Institutional assurance annex pack

Governance Spine & Assurance Annexes

A deployment-agnostic institutional assurance pack covering sovereignty, identity, MRV attachment, audit reconstruction, row-level security assurance, export controls, and deployment isolation.

Download DOCX Transparency & Integrity Governance Architecture Request protected review access

Authority boundary

This annex pack describes governance and assurance controls. It does not replace legal advice, national MRV authority, statutory approval, fiduciary judgement, financial approval, or sovereign decision-making.

Governance spine overview map

This public diagram is the overview map from the Governance Spine & Assurance Annexes document. It shows how identity, evidence intake, governance routing, assurance, audit reconstruction, deployment architecture, and data sovereignty remain connected before reviewers move into the annex-by-annex control review.

Governance Spine and Assurance Annexes diagram mapping identity and access control, evidence intake, governance routing, assurance and verification, audit reconstruction, deployment architecture, and data sovereignty to the annexes. — Overview map linking the governance spine to Annex 1 Data Sovereignty, Annex 2 Identity & Access, Annex 3 Audit & RLS, Annex 4 MRV Attachment Rules, and Annex 5 Deployment Architecture.

Where this document belongs

This pack belongs with the public Transparency & Integrity and Governance Architecture materials. It gives institutional reviewers one clear bridge from the public trust layer to the protected assurance, evidence, MRV, export, and deployment-control workspaces.

The document is suitable for ministries, donors, DFIs, climate funds, auditors, sovereign programme reviewers, and deployment authorities during early diligence and implementation scoping.

Annex structure

Annex 1 — Data Sovereignty & ResidencyHosting, residency, retention, deletion, export controls, and jurisdictional isolation.

Annex 2 — Identity & Access AssuranceReviewer accountability, role boundaries, privileged access, and session integrity.

Annex 3 — Audit & RLS AssuranceRow-level security, immutable logs, audit schema, and reconstruction guarantees.

Annex 4 — MRV Attachment RulesMethodology-neutral attachment, lineage, thresholds, and MRV-to-decision traceability.

Annex 5 — Deployment ArchitectureTenancy, integration, interoperability, infrastructure placement, and isolation boundaries.

Governance invariants

The governance spine remains constant across deployments: identity binding, evidence lineage, governance routing, assurance and verification, audit reconstruction, residency and export governance, and deployment isolation.

Companion IRI Whitepaper

The Governance Spine defines the controlled operating structure and the Institutional Assurance Layer preserves proof. The Institutional Review Index adds the reviewer-assurance layer: oversight of reviewer behaviour, consistency, calibration, bias/divergence signals, and cross-programme comparability.

Open IRI Whitepaper Download PDF

Companion diligence evidence map

The annexes define the control spine. The public diligence evidence map translates reviewer questions into testable proof requests: role matrix, audit event, reconstruction pack, evidence metadata, MRV method provenance, export snapshot, residency posture, integration scope, and operating-resilience evidence.

Open Diligence Evidence Map Return to Review Index

Reviewer use

Use this annex pack to test whether a proposed deployment can answer the core institutional questions: where data may reside, who may access or export it, how reviewer actions are attributed, how MRV artefacts influence decisions, and how decisions can be reconstructed later.

Download Governance Spine & Assurance Annexes Open reviewer route Open Diligence Evidence Map Governance Flow: submission to ecological accountability