You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Introduction

This page represents the proposed structure of the ToIP Governance Metamodel. The purpose of the metamodel is to provide an overall template for ToIP-compatible governance frameworks from which the GSWG will then develop layer-specific templates. Each layer-specific template will be an instance of the metamodel that adds details such as:

  • Standard ToIP Roles at that layer (currently underway in the Process and Roles TF)
  • Standard ToIP Processes in which actors in those roles are engaged
  • Recommended Policies for those Processes
  • Standard Risks against which Risk Assessment should be performed
  • Standard elements of a Trust Assurance Framework to address those risks

The balance of this page is an outline of the proposed metamodel. 

All terms appearing in First Letter Caps on this page MUST be added to the ToIP Glossary tagged for inclusion in the ToIP Governance Glossary.

Master Document

The Master Document is the "home page" for the governance framework (GF). It:

  1. MUST have a DID (Decentralized Identifier) that serves as an identifier of the entire GF.
  2. MUST have a unique DID URL to identify each specific version of the Master Document.
  3. MUST contain authoritative references to all other documents included in the GF, called the Controlled Documents.
  4. IMUST include policies stating how the Controlled Documents are governed by the Governance Authority.

Introduction

This section is a non-normative general introduction to the GF that orient first-time readers as to the overall context of the GF. It:

  1. SHOULD have a reference to the ToIP Foundation, the ToIP stack, and the ToIP Governance Template from which it was derived.
  2. MAY include an Acknowledgements section to acknowledge the contributors to the GF.

Purpose

This is a short, clear statement of the purpose of the GF. It:

  1. SHOULD be as short and concise as possible—ideally one sentence, or only a few sentences.

Scope

This is a statement of the scope of the Trust Community for which the TF is intended to provide governance. It:

  1. SHOULD clearly state the stakeholders in the Trust Community.
  2. SHOULD clearly state their overall shared trust objectives.
  3. SHOULD, if possible, clearly state who and what are out of scope.

Principles

This section states the Principles by which all members of the Trust Community have agreed to abide. It:

  1. SHOULD serve as a guide to the development of any Policies based on each Principle ("Principles guide Policies").
  2. SHOULD refer to existing Principles—whether defined by ToIP-Compatible GFs or by other bodies—whenever possible.
  3. SHOULD NOT define Principles against which conformance can be tested directly—those should be Policies.

Core Policies

This section contains the Policies that apply generally across the entire GF. It:

  1. SHOULD include Policies that apply generally to governance of the entire Trust Community and that guide the development of more specific policies within the Controlled Documents.
  2. SHOULD NOT include any Policies that apply in a specific context addressed by one of the Controlled Documents.
  3. SHOULD be listed within categories if that is helpful to understanding their intent.

Governance

The Governance section covers how the GF is governed. It:

  1. MUST state the full legal identity and contact information for the Governance Authority.
  2. MUST include Policies clearly explaining Governance of the GF—specifically how any revisions to the GF are developed and approved.
  3. MUST include references to any separate Controlled Documents that constitute Governance documents for the Governance Authority (e.g., Charter, Bylaws, Operating Rules, etc.)

Schedule of Controlled Documents

This is a listing of all Controlled Documents. It:

  1. MUST include authoritative references to all Controlled Documents in the GF.
  2. MUST identify each Controlled Document with a unique, permanent DID URL.
  3. SHOULD include a Web link to each Controlled Document in the Web version of the GF.
  4. SHOULD include a brief description of the purpose and scope of each Controlled Document to make it easy for readers to navigate the GF.

Controlled Documents

Each Controlled Document covers a specific specialized area of the GF. The following are categories of Controlled Documents where each category MAY include zero or more Controlled Documents.

