Receiz / Governance

Governance and Control System

Public governance contract for standards control: ownership, approval paths, separation of duties, conformance release gates, incident policy, and assurance cadence.

Trust Center Settlement Standard

Control Owners

Issuer

Receiz Governance Office

Publishes standards, boundaries, and document revisions.

Approval Authority

Receiz Core Protocol Review

Approves or rejects normative and high-risk changes.

Risk Owner

Enterprise Risk and Resilience

Approves exceptions, risk acceptance, and corrective-action closure.

Change Classes and Approval Paths

normal

Approvals: One approver from Approval Authority

Rule: Conformance and governance gates still mandatory.

high-risk

Approvals: Two approvers (Approval Authority + Risk delegate)

Rule: Author cannot be sole approver. Separation of duties mandatory.

emergency

Approvals: Emergency approver + Risk Owner notification

Rule: Post-review required with due date and tracked corrective actions.

Incident Governance SLAs

Severity	Initial Response	Postmortem
SEV-1	15 minutes	48 hours
SEV-2	30 minutes	72 hours
SEV-3	4 hours	5 business days
SEV-4	1 business day	Optional

Periodic Control Testing

Control	Cadence	Evidence
Privileged access review	Quarterly	Access review record
Key rotation evidence review	Quarterly	Key lifecycle record
DR restore and replay test	Semiannual	Restore validation record
Independent assurance cycle	Annual	External assessment record

Cryptographic Governance Integrity

Governance artifacts are published with cryptographic integrity metadata and verifiable key lifecycle records. Independent parties can confirm artifact-set membership, SHA-256 digest parity, payload-hash parity, and signature validity against published governance public keys.

Public verification inputs are provided below as versioned governance artifacts.

Canonical Governance Payloads

Primary governance JSON payloads are published here as canonical machine-readable artifacts for independent review.

Version lineage

Governance Register

Versioned governance document register with supersedes chain and revision pointers.

Canonical JSON Artifact

Exception posture

Exception Log

Active exceptions, owners, status, and closure posture for governance controls.

Canonical JSON Artifact

Integrity envelope

Governance Manifest

Signed digest manifest for published governance artifacts and set-membership verification.

Canonical JSON Artifact

Key lifecycle

Governance Keyring

Published governance signing public keys with activation, retirement, and lifecycle state.

Canonical JSON Artifact

Additional Governance References

Control Boundaries JSON

In-scope/out-of-scope governance boundary contract

Evidence Register JSON

Periodic control-testing cadence and due-state record

Charter Attestation JSON

Control-owner charter hash and signatory attestation

Release Attestation Schema

Machine-readable attestation contract

Conformance Report

Live deterministic standards conformance evidence