-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create team documentation and training for "best practices in managing services for other communities" #302
Labels
Enhancement
An improvement to something or creating something new.
Comments
This was referenced Mar 29, 2021
choldgraf
added
Enhancement
An improvement to something or creating something new.
and removed
type: goal
labels
Apr 15, 2021
This was referenced May 3, 2021
This was referenced May 17, 2021
This was referenced May 31, 2021
This was referenced Jun 21, 2021
After a recent meeting with the Columbia security folks they referred us to the Google Center for Internet Security benchmarks as a set of targets that the Columbia cloud policies adhere to. We should investigate this and understand if it's something we can build into our own practices. Added a list item to the top |
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
When we manage services for other communities we have a lot of power. For example, we may have visibility into sensitive information, usernames and emails, the work people are doing, etc. We need the ability to see these things in order to help debug. However, we need to give people confidence that we will not abuse this power through intentional or unintentional actions.
We should create something like a ten commandments of 2i2c SRE that ensures user safety and privacy. It could be rules and practices that we all agree to live by, and that we integrate into team practices and advertise to the world to give ourselves credibility.
An example of a commandment might be Any information a user puts on a hub, stays on the hub. AKA, a 2i2c SRE person can never remove any user's data from the hub themselves, unless directly asked to do so.
@yuvipanda I am curious if you have seen anything like this in other SRE organizations, or have tips on what such a document would look like.
Steps to complete this goal
The text was updated successfully, but these errors were encountered: