ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
2
3
RuleRoleLayerTRUST REQUIREMENTTR RefSUGGESTED EVIDENCESUGGESTED AUDIT TECHNIQUENOTES
4
5
SOVRIN GOVERNANCE FRAMEWORK
6
1GA1Policies, practices, procedures, and algorithms governing participation of Stewards and operation of Nodes MUST follow all Core Principles.SUGF V3, SEGF V3Steward Policies, Practices and AlgorithmsReview Sample of Steward Policies, Practices and Algorithms to determine whether they are following Core Principles.
7
1GA1The Sovrin Foundation MUST publish the Steward Business Policies as a Controlled Document managed by the Steward Qualification Committee.SUGF V3, SEGF V3Steward Business PoliciesDownload Steward Business Policies from Public Site
8
0no role2In keeping with the Guardianship principle, a Guardian SHOULD:
Act in the Dependent person’s best interest.
Exercise good judgment and carefully manage responsibilities.
Avoid commingling—keep Dependent’s property separate (e.g. separate DIDs, Public Keys, Wallets, Vaults, etc.).
Keep detailed records of all actions taken on behalf of the Dependent.
Not violate the Anti-Impersonation principle (section 2.11.5).
Be subject to applicable legal structures regarding the granting and revocation of Guardianships.		SUGF V3, SEGF V3N/AN/ANot an Auditable Control for SGF
9
1GA1Access to the Sovrin Network MUST be open to all Individuals and Organizations on a comparable basis without intentional exclusion of specific persons or communities.SUGF V3, SEGF V3Mission and Values Statement
Access and Admissions Policy		Review Mission and Values Statement, and access policies to determine whether Sovrin is meeting its openness requirement.
10
0no role2,3,4Developers SHOULD design for different capabilities in different contexts considering:
Digital Exclusion (e.g., access to connected devices)
Physical or Cognitive Exclusion (e.g., disability or incapacity)
Political & Social Status (e.g., stateless individuals; being a child or a woman)
Financial Status (e.g., having no income)
Literacy & Language (e.g., low literacy or not speaking local language)		SUGF V3, SEGF V3N/AN/ANot an Auditable Control for SGF
11
1GA1,2,3,4The Sovrin Foundation MUST specify policies, practices, and procedures for assessing conformance to the Sovrin Governance Framework by publishing and maintaining the Sovrin Trust Assurance Framework as a Controlled Document managed as specified by Sovrin Governing Bodies.SUGF V3, SEGF V3Sovrin Trust Assurance Framework

Sovrin Governance Framework		Review Sovrin Trust Assurance Framework to determine whether it covers assessing conformance to the Sovrin Governance Framework
12
1GA4The Sovrin Governance Framework MUST be designed to provide a foundation for Domain-Specific Governance Frameworks (DSGFs) based on the Sovrin Web of Trust Model.SUGF V3, SEGF V3Sovrin Governance FrameworkReview Sovrin Governance Framework to determine whether it contains guidance for the development of DSGFs
13
1GA4As soon as feasible, the Sovrin Foundation MUST publish a DSGF, the Sovrin Web of Trust Governance Framework, whose purpose is to enable standard decentralized discovery, navigation, and verification services for DSGFsSUGF V3, SEGF V3Domain-Specific Governance Framework
Sovrin Web of Trust Governance Framework		Download the Domain-Specific Governance Framework
Sovrin Web of Trust Governance Framework
14
1GA4The Sovrin Foundation MUST publish the Sovrin Trust Mark Policies as a Controlled Document managed as specified by Sovrin Governing Bodies.SUGF V3, SEGF V3Sovrin Trust Mark PoliciesDownload the Sovrin Trust Mark Policies
15
0GAAn Entity serving in one of the Sovrin Infrastructure Roles who meets the requirements in the Sovrin Trust Assurance Framework MAY use the appropriate Sovrin Trust Mark as specified in Sovrin Trust Mark Policies.SUGF V3, SEGF V3Sovrin Trust Mark Policies
List of Active Infrastructure Roles		Review Sovrin Trust Mark Policies. Sample Infrastructure Roles and determine whether they are using TrustMark
16
1GA1The Sovrin Foundation MUST publish the Sovrin Economic Policies as a Controlled Document managed as specified by Sovrin Governing Bodies in conjunction with Sovrin Foundation legal counsel.SUGF V3, SEGF V3Sovrin Economic PoliciesDownload Sovrin Economic Policy from Public Site
17
1GA1The Sovrin Foundation MUST manage the Ledger Fees and any mechanism used for paying them to ensure economic viability and sustainability for Sovrin Infrastructure in keeping with its charter as a non-profit public trust organization.SUGF V3, SEGF V3Ledger Fees
Economic Advisory Council Meeting Minutes 		Examine Economic Advisory Council Meeting Minutes and Ledger Fees.
18
1GA4The Sovrin Foundation MUST retain a qualified Auditor to publish an annual public audit
of Sovrin Foundation finances..		SUGF V3, SEGF V3Contract for Audit ServicesReview contract for Audit Services
19
1GA4The Sovrin Foundation MUST retain a qualified Auditor to publish an annual public audit of Sovrin Foundation finances.SUGF V3, SEGF V3Audit Engagement Letter
Audit Report		Review Audit Engagement Letter and Audit Reports
20
1GA1,2,3,4The Sovrin Foundation MUST publish Sovrin Governance Bodies as a Controlled Document managed by the Sovrin Board of Trustees.SUGF V3, SEGF V3Sovrin Document RepositoryDownload Sovrin Governance Bodies from Public Site
21
1GA1,2,3,4Sovrin Governance Bodies MUST specify the Sovrin Governing Body for each Controlled Document.SUGF V3, SEGF V3Sovrin Governance BodiesReview Governance Bodies and associated Controlled Document
22
1GA1,2,3,4All Sovrin Governance Framework documents, including Controlled Documents, MUST use keywords in policies as defined in IETF RFC 2119.SUGF V3, SEGF V3Sovrin Framework Documents
IETF RFC 2119		Review IETF RFC 2119 and sample Sovrin governance documents for conformance
23
0GA1,2,3,4All Sovrin Governance Framework documents MAY have added non-normative content added such as references to appendices, white papers, or other explanatory materials, without triggering a formal revision review process as defined in this section 4.SUGF V3, SEGF V3Governance Committee Meeting Minutes
Revisions List on Policy Documents		Review Governance Committee Meeting Minutes and sample of Policy documents for revisions list.
24
1GA1,2,3,4Revisions to the SGF MUST respect the Purpose and Principles of SSISUGF V3, SEGF V3Governance Committee Meeting MinutesReview Governance Committee Meeting Minutes to determine consideration for Purpose and Core Principles.
25
1GA1,2,3,4The commencement of any revision process MUST be publicly announced by the Sovrin Foundation no later than the time of commencement. SUGF V3, SEGF V3Governance Committee Meeting MinutesReview Governance Committee Meeting Minutes for Revision Announcements
26
1GA1,2,3,4Participation in the revision process MUST be available to all members of the Sovrin Community.SUGF V3, SEGF V3Governance Committee Meeting MinutesReview Governance Committee Meeting Minutes to determine availability and participation in Revision activity.
27
1GA1,2,3,4Proposed revisions MUST be publicly announced by the Sovrin Foundation and subject to a minimum 30 day public review period following the announcement.SUGF V3, SEGF V3Governance Committee Meeting MinutesReview Governance Committee Meeting Minutes for Revision Announcements and milestone dates
28
1GA1,2,3,4Revisions MUST be approved by a supermajority vote of at least two-thirds of the Sovrin Board of Trustees after the conclusion of the public review period and before the revision takes effect.SUGF V3, SEGF V3Governance Committee Voting RecordsReview Governance Committee Voting Records to determine whether supermajority was reached for revisions.
29
1GA1,2,3,4Prior to the next major revision of the SGF Master Document, the Sovrin Foundation MUST put in place new governance policies implementing the Sovrin Decentralization by Design principles.SUGF V3, SEGF V3Sovrin Decentralization by Design DocumentReview Sovrin Decentralization by Design Document
30
0GA1,2,3,4The list of Controlled Documents, MAY be revised independently from the Sovrin Governance Framework Master Document.SUGF V3, SEGF V3 Sovrin Controlled DocumentsReview a sample of Controlled Documents Revision Tables
31
1GA1,2,3,4Controlled Documents MUST be maintained in a document management system which provides a permanent and accessible location for the documents along side a history of updates and changesSUGF V3, SEGF V3Sovrin Document Repositories, Sovrin Document Change ProcessVerify that Controlled documents are part of document change control repository and tool
32
1GA1,2,3,4Proposed revisions MUST be subject to a minimum 30 day public review period publicly announced by the Sovrin Foundation.SUGF V3, SEGF V3Governance Committee Meeting MinutesReview Governance Committee Meeting Minutes for Revision Announcements and milestone dates
33
1GA1,2,3,4Revisions to a Controlled Document MUST be approved by the Sovrin Board of Trustees after the conclusion of the public review period and before the revision takes effect.SUGF V3, SEGF V3Governance Committee Meeting MinutesReview Governance Committee Voting Records to determine whether supermajority was reached for revisions.
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100