✍️

5/25 Leadership Call

Attendees: Nathan Case, Sara Mazer, Chris Hughes, and Julie Davila

Agenda

  • Considerations for new members
  • Format for outside speakers
    • Lecture vs Q&A vs Panel, maybe let them choose?
  • FAB-specific podcast?
  • Internal speakers, maybe 10-15 min slots to share specific areas of their experience?
    • The decision to pursue fedramp
    • Selecting a 3PAO, auditor vs advisor
    • Working with potential sponsors
    • Reality of ConMon
    • Prepping and experiencing annual assessments
    • Engineering planning
    • High vs Mid
    • Mapping across other compliance bodies
    • Product management and significant changes
  • Next write-up to be specific to a step in the process
  • What would a database of PMO decisions look like? Can we create mock example?
 
Notes
  • how do we keep up with new members
  • discussed SSDF
  • 3PAO as topic for next member call
    • Firing a 3PAO
    • Guidance on what a control actually means
    • Poor politicking
    • Circular logic problem sometimes
  • FSCAC - how good will it be really?