• 8/29 Meeting Minutes - Approved

Briefly reviewed the roles to be filled.

Reviewed the artifacts for the RedShift service (available in the GitHub repo) as an example of content to be produced for other services and what it takes to produce these. Key points and discussion items included:

• Controls matrix to be uploaded.
• It may be valuable for individual firms to add a table to the beginning of the Service Accelerator showing the review/approval status.
• Compliance Framework mapping is the first artifact to be produced.
• Documentation should be opinionated, providing specific guidance. The value is in sharing the experience and context. This often requires not only hunting through documentation but contacting the vendor to clarify or obtain additional input.
• Tools can be useful to ascertain some information, e.g CloudTrail, Splunk, CloudWatch.
• Discussed standardizing on a generic format, e.g. Terraform or using the native format of the cloud provider, e.g. ARM (Azure Resource Manager). Agreed to use the format native to the cloud provider of the service.
• Longer term it will be valuable to
  • find a collaborative format to use other than Microsoft Word, e.g. Markdown, AsciiDoc (worth speaking to other FINOS projects or GitHub about options)
  • introduce an element of workflow management or triggers so the group knows when artifacts need to be updated
• Next step is for work to commence on DynamoDB Services.