4.2.1 Business, Policy and Operational Criteria
IdP Operators must have the organizational structures and processes to come into and remain in compliance with the provisions of this IAP.
Management Assertion
Our institution is a legal entity that is an InCommon Participant in good standing, and has the organizational structures and processes to comply with the provisions of this IAP.
4.2.1.1 InCommon Participant
On <date>, <IdP> received a copy of the completed InCommon Participant Agreement, signed by ________ of <IdP> and John Krienke, InCommon CEO. The most recent membership payment of $__ was made on <date>, with PO number ______. <IdP> is in compliance with other contractual obligations to InCommon, including posting our InCommon Participant Operational Practices.
4.2.1.2 Notification to InCommon
1. The InCommon Administrative Contact for <IdP> will notify InCommon of any circumstance that may affect the status of <IdP>'s compliance with this IAP no less than 30 days before the changes are to be made effective, or as soon as practicable after an unanticipated change is noticed.
2. The InCommon Administrative Contact for <IdP> will report to InCommon any breach of security or integrity of its IdMS Operations that may affect the status of its compliance and qualification under this IAP. The report will be made as soon as practicable after any such incident is noted.
4.2.1.3. Continuing Compliance
After initial certification by InCommon, an InCommon Administrative contact or, as backup, the InCommon Executive contact, for <IdP> will declare to InCommon continued compliance with profiles under this IAP at least every 3 years.
Evidence of compliance for audit
Link to <IdP> InCommon Participant Operational Practices
Copy of purchase order showing current payment
Copy of InCommon Participant Agreement
Names of <IdP>'s InCommon Administrative and Executive Contacts.
Links to <IdP>'s Information Technology org chart and organizational web pages