Versions Compared

Old Version 12

changes.mady.by.user Victor Golubkov

Saved on

compared with

New Version 13

changes.mady.by.user Drummond Reed

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

All terms appearing in First Letter Caps on this page MUST be added to the ToIP Glossary tagged for inclusion in the ToIP Governance Glossary. (Note: the Concepts and Terminology WG has already been briefed on this dependency.)

Master Document

The Master Document is the "home page" for the governance framework (GF). It:

  1. MUST have a DID (Decentralized Identifier) that serves as an identifier of the entire GF.
  2. MUST have a unique DID URL (defined in the DID spec) to identify each specific version of the Master Document.
  3. MUST contain authoritative references to all other documents included in the GF, called the Controlled Documents.
  4. MUST include policies stating how the Controlled Documents are governed by the Governance Authority.

...

  1. SHOULD have a reference to the ToIP Foundation, the ToIP stackStack, and the ToIP Governance Template from which it was derived.
  2. MAY include an Acknowledgements section to acknowledge the contributors to the GF.

...

  1. SHOULD serve as a guide to the development of any Policies based on each Principle ("Principles guide Policies").
  2. SHOULD refer to existing Principles—whether defined by ToIP-Compatible GFs or by other bodies—whenever possible.
  3. SHOULD NOT define Principles against which conformance can could be tested directly—those should be Policies.

...

  1. MUST state the full legal identity and contact information for the Governance Authority.
  2. MUST include Policies clearly explaining Governance of the GF—specifically how any revisions to the GF are developed and approved.
  3. MUST include references to any separate Controlled Documents that constitute Governance documents for the Governance Authority (e.g., Charter, Bylaws, Operating Rules, etc.)
  4. SHOULD explain if there are delegating Governing Bodies and provide a reference to an authoritative listing of such Governing Bodies and their responsibilities.

Schedule of Controlled Documents

...

  1. MUST include authoritative references to all Controlled Documents in the GF.
  2. MUST identify each Controlled Document with a unique, permanent DID or DID URL.
  3. SHOULD include a Web link to each Controlled Document in the Web version of the GF.
  4. SHOULD include a brief description of the purpose and scope of each Controlled Document to make it easy for readers to navigate the GF.

...

Each Controlled Document covers a specific specialized area of the GF. The Each of the following are categories of Controlled Documents where each category MAY include zero or more Controlled Documents.

...

This category includes policies for managing risk and completing the TOIP certification process within , including how parties can be certified against the GF. Controlled Documents in this category:

  1. SHOULD include a Risk Assessment that provide an assessment of each key risk that the GF is designed to address and mitigate.
  2. SHOULD assess which roles Roles and processes Processes are vulnerable to each risk.
  3. SHOULD include a Risk Treatment Plan (RTP) for how identified risks are mitigated or remediated.
  4. SHOULD include a Trust Assurance Framework that defines how actors in Parties in specific roles Roles may be audited for compliance with the policies Policies of the GF.
  5. SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
  6. SHOULD (if applicable) define the roles of Certification Authorities and the policies Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.

...

  1. MUST specify all delegated Governing Bodies (if any).
  2. MUST include all Controlled Documents that constitute Governance Documents for:
    1. The Governance Authority (e.g., Charter, Bylaws, Operating Rules, etc.)
    2. Each delegated Governing Body (e.g., Charter, Rules of Order, etc.)
  3. MUST state the policies Policies under which all of these Governance Documents can be revised.
  4. SHOULD clearly state how any such documents work together to define Governance for all components of the GF.

...

  1. SHOULD clearly explain the exchange(s) of value within the Trust Community that the GF is design to enable.
  2. SHOULD define the policies Policies governing how and when these exchanges of value take place.
  3. SHOULD define how all Members are accountable for their actions in these exchanges.
  4. SHOULD define how the Governance Authority and the GF are sustainable under these Rules.

...

  1. MUST specify how Members of the Trust Community will ensure information security by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard security specifications.
    3. GF-specific security policiesPolicies.
    4. Member-specific security policiesPolicies.
  2. MUST specify how Members of the Trust Community will ensure information privacy and data protection by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard privacy and data protection specifications.
    3. GF-specific privacy and data protection policiesPolicies.
    4. Member-specific privacy data protection policiesPolicies.

Inclusion, Equity, and Accessibility Rules

...

  1. MUST specify how the GF enables and promotes inclusion and equity by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard inclusivity guidelines.
    3. GF-specific inclusion and equity policiesPolicies.
    4. Member-specific inclusion and equity policiesPolicies.
  2. MUST specify how the GF enables and promotes accessbility by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard accessibility specifications.
    3. GF-specific accessibility policiesPolicies.
    4. Member-specific accessibility policiesPolicies.

Legal Agreements

This category include any legal agreements or contracts defined by the GF. Controlled Documents in this category:

  1. MUST include all legal agreements or contracts between Members of the GF and/or the Governance Authority that are required to carry out the policies the Policies of the GF.
  2. SHOULD reference the Glossary document for all terms not defined inline.
  3. MUST clearly state the roles to which these legal agreements apply.
  4. MUST define or reference the accountability and enforcement mechanisms.
  5. MUST reference any other relevant policies relevant Policies in the GF.