Alliance For Cyber Risk Governance
A TechDemocracy initiative
Proud founders and supporters of the ACRG

Mobile Navigation

The ACRG Charter

  • Home
  • The ACRG Charter

Purpose

Driven by Senior Risk leaders, the alliance purpose is to establish a standard framework for risk measurement, reporting and governance. Holistic cyber risk management, which supports (but is not dependent upon) various regulatory and industry standards across the board. A project of this alliance is to develop a common security metric and measurement framework, translating events to actions needed wherever applicable.

Advisory Group Goals

Advise chair about key aspects of the project, provide a community perspective on key considerations, and be a sounding board for any project deliverables.

Work towards consensus among ACRG members on the desired project goals, alternatives, construction phasing, and mitigation measures to include in the framework.

Project Outcome

The working group will be considered a success if

  • The ACRG establishes clear, consensus-based recommendations on the best criteria to include in the proposed risk management framework
  • The public is engaged in a meaningful way in evaluating any proposed framework alternatives and in reviewing and commenting on the framework
  • Group decisions fit into the context of the participating community industry verticals and recognize and respect the unique needs specific to each sector
  • The group schedule takes the least amount of time and makes the most effective use of limited project funding
  • Appropriate regulatory and government agency participation is considered throughout the process to avoid conflicts and maximize synergies

Terms of membership

Members agree to volunteer until the framework final review process.

A member’s position on the ACRG may be declared vacant if the member.

  • Resigns from the ACRG (this should be in writing and forwarded to the working group chair
  • Fails to attend more than two meetings without prior notice

In a case where a member’s position is declared vacant, the chair may appoint an alternative representative from the same interest group to fill the vacancy.

Advisory Group Operating Guidelines

Members agree to volunteer until the framework final review process.

  • Meetings will be held at the time and place chosen by the ACRG in the course of their meetings.
  • It is anticipated that there will be SIX meetings leading up to the official release of the framework. Once the framework is released, it is anticipated that the group will meet quarterly.
  • ACRG members will be informed of meetings through email or direct mail, depending on his/her preference, at least two weeks prior to the meeting.

Communication

  • Meetings will be advertised in the LinkedIn Group and published on the TechDemocracy Website (http://www.techdemocracy.com ).
  • Project documents and notices will be circulated to the LinkedIn group and posted on the project website.
  • Email: chair should be copied on all correspondence, and if chair chooses to open a dialogue via email, all ACRG members will be copied.

Conduct of meetings

  • Meetings will be open to all.
  • Meetings will be facilitated.
  • Informed alternates are acceptable and encouraged if the ACRG member cannot attend.
  • All cell phones will be turned off during the meetings.
  • After all meeting agenda items have been addressed, time will be provided for non members in attendance to voice their opinions.
  • Meetings will end with a clear understanding of expectations and assignments for next steps.
  • Meetings are expected to be two to three hours and not exceed three hours. Extension of time, in 15 minute increments, will require the consent of the majority of members attending that meeting. Consensus will be indicated with a show of hands.
  • The chair will keep a record of meeting attendees, key issues raised, and actions required. Comments from individual members will generally not be attributed and a verbatim record of the meeting will not be prepared.
  • The previous meeting record and a meeting agenda will be forwarded to members of the ACRG at least one week before the next meeting. Any changes to the record of the past meetings shall be in writing and forwarded to the chair prior to the next meeting.

Meeting Ground Rules

  • Speak one at a time – refrain from interrupting others.
  • Wait to be recognized by facilitator before speaking.
  • Facilitator will call on people who have not yet spoken before calling on someone a second time for a given subject.
  • Share the oxygen – ensure that all members who wish to have an opportunity to speak are afforded a chance to do so.
  • Maintain a respectful stance toward towards all participants.
  • Listen to other points of view and try to understand other interests.
  • Share information openly, promptly, and respectfully.
  • If requested to do so, hold questions to the end of each presentation.
  • Make sure notes taken on newsprint are accurate.
  • Remain flexible and open-minded, and actively participate in meetings.

Roles and Responsibilities

THE ACRG is an advisory group to chair

ACRG members agree to

  • Provide specific industry expertise, including identifying emerging local issues
  • Review project reports and comment promptly
  • Attend all meetings possible and prepare appropriately
  • Complete all necessary assignments prior to each meeting
  • Relay information to their constituents after each meeting and gather information/feedback from their constituents as practicable before each meeting
  • Articulate and reflect the interests that advisory group members bring to the table
  • Maintain a focus on solutions that benefit the entire study area
  • Present its recommendations for the project at the end of the planning process. The presentation would include subjects such as: project’s Purpose and Need Statement, alternatives to be implemented into the framework, mitigation measures, and phasing plan. The ACRG shall select from among its members a presenter or team of presenters.

Chair and the managing committee agree to

  • Provide ACRG members the opportunity to collaborate with various industry verticals and relevant groups on making recommendations for the framework and associated projects
  • Effectively manage the scope, schedule and budget
  • Keep ACRG partners informed of progress
  • Provide documentation to support recommendations
  • Provide technical expertise
  • Brief local decision makers and produce briefing materials and reports
  • Provide early notification of ACRG meetings and provide ten working days to review and comment on technical reports and other documents
  • Conduct public meetings necessary to inform and engage the community
  • Manage logistics for meetings
  • Explain the reasons when deviations are taken from ACRG recommendations

Communication

ACRG members will be informed of meetings through email or direct mail, depending on his/her preference, at least two weeks prior to the meeting

  • Meetings will be advertised in the LinkedIn Group and published on the TechDemocracy Website (http://www.techdemocracy.com ).
  • Project documents and notices will be circulated to the LinkedIn group and posted on the project website
  • Email: chair should be copied on all correspondence, and if chair chooses to open a dialogue via email, all ACRG members will be copied

Decision Making

The ACRG is primarily advisory. In those areas where it has some decision-making authority, members will strive to reach agreement by consensus at a level that indicates that all partners are willing to “live with” the proposed action. Participants will strive to work expeditiously and try to avoid revisiting decisions once made. If agreement cannot be reached on a particular issue, chair will retain final decision-making authority.