.
This commit is contained in:
@@ -571,7 +571,6 @@ The Company hereby designates the following series as exclusive internal shared
|
|||||||
|
|
||||||
g. Document resource allocation for strategic initiatives.
|
g. Document resource allocation for strategic initiatives.
|
||||||
|
|
||||||
|
|
||||||
### Section 3.2 - Electronic Records Requirement
|
### Section 3.2 - Electronic Records Requirement
|
||||||
|
|
||||||
#### 3.2.1 - Exclusive Electronic Record Keeping
|
#### 3.2.1 - Exclusive Electronic Record Keeping
|
||||||
@@ -579,94 +578,256 @@ The Company hereby designates the following series as exclusive internal shared
|
|||||||
All records of the Company and its series shall be maintained exclusively in electronic format, including but not limited to:
|
All records of the Company and its series shall be maintained exclusively in electronic format, including but not limited to:
|
||||||
|
|
||||||
1. **Corporate Records**:
|
1. **Corporate Records**:
|
||||||
|
|
||||||
a. Articles of organization and amendments;
|
a. Articles of organization and amendments;
|
||||||
|
|
||||||
b. Operating agreements (Company and series);
|
b. Operating agreements (Company and series);
|
||||||
|
|
||||||
c. Board and committee meeting minutes and resolutions;
|
c. Board and committee meeting minutes and resolutions;
|
||||||
|
|
||||||
d. Series establishment documentation;
|
d. Series establishment documentation;
|
||||||
e. Regulatory filings and correspondence; and
|
|
||||||
f. Annual reports and compliance documents.
|
e. Regulatory filings and correspondence;
|
||||||
|
|
||||||
|
f. Annual reports and compliance documents;
|
||||||
|
|
||||||
|
g. Consents and certifications; and
|
||||||
|
|
||||||
|
h. Governance policies and procedures.
|
||||||
|
|
||||||
2. **Financial Documentation**:
|
2. **Financial Documentation**:
|
||||||
|
|
||||||
a. Financial statements and reports;
|
a. Financial statements and reports;
|
||||||
|
|
||||||
b. Tax returns and supporting documents;
|
b. Tax returns and supporting documents;
|
||||||
|
|
||||||
c. Bank statements and reconciliations;
|
c. Bank statements and reconciliations;
|
||||||
|
|
||||||
d. Audit reports and working papers;
|
d. Audit reports and working papers;
|
||||||
e. Budget and forecasting documents; and
|
|
||||||
f. Expense documentation and approvals.
|
e. Budget and forecasting documents;
|
||||||
|
|
||||||
|
f. Expense documentation and approvals;
|
||||||
|
|
||||||
|
g. Investment records and valuations; and
|
||||||
|
|
||||||
|
h. Capital transactions and funding documentation.
|
||||||
|
|
||||||
3. **Member Information**:
|
3. **Member Information**:
|
||||||
|
|
||||||
a. Series membership records;
|
a. Series membership records;
|
||||||
|
|
||||||
b. Ownership transfer documentation;
|
b. Ownership transfer documentation;
|
||||||
|
|
||||||
c. Member contact information;
|
c. Member contact information;
|
||||||
|
|
||||||
d. Voting records and proxies;
|
d. Voting records and proxies;
|
||||||
e. Distribution documentation; and
|
|
||||||
f. Membership interest certificates.
|
e. Distribution documentation;
|
||||||
|
|
||||||
|
f. Membership interest certificates;
|
||||||
|
|
||||||
|
g. Accredited investor verification materials; and
|
||||||
|
|
||||||
|
h. Member communications and notices.
|
||||||
|
|
||||||
4. **Contracts and Agreements**:
|
4. **Contracts and Agreements**:
|
||||||
|
|
||||||
a. Service provider agreements;
|
a. Service provider agreements;
|
||||||
|
|
||||||
b. Vendor contracts;
|
b. Vendor contracts;
|
||||||
|
|
||||||
c. Client agreements;
|
c. Client agreements;
|
||||||
|
|
||||||
d. Employment and contractor agreements;
|
d. Employment and contractor agreements;
|
||||||
e. Non-disclosure and confidentiality agreements; and
|
|
||||||
f. License and permit documentation.
|
e. Non-disclosure and confidentiality agreements;
|
||||||
|
|
||||||
|
f. License and permit documentation;
|
||||||
|
|
||||||
|
g. Insurance policies and claims; and
|
||||||
|
|
||||||
|
h. Settlement agreements and releases.
|
||||||
|
|
||||||
|
5. **Operational Records**:
|
||||||
|
|
||||||
|
a. Business plans and strategic documents;
|
||||||
|
|
||||||
|
b. Marketing materials and communications;
|
||||||
|
|
||||||
|
c. Intellectual property documentation;
|
||||||
|
|
||||||
|
d. Regulatory compliance records;
|
||||||
|
|
||||||
|
e. Standard operating procedures;
|
||||||
|
|
||||||
|
f. Risk assessments and mitigation plans;
|
||||||
|
|
||||||
|
g. Service level agreements and performance reports; and
|
||||||
|
|
||||||
|
h. Incident reports and resolution documentation.
