Mary Dunker sent the 'IT Inventory Listing' and 'Risk Based Audit Information Request' forms back to Internal Audit on Thursday, March 22, 2007. So the initial 'documentation' piece of the audit is complete.
Follow the above link to reference the strategy.
Frank is to make the green check marks in the OS and browser matrix into hyperlinks to the KnowledgeBase style instructions created by SETI Test & Deployment. (There is one example in the strategy document.)
– computing.vt.edu documentation is user and "PDC use" oriented.
– A new, as yet to be created, PKI governance website would contain PKI/PDC information on policies, why trust a VT cert., what is a server & middleware cert., FYI type information, maybe links to Franks PKI powerpoint presentations, references to PKI external (non-VT) information.
Susan plans to look at the current 'tabs' or drop down menus/links on the current www.pki.vt.edu/pdc website to see where that information belongs.
Create a "rolling agenda" for the PDC documentation/communication group. The agenda would carry over from one week to the next, so that as issues arise, they can be posted to the agenda for a future meeting, whether it's the Wednesday just after a meeting when the issue arises or the Monday before.
There could be standing categories for the meeting. Mary said that the pki.vt.edu website would be one. Perhaps there are others.
An initial topic for each meeting would then be to prioritize "today's" agenda based on urgency and importance (taking no more than a couple of minutes—Mary and you 'rule' in case of disagreement).
I would think you and Mary would make decisions about canceling meetings anyway if the only agenda items remaining were small (short length of discussion needed, low importance, low urgency), and we'd save them for another day to make the time worthwhile.
The team agreed to this format which we will follow henceforth!
Yes.
We need to publish a link to the certificate revocation list (CRL) somewhere on www.pki.vt.edu or www.pki.vt.edu/pdc.