...
- SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope
- SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
- SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
- SHOULD include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred).
- SHOULD include a Trust Assurance Framework that defines how Roles assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
- SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
- SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
- SHOULD (if applicable) include policies around the developing, licensing, and usage of one or more Trust Marks.
Governance Rules
These are the Rules for governing the GF as a whole. Controlled Documents in this category:
- MUST specify the primary Governance Authority or all interdependent Governance Authorities (if any).
- MUST include Controlled Documents that specify governance Policies for the primary Governance Authority or all interdependent Governance Authorities (e.g., Charter, Bylaws, Operating Rules, etc.)
- SHOULD address any antitrust Policies, intellectual property rights (IPR) Policies, confidentiality Policies, or other regulatory compliance policies under which the stakeholders agree to operate.
- SHOULD include any Policies governing enforcement of the GF and how Dispute Resolution will be handled.
Business Rules
These are the Rules governing the business model(s) of the GF and/or sustainability of the Governance Authority. Controlled Documents in this category:
...