...
Click on the column headings to sort.
Wiki Markup |
{ Advanced Tables - Table Plus |
---|
: | = |
# | Date | Doc | Who/When | What | Comments |
---|
1 | April 18 | IAAF | Audit Community Call | Line 484: Replace audit with engagement in first sentence of 4.2 Audit Process and Report | | 2 | April 18 | IAAF | Audit Community Call | Add IIA Standard to section 4.2 as an option as well. | The wording doesn't have to reflect all the standards available. The doc uses such as to allow for flexibility and enable schools to use other standards. However, the standard used must be included in the summary report sent to InCommon. | 3 | April 19 | IAP | Community Call | Clarify that |
}
|| \# || Date || Doc || Who/When || What || Comments ||
| 1 | April 18 | IAAF | Audit Community Call | Line 484: Replace {color:#888888}audit{color} with {color:#888888}engagement{color} in first sentence of 4.2 Audit Process and Report | |
| 2 | April 18 | IAAF | Audit Community Call | Add IIA Standard to section 4.2 as an option as well. | The wording doesn't have to reflect all the standards available. The doc uses _such as_ to allow for flexibility and enable schools to use other standards. However, the standard used must be included in the summary report sent to InCommon. |
| 3 | April 19 | IAP | Community Call | Clarify that compromise | |
| 4 | May 2 | IAP | Community Call | Clarify compromise | | 4 | May 2 | IAP | Community Call | Clarify 4.2.1.4 |
| and related classification review) equiv to periodic review. Should we remove periodic? Is the goal to have the risk management processes and the infrastructure aligned (even if your risk management processes are lax) AND a neutral third party involved providing feedback? If no audit is involved (at any time, any where), but the IT org has internal controls, is that okay? \\
\\
Suggested wording from Mark Rank:\\
The IdPO's Information Technology operations must align with the \\
organizations's risk management objectives as demonstrated by a \\
periodic review process or other equivalent control.\\ |
| | | | | | |
{table-plus}and related classification review) equiv to periodic review. Should we remove periodic? Is the goal to have the risk management processes and the infrastructure aligned (even if your risk management processes are lax) AND a neutral third party involved providing feedback? If no audit is involved (at any time, any where), but the IT org has internal controls, is that okay?
Suggested wording from Mark Rank: The IdPO's Information Technology operations must align with the organizations's risk management objectives as demonstrated by a periodic review process or other equivalent control.
| | | | | | |
|