search

ministryofjustice / itpolicycontent

Draft and review content for MoJ IT Policy.
10 stars 14 forks source link

Please review and approve content process diagram #1

Closed warmanaMOJ closed 6 years ago

warmanaMOJ commented 6 years ago

Please would you review the proposed (updated) content process diagram, here: https://github.com/ministryofjustice/itpolicycontent/blob/master/Content%20process.pdf

This issue is a test of the process itself, to record your approval.

The diagram adds mention of GitHub, so that we can use this (prefer it) for requesting and recording approvals. The diagram allows for non-GitHub approvals, by including mention of email requests and recording a PDF copy of the approval within the GitHub repository. The effect is to make GitHub definitive for recording development, review, and approval of content.

Thank you.

cybersquirrel commented 6 years ago

To test the process, I am going to ask two questions! 1) In the approval list for 'major' changes, is it an 'any of these people can approve' or 'all of these people must approve'? 2) In the approval for minor changes to IT Policy, I am not sure why my role as CISO is explicitly called out, given a lot of IT Policies could be not specifically tied to security aspects. Was there something here I'm not spotting?

Thank you!

warmanaMOJ commented 6 years ago
  1. At the time the process was drafted, the intention was that - as a starting point for a document - everyone in each category would be asked to approve. As we started work on documents, it became clear that the review and approval stage was going to take a significant amount of time (easily more than the actual style update work itself). So, currently, everyone must approve, but I would like to streamline that if at all possible.
  2. Actually, the majority of the documents do have a total or significant security content, especially taking the broader CIA definition. The intent for the minor change approver list was to keep the number of people to a minimum, and the CISO role seemed (at the time) a logical single person to call on.

Considering all parts of the update work, the review and approval has certainly been the most - challenging. I would be very happy to re-open this discussion, especially now that we have some real documents to consider.

cybersquirrel commented 6 years ago

Thanks for the clarifications Adrian! Could I suggest a slight tweak to make it clear for both of these boxes that the approval list is therefore 'all of these people', but other than that I'm very happy with this, and agree we should now try the process out in anger!

warmanaMOJ commented 6 years ago

Thank you, will update as you say.