...
Info | ||
---|---|---|
| ||
|
...
- SHOULD have a reference to the ToIP Foundation, the ToIP Stack, and the specific version of the ToIP Governance Template from which it was derived.
- MAY include an "Acknowledgements" section to acknowledge the contributors to the GF.
Info | ||
---|---|---|
| ||
Governance Authority and Governing PartyThis section asserts the legal authority for governance of the GF. It:
|
Purpose
This is a short, clear statement of the overall purpose (mission) of the GF. It:
...
This section contains the specific Requirements governing revisions to the GF. It does not include Governance Requirements for the Governance Authority or interdependent Governance Authorities (those should be defined in Controlled Documents in the Governance category). It:
- MUST state the full legal identity and contact information for the primary Governance Authority or interdependent Governance Authorities.MUST include Requirements specifying how any revisions to the GF will be developed, reviewed, and approved.
- MUST include Requirements for how all new versions will be identified with a DID URL.
- SHOULD include at least one public review period for any GF that will be available to the public.
...
Anchor | ||||
---|---|---|---|---|
|
This category includes links to an ISO 27005 (or compatible) risk assessment for managing risk. Controlled Documents in this category:
- SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose and objectives within its Scope.
- SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
- SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
- MAY include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred); however, all risks that are to be mitigated by Mandates in the GF SHOULD be identified.
Trust Assurance and Certification
...
These are the Requirements for governing the GF as a whole. Controlled Documents in this category:
- MUST specify the primary Governance Authority or all interdependent Governance Authorities (if any).MUST include Controlled Documents that specify Governance requirements for the primary Governance Authority (or all interdependent Governance Authorities (Authorities, or if applicable the Governing Entity), e.g., Charter, Bylaws, Operating Rules, etc.)
- SHOULD address any Antitrust Policies, Intellectual Property Rights (IPR) Policies, Confidentiality Policies, or other Requirements for regulatory compliance under which the Trust Community Members agree to operate.
- SHOULD include any Requirements governing enforcement of the GF and how Dispute Resolution will be handled.
...
- SHOULD clearly explain the exchange(s) of value within the Trust Community for which the GF is designed.
- SHOULD define the Policies and/or Rules governing how and when these exchanges of value take place.
- SHOULD define the Requirements for the use of any Rules Engines or Decision Support Systems.
- SHOULD define how all Trust Community Members will be held accountable for their actions in these exchanges.
- SHOULD define how the Governance Authority, Governing Entity, and the GF are sustainable under these RulesRequirements.
Technical Requirements
These are the Requirements governing technical interoperability. Controlled Documents in this category:
...
These are the Requirements governing information security, privacy, availability, confidentiality and processing integrity as these terms are defined by the the Committee on the Sponsoring Organizations of the Treadway Commission - (COSO) Guidance on Internal Control - Integrated Framework. Controlled Documents in this category:
- MUST specify how Members of the Trust Community will ensure the following categories of Information Trust:
- SHOULD specify the relevant Information Trust Policies by reference to:
- ToIP Standard Specifications (TSS).
- Other regulatory or industry standards.
- GF-specific Policies.
- GF-compliant Rules Engines and Decision Support Systems.
- Trust Community Member-specific Policies.
...
- MUST specify how Members of the Trust Community will enable and promote inclusion, equitability, and accessibility by reference to:
- ToIP Standard Specifications (TSS).
- Other regulatory or industry standards/guidelines.
- GF-specific Policies.
- GF-compliant Rules Engines and Decision Support Systems.
- Member-specific Policies.
- SHOULD specifically address how the GF is designed to help bridge (or eliminate) the digital divide.
...