Difference between revisions of "Regulatory Compliance/Meeting Notes for 2016-11-14"

From SOBAC Wiki
Jump to navigation Jump to search
(Draft page for Meeting Notes: Regulatory Compliance)
m (BobJonkman moved page KWNPSA Meeting Notes for 2016-11-14 to Regulatory Compliance/Meeting Notes for 2016-11-14: Meeting Notes go below Meeting Announcement)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Thanks to Martin Edmonds for moderating this month.
 
Thanks to Martin Edmonds for moderating this month.
  
Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow?
+
:Event announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/
 +
:Meeting notes: https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50337067
  
Points raised:
+
{{:Regulatory Compliance}}
Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
+
-----
In addition to govt regulations, must consider industry practices & standards
+
==== Meeting Notes ====
Following of the Ont. Non-Profit Corporations Act (ONCA
+
* Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
Maintenance of email lists:
+
* In addition to govt regulations, must consider industry practices & standards
o use double opt-in
+
* Following of the Ont. Non-Profit Corporations Act (ONCA
o using email lists only for stated purpose
+
* Maintenance of email lists:
o offer mechanism for requesting to be removed
+
** use double opt-in
On website for incorporated organization (In Europe, but not yet in North America)
+
** using email lists only for stated purpose
o need to specify if cookies will be saved
+
** offer mechanism for requesting to be removed
o need to specify physical address (required in Europe)
+
* On website for incorporated organization (In Europe, but not yet in North America)
Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
+
** need to specify if cookies will be saved  
Adherence to Copyrights laws when photocopying
+
** need to specify physical address (required in Europe)
What responsibilities does organization have when providing internet access to public
+
* Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
Audits from organizations that grant non-profit status or organizations that provide grants
+
* Adherence to Copyrights laws when photocopying  
Software audits (Eg Microsoft ensuring license adherence)
+
* What responsibilities does organization have when providing internet access to public
Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person
+
* Audits from organizations that grant non-profit status or organizations that provide grants
 +
* Software audits (Eg Microsoft ensuring license adherence)
 +
* Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person
  
 +
===== Storage =====
 +
How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?
 +
* LotusNotes used to route a document and get sign-offs along the way
 +
* Block chain systems (discuss further in future meeting)
 +
* Electronic forms on secure file server or encrypted device
 +
* Encrypted data.
 +
** TrueCrypt
 +
*** There are some known vulnerabilities in the Windows version.
 +
*** Veracrypt is a fork of TrueCrypt).
 +
** Luks container
 +
** Offsite (using send command)
 +
** ZFS (a file system)
 +
* Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
 +
* Encrypted email systems eg. Enigmail (a thunderbird plug-in)
 +
* Online service to encrypt mail eg. Proton Mail, and Tutanota
 +
* Signal, Telegraph, and WhatsApp for encrypting instant messages
  
How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?
+
==== Potential topics for future meetings ====
• LotusNotes used to route a document and get sign-offs along the way
+
* Block chain systems  
Block chain systems (discuss further in future meeting)
+
** Book: London Review of Books had two stories by the same author Andrew O’Hagen
• Electronic forms on secure file server or encrypted device
+
** Ethereum (a programming environment built on top of Block Chain)
• Encrypted data.
+
* Accessibility rules
o TrueCrypt
+
* Document storage formats (ODS, etc.) could be combined with document management systems
 There are some known vulnerabilities in the Windows version.
 
 Veracrypt is a fork of TrueCrypt).
 
o Luks container
 
o Offsite (using send command)
 
o ZFS (a file system)
 
• Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
 
• Encrypted email systems eg. Enigmail (a thunderbird plug-in)
 
• Online service to encrypt mail eg. Proton Mail, and Tutanota
 
• Signal, Telegraph, and WhatsApp for encrypting instant messages
 
  
** Potential topics for future meetings
+
[[Category:KWNPSA Meeting Notes]]
• Block chain systems
 
o Book: London Review of Books had two stories by the same author Andrew O’Hagen
 
o Ethereum (a programming environment built on top of Block Chain)
 
• Accessibility rules
 
• Document storage formats (ODS, etc.) could be combined with document management systems
 

Latest revision as of 19:49, 12 October 2017

Thanks to Martin Edmonds for moderating this month.

Event announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/
Meeting notes: https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50337067

Regulatory Compliance

Date
Monday, 14 November 2016
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow? How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission? How do the SysAdmins get along with the Lawyers? When is encryption required? What do you encrypt and when?


Meeting Notes

  • Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
  • In addition to govt regulations, must consider industry practices & standards
  • Following of the Ont. Non-Profit Corporations Act (ONCA
  • Maintenance of email lists:
    • use double opt-in
    • using email lists only for stated purpose
    • offer mechanism for requesting to be removed
  • On website for incorporated organization (In Europe, but not yet in North America)
    • need to specify if cookies will be saved
    • need to specify physical address (required in Europe)
  • Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
  • Adherence to Copyrights laws when photocopying
  • What responsibilities does organization have when providing internet access to public
  • Audits from organizations that grant non-profit status or organizations that provide grants
  • Software audits (Eg Microsoft ensuring license adherence)
  • Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person
Storage

How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?

  • LotusNotes used to route a document and get sign-offs along the way
  • Block chain systems (discuss further in future meeting)
  • Electronic forms on secure file server or encrypted device
  • Encrypted data.
    • TrueCrypt
      • There are some known vulnerabilities in the Windows version.
      • Veracrypt is a fork of TrueCrypt).
    • Luks container
    • Offsite (using send command)
    • ZFS (a file system)
  • Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
  • Encrypted email systems eg. Enigmail (a thunderbird plug-in)
  • Online service to encrypt mail eg. Proton Mail, and Tutanota
  • Signal, Telegraph, and WhatsApp for encrypting instant messages

Potential topics for future meetings

  • Block chain systems
    • Book: London Review of Books had two stories by the same author Andrew O’Hagen
    • Ethereum (a programming environment built on top of Block Chain)
  • Accessibility rules
  • Document storage formats (ODS, etc.) could be combined with document management systems