-
Notifications
You must be signed in to change notification settings - Fork 25
Responding to Security Scan
Ryan Wold edited this page Oct 31, 2019
·
3 revisions
Trigger:
- On a monthly basis, Security Scans are performed against Touchpoints production by SecOps.
- Security Scan results are shared to the ISSO.
- ISSO adds results to the Touchpoints POA&M list.
- ISSO notifies the Touchpoints PMO of updated Touchpoints POA&M list.
- Touchpoints PMO receives notification Touchpoints POA&M list is updated.
Process:
- Touchpoints PMO creates user stories to be addressed (currently in the form of Trello cards)
- User stories are prioritized along with other stories and worked on by Engineers in the Touchpoints PMO
- When a Security-related story is completed, the POAM list is updated
Recurring Events:
- on at least a monthly basis, a Security Meeting is held between the CISO office and the Touchpoints team to review and provide status regarding outstanding POA&Ms