Versions Compared

Old Version 73

changes.mady.by.user Drummond Reed

Saved on

compared with

New Version 74

changes.mady.by.user Drummond Reed

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Primary Document is the "home page" for the governance framework the Governance Framework (GF). It:

  1. MUST have a DID (Decentralized Identifier) that serves as an identifier of the entire GF.
  2. MUST have a unique DID URL (defined in the DID spec) to identify each specific version of the Primary Document.
  3. MUST contain authoritative references to all other documents included in the GF, called the Controlled Documents.
  4. MUST include Policies in the Revisions section stating how the Controlled Documents are governed by the Governance the Governing Authority.

Introduction

This section is a non-normative general introduction to the GF whose purpose is to orient first-time readers as to the overall context of the GF. It:

...

Info
titleNew

Terminology

This section asserts the terminology conventions used in the GF. It:

  1. MUST explicitly specify the use of the ToIP Governance Requirements Glossary (see below).
  2. SHOULD specify that all RFC 2119 keywords used with their RFC 2119 meanings are capitalized.
  3. MUST reference the Glossary for all other terms (see the Controlled Documents section).
  4. SHOULD specify any other formatting or layout conventions used in the Primary Document or Controlled Documents.

ToIP Governance Requirements Glossary

  • Requirements include any combination of Machine-Testable Requirements and Human-Auditable Requirements. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119
    • Mandates are Requirements that use a MUST, MUST NOT, SHALL, SHALL NOT or REQUIRED keyword.
    • Recommendations are Requirements that use a SHOULD, SHOULD NOT, or RECOMMENDED keyword.
    • Options are Requirements that use a MAY or OPTIONAL keyword.
  • Machine-Testable Requirements are those with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
    • Rules are Machine-Testable Requirements that are written in a Machine-Readable language and can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the GF.
  • Human-Auditable Requirements are those with which compliance can only be verified by an audit of people, processes, and procedures.
    • Policies are Human-Auditable Requirements written using standard conformance terminology. For Policies using in ToIP Governance Frameworks, the standard terminology is  RFC 2119 keywords. Note that all RFC 2119 keywords have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED requirement was not implemented and SHOULD explain why a MAY requirement was implemented.
  • Specifications are documents containing any combination of Machine-Testable Requirements and Human-Auditable Requirements needed to produce technical interoperability.
Governance

Governing Authority

and Governing Party

This section asserts the legal authority for governance of the GF. It:

MUST state whether the Governance Authority or interdependent Governance Authorities are the same as the Governing Party.

  1. MUST state the full legal identity of each Governance Authority (and the Governing Party, if separate)the Governing Authority or interdependent Governing Authorities.
    1. SHOULD provide an LEI for each.
  2. MUST provide contact information for the Governing PartyAuthorit(ies) as Legal Entit(ies).
    1. SHOULD provide contact information for official contacts.
  3. SHOULD provide a publicly-accessible website for accessing Governance Framework Website (GF Website) at a URL dedicated to the GF website.
  4. SHOULD include in the GF Website:It RECOMMENDED that this website:
      Be an independent dedicated website with its own  URL for portability and ease of management.
    1. If applicable, use a URL closely associated with the primary Trust Mark for the GF and display this Trust Mark displayed prominently on the home page.
    2. Include HTML versions of all documents in the GF.
    3. Include PDF versions of all documents in the GF.
    4. Highlight the documents in Highlighted links to the Governance Requirements section that specify how the Governance the Governing Authority itself is governed..

Administering Authority

It the Administering Authority for the GF is different from the Governing Authority, include this section. It:

  1. MUST state the full legal identity of the Administering Authority.
    1. SHOULD provide the LEI.
  2. MUST state how the Governing Authority is related to and delegates administrative authority to the Administering Authority.
  3. MUST provide contact information for the Administering Authority as a Legal Entity.
    1. SHOULD provide contact information for official contactsProvide specific contact information for each Individual responsible in a public-facing Role for administering the GF and accepting public inquires or feedback.

Purpose

This is a short, clear statement of the overall purpose (mission) of the GF. It:

...

  1. SHOULD serve as a guide to the development of any Requirement based on each Principle ("Principles guide Policies").
  2. SHOULD refer to existing Principles—whether defined by other ToIP GFs or by other sources—whenever possible.
  3. SHOULD be referenced (along with any other relevant parts of the GF) in any Legal Agreement between Members and the Governance Governing Authority.
  4. MUST NOT include Requirements (e.g., using RFC 2119 terms) for which either human or machine conformance can be directly tested — those should be stated as Requirements elsewhere in the GF.

...

This section contains the specific Requirements governing revisions to the GF. It does not include Governance Requirements for the Governance Governing Authority or interdependent Governance interdependent Governing Authorities (those should be defined in Controlled Documents in the Governance Requirements category). It:

  1. MUST include Requirements specifying how any revisions to the GF will be developed, reviewed, and approved.
  2. MUST include Requirements for how all new versions will be identified with a DID URL.
  3. SHOULD include at least one public review period for any GF that will be available to the public.

...

  1. SHOULD include a Trust Assurance Framework document that defines a scheme in which Governed Parties assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
  2. SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the directives governing their actions.
  3. SHOULD (if applicable) define the roles of Certifying Parties and the requirements governing their actions and relationships with the Governance the Governing Authority, Auditors, and Auditor Accreditors.
  4. SHOULD (if applicable) include requirements supporting the development, licensure, and usage of one or more Trust Marks.

...

  1. MUST include Controlled Documents that specify Governance requirements for the primary Governance Governing Authority (or all interdependent Governance Governing Authorities, or if applicable the Governing Entity), e.g., Charter, Bylaws, Operating Rules, etc.
  2. SHOULD address any Antitrust Policies, Intellectual Property Rights (IPR) Policies, Confidentiality Policies, or other Requirements for regulatory compliance under which the Trust Community Members agree to operate.
  3. SHOULD include any Requirements governing enforcement of the GF and how Dispute Resolution will be handled.

...

  1. SHOULD clearly explain the exchange(s) of value within the Trust Community for which the GF is designed.
  2. SHOULD define the Policies and/or Rules governing how and when these exchanges of value take place.
  3. SHOULD define the Requirements for the use of any Rules Engines or Decision Support Systems.
  4. SHOULD define how all Trust Community Members will be held accountable for their actions in these exchanges.
  5. SHOULD define how the Governance the Governing Authority, Governing Entity, and the GF are sustainable under these Requirements.

...

  1. MUST include all specified legal agreements or contracts between Members and/or the Governance the Governing Authority.
  2. SHOULD reference the Glossary document for all terms not defined internally to the agreement or contract.
  3. MUST clearly state the Governed Parties to whom these legal agreements apply.
  4. MUST define or reference all relevant accountability and enforcement mechanisms.
  5. SHOULD reference any other relevant Requirements in the balance of the GF.

...