Versions Compared

Old Version 41

changes.mady.by.user Drummond Reed

Saved on

compared with

New Version 42

changes.mady.by.user Rieks Joosten

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor things

...

This is a short, clear statement of the overall purpose (mission) of the GF. It:

  1. SHOULD be as short and concise as possible—ideally one sentence, or only a few sentences.

...

  1. SHOULD clearly state the stakeholders in the Trust Community.


  2. Info
    titleDeleted Bullet referencing Objectives
    SHOULD clearly state the high-level assets/artifacts (e.g. ledgers, transactions, agents, wallets, verifiable credentials, applications) under oversight by the GF.


  3. SHOULD, if applicable, clearly state who and what are out of scope.
Info
titleNew Content

Objectives

This states the high-level outcomes desired by the Governance Authority through its execution of its Governance Framework. It:

  1. SHOULD specify tangible, achievable results (e.g. SMART criteria and Fit-for-purpose criteria).
  2. SHOULD specify the intended overall outcomes of the Rules and Policies in the GF.
  3. MUST align with its Purpose.
  4. MUST only contain outcomes that the GF has the authority and mechanisms to achieve within its Scope.
  5. SHOULD consider its Principles.

Principles

This section states the Principles by which all members of the Trust Community have agreed to abide. It:

...

  1. SHOULD include the Policies that:
    1. Apply generally to governance of the entire Trust Community;
    2. Apply to the structure of the GF, e.g., what Controlled Documents must be specified by whom and applied to whom.
    3. Guild Guide the development of more specific Policies within the Controlled Documents.
  2. SHOULD NOT include Policies that apply only with within the context of a specific category addressed by one of the Controlled Documents.
  3. MUST include Responsible Use Policies that apply generally to infrastructure governed by the GF.
  4. MUST include any Regulatory Compliance Policies that are not specified within particular Controlled Documents.

...

  1. SHOULD be a single Controlled Document (even if it is organized by categories or other heuristics).
  2. SHOULD provide a common reference for all possibly ambiguous terms used throughout the GF.
  3. SHOULD reference the ToIP Glossary—or tagged subset(s) of the ToIP Glossary—for all terms defined there.
  4. SHOULD list all terms alphabetically (by language) for easy reference.[Rieks: OED (lexico)cambridgewikipedia, etc, say that glossary IS already an alphabetically sorted list of words]
  5. MAY tag terms by category or usage.
  6. MAY specify that terms specific to one Controlled Document are defined in that Controlled Document.

...

  1. SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope.
  2. SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
  3. SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
  4. SHOULD include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred).
  5. SHOULD include a Trust Assurance Framework that defines how Roles assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
  6. SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
  7. SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
  8. SHOULD (if applicable) include policies around the developing, licensing, and usage of one or more Trust Marks.

...