Difference between revisions of "Report on use case status"
Hans.graux (talk | contribs) (Initial template entry) |
Hans.graux (talk | contribs) (Additing measures template) |
||
Line 6: | Line 6: | ||
Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table. | Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table. | ||
− | == | + | == Status template == |
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ | ||
Line 43: | Line 43: | ||
''[Provide any additional information that's required to describe the status of the use case, if applicable.]'' | ''[Provide any additional information that's required to describe the status of the use case, if applicable.]'' | ||
+ | |||
+ | == MoU measures template == | ||
+ | |||
+ | === Pilot risk status === | ||
+ | Please tick the risk level of the pilot use case in the table below. As noted in the MoU: | ||
+ | |||
+ | * '''Low risk''' piloting activities include piloting activities that involve only fictitious persons, fictitious data, and test procedures. All three of these requirements must be met, or the piloting activities are qualified as medium risk. | ||
+ | * '''Medium risk''' piloting activities include piloting activities that involve any one or two of the following factors (but not all three cumulatively, since that would qualify as high risk): | ||
+ | ** Real-life persons | ||
+ | ** Real-life data | ||
+ | ** Production environments | ||
+ | * '''High risk''' piloting activities including piloting activities that cumulatively involve real-life persons, real-life data, and production environments. | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ | ||
+ | !Risk level | ||
+ | !Tick if this level applies (tick only one) | ||
+ | !Comments (if any) | ||
+ | |- | ||
+ | |Low | ||
+ | |''[check or leave blank]'' | ||
+ | |''[optional - provide any information that may be needed to explain the risk level]'' | ||
+ | |- | ||
+ | |Medium | ||
+ | |''[check or leave blank]'' | ||
+ | |''[optional - provide any information that may be needed to explain the risk level]'' | ||
+ | |- | ||
+ | |High | ||
+ | |''[check or leave blank]'' | ||
+ | |''[optional - provide any information that may be needed to explain the risk level]'' | ||
+ | |} | ||
+ | |||
+ | === Measures taken === | ||
+ | Please tick and describe the measures taken to ensure compliance with the MoU: | ||
+ | {| class="wikitable" | ||
+ | |+ | ||
+ | !Measure description | ||
+ | !Tick if this measure was taken | ||
+ | !Description or comments (if any) | ||
+ | |- | ||
+ | |Piloting partners will '''communicate proactively towards each other on issues or incidents''' ('''always mandatory''') | ||
+ | |''[check or leave blank]'' | ||
+ | |''[optional - describe how this is organised]'' | ||
+ | |- | ||
+ | |Any real-life '''pilot participants (if applicable) are informed''' of the fact that they are involved in piloting activities, | ||
+ | including any risks and countermeasures taken, and the (lack of) legal effects and consequences of participation. | ||
+ | |||
+ | Appropriate documentation should be retained to demonstrate that this information has been provided. | ||
+ | |||
+ | '''(mandatory for medium and high)''' | ||
+ | |''[check or leave blank]'' | ||
+ | |''[Describe how this is organised]'' | ||
+ | |- | ||
+ | |If the piloting involves '''real-life persons''', piloting should be organised under the '''supervision of a DPO'''. | ||
+ | '''(mandatory for medium and high)''' | ||
+ | |''[check or leave blank]'' | ||
+ | |''[Identify the DPO]'' | ||
+ | |- | ||
+ | |If the piloting would be done on a '''production environment''', all pilot partners should '''notify''' any operators of such environments in advance. | ||
+ | Appropriate measures should be taken that piloting activities d'''o not result in negative legal or practical consequences''' for any real-life persons, real life data, or production environments. | ||
+ | |||
+ | The production environments should be '''cleaned''' if the piloting activity was not intended to have long term legal or practical consequences. | ||
+ | |||
+ | '''(mandatory for medium and high)''' | ||
+ | |''[check or leave blank]'' | ||
+ | |''[Describe how this is organised]'' | ||
+ | |- | ||
+ | |All piloting activities should be '''monitored by pilot partners''' (each solely in relation to such components of the piloting activities which are under their responsibility) | ||
+ | in a manner that allows any incidents to be detected and remedied (including by contacting any affected real-life persons where needed). | ||
+ | |||
+ | '''(mandatory for medium and high)''' | ||
+ | |''[check or leave blank]'' | ||
+ | |''[Describe how this is organised]'' | ||
+ | |- | ||
+ | |The '''DE4A project DPO''' (Hans Graux) should be informed prior to initiating piloting activity, and of any incidents that are reasonably likely to create legal effects or practical impacts on any real-life persons | ||
+ | |||
+ | '''(mandatory for high)''' | ||
+ | |''[check or leave blank]'' | ||
+ | |''[Satisfied by sending an e-mail to the DPO]'' | ||
+ | |- | ||
+ | |Implementation of a '''pilot monitoring and remediation strategy''' to assess whether exchanged evidences are reasonably capable of satisfying the requirements for high risk piloting documented in the deliverables, | ||
+ | and to ensure that any errors in the piloting activity can be detected and remediated in a manner that eliminates any negative legal or practical consequences. | ||
+ | |||
+ | '''(mandatory for high)''' | ||
+ | |''[check or leave blank]'' | ||
+ | |''[Satisfied by referencing the appropriate documentation describing the strategy]'' | ||
+ | |} |
Latest revision as of 16:04, 13 May 2022
Introduction
The template below was created to keep track of the status of use cases in each individual pilot, including to register any legal issues encountered and solutions.
