While all these document receives some updates, the updates in the main version 2.9 Policies and Procedures document were:
- Minor changes for clarity.
- Added clause that Google accounts used to access Google drive are used exclusively by a CTSC staff member.
- Added Section 6 on Revocation of Access
- Changed “private” information to “engagement-related” information.
- Labeling of sensitive information only required “whenever feasible.”
- Removed requirement for encryption of sensitive data at rest due to complexity of implementation in a group setting.
- Added annual review of Google account and domain in which CTSC documents reside.