...
2. PAC - Privacy Assessment Criteria - Pls Review and Comment
Drafting an introduction 'scene setting'
...
David Suggested a three document approach
- First - Focus on FICAM CSPs for the first document - Specific Requirements - narrow focus and subset of the General Case
- Second Document - for Service Providers (SP's) which would broaden the scope of the PAC to the likes of cloud service providers and NSTIC
- Third Document - Further broaden the scope of the PAC to the International/Inter-Federation SPhere - to include the Article 29 WP etc
- David will make some comments on the Introduction
- Opportunity
- General agreement that there is a growing (and evolving) need for various Privacy Assessment Criteria, in that at this time there is no PAC for many providers involved in credential management
- Focus
- For P3 to market the PAC in the General Case - with a specific first focus on FICAM and to not pigen hole the PAC effort to a FICAM only endeavour.
- What is needed is a specific requirements for assessors e.g. an idiots guide - taking the general guidance and Privacy profile and producing specific requirements.
- After Kantara completes its full approval status. look towards submitting the PAC for IAF forward as an assessment tool
- Need to make this more concrete so the auditor has something concrete to work with.
- Capture of Use Cases for Future PAC's
- Credential SP's for FICAM - What to assess reduces costs for 38:12
- SP's (Outsourcers)
- International
- Kantara Case - Is the General Case - Best Practices -- Applied to FICAM
...