Interop Req 5: Difference between revisions
m (15 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:01, 28 June 2018
<< Back to Baseline Functional Requirements Index
INTEROP-5. DOCUMENTED PROCESSES
Entities MUST employ documented business policies and processes in conducting their digital identity management functions, including internally and in transactions between entities.
SUPPLEMENTAL GUIDANCE
This Requirement is that entities shall document business policies and procedures that are employed for identity management functions related to the transmission, receipt, and acceptance of data between systems. Having documented procedures is a necessary prerequisite for transparency and accountability, quality control, auditability, and ease of interoperability among federated communities.
However, this Requirement does not mandate adoption of any specific policies and procedures, or any specific systematic approaches to procedures. Rather, the entity making this assertion should simply affirm that it does maintain such documents in writing, and can make them available as described. The obligation for policies to be transparent to USERS in this context includes prospective users such as eligible applicants.
Regarding "digital identity management functions", see Appendix A.
REFERENCES
Reference examples for requirements that entities maintain written policies and procedures generally:
- HIPAA Security and Privacy Regulations regarding development and maintenance of policies and procedures: 45 CFR Part 164, § 164.316(a), § 164.530(a), § 164.530(a)(1)(i), § 164.530(i) and § 164.530(j): http://www.ecfr.gov/cgi-bin/text-idx?node=pt45.1.164&rgn=div5
- Sarbanes- Oxley Sec. 404, Assessment of Internal Controls, https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act#Sarbanes.E2.80.93Oxley_Section_404:_Assessment_of_internal_control
Reference example of a federation's published policies, see: https://www.incommon.org/policies.html
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
NOTICE, INTEROPERABILITY, POLICIES, PROCESS, TRANSACTION
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |