[NEW STANDARD] - The Standards must outline an exceptions process for handling non-conformance and resolution pathway - Githubissues

tewhatuora / api-standards

Health New Zealand | Te Whatu Ora API Development and Security Standards

https://apistandards.digital.health.nz

Other

9 stars 1 forks source link

[NEW STANDARD] - The Standards must outline an exceptions process for handling non-conformance and resolution pathway #144

Open ChrisSquats opened 2 months ago

ChrisSquats commented 2 months ago

Summary

Many incumbent systems do not meet the API standards. We need to detail the process for non-conformance.

Suggestions

[ ] A register of services and their conformance is maintained
[ ] For non-conformant services, include a list of standards that aren't met
[ ] List any compensating controls
[ ] Outline a path to resolution
[ ] Define a grace period of non-conformance. Proposal is for 24 months to accommodate large changes in architecture that may be required to achieve conformance.

Drawbacks

None identified

Which area of the standards does this apply to?

[ ] Part A - API Concepts
[ ] Part B - API Security
[ ] Part C - API Design and Development
[ ] Part D - FHIR
[ ] Community guidelines