Page History

...

1. SHOULD have a reference to the ToIP Foundation, the ToIP Stack, and the specific version of the ToIP the ToIP Governance Template from which it was derived.
2. MAY include an "Acknowledgements" section to acknowledge the contributors to the GF.

...

1. SHOULD serve as a guide to the development of any Requirement based on each Principle ("Principles guide Policies").
2. SHOULD refer to existing Principles—whether defined by other ToIP GFs or by other sources—whenever possible.
3. SHOULD be referenced (along with any other relevant parts of the GF) in any Legal Agreement between Members and the Governance Authority.
4. MUST NOT include requirements using RFC Requirements (e.g., using RFC 2119 terms) for which either human or machine conformance can be directly tested — those should be stated as Requirements elsewhere in the GF.

...

This section contains the specific Requirements governing revisions to the GF. It does not include Governance Requirements for the Governance Authority or interdependent Governance Authorities (those are should be defined in Controlled Documents in the Governance category). It:

1. MUST state the full legal identity and contact information for the primary Governance Authority or interdependent Governance Authorities.
2. MUST include Requirements specifying how any revisions to the GF are identified, will be developed, reviewed, and approved.
3. MUST include Requirements for how all new versions will be identified with a DID URL.
4. SHOULD include at least one public review period for any GF that will be available to the public.

...

This section applies to GFs that permit extensions via the incorporation of other GFs (a common feature especially of some ecosystem GFs). It:

...

• SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose and objectives within its scopeScope.
• SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
• SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
• MAY include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred); however, all risks that are to be mitigated by mandates Mandates in the GF SHOULD be identified.

...

1. MUST specify the primary Governance Authority or all interdependent Governance Authorities (if any).
2. MUST include Controlled Documents that specify Governance requirements for the primary Governance Authority or all interdependent Governance Authorities (e.g., Charter, Bylaws, Operating Rules, etc.)
3. SHOULD address any Antitrust Policies, Intellectual Property Rights (IPR) Policies, Confidentiality Policies, or other Requirements for regulatory compliance requirements under which the Trust Community Members agree to operate.
4. SHOULD include any requirements Requirements governing enforcement of the GF and how Dispute Resolution will be handled.

...

1. SHOULD clearly explain the exchange(s) of value within the Trust Community for which the GF is designed.
2. SHOULD define the Policies and/or Rules governing how and when these exchanges of value take place.
3. SHOULD define the Requirements for the use of any Rules Engines.
4. SHOULD define how all Trust Community Members will be held accountable for their actions in these exchanges.
5. SHOULD define how the Governance Authority and the GF are sustainable under these Rules.

...

These are the Requirements governing information security, privacy, availability, confidentiality and processing integrity as these terms are defined by the Committee on the Sponsoring Organizations of the Treadway Commission - (COSO) Internal Control - Integrated Framework. Controlled Documents in this category:

1. MUST specify how Members of the Trust Community will ensure the following categories of Information Trust:
   1. Information security
   2. Information privacy
   3. Information availability
   4. Information confidentiality
   5. Information processing integrity
2. SHOULD specify the relevant Information Trust Policies by reference to:
   1. ToIP Standard Specifications (TSS).
   2. Other regulatory or industry standards.
   3. GF-specific Policies.
   4. GF-compliant Rules Engines.
   5. Trust Community Member-specific Policies.GF-compliant Rules Engines

Inclusion, Equitability, and Accessibility Requirements

...

1. MUST specify how Members of the Trust Community will enable and promote inclusion, equitability, and accessibility by reference to:
   1. ToIP Standard Specifications (TSS).
   2. Other regulatory or industry standards/guidelines.
   3. GF-specific Policies.
   4. GF-compliant Rules Engines.
   5. Member-specific Policies.
   6. GF-compliant Rules Engines
2. SHOULD specifically address how the GF is designed to help bridge (or eliminate) the digital divide.

...

This category includes any legal agreements or contracts included in the GF. Controlled Documents in this category:

1. MUST include all specified legal agreements or contracts between Members and/or the Governance Authority.
2. SHOULD reference the Glossary document for all terms not defined withininternally to the agreement or contract.
3. MUST clearly state the Governed Parties to whom these legal agreements apply.
4. MUST define or reference all relevant accountability and enforcement mechanisms.
5. SHOULD reference any other relevant Requirements in the balance of the GF.

...