Talk:Annual security audit checklist/Proposed revisions June 2014

From Wikimedia UK
Jump to navigation Jump to search

Thinking behind the changes

Just to be transparent - I'm trying to put in place a process that better meets our calendar of work and board meetings/quiet periods when this is more do-able. I've also tried to put actions against staff more.

This will probably grow and evolve as a document and I wonder whether we need to add some of our financial checks and process to this as well - such as when we review out compliance with CC8 internal financial controls, and maybe to some extent we need to think about folding specific tasks for GovComm into this - I will draw both those two ideas to the attention of the committee chair and staff here.

It is difficult without a specific policy or statement on data governance and data retention as these will both create activities on the timeline - I will have to put them in at a guessed date for now and possibly revise as timelines develop (I.e. if the consultations on either stretch out, or operational pressures mean we can't deliver both by September board deadlines with Wikimania this year etc etc)

More ideas welcome - are there some bits of best practice not in here? (Undoubtedly!) Katherine Bavage (WMUK) (talk) 13:05, 14 May 2014 (BST)