CDP 35948469: Designate SPOC for Sharing Information (app/AI) #24

New Issue

2026-04-16T08:16:51+02:00

Hartmut commented

2026-04-16 08:16:51 +02:00

CDP Control ID: 35948469
Category: Reuse of Work Products
Frequency: Annually
Owner: h.noerenberg
Parent: #1

Requirement & Guidance

Reuse of Work Products Requirement: A single point of contact for sharing or removing engagement files or information outside of the client team or client environment (outbound work products) must be identified. Requests for information (internal or client) must be routed through the appropriate process. Maintain a log of outbound documents. Documenting Engagement Level Procedures is required Guidance: Client data may not be shared or reused for purposes beyond what is permitted in the contract between Accenture and the client. Identify an Accenture Leader at engagement level who is responsible for document sharing internally and externally. Add the Enterprise ID for the single point of contact in the Engagement Level Procedures and reassign this control to that person. This PoC has to ensure related client personal data has been de-identified and any such work product(s) has been approved prior to sharing/reuse outside of the project environment. Approvals should come from the CAL / AMD, and legal or CM. This person will also be the point of contact for validating and handling requests from within project and client for sharing project documents. This person is also responsible for confirming authorized re-use of third party intellectual property, across client, ecosystem partners, and competitors.

**CDP Control ID:** `35948469` **Category:** Reuse of Work Products **Frequency:** Annually **Owner:** h.noerenberg **Parent:** #1 ## Requirement & Guidance Reuse of Work Products Requirement: A single point of contact for sharing or removing engagement files or information outside of the client team or client environment (outbound work products) must be identified. Requests for information (internal or client) must be routed through the appropriate process. Maintain a log of outbound documents. Documenting Engagement Level Procedures is required Guidance: Client data may not be shared or reused for purposes beyond what is permitted in the contract between Accenture and the client. Identify an Accenture Leader at engagement level who is responsible for document sharing internally and externally. Add the Enterprise ID for the single point of contact in the Engagement Level Procedures and reassign this control to that person. This PoC has to ensure related client personal data has been de-identified and any such work product(s) has been approved prior to sharing/reuse outside of the project environment. Approvals should come from the CAL / AMD, and legal or CM. This person will also be the point of contact for validating and handling requests from within project and client for sharing project documents. This person is also responsible for confirming authorized re-use of third party intellectual property, across client, ecosystem partners, and competitors.

Hartmut added the cdp security labels 2026-04-16 08:16:51 +02:00

Hartmut referenced this issue

2026-04-16 08:16:53 +02:00

CDP Compliance Epic — alle Controls #1

Hartmut commented

2026-04-16 08:32:38 +02:00

CapaKraken Action Plan — 35948469 SPOC for Info Sharing (Outbound)

Scope: Single Point of Contact für das Teilen oder Entfernen von Files/Informationen ausserhalb des Client-Teams.

Aktueller Stand:

Keine formale SPOC-Rolle definiert

Todos:

SPOC benennen (aktuell sinnvoll: h.noerenberg als Owner)
Prozess dokumentieren: docs/outbound-data-spoc.md (neu)
- Outbound-Requests gehen an SPOC → Approval-Entscheidung → Log
Outbound-Log-Template: Datum | Anfragende Person | Dokument | Ziel | Approval
Evidence: Signiertes Prozess-Dokument + Log (auch wenn leer)

Keine Code-Änderung nötig — Prozess-Control.

### CapaKraken Action Plan — 35948469 SPOC for Info Sharing (Outbound) **Scope:** Single Point of Contact für das Teilen oder Entfernen von Files/Informationen ausserhalb des Client-Teams. **Aktueller Stand:** - Keine formale SPOC-Rolle definiert **Todos:** - [ ] SPOC benennen (aktuell sinnvoll: h.noerenberg als Owner) - [ ] Prozess dokumentieren: `docs/outbound-data-spoc.md` (neu) - Outbound-Requests gehen an SPOC → Approval-Entscheidung → Log - [ ] Outbound-Log-Template: Datum | Anfragende Person | Dokument | Ziel | Approval - [ ] Evidence: Signiertes Prozess-Dokument + Log (auch wenn leer) **Keine Code-Änderung nötig** — Prozess-Control.

