Re: RFC Editor Function SOW Review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Todd Glassey wrote:

Hmmmm... The SOW MUST define all the elements of the Editor's responsibility and all the specific tasks they perform as well as the SLA's for those Tasks. It also MUST address the SOD (Separation of Duties) within the Editor's work since they are altering the IP submitted.

Without that ther is no comprehensive model for evaluating how well the IETF met its standards and whether it caused damage to others in the process.

Todd Glassey as an Auditor.

Methinks you've drunk too deeply of the SOX Kool-Aid, Todd. Along what lines would you
 suggest that the RFC Editor "separate its duties"?

Perhaps you would also reccommend that the guy who replaces the air freshener blocks in the mens bathroom not also be the same guy who fixes the plumbing? Or maybe the guy who diagnoses your automotive problems be different from the guy who actually fixes it? Perhaps in the RFC-Editor function, the person who fixes missing commas and semi-colons, should be different from the person who addresses clarity and normative reference issues? Yup, that's an efficient use of everyone's time and money.

SOD was designed to prevent certain types of financial faud in *financial software development and deployment processes*, and other similar processes where separation of duty is essential to maintain certain properties of the overall process. SOX-mania has become a toxin that has clouded most peoples thinking in this area, and I'm loathe to accept that IETF processes must be held hostage to an ill-conceived set of guidelines promulgated by the utterly-irrelevant-to-the-IETF Public Companies Accounting Oversight Board. The IETF isn't a publically-traded company, last time I checked, and even if it were, the SOD provisions of SOX (and Audit Standard 2, which clearly you've consumed wholesale) clearly
 wouldn't apply.

I suggest, Todd, that you switch to another beverage, because the SOX Kool-Aid is
 clearly doing neither you nor anybody else any good.

--

Marcus Leech                            Mail:   Dept 1A12, M/S: 04352P16
Security Standards Advisor        Phone: (ESN) 393-9145  +1 613 763 9145
Strategic Standards
Nortel Networks                          mleech@xxxxxxxxxx



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]