Post-homepage institutional review · Tier-1 memo

What Questions Remain?

Following a full review of the Terra Vita Hub homepage and its public governance dossier, the reviewer group confirms that the public layer is institutionally strong, the authority boundary is explicit, and the governance spine is credible and schema-aligned.

The following questions remain before protected diligence can begin. These are not gaps — they are the standard Tier-1 diligence questions that arise once the public layer is sufficiently mature.

Open Institutional Pack Control Evidence Boundary Operational Assurance Minimum Evidence Request Protected response matrix

Expected evidence route after public review

1. Institutional Pack
2. Control Evidence Boundary
3. Operational Assurance Annex
4. Minimum Evidence Request
5. Protected Walkthrough

Authority Boundary & Reviewer Controls

Reviewers validate that the authority boundary is enforced in workflows, roles and audit records — not only stated in public copy.

Reviewers will ask

How are override pathways governed in practice?
How are conditional approvals represented in the schema and audit trail?
How does the system prevent informal approval chains or undocumented reviewer actions?
How are MRV-attached signals prevented from drifting into decision logic?

Reason: Committees must verify that the authority boundary is not only stated but enforced in the workflow and schema.

Control Evidence Boundary Reviewer Route

Evidence Integrity & Lineage Guarantees

Reviewers test whether attachments, spatial files, MRV artefacts and programme records remain attributable, replayable and versioned.

Reviewers will ask

How is evidence immutability enforced across attachments, spatial files, MRV artefacts, and programme records?
What prevents context drift when evidence is updated or re-submitted?
How are version histories reconstructed during audit?
How does the system ensure MRV context remains attached through routing and escalation?

Reason: DFIs and ministries require proof that evidence cannot be altered without attribution.

Evidence Traceability Matrix Diligence Evidence Map

Escalation, Exceptions & Risk Pathways

Reviewers verify that exceptions are recorded, surfaced and carried forward rather than hidden inside informal processes.

Reviewers will ask

What constitutes a trigger condition for escalation?
How are exceptions recorded, justified, and surfaced in committee packs?
How does the system prevent silent overrides?
How are unresolved risks carried forward into export posture?

Reason: Sovereign programmes and auditors must see how governance protects decisions under pressure.

Governance Workspace Control Evidence Boundary

Programme Lifecycle Controls

Reviewers confirm that governance operates from intake through monitoring, mid-term correction and closeout — not intake only.

Reviewers will ask

How does governance behave during monitoring, mid-term corrections, and closeout?
How are conditions tracked across long programme timelines?
How does the system prevent post-approval drift?
How does the Hub maintain continuity of evidence across multi-year cycles?

Reason: Ministries and DFIs must confirm that governance is end-to-end, not intake-only.

Protected Governance Workspace Diligence Pack

Cross-Sector Invariants & Sector-Specific Variables

Reviewers test that the governance spine remains stable across agriculture, mining, climate, coastal and marine contexts.

Reviewers will ask

How are sector-specific MRV methodologies configured without breaking invariants?
How does the system ensure consistency across agriculture, mining, climate, coastal, and marine deployments?
What prevents sector drift in committee-pack structure or reviewer behaviour?

Reason: Multi-programme institutions need assurance that the governance spine is stable across contexts.

MRV Attachment Note Governance Architecture

Public → Protected Boundary & Access Governance

Reviewers verify purpose-bound access, identity attribution, expiry and cross-programme visibility controls.

Reviewers will ask

How is purpose-bound access enforced technically?
What is the expiry model for protected access?
How are institutional identities federated and logged?
What prevents cross-programme visibility inside protected environments?

Reason: DPIA, procurement, and security teams must validate that protected access is controlled and attributable.

Request Protected Walkthrough Control Evidence Boundary

Operational Assurance & Deployment-Specific Controls

Procurement and vendor-risk reviewers receive operational, reliability and security posture evidence under protected diligence.

Reviewers will ask

What are the SLA bands, RPO/RTO, and incident-response posture?
How is data residency configured per deployment?
What is the key-management model?
How does the system handle identity federation, integration surfaces, and disaster recovery?

Reason: These are mandatory procurement and vendor-risk questions before reliance.

Operational Assurance Minimum Evidence Request

Tenancy, Sovereignty & Isolation Guarantees

Sovereign and multi-tenant reviewers validate isolation at the data, workflow, audit, residency and export layers.

