IRC log of dpvcg on 2022-07-20
Timestamps are in UTC.
- 11:59:02 [RRSAgent]
- RRSAgent has joined #dpvcg
- 11:59:02 [RRSAgent]
- logging to https://www.w3.org/2022/07/20-dpvcg-irc
- 11:59:05 [harsh]
- ScribeNick: harsh
- 11:59:07 [harsh]
- Meeting: DPVCG Meeting Call
- 11:59:09 [harsh]
- Chair: harsh
- 11:59:13 [harsh]
- Date: 20 JUL 2022
- 11:59:28 [harsh]
- Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022Jul/0002.html
- 12:06:01 [harsh]
- Present: harsh, georg, paul, julian
- 13:25:28 [harsh]
- Regrets: mark
- 13:25:37 [harsh]
- Topic: Risk concepts in DPV
- 13:26:03 [harsh]
- In previous meetings, we discussed concepts related to Risks, DPIA/PIA, and how to specify the (often complex) requirements without imploding structure of DPV.
- 13:26:51 [harsh]
- Current proposal includes adding concepts `RiskLevel`, `Severity`, `Likelihood`, and associated properties for these as `hasRiskLevel`, `hasSeverity`, and `hasLikelihood`.
- 13:27:19 [harsh]
- Here the severity and likelihood can be used also on Consequences and Impacts other than Risks.
- 13:27:40 [harsh]
- Risk and Risk mitigation measure concepts and relations are already present in DPV, and these will augment them.
- 13:28:22 [harsh]
- The level, severity, and likelihood are what is applicable *after* all measures have been considered, i.e. it is the resulting characteristics of risk (or impact).
- 13:29:07 [harsh]
- To indicate the changes between two instances of a risk, e.g. R1 indicating a resulting level of High, and R2 with a level of Low after applying additional measures, the concept of `ResidualRisk` was considered.
- 13:29:36 [harsh]
- Discussions converged on agreement that such notation of residual risks and the incremental or iterative expression of risks, mitigations, and levels is useful in documentation.
- 13:30:10 [harsh]
- However, there was introspection on the necessity of providing specific concepts related to Residual or Mitigated risk. Instead the group agreed to provide only relations related to these.
- 13:30:55 [harsh]
- For Residual Risks - `hasResidualRisk` and `isResidualRiskOf` for expressing connectivity between risk, with mitigation measure associative properties (for Mitigated Measures) already existing in DPV.
- 13:31:45 [harsh]
- For more complex or additional information, such as specific taxonomies of risk levels (e.g. Risk level = High), and the provision of concepts such as MitigatedRisk, RiskAssessmentFrameworks, etc. - a separate extension (`dpv-risk`) is to be created.
- 13:32:31 [harsh]
- Harsh has some work on this, at - https://github.com/coolharsh55/riskonto based on analysing the ISO 31073:2022 risk management vocabulary standard https://www.iso.org/standard/79637.html
- 13:32:43 [harsh]
- Interested participants should email the group or Harsh directly.
- 13:32:50 [harsh]
- Topic: Next Meeting
- 13:33:17 [harsh]
- The group will meet again next week WED 27 JUL 13:00 WEST / 14:00 CEST.
- 13:38:41 [harsh]
- Harsh will be not attending the meeting, another attendee will chair the meeting.
- 13:38:45 [harsh]
- rrsagent, publish minutes v2
- 13:38:45 [RRSAgent]
- I have made the request to generate https://www.w3.org/2022/07/20-dpvcg-minutes.html harsh
- 13:38:52 [harsh]
- rrsagent, make logs world-visible
- 13:39:36 [harsh]
- rrsagent, bye
- 13:39:36 [RRSAgent]
- I see no action items