Glossary

The Glossary provides a common basis for terminology. It:

  1. SHOULD be a single Controlled Document.
  2. SHOULD provide a common reference for all terms used throughout the GF.
  3. SHOULD reference the ToIP Glossary—or a tagged subset of the ToIP Glossary—for all terms defined there.
  4. SHOULD list all terms alphabetically (by language) for easy reference.
  5. MAY tag terms by category or usage.
  6. MAY specify that terms specific to one Controlled Document be defined in that Controlled Document.

Risk Assessment

The Risk Assessment is a key driver of trust assurance within the GF. Controlled Documents in this category:

  1. SHOULD be designed to work in conjunction with the Trust Assurance Framework.
  2. SHOULD provide an assessment of each key risk that the GF is designed to address and mitigate.
  3. SHOULD assess which roles and processes are vulnerable to this risk.

Trust Assurance Framework

The Trust Assurance Framework is a second key driver of trust assurance within the GF. Controlled Documents in this category:

  1. SHOULD be designed to work in conjunction with the Risk Assessment.
  2. SHOULD define how actors in specific roles may be audited for compliance with the policies of the GF.
  3. SHOULD if applicable define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
  4. SHOULD if applicable define the roles of Certification Authorities and the policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.

Governance Rules

These are the Rules for governing the GF as a whole. Controlled Documents in this category:

  1. MUST specify all delegated Governing Bodies (if any).
  2. MUST include all Controlled Documents that constitute Governance Documents for:
    1. The Governance Authority (e.g., Charter, Bylaws, Operating Rules, etc.)
    2. Each delegated Governing Body (e.g., Charter, Rules of Order, etc.)
  3. MUST state the policies under which all of these Governance Documents can be revised.
  4. SHOULD clearly state how any such documents work together to define Governance for all components of the GF.

Business Rules

These are the Rules governing the business model(s) of the GF. Controlled Documents in this category:

  1. SHOULD clearly explain the exchange(s) of value within the Trust Community that the GF is design to enable.
  2. SHOULD define the policies governing how and when these exchanges of value take place.
  3. SHOULD define how all Members are accountable for their actions in these exchanges.
  4. SHOULD define how the Governance Authority and the GF are sustainable under these Rules.

Technical Rules

These are the Rules governing technical interoperability. Controlled Documents in this category:

  1. MUST specify how Members of the Trust Community will interoperate using the ToIP Stack by reference to ToIP Standard Specifications (TSS).
  2. SHOULD if necessary reference one or more specific ToIP Interoperability Profiles (TIPs).
  3. SHOULD specify any technical Policies or Specifications that are specific to this Trust Community.

Security, Privacy, and Data Protection Rules

These are the Rules governing information integrity and protection. Controlled Documents in this category:

  1. MUST specify how Members of the Trust Community will ensure information security by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard security specifications.
    3. GF-specific security policies.
    4. Member-specific security policies.
  2. MUST specify how Members of the Trust Community will ensure information privacy and data protection by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard privacy and data protection specifications.
    3. GF-specific privacy and data protection policies.
    4. Member-specific privacy data protection policies.

Inclusion, Equity, and Accessibility Rules

These are the Rules governing fairness and equitability of the GF. Controlled Documents in this category:

  1. MUST specify how the GF enables and promotes inclusion and equity by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard inclusivity guidelines.
    3. GF-specific inclusion and equity policies.
    4. Member-specific inclusion and equity policies.
  2. MUST specify how the GF enables and promotes accessbility by reference to:
    1. ToIP Standard Specifications (TSS).
    2. Other regulatory or industry standard accessibility specifications.
    3. GF-specific accessibility policies.
    4. Member-specific accessibility policies.

Legal Agreements

This category include any legal agreements or contracts defined by the GF. Controlled Documents in this category:

  1. MUST include all legal agreements or contracts between Members of the GF and/or the Governance Authority that are required to carry out the policies of the GF.
  2. SHOULD reference the Glossary document for all terms not defined inline.
  3. MUST clearly state the roles to which these legal agreements apply.
  4. MUST define or reference the accountability and enforcement mechanisms.
  5. MUST reference any other relevant policies in the GF.



  • No labels