Versions Compared

Old Version 44

changes.mady.by.user Scott Perry

Saved on

compared with

New Version 45

changes.mady.by.user Scott Perry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This section contains the Policies Directives that apply to the GF as a whole and not just in the context of a particular detailed directive section of a Controlled Document. It:

  1. SHOULD include the Policies  Directives that:
    1. Apply generally to governance of the entire Trust Community;
    2. Apply to the structure of the GF, e.g., what Controlled Documents must be specified by whom and applied to whom.
    3. Guide the development of more specific Policies Directives within the Controlled Documents.
  2. SHOULD NOT include Policies Directives that apply only within the context of a specific category addressed by one of the Controlled Documents.
  3. MUST include Responsible Use Policies Directives that apply generally to infrastructure governed by the GF.
  4. MUST include any Regulatory Compliance Policies Directives that are not specified within particular Controlled Documents.

...

  1. MUST state whether the GF can be extended.
  2. MUST specify the requirements an Extension Governance Framework must meet in order to be approved.
  3. MUST specify the process for an Extension Governance Framework to be approved.
  4. MUST define an authoritative mechanism for registration and activation of an approved Extension Governance Framework.
  5. MUST define the requirements for notification of the Trust Community about an approved Extension Governance Framework.

Schedule of Controlled DocumentsDocuments 

This is a listing of all Controlled Documents in the GF. It:

...

  1. SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope.
  2. SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
  3. SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
  4. SHOULD MAY include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred); however, all risks that are to be mitigated by directives in the GF SHOULD be identified.
  5. SHOULD include a Trust Assurance Framework that defines how Roles assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
  6. SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
  7. SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
  8. SHOULD (if applicable) include policies around the developing, licensing, and usage of one or more Trust Marks.

...

  1. SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope.
  2. SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
  3. SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
  4. SHOULD include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred).
  5. SHOULD include a Trust Assurance Framework document that defines a scheme in which Roles assert compliance with the Policies MUST  "MUST" Directives of the GF and the mechanisms of assurance over those assertions.
  6. SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
  7. SHOULD (if applicable) define the roles of Certification Authorities and the Policies Directives governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
  8. SHOULD (if applicable) include policies directives around the developing, licensing, and usage of one or more Trust Marks.

...

  1. MUST specify how Members of the Trust Community will interoperate technically using the ToIP Technology Stack by reference to ToIP Standard Specifications (TSS).
  2. SHOULD (if necessary) reference one or more specific ToIP Interoperability Profiles (TIPs).
  3. SHOULD specify any technical Policies or Specifications that are specific to this Trust Community.
  4. (New) SHOULD (if applicable) specify Rules defined in a GF-compatible or compliant Rules Engine

Information Trust Rules Directives

...

  1. MUST specify how Members of the Trust Community will ensure the following categories of Information Trust:
    1. Information security
    2. Information privacy
    3. Information availability
    4. Information confidentiality
    5. Information processing integrity
  2. SHOULD specify the relevant Information Trust Policies by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standards.
    3. GF-specific Policies Directives.
    4. Member-specific Policies Directives.
    5. (new) GF-compatible or compliant Rules Engines

Inclusion, Equitability, and Accessibility Rules Directives

...

  1. MUST specify how Members of the Trust Community will enable and promote inclusion, equitability, and accessibility by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standards/guidelines.
    3. GF-specific Policies.
    4. Member-specific Policies.
    5. (new) GF-compatible or compliant Rules Engines
  2. SHOULD specifically address how the GF is designed to help bridge (or eliminate) the digital divide.

...