Security+and+Privacy+Workgroup+Process


 * Security and Privacy Workgroup Process**

Our workgroup is following the Agile SCRUM methodology.

//Our Agile Process// We maintain a backlog of prioritized user stories/requirements (a backlog is a to do list with some structure) We use this Wiki for all possible artifacts We use the ONC email list server for most discussions and communications outside of our weekly telecons Communications out of band are documented and posted during the next weekly telecon Membership and participation is open to all interested people and organizations When possible we will try to reach consensus rather than majority voting When votes are needed, those that have been actively participating are allowed We will address blocking issues as a very high priority item (a blocking issue is something that prevents some stakeholder from making progress) Meetings are documented and posted on the Wiki for full transparency Meetings and the Wiki are open to all Our "Product Owner", or our customer, is the ONC Our "SCRUM Master" is the Workgroup Chair Our team is those people kindly devoting their time We will periodically devote time to planning (backlog grooming), team improvement (retrospectives), and showing our work (sprint reviews) Our "sprints" (implementation cycles) will be one month in duration, starting on the 1st business day of the month Our "releases" will be on the last day of each calendar quarter


 * Backlog Definition**

We maintain our backlog using the following columns:


 * 1) The **Item Number** column is a sequential number designed to facilitate an easy reference to the request. It will be unique, not-reused, assigned sequentially, and it has no other meaning.
 * 2) The **Title** should be a short phrase uniquely identifying the request and should be a link to Wiki landing page dedicated to this request.
 * 3) The **Description** should be a one paragraph overview of the request.
 * 4) The **Source** column should indicate the origin and sponsor of this request.
 * 5) The **Size** column should indicate the relative size of the request in "points", where 1=tiny, 100=huge. Valid point values are 1, 2, 3, 5, 8, 13, 21, 34, 50, 75, 100, and ? for unknown. (Bonus points if you can identify the origin of this sequence.)
 * 6) **Priority** is a force-ranked column indicating the order these issues should be addressed. Valid values are 1, 2, 3, 4, 5... where 1 = the highest priority. The priority will change over time even for the same item. The priority column must not have two items with the same priority.
 * 7) **Status** indicates a team workflow status value of Not Started, Rejected, Completed, In Process, or Blocked.
 * 8) **Next Step** indicate what needs to happen next to advance this request.

Our backlog can be found here: Security and Privacy Workgroup Backlog

**Documentation team input points**
Considering adding both an implementation guide and a specification Specs should be testable, and against the Nationwide Health Information Network governance Implementation guides would support the specs Proposed using a HL7 documentation-like artifacts We'll have some access to an ONC-supplied technical writer, and a UML designer Should focus on exceptions Need to have perm links for references Hyperlinking docs are positive Determine formats for artifacts (multiple? pdf/html/others) Need good documentation entry points per audience (implementer, architect, health care CIO, consumer, etc.) Firmly identify the target audience or audiences We should aim for a more model-driven focus on our specs and artifacts Would use some mid-level models for sequence diagram focusing on collaborations Perhaps start from testing scripts and then create the specs

Voting, Quorum, Membership
To be determined by the Nationwide Health Information Network Governance bodies.