GemCert Governance Framework
How GemCert Operates
Welcome.
​
We are pleased that you are considering joining GemCert.
To ensure you understand how we operate, the services we provide, and the responsibilities of each GemCert signatory, we will guide you through the contents of our Governance Framework (GF).​
​
Once you have read through the GF you will feel confident in knowing that all members of the GemCert ecosystem
will have gone through the same process as you.
​
​
Reading time is approximately 7 minutes.
​
GCGF Contents
This is how the GemCert Governance Framework (GCGF) is organized.
​The Master Document is the core of the governance framework and establishes the foundational principles of the trust ecosystem. The Controlled Documents are where the nitty gritty details are, which are updated periodically or as needed.
​GCGF Contents
​​
-
Master Document
-
Introduction
-
Purpose
-
Scope
-
Principles
-
Core Policies
-
Revisions
-
Extensions
-
Schedule of Controlled Documents
-
​
-
Controlled Documents
-
Glossary
-
Risk Assessment, Trust Assurance, and Certification
-
Governance Rules
-
Business Rules
-
Technical Rules
-
Information Trust Rules
-
Inclusion, Equitability, and Accessibility Rules
-
Legal Agreements
-
​
GCGF Identifiers
This is how we keep track of the updates to the Governance Framework, and ensure those versions are always available to the ecosystem.
GCGF Identifiers
​
Governance Framework Identifier: did:git:59ij5Kl2jf0Iifv22poJUe23m7
Governance Framework Identifier (DID) URL: www.gemcert.info/version1
Governance Framework Controlled Documents: www.gemcert.info/version1/controlleddocsGCGF
Governance Framework Controlled Governing Policies: www.gemcert.info/version1/govpolicy
Introduction
There is no short-cut to this one.
​
​
​
​
​
​
Please read so you are clear on who we are and what we do.
Introduction
​
GemCert is a qualified data engine for the coloured gemstones and jewellery industry. GemCert's Governance Framework allows members of the coloured gemstone industry to share information confidently and securely in a trusted ecosystem. The Governance Framework is based on principles developed in the interest of merging human, social, and legal trust with the technical trust necessary to operate in the digital age. The guiding principles of the Governance Framework are the result of long and continuing work in the domain of the internet of trust, today most recently and clearly detailed by the work of the Trust over IP Foundation, the ToIP Stack, and the ToIP Governance Template.
​
Contributors to the Governance Framework include ForthCo, GemCloud, LICS, CIBJO, RJC, The Dragonfly Initiative and the ToIP Foundation, and is open to contributions from each member.
Purpose
Our overarching purpose is to foster and enable industry trust.
Purpose​
The objective of the Governance Framework is to foster a trusted exchange of industry credentials and records to support the transparency, traceability and sustainability principles of the industry.
​
The purpose of this GCGF is to enable secure data sharing throughout the coloured gemstone industry and associated industries, preserving data provenance, demonstrating a commitment to data dignity, and fostering inclusion of new industry participants as the industry responds to the ever increasing transparency demands of the global digital transformation.
Scope
The scope of this agreement is for and between ecosystem participants.
Ecosystem participants are all signatories to the GF, and form a trust community.
Scope
The GCGF defines a data sharing arrangement between and among signatories, applying only to GemCert stakeholders who are signatory members of the Governance Framework. Non-member access to information shared by members is governed by the GCGF with explicit consent necessary for the sharing with non-signatories.
​
The GemCert Trust Ecosystem provides oversight for industry certificates, attestations and records that have been issued in the form of verifiable credentials.
​
The Governance Framework does not ..., (ie. is out of scope of this Governance Framework).
​
Stakeholders in the GemCert trust community are the primary Trade Associations, their members, Product Vendors, Supplier, Participants, Regulators, and other sources of known and validated identity.
​
The trust community is responsible for registering evidence supporting stones and stone oriented processes, in the form of Verifiable Credentials advertising the willingness to provide evidentiary support for given stones and stone-industry participants.
The objective of the Governance Framework is to maximize data harmonization, ensure timely distribution and integration of stone and stone-operator information.
