an option as well. | The wording doesn't have to reflect all the standards available. The doc uses _such as_ to allow for flexibility and enable schools to use other standards. However, the standard used must be included in the summary report sent to InCommon. | | 3 | April 19 | IAP | Community Call | Clarify that

4.2.5.6

refers

to

mitigating

risk

of

end-user

credential

compromise | | | 4 | May 2 | IAP | Community Call | Clarify

compromise

 

4

May 2

IAP

Community Call

Clarify 4.2.1.4

and

intent

|

Confusion

about

the

goal

of

this

point.

Continuous

review

(like

ongoing

data

and related classification review) equiv to periodic review. Should we remove periodic? Is the goal to have the risk management processes and the infrastructure aligned (even if your risk management processes are lax) AND a neutral third party involved providing feedback? If no audit is involved (at any time, any where), but the IT org has internal controls, is that okay? \\ \\ Suggested wording from Mark Rank:\\ The IdPO's Information Technology operations must align with the \\ organizations's risk management objectives as demonstrated by a \\ periodic review process or other equivalent control.\\ | | | | | | | | {table-plus}

and related classification review) equiv to periodic review. Should we remove periodic? Is the goal to have the risk management processes and the infrastructure aligned (even if your risk management processes are lax) AND a neutral third party involved providing feedback? If no audit is involved (at any time, any where), but the IT org has internal controls, is that okay?

Suggested wording from Mark Rank:
The IdPO's Information Technology operations must align with the 
organizations's risk management objectives as demonstrated by a 
periodic review process or other equivalent control.