Trust Enablement Metamodel

We should provide a suite of infrastructure services that, regardless of the site’s content or the user community it serves, all services delivered provide maximum value to stakeholders.

Principles

A trust-enabling infrastructure should be guided by principles. For example:

  • Improving trust in the information provided by recovery.org can produce significant social, political and economic benefits;
  • A trust strategy will be a component of recovery.org’s overall information delivery strategy;
  • A trust-enabling services infrastructure will support all information facilitated by recovery.org;
  • The trust-enabling services infrastructure will be reusable, based on consistently defined frameworks (organization, policies, standards, procedures, methodologies, as well as services and technologies) that can be shared consistently throughout recovery.org on behalf of the users (human and technology-based) of its infrastructure services; and
  • The trust-enabling services infrastructure will be sufficiently flexible to evolve and adapt to changes in the environment and government objectives.

Framework

The trust-enabling infrastructure should be structured based on a metamodel that comprehensively defines the high level considerations required to achieve specific trust objectives. An example is the Trust Enablement Framework, described starting on page 13 of "Trust Measures and Indicators for Customers". The document describes, and provides examples for, each element of the framework, explaining how they contribute to achieving specific trust and business objectives.

Metamodel

The following is an illustrative example of a metamodel for creating subordinate data models, based on the Trust Enablement Framework described in the document above:

Experiential Sources of Trust (transparency)

  • Reporting of anomalies
  • Transaction tracking
  • Feedback forums
  • Escrow services
  • Performance Verification
  • Identity verification
  • Support responsiveness
  • Fulfillment metrics
  • Tracking status of applications/proposals
  • Satisfaction with funding process
  • Comparative economic impacts
  • Privacy protection experiences
  • Confirmations of transactions
  • Access to person offline
  • etc.

Interpretive Sources of Trust (expert opinions)

  • Provision of adequate information
  • User awareness program
  • Seals of approval
  • Known merchant seals
  • Security and Privacy seals
  • Brands
  • Security & Privacy policies on web site
  • Presentation
  • Regional/cultural perspectives
  • Service/performance opinions and grading
  • Value appraisals
  • Quality of service rating
  • Fair, ethical and responsible business principles assertions
  • Published FAQ/Help
  • Available technical support
  • Rating of site and services
  • Assurance rating
  • Disclosure of funding sources
  • Supporting brands
  • Co-branding
  • Frequently Asked Questions
  • Assertions of competence
  • Assertions of fairness
  • Associations and affiliations
  • Reputation
  • etc.

Empowerment (choice)

  • Reliable providers of feedback
  • Referral to other sources
  • Evaluating recommenders
  • Links from other trusted sites
  • Recommendations from other sources
  • Introduction & matching services
  • Voting
  • Opting out
  • etc.

Motive Forces (rules)

  • Redress mechanisms
  • Rules for information protection
  • Laws and/or regulations that protect privacy
  • Governance structures and practices
  • Recourse mechanisms
  • Business policies and practices
  • Safe harbour investigations
  • Disallowed conduct and services
  • Dispute resolution
  • IP Infringement policy
  • Commitment
  • Organization’s integrity
  • Values of participants
  • Ethical standards
  • Enforceability of conduct
  • Regulations
  • Culture
  • Common social or legal code
  • Community member interdependence (continuity)
  • Motivation to deliver value
  • Individual ethics
  • Organizational charter
  • Incentives
  • etc.

Proficiency (ability)

  • Security controls
  • Current technology
  • IT scalability
  • Privacy controls
  • Dependable technology
  • Knowledgeable and competent staff
  • Operational resources
  • Reliable processes
  • Information protection functionality
  • Information validation functionality
  • Secure infrastructure
  • Operational resiliency
  • Ability to deliver expected value
  • Controls on use of information
  • etc.

Risk Transference

  • Contract formation
  • Liability protection
  • User agreement
  • Fraud protection insurance
  • Satisfaction guarantee
  • Warranties
  • Insurance
  • Credit protection
  • Fiduciary responsibilities
  • Privacy guarantee
  • Confidentiality guarantee
  • Identity theft guarantee
  • Accountability
  • Inducements
  • etc.

Why is it important?

Content is valuable only when it contains relevant, new information that can be relied upon to improve decisions-making. The quantity and quality of content alone is therefore not going to be sufficient to make recovery.org a success. A well-designed trust-enabling infrastructure, defined as part of the baseline metamodel, can significantly contribute to the value delivered to each user and the business outcome.

A trust-enabling infrastructure should help to establish (develop) trust by introducing relying parties to intrinsic (experiential) and extrinsic (interpretive) sources of trust, and enabling them to identify and leverage their preferred source(s) of trust in order to sufficiently validate all the information being relied upon to form opinions and make decisions.

The trust-enabling infrastructure should also help to ensure (preserve) trust by protecting relying parties with governance services, risk sharing services, controls, and processes that ensure the continued reliability of information. It seeks to appropriately balance requirements for control with aspirations for trust.