...
- SHOULD be a single Controlled Document.
- SHOULD provide a common reference for all terms used throughout the GF.
- SHOULD reference the ToIP Glossary—or a tagged subset of the ToIP Glossary—for all terms defined there.
- SHOULD list all terms alphabetically (by language) for easy reference.
- MAY tag terms by category or usage.
- MAY specify that terms specific to one Controlled Document be defined in that Controlled Document.
Risk Assessment
...
, Trust Assurance, and Certification
This category includes policies for managing risk The Risk Assessment is a key driver of trust assurance within the GF. Controlled Documents in this category:
- SHOULD be designed to work in conjunction with the Trust Assurance Framework.SHOULD include a Risk Assessment that provide an assessment of each key risk that the GF is designed to address and mitigate.
- SHOULD assess which roles and processes are vulnerable to this each risk.
- SHOULD include a Trust Assurance Framework
...
The Trust Assurance Framework is a second key driver of trust assurance within the GF. Controlled Documents in this category:
- SHOULD be designed to work in conjunction with the Risk Assessment.
- SHOULD define that defines how actors in specific roles may be audited for compliance with the policies of the GF.
- SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
- SHOULD (if applicable) define the roles of Certification Authorities and the policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
...