https://wiki.idesg.org/index.php?action=history&feed=atom&title=Interop_Req_5Interop Req 5 - Revision history2026-05-06T10:00:03ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Interop_Req_5&diff=4055&oldid=prevOmaerz: 15 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T04:01:53Z<p>15 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== INTEROP-5. DOCUMENTED PROCESSES ==<br />
Entities MUST employ documented business policies and processes in conducting their [[IDEF Glossary DIGITAL IDENTITY MANAGEMENT FUNCTIONS|digital identity management functions]], including internally and in transactions between entities.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
This Requirement is that entities shall document business policies and procedures that are employed for identity management functions related to the transmission, receipt, and acceptance of data between systems. Having documented procedures is a necessary prerequisite for transparency and accountability, quality control, auditability, and ease of interoperability among federated communities.<br />
<br />
However, this Requirement does not mandate adoption of any specific policies and procedures, or any specific systematic approaches to procedures. Rather, the entity making this assertion should simply affirm that it does maintain such documents in writing, and can make them available as described. The obligation for policies to be transparent to USERS in this context includes prospective users such as eligible applicants.<br />
<br />
Regarding "digital identity management functions", see [[APPENDIX_A-Defined_Terms|Appendix A]].<br />
<br />
=== REFERENCES ===<br />
Reference examples for requirements that entities maintain written policies and procedures generally: <br />
* HIPAA Security and Privacy Regulations regarding development and maintenance of policies and procedures: 45 CFR Part 164, § 164.316(a), § 164.530(a), § 164.530(a)(1)(i), § 164.530(i) and § 164.530(j): http://www.ecfr.gov/cgi-bin/text-idx?node=pt45.1.164&rgn=div5<br />
* Sarbanes- Oxley Sec. 404, Assessment of Internal Controls, https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act#Sarbanes.E2.80.93Oxley_Section_404:_Assessment_of_internal_control<br />
<br />
Reference example of a federation's published policies, see: https://www.incommon.org/policies.html<br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model REGISTRATION|REGISTRATION]], <br />
[[IDEF Functional Model CREDENTIALING|CREDENTIALING]], <br />
[[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]], <br />
[[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]], <br />
[[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords NOTICE|NOTICE]], [[IDEF Keywords INTEROPERABILITY|INTEROPERABILITY]], [[IDEF Keywords POLICIES|POLICIES]], <br />
[[IDEF Keywords PROCESS|PROCESS]], [[IDEF Keywords TRANSACTION|TRANSACTION]]<br />
<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>Omaerz