This wiki has undergone a migration to Confluence found Here
Difference between revisions of "Governance Framework Compliance Statements"
Jump to navigation
Jump to search
| Line 9: | Line 9: | ||
* SHALL identify specific processes to evaluate existing precepts to determine whether they are achieving their intended purposes and are still relevant as circumstances change | * SHALL identify specific processes to evaluate existing precepts to determine whether they are achieving their intended purposes and are still relevant as circumstances change | ||
| − | + | Governance Definition Processes SHOULD include a specific Risk Assessment to identify areas to govern | |
| − | + | * Precepts that are defined when a Risk Assessment has been performed SHALL identify which risks they are intended to mitigate | |
| − | + | Precept definitions SHALL identify | |
| − | **Roles affected by each Precept | + | * What is the purpose of the precept |
| − | * | + | * What are the objectives of the precept |
| − | * | + | * What policies apply to carrying out the precept |
| − | + | * What standards apply to the precept | |
| + | * What Roles are affected by each Precept | ||
| + | * What Processes to which the Precepts apply | ||
| + | * What Metrics used to determine if Precepts have been applied successfully | ||
| + | Precept definitions SHOULD identify | ||
***Consequences of not following precepts | ***Consequences of not following precepts | ||
***Clarify where authority to set precepts originates (which organizational policy, legislation regulation) | ***Clarify where authority to set precepts originates (which organizational policy, legislation regulation) | ||
| − | * | + | * Roles SHOULD be named unambiguously within the scope of anticipated interoperability and identify |
**What actions are permitted, obligated or prohibited by the Role | **What actions are permitted, obligated or prohibited by the Role | ||
**Whether the Role can further delegate authority to carry out part of permitted or obligated actions | **Whether the Role can further delegate authority to carry out part of permitted or obligated actions | ||
| − | * When a Community is defined as part of defining a | + | * When a Community is defined as part of defining a Precepts, the definition SHOULD identify |
** What pre-conditions are applicable to become a member of the Community | ** What pre-conditions are applicable to become a member of the Community | ||
** What processes establish community membership | ** What processes establish community membership | ||
** What processes terminate community membership | ** What processes terminate community membership | ||
** What post-conditions are applicable when leaving a community | ** What post-conditions are applicable when leaving a community | ||
Revision as of 21:01, 31 October 2011
Governance Framework
Any Implementation Guide compliant to the SAIF CD:
- SHALL identify specific Governance Definition Processes that describe which groups have the authority to define which Precepts and their corresponding Roles, Processes and Metrics
- SHALL identify specific Governance Communication Processes that communicate to all impacted groups the nature of the Definition Processes, Precepts defined and means to ask for exceptions to Precepts
- SHALL identify specific Governance Appeal Processes for groups to request exceptions to communicated precepts and criteria to evaluate exception requests
- SHALL identify specific processes to evaluate existing precepts to determine whether they are achieving their intended purposes and are still relevant as circumstances change
Governance Definition Processes SHOULD include a specific Risk Assessment to identify areas to govern
- Precepts that are defined when a Risk Assessment has been performed SHALL identify which risks they are intended to mitigate
Precept definitions SHALL identify
- What is the purpose of the precept
- What are the objectives of the precept
- What policies apply to carrying out the precept
- What standards apply to the precept
- What Roles are affected by each Precept
- What Processes to which the Precepts apply
- What Metrics used to determine if Precepts have been applied successfully
Precept definitions SHOULD identify
- Consequences of not following precepts
- Clarify where authority to set precepts originates (which organizational policy, legislation regulation)
- Roles SHOULD be named unambiguously within the scope of anticipated interoperability and identify
- What actions are permitted, obligated or prohibited by the Role
- Whether the Role can further delegate authority to carry out part of permitted or obligated actions
- When a Community is defined as part of defining a Precepts, the definition SHOULD identify
- What pre-conditions are applicable to become a member of the Community
- What processes establish community membership
- What processes terminate community membership
- What post-conditions are applicable when leaving a community
