1. Introduction

We would like to have all your attention for the launch of the Special Interest Group of GRC on Blockchain. The launch of Hyperledger GRC SIG is designed to focus on the optimization of GRC on the blockchain. We would be happy to work with enthusiastic developers and all manner of professionals to take this SIG forward and make it into an industry standard.

To keep it in simple words, GRC – SIG uses decentralized, permissioned Hyperledger blockchain to build applications that will streamline the way global organizations run their businesses. Blockchain has a huge potential on data accessibility along with cryptographic hash security in a transparent manner. The SIG will use the following relevant technologies like

  1. Hyperledger Fabric
  2. Token
  3. DAO
  4. New Consensus Mechanism

The span of a Governance, Risk and Compliance process includes three elements

  • Governance is the oversight role and the process by which companies manage and mitigate business risks
  • Risk management enables an organization to evaluate all relevant business and regulatory risks and controls and monitor mitigation actions in a structured manner
  • Compliance ensures that an organization has the processes and internal controls to meet the requirements imposed by governmental bodies, regulators, industry mandates, or internal policies.

Governance: With an increase in activism among shareholders and increased scrutiny from the regulatory bodies, corporate boards and executive teams are more focused on governance-related issues than ever before. The governance process within n organization includes elements such as definition and communication of corporate control, key policies, enterprise risk management, regulatory and compliance management and oversight (e.g., compliance with ethics and options compliance as well as overall oversight of regulatory issues) and evaluating business performance through balanced scorecards, risk scorecards, and operational dashboards. A governance process integrates all these elements into a coherent process to drive corporate governance.

Risk Management: With the recent jump in regulatory mandates and increasingly activist shareholders, many organizations have become sensitized to identifying and managing areas of risk in their business: whether it is financial, operational, IT, brand, or reputation-related risk. These risks are no longer considered the sole responsibility of specialists - executives and the boards demand visibility into exposure and status so they can effectively manage the organization’s long-term strategies. As a result, companies are looking to systemically identify, measure, prioritize and respond to all types of risk in the business, and then manage any exposure accordingly. A risk management process provides a strategic orientation for companies of all sizes in all geographies with a formal process to identify, measure and manage risk.

Compliance: An initiative to comply with a regulation typically begins as a project as companies race to meet deadlines to comply with that regulation. These projects consume significant resources as meeting the deadline becomes the most important objective. However, compliance is not a one-time event - organizations realize that they need to make it into a repeatable process, so that they can continue to sustain compliance with that regulation at a lower cost than for the first deadline. When an organization is dealing with multiple regulations at the same time, a streamlined process of managing compliance with each of these initiatives is critical, or else, costs can spiral out of control, and the risk of non-compliance increases. The compliance process enables organizations to make compliance repeatable and hence enables them to sustain it on an ongoing basis at a lower cost.

Governance Risk and Compliance Process

Note: GRC Framework definition by MetricStream

1.1. Mission

The Governance Risk and Compliance Special Interest Group (GRCSIG ) represents industry professionals working together to study how Hyperledger DLTs interact with Governance Risk & Compliance use cases. The Mission of this group is to research blockchain as a technology and its right use in the GRC space, work with other contributors to define standards in the GRC space and work on PoCs to generate value and to develop acceptance of DLT with GRC Practitioners. If interested and open to contributing, you can register yourself via this link, you will need a Linux Foundation ID to access the SIG. You can add your detail to the Member Directory post-registration. please also Subscribe to the Group Mailing List and post an introduction there so other group members can get to know you. 

This group also explores architecture, identity, and performance-related considerations specific to Governance Risk & Compliance and DLTs. Business and technology professionals from the Governance Risk & Compliance world come together in this SIG to discuss, brainstorm and learn from each other. 

1.2. Goals

Under the different topic groups, led by subject matter experts; we will work on documents, diagrams, presentations, implementations, or road maps of solutions. For existing projects, as well as outputs please see the link

As we collaborate, all output will be made available in the open. For ease of discovery by newcomers and others, this material will be annotated and labeled with keywords for easy searching. The aim is to  If any code is produced, the output will be easily downloadable from open-source. Documentation and deployment will be made as frictionless as possible. SIG members who are in touch with practitioner groups, as well as working groups, the technical steering committee, and other SIGs, will either bring knowledge of methods and practice from such groups or push out our findings to these groups to create synergy in the Hyperledger ecosystem.   

2. Special Interest Group Title

The name of this Special Interest Group shall be the Hyperledger Governance Risk & Compliance Special Interest Group. Additional appropriate name references shall be:

  • The Hyperledger GRC Special Interest Group (external, formal)

3. Special Interest Group Scope

3.1. In Scope

The scope of the GRCSIG shall include:

  • Identifying related proofs of concepts, current pilots, use cases, and functional architecture in Governance Risk & Compliance;

  • Sharing stories of successes, failures, opportunities, and challenges;

  • Identifying conferences or other opportunities to connect face to face, as well as submit talks or present as a group at an event.