Reviewers will ask

How are tenants isolated at the data, workflow, and audit layers?
How is jurisdictional residency enforced?
How are export controls applied per deployment?
How is cross-tenant leakage prevented?

Reason: Sovereign programmes require explicit guarantees of isolation and jurisdictional control.

Data Sovereignty Note Operational Assurance

Committee-Pack Construction & Export Posture

Committees verify that packs are generated, versioned, locked and reconstructed with conditions, exceptions and unresolved risks intact.

Reviewers will ask

How are committee packs generated, versioned, and locked?
How are conditions, exceptions, and unresolved risks surfaced?
How does the system ensure export posture is consistent across programmes?
How is lineage preserved in exported artefacts?

Reason: Committees rely on export posture to make defensible decisions.

Donor Submission Pack Diligence Pack

Minimum Evidence Request & Protected Annexes

Reviewers need a sequenced annex structure so protected diligence can proceed without ambiguity or duplicate requests.

Reviewers will ask

What exact control evidence will be available under protected diligence?
What is the annex structure: security, tenancy, audit, MRV, schema, operational assurance?
What is the sequence for reviewing these annexes?
How does the Hub support procurement-grade verification?

Reason: Before reliance, reviewers must know what protected evidence they will receive and in what order.

Minimum Evidence Request Institutional Pack

Where these questions are answered

The homepage should not carry the full answer set. It should route reviewers to the evidence sequence below so committees, procurement, security, MRV and audit teams can validate the proof in the correct order.

Question area	Answered through	Evidence opened under diligence
Authority Boundary & Reviewer Controls	Control Evidence Boundary; Protected Walkthrough; reviewer-role and override evidence opened under purpose-bound access.	Role matrix, reviewer action samples, conditional approval states, override rationale examples, audit-event lineage.
Evidence Integrity & Lineage Guarantees	Evidence Traceability Matrix; Institutional Diligence Evidence Map; audit and schema annexes.	Evidence object lineage, version history, attachment references, spatial/MRV attachment chain, audit reconstruction samples.
Escalation, Exceptions & Risk Pathways	Governance workflow annex; Control Evidence Boundary; committee-pack export posture evidence.	Escalation trigger catalogue, exception record sample, unresolved-risk register, export posture rules and committee pack excerpts.
Programme Lifecycle Controls	Lifecycle governance annex; programme workspace walkthrough; export and monitoring evidence.	Lifecycle state map, condition tracker, monitoring review sample, closeout posture, change-log and continuity evidence.
Cross-Sector Invariants & Sector-Specific Variables	Governance spine annex; MRV attachment note; sector configuration evidence.	Invariant-control map, sector variable register, MRV methodology attachment examples, committee-pack consistency checks.
Public → Protected Boundary & Access Governance	Protected access walkthrough; Control Evidence Boundary; access governance annex.	Access purpose record, reviewer identity log, access expiry sample, programme scoping controls, role-bound route evidence.
Operational Assurance & Deployment-Specific Controls	Operational Assurance Annex; Minimum Evidence Request; deployment-specific protected evidence.	SLA/RPO/RTO posture, incident response summary, DR posture, key-management model, identity federation and integration-boundary evidence.
Tenancy, Sovereignty & Isolation Guarantees	Data Sovereignty & Hosting Configuration; Operational Assurance Annex; tenancy/isolation evidence.	Tenant isolation model, residency configuration, export-control map, audit scoping evidence, jurisdictional constraints.
Committee-Pack Construction & Export Posture	Export posture annex; donor submission pack; committee pack evidence.	Committee pack skeleton, export manifest, version lock sample, unresolved-risk surface, lineage in exported artefacts.
Minimum Evidence Request & Protected Annexes	Minimum Evidence Request; Institutional Pack; protected response matrix and walkthrough agenda.	Annex checklist, evidence sequence, request template, protected walkthrough agenda, procurement-grade verification map.

Reviewer conclusion

The public layer is institutionally strong, boundary-sound, and reviewer-oriented. The remaining questions are standard Tier-1 diligence items, not structural gaps.

The reviewer group recommends proceeding to purpose-bound protected diligence, with the expectation that the above questions will be addressed through:

The Institutional Pack
The Control Evidence Boundary
The Operational Assurance Annex
The Minimum Evidence Request
The Protected Walkthrough

Request protected walkthrough Open protected response matrix