...
- Standard ToIP Roles at that layer (see the GSWG Process and Roles TF)
- Standard ToIP Processes in which actors in those roles are engaged (see the GSWG Process and Roles TF)
- Recommended Policies for those Processes (Process and Roles TF)
- Standard Risks against which Risk Assessment should be performed (Trust Assurance TF)
- Standard elements of a Trust Assurance Framework to address those risks (Trust Assurance TF)
...
This category includes policies for managing risk and completing the TOIP certification process within the GF. Controlled Documents in this category:
- SHOULD include a Risk Assessment that provide an assessment of each key risk that the GF is designed to address and mitigate.
- SHOULD assess which roles and processes are vulnerable to each risk.
- SHOULD include a Risk Treatment Plan (RTP) for how identified risks are mitigated or remediated.
- SHOULD include a Trust Assurance Framework that defines how actors in specific roles may be audited for compliance with the policies of the GF.
- SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
- SHOULD (if applicable) define the roles of Certification Authorities and the policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
...