This is the home page for the ToIP Governance Metamodel Specification. Please see the Governance Metamodel Companion Guide for a "user's guide" to this specification.  The purpose of this ToIP specification is to provide an overall template for ToIP-compatible governance frameworks from which layer-specific templates are derived.  Each layer-specific template MUST be compliant comply with this specification.  They SHOULD add details such as:

• Layer-specific ToIP roles.
• Layer-specific ToIP processes in which actors in those roles are engaged.
• Layer-specific risks against which a Risk Assessment risk assessment should be performed (see the Risk Assessment Worksheet Template).
• Layer-specific elements of a trust assurance framework to address those risks (see the Trust Assurance and Certification Controlled Document Template).

Notations Notation and AbbreviationsKeywords

All terms appearing in bold on this page are listed in either the ToIP Core Glossary (based on the ToIP Core terms wiki) or the ToIP Governance Glossary (based on the GSWG terms wiki.) For more information see the Terms Wiki page of the Concepts and Terminology WG Terms Wiki page of the Concepts and Terminology WG.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Primary Document

...

1. For the governing authority (or each interdependent governing authority), this section:
   
   1. MUST state the full legal identity including jurisdiction(s).
   2. MUST state the DID.
   3. SHOULD include the Legal Entity Identifier (LEI) of the governing authority as defined by the Global Legal Entity Foundation (GLEIF).
   4. MUST provide contact information for official communication with the governing authority.
   5. SHOULD provide contact information for official persons acting on behalf of the governing authority.
2. For the GF itself, this section:
   1. SHOULD provide the URL for a publicly-accessible website dedicated to the GF ("GF website").
3. The GF website SHOULD include:
   1. HTML versions of all documents in the GF.
   2. PDF versions of all documents in the GF.
   3. Highlighted links to the Governance Requirements controlled document(s) that specify how the governing authority itself is governed.
   4. If applicable, a primary trust mark for the GF SHOULD be displayed  displayed prominently on the home page and in the header of every other page.

...

1. MUST state the full legal identity of the administering authority.
   
   1. SHOULD provide the Legal Entity Identifier (LEI) of the administering authority as defined by the Global Legal Entity Foundation (GLEIF).
2. MUST provide contact information for official communication with the administering authority.
   1. SHOULD provide contact information for official contacts acting on behalf of the administering authority.
3. MUST clearly define the role of the administering authority i.e., what administrative authority the governing authority delegates to the administering authority and what decisions and processes remain the responsibility of the governing authority.

...

This category includes an ISO 27005 (or compatible) risk assessment for managing risk. Controlled documents in this sectioncategory:

• SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose and objectives within its scope.
• SHOULD include a risk assessment of each key risk that the GF is designed to address and mitigate.
• SHOULD assess which roles and processes specified in the GF are vulnerable to each risk and what impacts could result.
• SHOULD include a risk treatment plan specifying how identified risks are to be treated (e.g. mitigated, avoided, accepted or transferred).

...

This category specifies trust criteria for governed parties be held accountable against requirements of the GF. Controlled documents in this sectioncategory:

1. SHOULD include a trust assurance framework that defines a scheme in which governed parties assert compliance with the policies of the GF and the mechanisms of assurance over those assertions.
2. SHOULD (if applicable) define the roles of auditors and auditor accreditors and the policies governing their actions.
3. SHOULD (if applicable) define the roles of certifying parties and the policies governing their actions and relationships with the governing authority, auditors and auditor accreditors.
4. SHOULD (if applicable) include requirements supporting the development, licensure, and usage of one or more trust marks.

...

These are the requirements for governing the GF as a whole. Controlled documents in this sectioncategory:

1. MUST specify governance requirements (e.g., Charter, Bylaws, Operating Rules, and so on) for:
   1. The governing authority (or all interdependent governing authorities).
   2. The administering authority, if applicable. 
2. SHOULD address any policies required for antitrust, intellectual property rights (IPR), confidentiality, responsible use, or other requirements for regulatory compliance that apply to the trust community members.
3. SHOULD include any requirements governing enforcement of the GF and how dispute resolution will be handled.

...

These are the requirements governing the business model(s) and business rules to be followed by the trust community. Controlled documents in this sectioncategory:

1. SHOULD clearly explain any exchange(s) of value between trust community members governed by the GF.
2. SHOULD define the policies and/or rules governing how and when these exchanges of value take place.
3. SHOULD define the requirements for the use of any decision support systems.
4. SHOULD define how all trust community members will be held accountable for their actions in these exchanges.
5. SHOULD define how the governing authority, administering authority, and the GF are sustainable under these requirements.

...

These are the requirements governing technical interoperability. Controlled documents in this sectioncategory:

1. MUST specify how trust community members will interoperate technically using the ToIP technology stack by reference to any relevant ToIP specifications and recommendations.
2. SHOULD include any additional specifications and/or specification profiles that are specific to the technical interoperability within this trust community.
3. SHOULD include references one or more glossaries (see Glossary section) as needed.
4. SHOULD reference any test suites or other testing requirements.

...

These are the requirements in the five categories of trust service criteria defined by the American Institute of Certified Public Accountants (AICPA) Assurance Services Executive Committee (ASEC). These can be addressed by implementing internal controls as defined by the Committee on the Sponsoring Organizations of the Treadway Commission (COSO) Guidance on Internal Control. Controlled documents in this sectioncategory:

1. MUST specify the baseline requirements for governed parties with regard to:
   1. Information security
   2. Information availability
   3. Information processing integrity
   4. Information confidentiality
   5. Information privacy
2. SHOULD specify the relevant information trust policies by reference to:
   1. ToIP specifications and recommendations.
   2. Other regulatory or industry standards.
   3. GF-specific policies.
   4. GF-compliant decision support systems.
   5. Trust community member-specific policies.

...

These are the requirements governing how the GF enables fair and equal access to all. Controlled documents in this sectioncategory:

1. MUST specify how trust community members will enable and promote inclusion, equitability, and accessibility by reference to:
   1. ToIP specifications and recommendations.
   2. Other regulatory or industry standards.
   3. GF-specific policies.
   4. GF-compliant decision support systems.
   5. Trust community member-specific policies.
2. SHOULD specifically address how the GF is designed to help bridge (or eliminate) the digital divide.

Legal Agreements

This section category includes any legal agreements specified in the GF. Controlled documents in this sectioncategory:

1. MUST include all specified legal agreements between trust community members.
2. SHOULD reference the GF glossary document(s) for all terms not defined internally to the legal agreement.
3. MUST clearly state the governed parties to whom these legal agreements apply.
4. MUST define or reference all relevant accountability and enforcement mechanisms.
5. SHOULD reference any other relevant requirements in the balance of the GF.

...