Incident i20140628.1

History Log

1. Incident Response Team

2. Incident Description

The internal Auditor got aware of a look-up of a community member's data by critical system admins without prior order of an arbitrator.

3. Containment Actions

No action was done to contain the incident, there is no current danger of expansion in this case.

4. Root Causes

The related arbitration case a20140422.1 is under seal, further information are kept in private until seal lifted.

5. Permanent Corrective Actions

Since no data was changed (only viewed), no corrective action apply.

6. Verify Corrective Actions

N/A

7. Preventive Actions

The internal Auditor recommends the following preventive actions:

Board decided to install following preventive actions:

moves 
  1) that board takes steps to ensure that each CAcert team member of Support, SE, Arbitration, Infrastructure honours CAcert's Privacy Policy and prove the understanding of named policy by repeating a PP CATS Test yearly, 
  2) the change has to be retained in accordant policies via Arbitration and Policy group, and 
  3) the required CATS test is prepared under the responsibility of the Education Team

8. Approval & Closure

Approved

2014-07-13 in m20140713.1

Date closed


Audit/Incidents/i20140628.1 (last edited 2015-08-12 22:09:16 by BenediktHeintel)