...
Discussion:
Assurance Program
There seems to be inconsistent use in the terms in scope - applicable, in scope - not applicable, and not in scope between the assessors, CSPs and ARB. Andrew asked the assessors what customers use as justification on why something is not applicable versus out of scope. Ray confirmed this is a gray area and that there are often discussion within KUMA about the proper term to use. These terms have been used interchangeably so we need to settle on consistent application of terms.
Ray recalls that SHOULD statements should be listed as in scope. Some CSPs are not comfortable with that though and feel that certain SHOULD criteria are out of the scope of their service and adamantly want it listed that way on the SoCA.
Ray stated his understanding is that 100% must be in scope to be a full service - but one we get less than that it becomes a bit gray. Jimmy asked if that would mean if you do not offer supervised remote that you cannot be considered a full service. Andrew acknowledged that is one way to interpret it - even if it’s not the intended interpretation.
Martin summed up as ‘what IS offered by the CSP versus what IS required of the solution.’ Andrew feels like something like trusted referee - that is not essential to a solution - should not disqualify you from a full-service approval.
Jimmy referenced 63a#0470. Often not applicable is going to offer choices - you must do a, b, or c. The one that is offered is applicable while the others are listed as not. We should check the criteria to make them clearer.
Andrew noted that IAWG needs to make sure that conditional requirements are clearly stated as conditional. And those requirements are explicitly where the use of ‘not applicable’ is used. That may be the determination. If it is not a conditional requirement, rather a mandatory requirement, then it should either be in scope - applicable or out of scope. Jimmy asked we think a step further to whether there is a minimum mandatory of criteria that must be met for partial solutions.
Due to time and Richard Wilsher’s absence, the 63b SoCA proposal will be deferred to the next meeting.
...