The objective of the Compliance Committee is to Create and oversee VRM compliance program
The background to this proposal is that we suspect that, over time, applications or organisations may claim to be 'VRM' practitioners, but not in fact be so (i.e. they do not comply with one or more of the core principles). As such, we wish to have ways and means of limiting the impact of these false claims.
Our proposal is that:
1) We develop a series of statements of good/ best practice in the areas that define VRM (see below *), build those into a process through which organisations can be assessed on a five point scale. Each statement would have to be 'owned' by a VRM expert and would include:
- the statement of good practice itself (e.g. data within a VRM application will be portable).
- 5 answer options (ranging from 'never heard of this practice = 0 to 'yes we do this and can prove it' = 100%)
- detailed compliance text explaining the practice and issues around it in detail
- VRM practices could be clustered, for example, into:
- Individual (user)-centrism
- ability to generate a 'win-win' for buyer and seller
- approach to personal information (portability etc)
- use of open standards
- overall transparency of service offering
This would allow a 'VRM index' score to be generated at overall level, for each subject area, and for each individual practice. These scores then drive compliance (e.g. scores below 35% are non-compliant, scores below 65% are 'pending and scores 65 and above are compliant). They also drive benchmarking, i.e. to what extent is my application VRM compliant, which in turn drives improvement activity and the consulting/ services activities that go along with that.
The score also becomes a published reputation with a reputation/ compliance mark provided. We'd run a white list (VRM compliant) and a black list (were compliant but are no longer so) with the bit in between being 'pending assessment'.
2) We establish an entity that owns the VRM Compliance and Benchmarking Program, which could be Berkman, could be hosted by the Liberty Alliance or could be a new entity. This is a key step and obviously feeds into the VRM Organisation work stream.
3) We make the VRM Compliance/ Benchmarking assessment available in two forms.
a) a face to face assessment of large organisations which we'd outsource to organisations which specialise in assessing and from which the entity above would earn revenues (a % of the assessment charge).
b) a 'lite touch' self-assessment variant typically for smaller businesses/ non-profits.
4) Over time, and as VRM applications and standards emerge, we develop a complementary technical compliance program in which applications are physically tested to ensure compliance to a specific, pre-agreed technical standard.
Hope that helps give a flavour of what we have in mind.