11:59:02 <RRSAgent> RRSAgent has joined #dpvcg
11:59:02 <RRSAgent> logging to https://www.w3.org/2022/07/20-dpvcg-irc
11:59:05 <harsh> ScribeNick: harsh
11:59:07 <harsh> Meeting: DPVCG Meeting Call
11:59:09 <harsh> Chair: harsh
11:59:13 <harsh> Date: 20 JUL 2022
11:59:28 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022Jul/0002.html
12:06:01 <harsh> Present: harsh, georg, paul, julian
13:25:28 <harsh> Regrets: mark
13:25:37 <harsh> Topic: Risk concepts in DPV
13:26:03 <harsh> In previous meetings, we discussed concepts related to Risks, DPIA/PIA, and how to specify the (often complex) requirements without imploding structure of DPV.
13:26:51 <harsh> Current proposal includes adding concepts `RiskLevel`, `Severity`, `Likelihood`, and associated properties for these as `hasRiskLevel`, `hasSeverity`, and `hasLikelihood`.
13:27:19 <harsh> Here the severity and likelihood can be used also on Consequences and Impacts other than Risks.
13:27:40 <harsh> Risk and Risk mitigation measure concepts and relations are already present in DPV, and these will augment them.
13:28:22 <harsh> The level, severity, and likelihood are what is applicable *after* all measures have been considered, i.e. it is the resulting characteristics of risk (or impact).
13:29:07 <harsh> To indicate the changes between two instances of a risk, e.g. R1 indicating a resulting level of High, and R2 with a level of Low after applying additional measures, the concept of `ResidualRisk` was considered.
13:29:36 <harsh> Discussions converged on agreement that such notation of residual risks and the incremental or iterative expression of risks, mitigations, and levels is useful in documentation.
13:30:10 <harsh> However, there was introspection on the necessity of providing specific concepts related to Residual or Mitigated risk. Instead the group agreed to provide only relations related to these.
13:30:55 <harsh> For Residual Risks - `hasResidualRisk` and `isResidualRiskOf` for expressing connectivity between risk, with mitigation measure associative properties (for Mitigated Measures) already existing in DPV.
13:31:45 <harsh> For more complex or additional information, such as specific taxonomies of risk levels (e.g. Risk level = High), and the provision of concepts such as MitigatedRisk, RiskAssessmentFrameworks, etc. - a separate extension (`dpv-risk`) is to be created.
13:32:31 <harsh> Harsh has some work on this, at - https://github.com/coolharsh55/riskonto based on analysing the ISO 31073:2022 risk management vocabulary standard https://www.iso.org/standard/79637.html
13:32:43 <harsh> Interested participants should email the group or Harsh directly.
13:32:50 <harsh> Topic: Next Meeting
13:33:17 <harsh> The group will meet again next week WED 27 JUL 13:00 WEST / 14:00 CEST.
13:38:41 <harsh> Harsh will be not attending the meeting, another attendee will chair the meeting.
13:38:45 <harsh> rrsagent, publish minutes v2
13:38:45 <RRSAgent> I have made the request to generate https://www.w3.org/2022/07/20-dpvcg-minutes.html harsh
13:38:52 <harsh> rrsagent, make logs world-visible
13:39:36 <harsh> rrsagent, bye
13:39:36 <RRSAgent> I see no action items