Our Principles
- perhaps the most important part of the Governance Framework.
1. Trust
2. Transparency
3. Traceability
4. Sustainability
Principles
GemCert has established Principles by which all members of the trust community have agreed to abide, namely
​
1. Trust
2. Transparency
3. Traceability
4. Sustainability
​
The principles described above are those common and recurrent principles as promoted by industry organisations and its members, and which guide the development of the Governance Framework's Policies. These Principles are explicitly referred to in the Legal Agreement signed by each member.
Core Policies
Our Core Polices are the basic pre-conditions to joining and participating in the ecosystem.
Core Policies
GemCert espouses specific policies which promote the principles of the Trust Ecosystem:
The following policies apply generally to the governance of the entire Trust Community, and influence the development of specific Policies detailed within the Controlled Documents.
Policy Categories
1. Eligibility
2. Membership Types
3. Membership Rights and Responsibilities
4. Suspension or Termination of Membership
5. Member Dues
6. Responsible Use - applied to infrastructure governed by the GF​
7. Regulatory Compliance Policies - those not specified within particular Controlled Documents.
Revisions
The Governance Framework is a living document, able to adapt to the needs of the ecosystem.
We have a system in place to transparently manage and track all revisions.
​​Revisions
The GemCert Governance Framework is updated on a bi-annual basis. This section specifies the policies for how revisions to the GF are governed. It does not include Governance Policies for the Governance Authority or interdependent Governance Authorities (those are defined in Controlled Documents in the Governance Rules category). It:
​
-
MUST state the full legal identity and contact information for the primary Governance Authority or interdependent Governance Authorities.
-
MUST include policies specifying how any revisions to the GF are identified, developed, reviewed, and approved.
-
SHOULD include at least one public review period for any GF that will be available to the public
This section talks about how other industry or general frameworks are connected to the ecosystem governance.
Extensions
This section applies to GFs that permit extensions via the incorporation of other GFs (a common feature of some ecosystem GFs). It:
-
MUST state whether the GF can be extended.
-
MUST specify the requirements an Extension Governance Framework must meet in order to be approved.
-
MUST specify the process for an Extension Governance Framework to be approved.
-
MUST define an authoritative mechanism for registration and activation of an approved Extension Governance Framework.
-
MUST define the requirements for notification of the Trust Community about an approved Extension Governance Framework.
This is a list of documents that may be amended individually, and impact the overall ecosystem governance.
Schedule of Controlled Documents
This is a listing of all Controlled Documents in the GF. It:
-
MUST include authoritative references to all Controlled Documents in the GF.
-
MUST identify the exact version of each Controlled Document with a unique, permanent DID or DID URL.
-
SHOULD include a Web link to each Controlled Document in the Web version of the GF.
-
SHOULD include a brief description of the purpose and scope of each Controlled Document to make it easy for readers to navigate the GF.
​
Controlled Documents
Each Controlled Document covers a specific area of the GF. The following are categories of Controlled Documents where each category MAY include zero or more Controlled Documents.
This is new! ... and you may be unfamiliar or unclear on what some of the terms mean.
Have no fear - glossary to the rescue!
Glossary
The Glossary provides a common basis for terminology. It:
-
SHOULD be a single Controlled Document (even if it is organized by categories or other heuristics).
-
SHOULD provide a common reference for all terms used throughout the GF.
-
SHOULD reference the ToIP Glossary—or tagged subset(s) of the ToIP Glossary—for all terms defined there.
-
SHOULD list all terms alphabetically (by language) for easy reference.
-
MAY tag terms by category or usage.
-
MAY specify that terms specific to one Controlled Document are defined in that Controlled Document.
We strive to strike a balance between risk, assurance and user experience.
This is where you will find the details of this balancing act.
Risk Assessment, Trust Assurance, and Certification
This category includes policies for managing risk, including how parties can be certified against the GF. Controlled Documents in this category:
-
SHOULD identify key risks that MAY negatively affect the achievement of the GF's purpose within its scope
-
SHOULD include a Risk Assessment process output that provides an assessment of each key risk that the GF is designed to address and mitigate.
