Presentation is loading. Please wait.

Presentation is loading. Please wait.

TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, 2014 6-25-2014IDESG TFTM Committee1.

Published byEllen Norman Modified over 8 years ago

Similar presentations

Presentation on theme: "TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, 2014 6-25-2014IDESG TFTM Committee1."— Presentation transcript:

1 TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, 2014 6-25-2014IDESG TFTM Committee1

2 2014 Compliance and Conformance Program Goal Meeting Objectives Why Self-attestation? Process and Components Deliverables Next Steps 5-07-2014IDESG TFTM Committee2 Meeting Agenda

3 Discuss the 2014 IDESG self assessment and attestation compliance program Identify program components Identify potential deliverables 5-07-2014IDESG TFTM Committee3 Today’s Meeting Objectives

4 Cost effective – For both IDESG and participants Resource light – For both IDESG and participants Can be implemented quickly – We are already half way through 2014 Provides moderate assurance that participants are operating according to established requirements, guidance, rules, etc. Most realistic option for 2014 Logical first step in the phased implementation of a compliance program – CSA and other organizations have implemented similar phased approaches 5-07-2014IDESG TFTM Committee4 Why Self-assessment and Attestation?

5 Establish a self assessment and attestation compliance program for the Identity Ecosystem. – TFTM consensus decision made on 28 May 2014 – In the future, additional types of conformance will be built upon the self- attestation program 5-07-2014IDESG TFTM Committee5 2014 TFTM Compliance and Conformance Goal Self Assessment and Attestation 2014 Peer to Peer Certification TBD Independent 3 rd Party Certification TBD Future Compliance Approaches

6 06-2014IDESG TFTM Committee6 IDESG Conformance Assessment Program NSTIC and IDESG Guiding Principles 3 rd -Party Conformance Assessment (2015+) Privacy Conformance Self- Attestation Security Usability Other IE Framework Requirements and Assessment Procedures Interop. Self-Assessment (2014) Self-Assessment Criteria/Questionnaire

7 What do we need for a functional self-assessment and attestation program? Each step in the process will require a set of defined procedures (internal and external) and owners to ensure an efficient program A clear, overall process flow should be developed once the processes and components have been identified and agreed to by the TFTM 5-07-2014IDESG TFTM Committee7 Process & Components Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance

8 Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance The process through which identity ecosystem participants request to be recognized through the self-assessment and attestation conformance program May be automated or manual procedure – Web form – Emailed/downloaded PDF Application should contain sufficient info to confirm “Bona Fides” of applying organizations – Legitimate service provider in IE – e.g., IE role/service description – Other certifications (e.g., CSA STAR, PCI DSS, FICAM), DUNs number, etc. Ownership for collecting applications and supporting documents will need to be assigned to an appropriate entity in IDESG – E.g., Secretariat, TFTM sub-committee, etc. Potential deliverables/documentation: – IDESG Application Template and Guide – Bona Fides information requirements 5-07-2014IDESG TFTM Committee8 Process and Components

9 5-07-2014IDESG TFTM Committee9 Process and Components Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance Process by which applicants determine conformance with appropriate IDESG requirements Needs a clear, standardized format for expressing applicable requirements – E.g., clear criteria, self-assessment questionnaire Needs an identified owner in IDESG for collecting and managing assessment template submissions – May be Secretariat or TFTM sub-committee – Need to review for completeness and appropriateness of submissions Dependent upon committee requirements development – TFTM development of requirements template may assist committees in their own requirements development Potential deliverables/documentation: – Conformance Criteria/Questionnaire

10 5-07-2014IDESG TFTM Committee10 Process and Components Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance Means to formally bind applicants to the information provided in the self-assessment form Needs a standardized format with appropriate legal language/review Ownership – May be Secretariat or TFTM sub-committee Potential deliverables/documentation: – Attestation Forms/Guide

11 5-07-2014IDESG TFTM Committee11 Process and Components Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance IDESG due diligence and confirmation that all necessary and appropriate information has been received from an applicant. – Results in recommendation for acceptance of self-attestation At a minimum, should ensure that the proper documents have been fully and appropriately completed – Application (Bona fides check) – Self-assessment forms – Conformance Attestation Ownership – Responsibility for recommendations for approval should be an IDESG entity, e.g., TFTM, TFTM subcommittee, Management Council/sub-committee – Similarly, Responsibility for formal approval should be an IDESG entity Potential deliverables/documentation: – Approval process description and policy

12 Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance Process through which IDESG approval of an ecosystem participant’s self- assessment and attestation is publically represented – Expresses conformance with IDESG requirements to other ecosystem participants and the general public Multiple means to express conformance – Certificate – a formal certification issued by IDESG – Trustmark- a visual/electronic symbol that is licensed for use/display by approved service providers and ecosystem participants – Registry or “Trust” List - an IDESG hosted site that lists approved service providers and approved ecosystem participants These options will be explored more fully in future discussions… Deliverables/Documents – Recognition Approach 5-07-2014IDESG TFTM Committee12 Process and Components

13 Application Self- Assessment AttestationApprovalRecognition Ongoing Compliance Process by which the IDESG confirms continued compliance with IDESG requirements and rules. Could be: – Re-assessment and attestation after a set period – Updated attestation of continued compliance Initial process should be stated up front as part of 2014 attestation process and documents – Could be expressed as an “expiration” or renewal date (e.g., annual, bi-annual) Deliverables/Documents – Ongoing compliance approach (may be included in attestation guidance) 5-07-2014IDESG TFTM Committee13 Process and Components

14 5-07-2014IDESG TFTM Committee14 Potential TFTM Deliverables Application Template Bona Fides Requirements Self Assessment Form/Template – Conformance Criteria, Compliance Questionnaire or something similar Attestation Forms/Documentation Approval Process Description and Policy Recognition Approach Ongoing Compliance Approach

15 1.Analyze/discuss existing self-certification and self-assessment programs Cloud Security Alliance STAR Program 2.Gain consensus on deliverable list and program components 3.Develop timelines and milestones for deliverables 4.Begin development of self-assessment and attestation deliverables 5-07-2014IDESG TFTM Committee15 Next Steps Summary

Download ppt "TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, 2014 6-25-2014IDESG TFTM Committee1."

Similar presentations

TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 October.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.

The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
B-BBEE VERIFICATION FRAMEWORK.  The BEE Verification process evolved since the release of the B- BBEE strategy in 2003  The dti was requested to provide.

B-BBEE VERIFICATION FRAMEWORK.  The BEE Verification process evolved since the release of the B- BBEE strategy in 2003  The dti was requested to provide.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, 2014 4-16-2014IDESG TFTM Committee1.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/14 17-16-2014.

Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
TFTM Deliverable 01-06 2014 Trustmark and Conformance Program Discussion Deck TFTM Committee May 07, 2014 5-07-2014IDESG TFTM Committee1.

TFTM Deliverable Trustmark and Conformance Program Discussion Deck TFTM Committee May 07, IDESG TFTM Committee1.
Security Controls – What Works

Security Controls – What Works
IS Audit Function Knowledge

IS Audit Function Knowledge
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.

Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Purpose of the Standards

Purpose of the Standards
Programmes to increase the uptake of EPC recommendations ADENE, PT.

Programmes to increase the uptake of EPC recommendations ADENE, PT.
Self Declaration Protocol EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.

Self Declaration Protocol EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.

Similar presentations

Ads by Google