SBP/07-0005, INCITS Study Group for Security Best Practices - Information Packet for Formation Meeting

SBP/07-0005

INCITS
InterNational Committee for Information Technology Standards
INCITS Secretariat, Information Technology Industry Council (ITI)
1250 Eye St. NW, Suite 200, Washington, DC 20005
Telephone 202-737-8888; Fax 202-638-4922

Date:	September 17, 2007
Reply to:	Jennifer Garner
Phone:	(202) 626-5737
Email:	jgarner@itic.org

INCITS Study Group on Security Best Practices - Information Package for Formation Meeting

About INCITS
The InterNational Committee for Information Technology Standards (INCITS) is the forum of choice for information technology developers, producers and users for the creation and maintenance of formal de jure IT standards. INCITS is sponsored by the Information Technology Industry Council (ITI), a trade association representing the leading US providers of information technology products and services.

INCITS and ITI are jointly accredited by, and operates under rules approved by, the American National Standards Institute (ANSI). These rules are designed to ensure that voluntary standards are developed by the consensus of directly and materially affected interests.

Establishment
A Study Group (SG) is established to investigate a general sub-area of information processing technology, to assess trends and relationships, and to provide advisory study reports to its parent body. Each SG is established for a specific study. Upon completion and acceptance of its report by a parent body, the group is disbanded.

Scope
The parent body prepares a scope and program of work as the charter for a Study Group. The charter may contain additional guidance or constraints, as appropriate.

At its organizational meeting, the Study Group reviews its scope and program of work and may then or later recommend modification(s) to its parent body.

The INCITS Executive Board approved the establishment of the INCITS Study Group on Security Best Practices for Financial and Insurance Services (Study Group on Security Best Practices) with the following charter:

The INCITS Study Group on Security Best Practices will:

study the security needs and requirements of the financial and insurance services industries and assess what is missing in current standards and practices.

make a recommendation to the INCITS EB on an approach to create deployable best practices and frameworks for security in these industries. This may include creating Project Proposals for new INCITS Standards or Technical Reports.

complete its work and submit its report for consideration at the January 2008 INCITS EB meeting.

Mr. Stull will serve as the Chairman of the INCITS Study Group on Security Best Practices.

Fees for participation on this Study Group will follow the TC services fees schedule.

Membership
Voting membership on this Study Group is open to all directly and materially affected parties that meet attendance and voting requirements and pay the associated service fees. A representative of a prospective voting member shall initially attend a meeting of the Study Group without voting privileges and reaffirm interest in the work of the Study Group. Voting privileges become effective with attendance at one of the next two successive meetings and receipt by the Secretariat of the applicable fees for the membership year. For a new Study Group, all attendees at the formation meeting or second meeting shall be considered voting members.

An organization with voting membership shall appoint one and only one principal representative and may appoint one or more alternate representatives.

In order to maintain voting membership on a Study Group an organization shall:

Attend at least two out of three successive Study Group meetings;
Return at least two out of three successive non-accelerated letter ballots; and
Pay the appropriate service fees within the time specified by the INCITS Secretariat.

Upon failure of a member organization to meet either the attendance or voting requirements, the Chairman of the Study Group will notify the organization's representative(s) in writing that they have been placed in jeopardy and their organization's membership will be terminated in the event the organization is not represented at the next meeting or does not submit a vote in response to the next non-accelerated letter ballot.

All advisory memberships are non-voting memberships. Advisory members may attend meetings, speak, and submit contributions. Advisory members shall receive all electronically available documents, including meeting notices, draft agendas and minutes. Other documents are not required to be distributed to advisory members.

Meeting Notice, Agenda and Two-Week Rule
The meeting notice and draft agenda shall be distributed no later than four weeks before the meeting.

Documents for Action (Two-Week Rule)
Documents should be distributed at least two weeks prior to the meeting. Any documents sent later may be considered, but final action may only be taken in the absence of objection by any voting member present or by suspension of this rule by vote of the Executive Board; otherwise, they must be acted upon by letter ballot or deferred until the next meeting. Documents may be revised during the meeting and still be considered to have met the two-week rule if the original document met this requirement. Note that this provision is intended to provide a means for discussing the document and advancing the progress of the work, and is not intended to permit the introduction of new or orthogonal material.

Quorum
For Study Groups there is no minimum attendance required for quorum.

Definitions of Criteria for Approval

Majority

For meeting votes, a majority is defined as approval by more than half of the members voting; abstentions are excluded when determining whether a majority has been satisfied. For letter ballot votes, a majority is defined as approval by more than half of the members eligible to vote, excluding abstentions.

2/3 Voting Rule

The 2/3 voting rule is defined as:

approval by at least 2/3 of those voting YES or NO, and

approval by a majority of the voting membership. That is the threshold is not affected by the number of members present at the meeting for a meeting vote.

Voting
There shall be only one voting membership per organization. An alternate representative may vote only if the principal representative fails to vote.

Voting by proxy shall not be permitted. A written vote on an issue to be acted upon at the meeting may be submitted by correspondence by an absent voting member provided it is received by the Chair prior to the point when the issue is brought to a vote.

Minutes
Study Groups are required to produce minutes of their meetings. Minutes shall be distributed within four weeks after the adjournment of the meeting. When prepared by someone other than a member of the Secretariat staff, the draft minutes shall be reviewed by Secretariat staff prior to distribution to the committee.

The required contents of minutes are as follows:

Date(s), location(s), Chair, Secretary, hour of opening and adjournment.
Summary of significant actions taken.
List of all attendees.
Approved agenda (or approved changes to draft agenda).
Approval of previous meeting minutes.
Each motion seconded and not withdrawn, identifying maker of the motion, the fact of a second, and the voting results.
Future meeting schedule.
List of action items assigned to members.

Individual remarks or detailed transcripts need not to be recorded; however, any specific statement should be recorded when requested by the Chair, group, or a member. Records of discussions and actions taken pertaining to any topic for which attendance is restricted shall not be included in the minutes, except to record that a position was developed.

Legal Issues - Antitrust
ITI has antitrust guidelines for all INCITS committees to follow (see http://www.incits.org/inatrust.htm).

Never discuss the following topics at any INCITS Study Group meeting:

Any company's prices or pricing policies;
Specific R&D, sales and marketing plans;
Any company's confidential product, product development or production strategies;
Whether certain suppliers or customers will be served;
Prices paid to input sources; or
Complaints about individual firms or other actions that might tend to hinder a competitor in any market.

Resources

INCITS/RD-2, Organization and Procedures - http://www.incits.org/rd2/main.htm
INCITS Secretariat Staff:

Deborah Spittle (202) 626-5746 / dspittle@itic.org
Lynn Barra (202) 626-5739 / lbarra@itic.org
Jennifer Garner (202) 626-5737 / jgarner@itic.org