https://wiki.datashield.org/en/governance/audit-process
We suggest the audit process is further fleshed out, and then that the comms theme can take a look and see what needs to be communicated when in the process.
A draft risk response process:
https://wiki.datashield.org/governance/risk-response
We need to include:
- how risks are reported to the steering committee ← comms should have something to say about this
- define who is in the risk response team
- define that whoever finds a risk, needs to inform the risk response team
- how comms to the wider world needs to be included -→ OPT-IN MAILING LIST FOR DISCLOSURES - security announcements only, infrequent - discussion about whether to keep them separate from a newsletter mailing list - send out once-yearly email with a DataSHIELD news update, check people's email addresses still work, ask if people still want to be informed, get their colleagues involved - springtime (catching people leaving at the end of the academic year, announcing the conference) - say that this channel is how disclosures would be communicated
- it needs some more context given - including (starting with) a flow chart would make everything a lot clearer - colour-coded? swimming-lanes doc?
- the text isn't particularly human-readable!