The Digital Support Team within the Office of the Cheif Information Officer (OCIO) supports the Treasury Board and Digital Investment Board in assessing and supporting ministries digital and technology initiatives. This repository will share guidelines and OCIO Digital Annex.
Your repo is missing a compliance audit file so I've created this PR with a template that you can update with the correct PIA and STRA status (status options in the table below). If you'd like me to do this for you, skip to the commands section below.
Compliance
Projects in our organization (bcgov) need to complete a Privacy Impact Assessment (PIA) and Security Threat & Risk Assessment (STRA) before they go live in production. Since every ministry has their own way of doing both the STRA and PIA we don't enforce that projects do them, only that they report on the current status.
To help with reporting, I've added a compliance audit file as part of this pull request. Please checkout this branch and edit update status as needed. Here is a table of possible states:
Status
Description
TBD
If you're surprised by this news, use this state. I'll let you talk to your MISO and check back later.
in-progress
Use this state when your assessment(s) are underway.
completed
Use this state when your assessment(s) are completed. 🙌 🎉
not-required
You have consulted with your MISO or Privacy Officer and they agree that no PIA or STRA is required.
Here is what a completed audit file might look like:
name: compliance
description: |
This document is used to track a projects PIA and STRA
compliance.
spec:
- name: PIA
status: in-progress
last-updated: '2019-11-22T00:03:52.138Z'
- name: STRA
status: completed
last-updated: '2019-11-22T00:03:52.138Z'
If you're not sure what to do add a comment below with the command @repo-mountie help in it; a real-live-person will reply back to help you out.
Leverage this PR to document the history of your PIA and STRA thus far by adding a comment or two.
Commands 🤖
I can update the status of the PIA and STRA for you; you'll just need to merge the PR when I'm done. You can find the available status values in the table above. Below are some commands I understand:
TL;DR 🏎️
Your repo is missing a compliance audit file so I've created this PR with a template that you can update with the correct PIA and STRA status (status options in the table below). If you'd like me to do this for you, skip to the commands section below.
Compliance
Projects in our organization (bcgov) need to complete a Privacy Impact Assessment (PIA) and Security Threat & Risk Assessment (STRA) before they go live in production. Since every ministry has their own way of doing both the STRA and PIA we don't enforce that projects do them, only that they report on the current status.
To help with reporting, I've added a compliance audit file as part of this pull request. Please checkout this branch and edit update
statusas needed. Here is a table of possible states:Here is what a completed audit file might look like:
For more information check out the BC Policy Framework for GitHub.
Pro Tip 🤓
Commands 🤖
I can update the status of the PIA and STRA for you; you'll just need to merge the PR when I'm done. You can find the available
statusvalues in the table above. Below are some commands I understand:Examples