|
||||||
|
|
||||||
#### 3.2.2 - Electronic Record System Requirements
|
#### 3.2.2 - Electronic Record System Requirements
|
||||||
|
|
||||||
1. **System Architecture Requirements**:
|
1. **System Architecture Requirements**:
|
||||||
|
|
||||||
a. Cloud-based primary storage with geographic redundancy across at least three separate regions;
|
a. Cloud-based primary storage with geographic redundancy across at least three separate regions;
|
||||||
b. Real-time backup and disaster recovery systems with recovery time objective of less than four hours;
|
|
||||||
|
b. Real-time backup and disaster recovery systems with recovery time objective of less than four hours and recovery point objective of less than 15 minutes;
|
||||||
|
|
||||||
c. Multi-factor authentication access controls for all users;
|
c. Multi-factor authentication access controls for all users;
|
||||||
|
|
||||||
d. Minimum AES-256 encryption at rest and TLS 1.3 encryption in transit;
|
d. Minimum AES-256 encryption at rest and TLS 1.3 encryption in transit;
|
||||||
e. Comprehensive API integration capabilities for authorized systems; and
|
|
||||||
f. Automated compliance monitoring and reporting.
|
e. Comprehensive API integration capabilities for authorized systems;
|
||||||
|
|
||||||
|
f. Automated compliance monitoring and reporting;
|
||||||
|
|
||||||
|
g. System availability of at least 99.9% measured monthly; and
|
||||||
|
|
||||||
|
h. Automated system health monitoring with real-time alerts for anomalies.
|
||||||
|
|
||||||
2. **Audit Trail Requirements**:
|
2. **Audit Trail Requirements**:
|
||||||
|
|
||||||
a. Immutable version control with blockchain verification;
|
a. Immutable version control with blockchain verification;
|
||||||
|
|
||||||
b. Comprehensive change logging with user identification;
|
b. Comprehensive change logging with user identification;
|
||||||
|
|
||||||
c. Cryptographically secured time and date stamping;
|
c. Cryptographically secured time and date stamping;
|
||||||
|
|
||||||
d. Complete document access history retention;
|
d. Complete document access history retention;
|
||||||
e. Detailed modification tracking with before/after comparisons; and
|
|
||||||
f. User activity logs retained for a minimum of seven years.
|
e. Detailed modification tracking with before/after comparisons;
|
||||||
|
|
||||||
|
f. User activity logs retained for a minimum of seven years;
|
||||||
|
|
||||||
|
g. Tamper-evident logging mechanisms; and
|
||||||
|
|
||||||
|
h. Regular audit trail verification procedures.
|
||||||
|
|
||||||
3. **Access Control Requirements**:
|
3. **Access Control Requirements**:
|
||||||
|
|
||||||
a. Role-based access management with principle of least privilege;
|
a. Role-based access management with principle of least privilege;
|
||||||
|
|
||||||
b. Granular permission settings at the document and field level;
|
b. Granular permission settings at the document and field level;
|
||||||
|
|
||||||
c. Secure user authentication with biometric options;
|
c. Secure user authentication with biometric options;
|
||||||
|
|
||||||
d. Automatic session monitoring and timeout after 15 minutes of inactivity;
|
d. Automatic session monitoring and timeout after 15 minutes of inactivity;
|
||||||
e. Comprehensive remote access protocols with enhanced security; and
|
|
||||||
f. Quarterly access rights review and certification.
|
e. Comprehensive remote access protocols with enhanced security;
|
||||||
|
|
||||||
|
f. Quarterly access rights review and certification;
|
||||||
|
|
||||||
|
g. Privileged access management with enhanced monitoring; and
|
||||||
|
|
||||||
|
h. Separation of duties for critical functions.
|
||||||
|
|
||||||
4. **Retention and Archiving Requirements**:
|
4. **Retention and Archiving Requirements**:
|
||||||
|
|
||||||
a. Automated retention scheduling based on document type;
|
a. Automated retention scheduling based on document type;
|
||||||
|
|
||||||
b. Secure archiving protocols with integrity verification;
|
b. Secure archiving protocols with integrity verification;
|
||||||
|
|
||||||
c. Legal hold implementation capabilities;
|
c. Legal hold implementation capabilities;
|
||||||
|
|
||||||
d. Defensible destruction procedures with verification;
|
d. Defensible destruction procedures with verification;
|
||||||
e. Archive access controls with separate authentication; and
|
|
||||||
f. Retention periods compliant with all applicable regulations.
