This section asserts the terminology conventions used in the GF. It: - MUST explicitly specify the use of the ToIP Governance Requirements Glossary (see below).
- SHOULD specify that all RFC 2119 keywords used with their RFC 2119 meanings are capitalized.
- MUST reference the Glossary for all other terms (see the Controlled Documents section).
- SHOULD specify any other formatting or layout conventions used in the Primary Document or Controlled Documents.
ToIP Governance Requirements Glossary - Requirements include any combination of Machine-Testable Requirements and Human-Auditable Requirements. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119.
- Mandates are Requirements that use a MUST, MUST NOT, SHALL, SHALL NOT or REQUIRED keyword.
- Recommendations are Requirements that use a SHOULD, SHOULD NOT, or RECOMMENDED keyword.
- Options are Requirements that use a MAY or OPTIONAL keyword.
- Machine-Testable Requirements are those with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
- Rules are Machine-Testable Requirements that are written in a Machine-Readable language and can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the GF.
- Human-Auditable Requirements are those with which compliance can only be verified by a human audit of Policies, Processes, and Practices.
- Policies are Human-Auditable Requirements written using standard conformance terminology. For Policies used in ToIP Governance Frameworks, the standard terminology is RFC 2119 keywords. Note that all RFC 2119 keywords have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED requirement was not implemented and SHOULD explain why a MAY requirement was implemented.
- Processes are Human-Auditable Requirements that specify actions and methods to accomplish achieve Policy objectives.
- Practices are activities within Processes to achieve Process requirements.
- Specifications are documents containing any combination of Machine-Testable Requirements and Human-Auditable Requirements needed to produce technical interoperability.
This section asserts the legal authority for governance of the GF. It: - For the Governing Authority or each interdependent Governing Authority:
- MUST state the full legal identity including Jurisdiction(s).
- MUST state the DID.
- SHOULD provide an LEI.
- MUST provide contact information for the Governing Authorit(ies) as Legal Entit(ies).
- SHOULD provide contact information for official contacts.
- SHOULD provide a publicly-accessible Governance Framework Website (GF Website) at a URL dedicated to the GF website.
- SHOULD include in the GF Website:
- If applicable, a primary Trust Mark for the GF and displayed prominently on the home page.
- HTML versions of all documents in the GF.
- PDF versions of all documents in the GF.
- Highlighted links to the Governance Requirements section that specify how the Governing Authority itself is governed.
If the Administering Authority for the GF is different from the Governing Authority, include this section. It: - MUST state the full legal identity of the Administering Authority.
- SHOULD provide the LEI.
- MUST state how the Governing Authority is related to and delegates administrative authority to the Administering Authority.
- MUST provide contact information for the Administering Authority as a Legal Entity.
- SHOULD provide contact information for official contacts.
| 