...
This category includes links to an ISO 27005 (or compatible) risk assessment for managing risk. Controlled Documents in this category:
...
- SHOULD include a Trust Assurance Framework document that defines a scheme in which Roles assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
- SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the directives governing their actions.
- SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
- SHOULD (if applicable) include Policies supporting the development, licensure, and usage of one or more Trust Marks.
Governance Requirements
These are the Requirements for governing the GF as a whole. Controlled Documents in this category:
- MUST specify the primary Governance Authority or all interdependent Governance Authorities (if any).
- MUST include Controlled Documents that specify Governance Policies for the primary Governance Authority or all interdependent Governance Authorities (e.g., Charter, Bylaws, Operating Rules, etc.)
- SHOULD address any antitrust Policies, intellectual property rights (IPR) Policies, confidentiality Policies, or other regulatory compliance policies under which the Trust Community Members agree to operate.
- SHOULD include any Policies governing enforcement of the GF and how Dispute Resolution will be handled.
...
Business Requirements
These are the Polices and/or Rules governing the business model(s) and business rules to be followed by the Trust Community. Controlled Documents in this category:
...
These are the Requirements governing information security, privacy, availability, confidentiality and processing integrity as these terms are defined by the Committee on the Sponsoring Organizations of the Treadway Commission - (COSO) Internal Control - Integrated Framework. Controlled Documents in this category:
...