The GRCSIG may form subgroups or task forces to support, emphasize, or promote any of those items listed above. For further exploration of scope look at this link

4. Work Products

The initial work products will include a set of documents describing Governance Risk & Compliance use cases, White Papers, Technical Solutions for blockchain technology.  This will be an inventory of example use cases that may suggest Governance Risk & Compliance applications that are built or could be built using Hyperledger. The Governance Risk & Compliance-sig may also host in-person meetings as well as presentations to accelerate the Special Interest Group's mission.

5. Working in an Open Community

Hyperledger SIGs are open and global communities where anyone from anywhere can and should be able to participate, contribute, and access tools and information.  For example, this means that even with meetings that are held via teleconference, we have to involve those not on the calls who are online. Best practice in an open and global community is to keep in mind time zone differences of the group participants and make sure to include non-meeting participants in group discussions and decisions by active use of the mailing list, the wiki and Rocket Chat. All SIGs must adhere to the Hyperledger Code of Conduct and Anti-Trust Policy (see below) during meetings:

Anti-Trust Policy

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

5.1. Transparency

Meeting details, meeting notes, and documentation shall be made publicly available. The following items shall be generated and made available to the community:

  • Wiki

  • Mailing list

  • Rocket.Chat channel

  • Meeting recordings

  • Github repositories (optional)

  • Jira (optional)

6. Collaborations

This SIG will collaborate with other Hyperledger groups, Linux Foundation Open Source Networking, the TSC, Linux Foundation staff, and the project maintainers. The Governance Risk & Compliance SIG is interested in collaborating with other Hyperledger and non-Hyperledger groups that aim to identify and share blockchain solutions that increase impact in global development.

7. Membership

7.1. Eligibility for SIG membership

GRCSIG membership shall be free and open to members of the community who have an interest in issues as they relate to the SIG topic technologies in general, and blockchain technologies. SIG membership is established by subscription to the mailing list.

All participation in the groups activities is voluntary. It is perfectly fine to listen in to a group and do nothing. Of course active contribution is our goal, but it is not a requirement for membership.

Anyone can propose agenda items, activities, and work products. In work products, the only requirement is there's enough buy-in from community members to want to volunteer to complete the product.

7.2 Governance

Governance of the GRCSIG shall be managed through its membership in accordance with the guidelines and overriding jurisdiction of Hyperledger leadership.

Day-to-day management of the GRCSIG shall be conducted by elected officer(s). Any actions taken on this basis and having direct effect on GRCSIG membership shall be reported to membership in a timely manner through established channels of communications.

7.3 Leadership

GRCSIG leadership is comprised of the following office role(s):

  • Chair

  • Vice-Chair (optional)

If more than one office role is available, an GRCSIG officer shall not hold more than one office role at any given time.

7.3a Eligibility

For consideration of an office of GRCSIG, a GRCSIG officer-in-consideration must be:

  • An active contributor within the GRCSIG community

7.3b Election

The first interim Chair of a SIG is nominated by the initial proposer of the SIG and s/he serves for approximately 90 days or up to the first 6 meetings as long as the SIG has active participation and contributors. All future Chairs will be selected through an election process where group members vote.

A GRCSIG officer shall be elected by membership into a position through a simple majority vote and with Hyperledger leadership approval.

When there are two or more candidates, officer election shall be determined through a plurality vote, and with Hyperledger leadership approval.

Candidate Nomination can happen in a few ways (to be decided by the community on which approach to employ):

  1. Candidates email the mailing list individually and provide a statement of candidacy indicating why s/he is a good candidate for chair.

  2. Candidates email the Hyperledger point of contact with their statement of candidacy. Once all are received, Hyperledger point of contact gathers all submissions and posts the names and candidate statements in the mailing list altogether for the community to review.

8. Election Process

8.1 Voting

All GRCSIG members shall have one vote. All membership votes shall be based on a simple majority, unless otherwise noted.

Voting can take place in a few ways, to be determined by the community:

  1. Community members submit votes to Hyperledger POC by email

  2. Use a tool


The GRCSIG shall follow the direction of Hyperledger POC for the voting process. In the event of a tied vote, a ranking GRCSIG officer shall be granted a tie-breaking vote.

8.2 Early Elections

In the case where an existing Chair is not able to complete their term, an early election can be called. For instance, if a Chair has a change at their work that causes them to not have the time to devote to the SIG or if a Chair is no longer performing the responsibilities assigned to the role of the office, then a new Chair will need to be elected. At any time over the course of an GRCSIG officer’s tenure, GRCSIG member(s) may identify whether the Chair is fulfilling the responsibilities.

A new election process can be started by having a discussion on the group’s list or by communication by the Hyperledger POC. In that discussion, the Chair may announce they are stepping down.  

