...
This is a short, clear statement of the overall purpose (mission) of the GF. It:
- SHOULD be as short and concise as possible—ideally one sentence, or only a few sentences.
...
- SHOULD clearly state the stakeholders in the Trust Community.
Info title Deleted Bullet referencing Objectives SHOULD clearly state the high-level assets/artifacts (e.g. ledgers, transactions, agents, wallets, verifiable credentials, applications) under oversight by the GF. - SHOULD, if applicable, clearly state who and what are out of scope.
Info | ||
---|---|---|
| ||
ObjectivesThis states the high-level outcomes desired by the Governance Authority through its execution of its Governance Framework. It:
|
Principles
This section states the Principles by which all members of the Trust Community have agreed to abide. It:
...
- SHOULD include the Policies that:
- Apply generally to governance of the entire Trust Community;
- Apply to the structure of the GF, e.g., what Controlled Documents must be specified by whom and applied to whom.
- Guild Guide the development of more specific Policies within the Controlled Documents.
- SHOULD NOT include Policies that apply only with within the context of a specific category addressed by one of the Controlled Documents.
- MUST include Responsible Use Policies that apply generally to infrastructure governed by the GF.
- MUST include any Regulatory Compliance Policies that are not specified within particular Controlled Documents.
...
- SHOULD be a single Controlled Document (even if it is organized by categories or other heuristics).
- SHOULD provide a common reference for all possibly ambiguous terms used throughout the GF.
- SHOULD reference the ToIP Glossary—or tagged subset(s) of the ToIP Glossary—for all terms defined there.
SHOULD list all terms alphabetically (by language) for easy reference.[Rieks: OED (lexico), cambridge, wikipedia, etc, say that glossary IS already an alphabetically sorted list of words]- MAY tag terms by category or usage.
- MAY specify that terms specific to one Controlled Document are defined in that Controlled Document.
...
- SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope.
- SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
- SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
- SHOULD include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred).
- SHOULD include a Trust Assurance Framework that defines how Roles assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
- SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
- SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
- SHOULD (if applicable) include policies around the developing, licensing, and usage of one or more Trust Marks.
...