The template should be applied at the use case level, registering the status for each country. Sections in italics should be updated. Use one line per Member State.
Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table.
Status template
Use case [name] | |||
---|---|---|---|
Data provider country | Data evaluator country | ||
Member State name | Status in this use case | Member State name | Status in this use case |
[Member State name] | Pick whichever one applies:
[not active yet] [issuing fake data] [issuing real data] |
[Member State name] | Pick whichever one applies:
[not active yet] [receiving fake data] [receiving real data] |
[Member State name] | Pick whichever one applies:
[not active yet] [issuing fake data] [issuing real data] |
[Member State name] | |
Identified risks / problems / incidents | Implemented solutions or plan (note: use the same line as the risk/problem/incident, so
that the solution/plan matches the risk/problem/incident next to it) | ||
[Member State(s) name(s)] | Describe: dd/mm/yyyy, [description of the risk/problem/incident | Describe: dd/mm/yyyy, [description of the solution or plan] |
Additional notes:
[Provide any additional information that's required to describe the status of the use case, if applicable.]
MoU measures template
Pilot risk status
Please tick the risk level of the pilot use case in the table below. As noted in the MoU:
- Low risk piloting activities include piloting activities that involve only fictitious persons, fictitious data, and test procedures. All three of these requirements must be met, or the piloting activities are qualified as medium risk.
- Medium risk piloting activities include piloting activities that involve any one or two of the following factors (but not all three cumulatively, since that would qualify as high risk):
- Real-life persons
- Real-life data
- Production environments
- High risk piloting activities including piloting activities that cumulatively involve real-life persons, real-life data, and production environments.
Risk level | Tick if this level applies (tick only one) | Comments (if any) |
---|---|---|
Low | [check or leave blank] | [optional - provide any information that may be needed to explain the risk level] |
Medium | [check or leave blank] | [optional - provide any information that may be needed to explain the risk level] |
High | [check or leave blank] | [optional - provide any information that may be needed to explain the risk level] |
Measures taken
Please tick and describe the measures taken to ensure compliance with the MoU:
Measure description | Tick if this measure was taken | Description or comments (if any) |
---|---|---|
Piloting partners will communicate proactively towards each other on issues or incidents (always mandatory) | [check or leave blank] | [optional - describe how this is organised] |
Any real-life pilot participants (if applicable) are informed of the fact that they are involved in piloting activities,
including any risks and countermeasures taken, and the (lack of) legal effects and consequences of participation. Appropriate documentation should be retained to demonstrate that this information has been provided. (mandatory for medium and high) |
[check or leave blank] | [Describe how this is organised] |
If the piloting involves real-life persons, piloting should be organised under the supervision of a DPO.
(mandatory for medium and high) |
[check or leave blank] | [Identify the DPO] |
If the piloting would be done on a production environment, all pilot partners should notify any operators of such environments in advance.
Appropriate measures should be taken that piloting activities do not result in negative legal or practical consequences for any real-life persons, real life data, or production environments. The production environments should be cleaned if the piloting activity was not intended to have long term legal or practical consequences. (mandatory for medium and high) |
[check or leave blank] | [Describe how this is organised] |
All piloting activities should be monitored by pilot partners (each solely in relation to such components of the piloting activities which are under their responsibility)
in a manner that allows any incidents to be detected and remedied (including by contacting any affected real-life persons where needed). (mandatory for medium and high) |
[check or leave blank] | [Describe how this is organised] |
The DE4A project DPO (Hans Graux) should be informed prior to initiating piloting activity, and of any incidents that are reasonably likely to create legal effects or practical impacts on any real-life persons
(mandatory for high) |
[check or leave blank] | [Satisfied by sending an e-mail to the DPO] |
Implementation of a pilot monitoring and remediation strategy to assess whether exchanged evidences are reasonably capable of satisfying the requirements for high risk piloting documented in the deliverables,
and to ensure that any errors in the piloting activity can be detected and remediated in a manner that eliminates any negative legal or practical consequences. (mandatory for high) |
[check or leave blank] | [Satisfied by referencing the appropriate documentation describing the strategy] |