9. SIG Chair

9.1 Responsibilities

An GRCSIG Chair is responsible for the following items:

  • Facilitating the group and helping ensure that the mission statement and goals are observed and met

  • Scheduling and facilitating regular General Meetings open to all GRCSIG membership

  • Developing and distributing meeting agendas at least one business day before the scheduled meeting

  • Ensuring that all group members have the opportunity to participate in decisions and provide input even when not attending a meeting. SIG communities are global and a chair should make efforts to ensure all are included in the community’s activities. This can be done by ensuring meeting notes are shared after calls and any major decisions are shared on the mailing list.

  • Ensure recordings/minutes are taken during meetings which captures the discussion and includes a list of meeting participants, shared post meeting, and are added to the SIG wiki page

  • Manage the SIG wiki page

  • Generate Special Interest Group Quarterly Updates to present to Hyperledger POC in a timely manner and communicate regularly on any concerns or questions related to the SIG

  • Serving as a proxy and ambassador for GRCSIG membership (as appropriate)

  • Enforcing adherence to the Hyperledger Code of Conduct and communicating the Anti-Trust Policy


9.2 Term Length

An GRCSIG officer shall serve for a period of one year from the start of the SIG group (for the first chair) or the last election date. An GRCSIG officer may be elected into office for unlimited consecutive terms.

At such time a member is to be considered for the role of an GRCSIG officer, or a sitting GRCSIG officer is to be reconsidered for that role, an election process (as identified in the Election section) shall be commenced not less than four weeks in advance of the end of the current GRCSIG term.

9.3 Removing an existing Chair

There are a few cases in which an existing SIG chair can be removed:

  1. If a Chair stops participating in the group without announcing that they are stepping down, someone else may start the discussion about an early election and the Chair may or may not take part in that discussion.

  2. In the event that a Chair is no longer performing chair responsibilities (see section 9.1) the Hyperledger POC will intervene.

If this were to happen, this prompts an early election.

Upon the determination that a GRCSIG officer is no longer performing the responsibilities assigned to the role of the office, GRCSIG member(s) may perform the following actions:

  1. Notify the GRCSIG officer in question, in writing, of all abdication(s) of responsibilities

  2. If the GRCSIG officer in question does not acknowledge, in writing and within five (5) days, the initial notice, GRCSIG member(s) initiating the notification shall contact, in writing, Hyperledger POC

  3. Hyperledger POC shall immediately (as practicable) attempt to contact, in writing, the GRCSIG officer in question

  4. If the GRCSIG officer in question does not acknowledge, in writing and within five (5) days, at the request of Hyperledger POC, GRCSIG member(s) initiating the notification shall begin a new election process.

10. Meetings & Communications

10.1 Cadence

Live meetings can be held weekly, bi-weekly, or monthly as determined by group members via teleconference. In addition, coordination and communication can also happen asynchronously online via the mailing list, chat, and wiki page as well.

10.2 Agenda

The ranking GRCSIG officer will send out an agenda and a call for agenda items in advance (at least 2 days) through both the mailing list and chat channels to ensure that live or online attendees can contribute and know what will be discussed in advance of every meeting.

10.3 Recordings/Minutes

Recordings/minutes for each live meeting should be kept and shared out to GRCSIG membership after the call.

10.4 Cancelling a Meeting

Meeting cancellations should be made at least 24 hours in advance of any meeting date.

All GRCSIG membership meetings are placed on the Hyperledger Community Calendar. To ensure that a cancelled meeting is removed from the calendar, the person leading the meeting shall send a meeting cancellation request to zoom@hyperledger.org.

Additionally, a meeting cancellation notification shall be made to GRCSIG membership through both the mailing list and chat channels.

11. Disbandment of SIG

Should the scope of the GRCSIG reach completion, or conversely, the traffic on the various discussion forums, and/or the teleconference activity drop to very low levels, then the ranking GRCSIG officer may ask Hyperledger POC to disband the Special Interest Group.

12. SIG Subgroups

Subgroups serve to direct membership efforts toward key areas of mutual or themed interest within the larger GRCSIG general membership.

Like the parent GRCSIG , subgroups are obligated to serve as a mechanism for productive and demonstrable work products under the guidance of a lead, who is responsible for transparently communicating subgroup status back to GRCSIG leadership.

12.1 Creation of Subgroup

Any member of the GRCSIG may recommend to GRCSIG leadership the desire to form a subgroup with the intent to serve a specific need or set of needs not already served through the parent GRCSIG or any existing GRCSIG subgroup.

Upon approval, that member(s) must identify a subgroup lead, and work with GRCSIG leadership to develop a subgroup charter.

12.2 Subgroup Charter

A GRCSIG subgroup charter can follow the same template as the SIG charter.

13. Amendments to This Charter

This charter may be altered by a consensus resolution passed at a meeting of GRCSIG members. All changes made to this charter shall receive final approval from Hyperledger POC.

  • No labels