Hi Jay, I think that's a great idea. Look forward to that.
- Document management (notifications are handled by the new list we set up).
Cool
- More details on site security using the most recent example from Dean as a guide. That won't give the addresses of the sites but it will give their cities and suburbs.
Yep - happy with that. All in all, it's about giving a little more detail of how things are protected, but not necessarily the specifics. Eg, Access control system managed by NZRS. Rather than.. A Cardax version 3035 access control system with keypanels located.....
- More details on our audit processes including what we audit and how frequently we audit. We do want to commit to publishing the results but not until we have some processes in place around that, which may not be in time for the DPS or even the launch of DNSSEC. Yep - happy to work with that commitment. - Different key sizes and M of N key splitting amongst NZRS staff and greater explanation of what that means for security of key backups.
Looking forward to seeing that, but sounds good.
- More details on the staff vetting. This bit may be light to start with and change again later when we have received more detailed advice on what we can do in this regard.
Ahh yep, I understand why you might need to get some advice on this. In the short term it might fill a gap if you detail what the *intent* of the vetting is and then fill in the details later. For example, If you can't put down Criminal Background Check on day one, then a statement along the lines of "NZRS intends to only provide trusted positions to staff with no criminal convictions regarding trust based crimes. At present NZRS is investigating how this will be accomplished." similarly. If you don't want to commit to Financial Background Checks on day one, a statement like "NZRS intends to provide trusted positions to staff who..... blah. At present NZRS is investigating how this might be accomplished." I'm comfortable that you might not have all the answers yet, but it helps me out heaps to know that it's your intention to find them out. Also wanted to say thanks for all the hard work that you and the NZRS staff are putting into this. It's starting to look like it's coming together. Regards, Dean