Hartmut commented

2026-04-16 10:02:28 +02:00

CapaKraken Compliance-Status

EAPPS-Mapping: Prozess
Status: 🟡 PARTIAL / TODO — konkrete Schritte unten

Zusammenfassung

SPOC (Single Point of Contact) für Security-/Compliance-Anfragen ist eine Prozess-Kontrolle.

Aktuelle Evidenz

Im Epic ist h.noerenberg als Owner benannt.
Keine formale SPOC-Dokumentation im Repo.

Offene Aufgaben

SPOC-Rolle + Kontakt offiziell in docs/README.md oder SECURITY.md benennen.
Backup-Kontakt definieren (Vertretung bei Abwesenheit).
Reaktionszeit-Commitment (z. B. 2 Werktage für Compliance-Anfragen).

Ticket bleibt offen bis alle Aufgaben abgehakt sind.

## CapaKraken Compliance-Status **EAPPS-Mapping:** `Prozess` **Status:** 🟡 **PARTIAL / TODO** — konkrete Schritte unten ### Zusammenfassung SPOC (Single Point of Contact) für Security-/Compliance-Anfragen ist eine Prozess-Kontrolle. ### Aktuelle Evidenz - Im Epic ist `h.noerenberg` als Owner benannt. - Keine formale SPOC-Dokumentation im Repo. ### Offene Aufgaben - [ ] SPOC-Rolle + Kontakt offiziell in `docs/README.md` oder `SECURITY.md` benennen. - [ ] Backup-Kontakt definieren (Vertretung bei Abwesenheit). - [ ] Reaktionszeit-Commitment (z. B. 2 Werktage für Compliance-Anfragen). --- *Ticket bleibt offen bis alle Aufgaben abgehakt sind.*

Hartmut commented

2026-04-16 10:20:07 +02:00

Action Plan

CDP-Requirement: Single Point of Contact für Outbound-Sharing von Projekt-Dokumenten/Daten designieren.

Designation

SPOC: h.noerenberg (Projekt-Owner, Repo-Owner, einziger Account mit Admin-Rolle).
Alle Outbound-Sharing-Requests (extern + intern) laufen über h.noerenberg.

TODOs

☐ docs/engagement-level-procedures.md anlegen mit Sektion:
- Outbound Document Sharing SPOC: h.noerenberg
- Approval-Pfad: Request → SPOC-Review → (bei Client-Daten) CAL/AMD + Legal/CM → Approval
- De-Identification-Check: SPOC verifiziert vor jedem Outbound, dass Client-PII entfernt ist
☐ Outbound-Log docs/evidence/outbound-sharing-log.md als einfache Tabelle (Date | Artifact | Recipient | Purpose | Approval-Ref).
☐ Dritt-Party-IP-Reuse-Approval-Prozess dokumentieren (falls anwendbar).

Frequency: Annual Review.

Blocker: Keine — rein organisatorisch.

## Action Plan **CDP-Requirement:** Single Point of Contact für Outbound-Sharing von Projekt-Dokumenten/Daten designieren. ### Designation - **SPOC:** h.noerenberg (Projekt-Owner, Repo-Owner, einziger Account mit Admin-Rolle). - Alle Outbound-Sharing-Requests (extern + intern) laufen über h.noerenberg. ### TODOs 1. ☐ `docs/engagement-level-procedures.md` anlegen mit Sektion: - **Outbound Document Sharing SPOC:** h.noerenberg - **Approval-Pfad:** Request → SPOC-Review → (bei Client-Daten) CAL/AMD + Legal/CM → Approval - **De-Identification-Check:** SPOC verifiziert vor jedem Outbound, dass Client-PII entfernt ist 2. ☐ Outbound-Log `docs/evidence/outbound-sharing-log.md` als einfache Tabelle (Date | Artifact | Recipient | Purpose | Approval-Ref). 3. ☐ Dritt-Party-IP-Reuse-Approval-Prozess dokumentieren (falls anwendbar). **Frequency:** Annual Review. **Blocker:** Keine — rein organisatorisch.

Hartmut referenced this issue

2026-04-16 10:20:07 +02:00

CDP Compliance Epic — alle Controls #1

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Hartmut/CapaKraken#24