-
SHOULD assess which Roles and Processes are vulnerable to each risk and how they are affected.
-
SHOULD include a Risk Treatment Plan (RTP) for how identified risks are treated (e.g. mitigated, avoided, accepted or transferred).
-
SHOULD include a Trust Assurance Framework that defines how Roles assert compliance with the Policies of the GF and the mechanisms of assurance over those assertions.
-
SHOULD (if applicable) define the roles of Auditors and Auditor Accreditors and the policies governing their actions.
-
SHOULD (if applicable) define the roles of Certification Authorities and the Policies governing their actions and relationships with the Governance Authority, Auditors, and Auditor Accreditors.
These are the Rules for governing the GF as a whole. Controlled Documents in this category
Governance Rules
These are the Rules for governing the GF as a whole. Controlled Documents in this category:
-
MUST specify the primary Governance Authority or all interdependent Governance Authorities (if any).
-
MUST include Controlled Documents that specify governance Policies for the primary Governance Authority or all interdependent Governance Authorities (e.g., Charter, Bylaws, Operating Rules, etc.)
-
SHOULD address any antitrust Policies, intellectual property rights (IPR) Policies, confidentiality Policies, or other regulatory compliance policies under which the stakeholders agree to operate.
This is where we outline how we're going to work together, access to data, etc...
Business Rules
These are the Rules governing the business model(s) of the GF and/or sustainability of the Governance Authority. Controlled Documents in this category:
-
SHOULD clearly explain the exchange(s) of value within the Trust Community for which the GF is designed.
-
SHOULD define the Policies governing how and when these exchanges of value take place.
-
SHOULD define how all Members will be accountable for their actions in these exchanges.
-
SHOULD define how the Governance Authority and the GF are sustainable under these Rules.
These are the Rules governing technical interoperability.
Technical Rules
These are the Rules governing technical interoperability. Controlled Documents in this category:
-
MUST specify how Members of the Trust Community will interoperate technically using the ToIP Technology Stack by reference to ToIP Standard Specifications (TSS).
-
SHOULD (if necessary) reference one or more specific ToIP Interoperability Profiles (TIPs).
-
SHOULD specify any technical Policies or Specifications that are specific to this Trust Community.
These are the Rules governing
-
information security
-
privacy
-
availability
-
confidentiality, and
-
processing integrity
These terms are defined by the AICPA for service organizations.
Information Trust Rules
These are the Rules governing information security, privacy, availability, confidentiality and processing integrity as these terms are defined by the AICPA for service organisations. Controlled Documents in this category:
-
MUST specify how Members of the Trust Community will ensure the following categories of Information Trust:
-
SHOULD specify the relevant Information Trust Policies by reference to:
-
ToIP Standard Specifications (TSS).
-
Other regulatory or industry standards.
-
GF-specific Policies.
-
Member-specific Policies.
-
This section addresses how we seek to enable fair and equal access to all.
Inclusion, Equitability, and Accessibility Rules
Controlled Documents in this category:
-
MUST specify how Members of the Trust Community will enable and promote inclusion, equitability, and accessibility by reference to:
-
ToIP Standard Specifications (TSS).
-
Other regulatory or industry standards/guidelines.
-
GF-specific Policies.
-
Member-specific Policies.
-
-
SHOULD specifically address how the GF is designed to help bridge (or eliminate) the digital divide.
This is where we keep any legal agreements and / or contracts.
Legal Agreements
This category include any legal agreements or contracts included in the GF. Controlled Documents in this category:
-
MUST include all legal agreements or contracts between Members and/or the Governance Authority.
-
SHOULD reference the Glossary document for all terms not defined within.
-
MUST clearly state the parties to which these legal agreements apply.
-
MUST define or reference the accountability and enforcement mechanisms.
-
MUST reference any other relevant Policies in the GF.
​
​
If you are in agreement with the GCGF content above, you can REGISTER for GemCert here: