2024-10-24 Meeting Notes

Attendees

  • Adrian Petrisor, UC Irvine

  • Gem Stone-Logan, California Digital Library (chair)

  • Todd Grappone, UC Los Angeles (SILS LG liaison)

  • Ross Anastos, UC Merced

Regrets

  • Gillian Keleher, UC Santa Cruz

Absent

  • Nick Hansard, UC Merced

  • Steven Chong, UC Berkeley

Meeting Recordings

https://drive.google.com/drive/folders/1za_o8b6GZGzv0iVriWgI5jv5kePaLW-O

Item

Desired Outcome

Time

Who

Notes

Decisions

Actions

Item

Desired Outcome

Time

Who

Notes

Decisions

Actions

1

Announcements/Updates

 

 

 

Does anyone have objections to recording?


Gem will double check how to get transcription setup.



2

SILS Tools

Verification that everyone has access to:

5

GSL

 

 

For those absent: please confirm access to the linked tools.

3

Team Charter

Do we want to discuss in detail?

10

 

Currently a blank template.

Operations Team (OT) example.

Major questions:

  • What roles do we want to define?

  • Do we want a steering committee that meets more often to plan?

  • Default decision making is fist of five. (See p.8 of SILS Governance Structure)

 

Ross will step in and help with notetaking for the time being.

Adrian volunteered to be Vice-Chair for the group.

Will discuss charter when more members are present.

Gem will start with a first draft of filling in the charter and get comments in the next meeting.

4

Review Deliverables and Prioritize

 

30

Group

Deliverables from charge:

  • Defines and scopes what a security incident is

  • Creates an escalation path and campus contact list

  • Annual: Reviews and updates the data privacy and security agreement

  • Annual: Provide patron data privacy training (past training)

  • As needed: Provide updates to SILS LP

  • Stay current with privacy/security landscape

  • Monthly: Review release notes for security issues

  • Other??

    • Discussion of security breaches. Contract requires notification within 2 business days of when they reasonably think there was a data breach.

    • Being aware of any changes to California law regarding privacy.

 

Since we’re meeting monthly we’re going to keep moving forward with whoever is in attendance of our meeting.

Low hanging fruit for the priority of our workplan: monthly review of release notes can be done in tandem with defining the scope of of what a security incident is, and levels of severity.

 

5

Next Meeting

What do we want to talk about next time?

10

 

Next meeting is November 26

  • Also something to be aware of is changes to California law regarding privacy.

  • Be aware of changes to UC campus policy on privacy (for workplan). e.g. IS3 policy is updated to IS4.

  • Add standing agenda item for any security updates/news that we might need to be made aware of?

  • Add standing agenda item for 10 minute (+/-) reporting of review of release notes shared in a Google Doc. Gem and Adrian volunteered to report back to the group next month.

6

Wrap up

Review actions and decisions

5

Group

 

Decided to meet monthly, at least initially.

 

7

Parking Lot

Capture important topics for future discussion

 

 

  • How quickly must Ex Libris disclose a security incident to us? According to p.31 of our contract, Ex Libris should inform us no later than 2 business days after they “reasonably believe” a breach has or may have occurred of non-public information.

  • How should this group work with Siren?

 

 

8

 

Total

x/x

 

 

 

 

 

The SILS mission is to transform library services and operations through innovation and collaboration. The future is shared!
Question? Contact AskSILS-L@ucop.edu