Current Key Persons
The following members are listed as key persons. In the case of an urgent emergency try to contact the keypersons-mailing list , or one of those members.
Board: Ian (vice-president), Gero (treasurer), (Piers, Dirk, Ben, Kevin, Matthias)
Critical Admins: Dirk
- Physical Access: (requested all)
- Secure-u: (requested)
The list is currently maintained by EvaStöwe based on motion m20160521.5.
Procedure for maintenance of the Key Persons List
Introduction
According to the Security Policy section 6.4 the Board must maintain a Key Persons List with all contact information needed in case a disaster recovery is needed. This page describes how this list is constructed, maintained and made available even if CAcert's core infrastructure is not available.
Who should be on the list
The following people are meant to be on the Key Persons List:
- board members
- arbitrators: all active (at least three)
- critical system administrators: all (at least: team leader + one backup)
- infrastructure system administrators: at least two (all systems should be covered if possible twice)
- software assessors: at least two active, if possible team leader
- support team: at least two active
- secure-u access engineers: all
Not essencial but possible:
- public relations officer
The following roles are currently not available but may be added if available:
- application development team leader + one backup
- privacy officer
- security officer
Additionally contact data for secure-u should be added, if possible. Secure-u board may be added on their request.
The decision about who is on the list lies in the hand of the maintainer of the list but should be coordinated with board and teams.
Which contact information should be maintained
The following contact information should be maintained for each list member:
- name
- e-mail addresses (in particular addresses which are not dependent on CAcert's infrastructure)
- business telephone number(s)
- private telephone number(s)
- mobile telephone number(s)
- physical address(es) [optional]
- chat handles [Skype, (non-CAcert) IRC, Jabber, MSN, etc.]
Also:
- indication of best contact method(s)
- anything else the member considers to be relevant
How to collect the information
The board designates a person (can be a board member, but can also be one of the other key persons) who is responsible for collecting the stated contact information from each key person on the list. Collection will be generally by e-mailing each list member with a request to supply his/her personal contact information, and a request to supply an update whenever something changes. The collector compiles all received contact information in a single overview ready for distribution (see below).
Each key person is also asked to provide a CARS that he/she will only use the data from the key persons list for CAcert desaster recovery reasons. This can be updated to include also management, distribution and furhter handling of the key persons list or anything else directly related to the purpose of the collection of the data.
If a key person cannot give such a statement, the other key persons have to be asked for there consent before that person is provided with the data.
Updates
The collector will poll all key persons to verify whether the contact information is still up-to-date, and applie the updates to the compiled overview.
- of the board, after board elections
- of effected personnel, after significant team changes
- or, every 3 months
How to distribute the information
Because most of this information is likely to be privacy-sensitive for most people, the information will only be distributed to other key people list members with a strict instruction to only use it for purposes of CAcert disaster recovery support.
The collector will send out a complete Key People Contacts list every 3 months by e-mail to all people on the list. This way every list member should have a reasonably up-to-date version of the required information in his mailbox.
A warning should be included for people with a user@cacert.org address: they should save this message to a location which is not directly dependent on CAcert infrastructure, since that may not be available at the time the list is most needed!
All key persons are asked to handled the data carefully and to consider encryption as long as this does not interfere severly with the availability of the data for each key person.
Leaving Key Persons
If members on the key persons list stop to be active in the roles for which they are on the list, they should be replaced by more active members, if there is no specific reason to keep them on the list.
Any member who is removed from the Key Persons List, should be informed about this step and should be asked to delete the data, as soon as there is no further need to keep it. Their own data should be removed from the next version of the list that is distributed.
Additions
Additionally to the key persons list a mailing list can be maintained with all key persons. The key persons data is not meant to be send over this list in normal situations. The mailing list is meant to be used for reporting of possible emergencies and possible desaster recovery, if possible.
Anybody should be able to send to that mailing list.
possible mail templates
to be added when available
Inputs & Thoughts
- 20111109-u60
Potential lists of Key People
By teams / projects -> OverviewProjectsBoard
By officers -> Teams
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please