|
e. Archive access controls with separate authentication;
|
||||||
|
|
||||||
|
f. Retention periods compliant with all applicable regulations;
|
||||||
|
|
||||||
|
g. Annual retention policy reviews; and
|
||||||
|
|
||||||
|
h. Secure backup archives maintained in geographically separate locations.
|
||||||
|
|
||||||
#### 3.2.3 - Compliance and Security Standards
|
#### 3.2.3 - Compliance and Security Standards
|
||||||
|
|
||||||
1. **Required Compliance Standards**: The electronic records system shall comply with:
|
1. **Required Compliance Standards**: The electronic records system shall comply with:
|
||||||
|
|
||||||
a. SOC 2 Type II standards;
|
a. SOC 2 Type II standards;
|
||||||
|
|
||||||
b. ISO 27001 Information Security standards;
|
b. ISO 27001 Information Security standards;
|
||||||
|
|
||||||
c. NIST Cybersecurity Framework;
|
c. NIST Cybersecurity Framework;
|
||||||
d. Applicable industry-specific regulations; and
|
|
||||||
e. All federal, state, and local records retention requirements.
|
d. GDPR and other applicable privacy regulations;
|
||||||
|
|
||||||
|
e. HIPAA requirements for any protected health information;
|
||||||
|
|
||||||
|
f. Applicable industry-specific regulations; and
|
||||||
|
|
||||||
|
g. All federal, state, and local records retention requirements.
|
||||||
|
|
||||||
2. **Security Protocols**:
|
2. **Security Protocols**:
|
||||||
|
|
||||||
a. Quarterly vulnerability assessments;
|
a. Quarterly vulnerability assessments;
|
||||||
|
|
||||||
b. Annual penetration testing by independent third parties;
|
b. Annual penetration testing by independent third parties;
|
||||||
|
|
||||||
c. Continuous security monitoring;
|
c. Continuous security monitoring;
|
||||||
|
|
||||||
d. Incident response plan with testing;
|
d. Incident response plan with testing;
|
||||||
e. Employee security awareness training; and
|
|
||||||
f. Data loss prevention controls.
|
e. Employee security awareness training;
|
||||||
|
|
||||||
|
f. Data loss prevention controls;
|
||||||
|
|
||||||
|
g. Endpoint security management; and
|
||||||
|
|
||||||
|
h. Zero-trust network architecture implementation.
|
||||||
|
|
||||||
3. **System Administration**:
|
3. **System Administration**:
|
||||||
|
|
||||||
a. Centralized administration by Known Element Enterprises;
|
a. Centralized administration by Known Element Enterprises;
|
||||||
|
|
||||||
b. Documentation of all system configurations;
|
b. Documentation of all system configurations;
|
||||||
|
|
||||||
c. Change management processes for system modifications;
|
c. Change management processes for system modifications;
|
||||||
d. Segregation of duties for administrative functions; and
|
|
||||||
e. Backup administrator credentials securely stored with the Company Committee.
|
d. Segregation of duties for administrative functions;
|
||||||
|
|
||||||
|
e. Backup administrator credentials securely stored with the Company Committee;
|
||||||
|
|
||||||
|
f. Automated system health monitoring; and
|
||||||
|
|
||||||
|
g. Capacity planning and performance optimization protocols.
|
||||||
|
|
||||||
|
#### 3.2.4 - Implementation and Verification
|
||||||
|
|
||||||
|
1. **System Implementation Timeline**:
|
||||||
|
|
||||||
|
a. Full implementation of all electronic record requirements within 90 days of the Effective Date;
|
||||||
|
|
||||||
|
b. Phased migration approach with priority for critical documents;
|
||||||
|
|
||||||
|
c. Verification and testing of all system components before full deployment; and
|
||||||
|
|
||||||
|
d. Post-implementation review within 30 days of completion.
|
||||||
|
|
||||||
|
2. **Compliance Verification**:
|
||||||
|
|
||||||
|
a. Quarterly system compliance audits;
|
||||||
|
|
||||||
|
b. Annual third-party security assessments;
|
||||||
|
|
||||||
|
c. Bi-annual disaster recovery testing;
|
||||||
|
|
||||||
|
d. Monthly backup verification procedures; and
|
||||||
|
|
||||||
|
e. Continuous monitoring of compliance with regulatory requirements.
|
||||||
|
|
||||||
|
3. **Documentation Requirements**:
|
||||||
|
|
||||||
|
a. Comprehensive system documentation maintained and updated;
|
||||||
|
|
||||||
|
b. User manuals and training materials for all series members;
|
||||||
|
|
||||||
|
c. Recovery procedures clearly documented and tested; and
|
||||||
|
|
||||||
|
d. Compliance certifications maintained and renewed as required.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Section 3.3 - Mandatory Capital Raising Requirements
|
### Section 3.3 - Mandatory Capital Raising Requirements
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user