Versions Compared

Old Version 18

changes.mady.by.user Scott Perry

Saved on

compared with

New Version 19

changes.mady.by.user Scott Perry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. SHOULD serve as a guide to the development of any Policies based on each Principle ("Principles guide Policies").
  2. SHOULD refer to existing Principles—whether defined by ToIP-Compatible GFs or by other bodies—whenever possible.
  3. SHOULD NOT define Principles against include language which conformance could be tested directly—those — those statements should be included as Policies.

Core Policies

This section contains the Policies that apply generally across the entire GF. It:

  1. MUST include a Policy clearly explaining Governance of the GF—specifically how any revisions to the GF are developed and approved.
  2. SHOULD include requirements SHOULD include Policies that apply generally to governance of the entire Trust Community and that guide the development of more specific policies within the Controlled Documents.
  3. SHOULD NOT include any Policies requirements that apply in a specific context addressed by one of the Controlled Documents.
  4. SHOULD be listed within categories if that is making it helpful to understanding their context and intent.

Governance

The Governance section covers how the GF is governed. It:

  1. MUST state the full legal identity and contact information for the Governance Authority.
  2. MUST include Policies refer to a Core Policy clearly explaining Governance of the GF—specifically how any revisions to the GF are developed and approved.
  3. MUST include references to any separate Controlled Documents that constitute Governance documents for the Governance Authority (e.g., Charter, Bylaws, Operating Rules, etc.)
  4. SHOULD explain if there are delegating Governing Bodies interdependent Governance Authorities and provide a reference to an authoritative listing of such Governing Bodies such Governance Authorities and their responsibilities.

...

  1. SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope
  2. SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
  3. SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
  4. SHOULD include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred).
  5. SHOULD include a Trust Assurance Framework that defines how Parties in specific Roles MAY MUST assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
  6. SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
  7. SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.

...

These are the Rules for governing the GF as a whole. Controlled Documents in this category:

  1. MUST specify all delegated Governing Bodies interdependent Governance Authorities (if any).
  2. MUST include all Controlled Documents that constitute Governance Documents forconstitute:
    1. The Governance Governance Authority operations (e.g., Charter, Bylaws, Operating Rules, etc.)
    2. Each delegated Governing Body interdependent Governance Authority (e.g., Charter, Rules of Order, etc.)
  3. MUST state the refer to the Core Policy and (if applicable) detail sub Policies under which all of these Governance Documents Governance Framework documents can be revised.
  4. SHOULD clearly state how any such documents work together to define Governance for all components of the GF.

...

  1. MUST specify how Members of the Trust Community will technically interoperate using the ToIP Stack by reference to ToIP Standard Specifications (TSS).
  2. SHOULD (if necessary) reference one or more specific ToIP Interoperability Profiles (TIPs).
  3. SHOULD specify any technical Policies or Specifications that are specific to this Trust Community.

...

Information Trust Rules

These are the Rules governing information integrity and protectionsecurity, privacy, availability, confidentiality and processing integrity. Controlled Documents in this category:

  1. MUST specify how Members of the Trust Community will ensure information security by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard security specificationsstandards.
    3. GF-specific security Policies.
    4. Member-specific security Policies.
  2. MUST specify how Members of the Trust Community will ensure information privacy and data protection  by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standards.
    3. GF-specific Policies.
    4. Member-specific Policies.
  3. SHOULD specify how Members of the Trust Community will ensure information availability by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standards.
    3. GF-specific Policies.
    4. Member-specific Policies.
  4. SHOULD specify how Members of the Trust Community will ensure information confidentiality by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standards.
    3. GF-specific Policies.
    4. Member-specific Policies.
  5. SHOULD specify how Members of the Trust Community will ensure information processing integrity by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard privacy and data protection specificationsstandards.
    3. GF-specific privacy and data protection Policies.
    4. Member-specific privacy data protection Policies.

Inclusion, Equity, and Accessibility Rules

These are the Rules governing fairness and equitability of the GF. Controlled inclusion, equitability and accessibility. Controlled Documents in this category:

  1. MUST specify how the GF enables and promotes Members of the Trust Community will enable and promote inclusion and equity by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard inclusivity standards/guidelines.
    3. GF-specific inclusion and equity Policies.
    4. Member-specific inclusion and equity Policies.
  2. MUST specify how the GF enables and promotes Members of the Trust Community enable and promote accessibility by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard accessibility specificationsstandards.
    3. GF-specific accessibility specific Policies.
    4. Member-specific accessibility specific Policies.

Legal Agreements

This category include any legal agreements or contracts defined by included in the GF. Controlled Documents in this category:

  1. MUST include all legal agreements or contracts between Members of the GF and/or the Governance Authority that are required to carry out the Policies of the GF.
  2. SHOULD reference the Glossary document for all terms not defined inline.
  3. MUST clearly state the roles parties to which these legal agreements apply.
  4. MUST define or reference the accountability and enforcement mechanisms.
  5. MUST reference any other relevant Policies in the GF.

...