Planning 2017-07-11 Draft Minutes

Attendees

Discussion Items

 

  • There was agreement on the changes after the call of July 4th and Ken´s comments.
  • CW will prepare a couple of slides of what the plan is and what the challenges are for the BoD Meeting on July 20th.

Public – private info

  • AH highlighted that if you are not a KI assessor you don’t get the instructions to make the package acceptable for ARB. He believes that how you create the package is private to Kantara Assessors.
  • LJ said that we cannot be fully protected against competition but it would be good to get FICAM say we do a good job, and when they talk to other stakeholders they could say that if they want to work with the market they need to do the job as good as KI.
  • AH suggested to leave only available to assessors the instructions on how to do the SoC.
  • AH recommended to have a public version of the assessment criteria and a private guidance.

Fundraising 

  • LJ commented that when talking to a potential sponsor, we focus on the community value not in the documents. It is important we clarify what they pay for. They pay to get access to the community that produces the documents.

 

Certification and liability 

  • CW is seeking guidance on certification program liability. He commented that in the ARB discussion, Richard Wilsher commented that T-scheme certifies but they do not deal with liability as they work under 27001 (the structure is different to KI).
  • AH suggested talking to ISO CASCO and get their opinion.
  • AH commented that if KI would be an ISO style conformity assessment body in the ISO scheme, it would contract auditors to work. In T-scheme case, auditors are the conformity assessment bodies, and Conformity assessment scheme owner is Tscheme. .
  • AH stressed that he only wants to make sure we have the right insurance policy and we are covered.

 

Others

  • In Table 3, AH suggested to replace “additional trust frameworks” with “Additional schemes”
  • AH said that we are not ready to talk on the Mapping requirements but we need to have clear what we are mapping against what.
  • AH needs to write more on what the risk registry is.
  • LJ commented that the value proposition would depend on who would go first and who is second (new schemes, clients), and the experience we will show in the risk registry and mapping catalogue.
  • LJ said that RP would tend to deploy trust framework that are increasingly harmonized.  In the example of Canada, he highlighted that the government would be additionally interested on an assessment against Canadian requirements that also give them a path to the US compliance.
  • AH commented that 3.2, 3.3 and 3.4 of the agenda are homework and 3.5 depends on 3.2 and 3.3.

3.2. Liability and certification

3.3 Risk Registry scope and content

3.4. Improvement and alignment of terminology with international standards

3.5. Impacts on the business model 

 

  • AH suggested to ask FICAM the table of content of the SoP.
  • AH is looking at the Unified Compliance framework, as a tool for our auditors.

 

Conclusions

The participants agreed we are in good shape with the work plan.

 

Action items

  • Continue working on:

3.2. Liability and certification

3.3 Risk Registry scope and content

3.4. Improvement and alignment of terminology with international standards (AH suggested by email to align the Work Plan with ISO 17000 terminology).

3.5. Impacts on the business model 

 

  • Contact ISO CASCO to get opinions on liability.