Attendees: Nathan Case, Sara Mazer, Chris Hughes, and Julie Davila
Agenda
- Considerations for new members
- Format for outside speakers
- Lecture vs Q&A vs Panel, maybe let them choose?
- FAB-specific podcast?
- Internal speakers, maybe 10-15 min slots to share specific areas of their experience?
- The decision to pursue fedramp
- Selecting a 3PAO, auditor vs advisor
- Working with potential sponsors
- Reality of ConMon
- Prepping and experiencing annual assessments
- Engineering planning
- High vs Mid
- Mapping across other compliance bodies
- Product management and significant changes
- Next write-up to be specific to a step in the process
- What would a database of PMO decisions look like? Can we create mock example?
Notes
- how do we keep up with new members
- discussed SSDF
- 3PAO as topic for next member call
- Firing a 3PAO
- Guidance on what a control actually means
- Poor politicking
- Circular logic problem sometimes
- FSCAC - how good will it be really?