-
Notifications
You must be signed in to change notification settings - Fork 32
Responding to Security Scan
Ryan Wold edited this page Oct 31, 2019
·
3 revisions
Trigger:
- On a regular basis, Security Scans are performed against Touchpoints by the CISO. CISO adds these items to the POAM list
- Security Scan results are sent to the Touchpoints PMO (product management organization)
- Touchpoints PMO receives the results
Process:
- Touchpoints PMO creates user stories to be addressed (currently in the form of Trello cards)
- User stories are prioritized along with other stories and worked on by Engineers in the Touchpoints PMO
- When a Security-related story is completed, the POAM list is updated
Recurring Events:
- on at least a monthly basis, a Security Meeting is held between the CISO office and the Touchpoints team to review and provide status regarding outstanding POAMs