April 3rd Meeting Notes:
- We discussed that once a CSP is approved at Kantara, in essence they will be offered the opportunity to self attest at IDESG.
- They will choose one of 2 URLs. One URL is pre-filled with boxes ticked if they have done Kantara's 1400 SACs approval.
- The other URL is pre-filled with boxes ticked if they have done Kantara's 1400 SACs approval AND the FICAM Privacy Profile.
- IDESG will queue up the URL/web work on its upcoming work order.
- The URLs will be hosted by IDESG. If required by IDESG, they will ask Kantara to validate that a CSP has been approved.
Ben will fill in the last remaining empty boxes on the compare tool to complete the mapping.
Colin will use a Kantara MOU template to strawman up the broad approach.
IDESG and KI call to discuss the IDEF-SAC mapping March 10th.
- Andrew and David recounted the approaches used by each team to analyse, review and comment on the mapping
- We looked at each item that TFTM had further questions about, notes on each one follow: 1) INTEROP-2 - Kantara should indicate in the S3A that if the CSP intends to apply for IDEF Registry listing that they include an answer to INTEROP-2 in their S3A 2) INTEROP-3 - this is a trigger on IDESG side - if an applicant to the Registry is using a non-listed standard this should trigger IDESG to put the standard through the normal evaluation process 3) PRIVACY-3 - Kantara should review data minimization criteria to see where this is handled - “Partial” might be possible instead of N/A 4) PRIVACY-15 - The IDEF requirements is relevant to the transaction. David explained the context that he expects -> Data Minimization. Andrew requested that IDESG review and update their requirement and supplemental guidance for P15. David noted that there is no supplemental guidance for the Privacy requirements. ACH asked David to send info to Kantara about how other CSPs have done this and Kantara can recommend to CSPs.