.
This commit is contained in:
@@ -571,7 +571,6 @@ The Company hereby designates the following series as exclusive internal shared
|
||||
|
||||
g. Document resource allocation for strategic initiatives.
|
||||
|
||||
|
||||
### Section 3.2 - Electronic Records Requirement
|
||||
|
||||
#### 3.2.1 - Exclusive Electronic Record Keeping
|
||||
@@ -579,94 +578,256 @@ The Company hereby designates the following series as exclusive internal shared
|
||||
All records of the Company and its series shall be maintained exclusively in electronic format, including but not limited to:
|
||||
|
||||
1. **Corporate Records**:
|
||||
|
||||
a. Articles of organization and amendments;
|
||||
|
||||
b. Operating agreements (Company and series);
|
||||
|
||||
c. Board and committee meeting minutes and resolutions;
|
||||
|
||||
d. Series establishment documentation;
|
||||
e. Regulatory filings and correspondence; and
|
||||
f. Annual reports and compliance documents.
|
||||
|
||||
e. Regulatory filings and correspondence;
|
||||
|
||||
f. Annual reports and compliance documents;
|
||||
|
||||
g. Consents and certifications; and
|
||||
|
||||
h. Governance policies and procedures.
|
||||
|
||||
2. **Financial Documentation**:
|
||||
|
||||
a. Financial statements and reports;
|
||||
|
||||
b. Tax returns and supporting documents;
|
||||
|
||||
c. Bank statements and reconciliations;
|
||||
|
||||
d. Audit reports and working papers;
|
||||
e. Budget and forecasting documents; and
|
||||
f. Expense documentation and approvals.
|
||||
|
||||
e. Budget and forecasting documents;
|
||||
|
||||
f. Expense documentation and approvals;
|
||||
|
||||
g. Investment records and valuations; and
|
||||
|
||||
h. Capital transactions and funding documentation.
|
||||
|
||||
3. **Member Information**:
|
||||
|
||||
a. Series membership records;
|
||||
|
||||
b. Ownership transfer documentation;
|
||||
|
||||
c. Member contact information;
|
||||
|
||||
d. Voting records and proxies;
|
||||
e. Distribution documentation; and
|
||||
f. Membership interest certificates.
|
||||
|
||||
e. Distribution documentation;
|
||||
|
||||
f. Membership interest certificates;
|
||||
|
||||
g. Accredited investor verification materials; and
|
||||
|
||||
h. Member communications and notices.
|
||||
|
||||
4. **Contracts and Agreements**:
|
||||
|
||||
a. Service provider agreements;
|
||||
|
||||
b. Vendor contracts;
|
||||
|
||||
c. Client agreements;
|
||||
|
||||
d. Employment and contractor agreements;
|
||||
e. Non-disclosure and confidentiality agreements; and
|
||||
f. License and permit documentation.
|
||||
|
||||
e. Non-disclosure and confidentiality agreements;
|
||||
|
||||
f. License and permit documentation;
|
||||
|
||||
g. Insurance policies and claims; and
|
||||
|
||||
h. Settlement agreements and releases.
|
||||
|
||||
5. **Operational Records**:
|
||||
|
||||
a. Business plans and strategic documents;
|
||||
|
||||
b. Marketing materials and communications;
|
||||
|
||||
c. Intellectual property documentation;
|
||||
|
||||
d. Regulatory compliance records;
|
||||
|
||||
e. Standard operating procedures;
|
||||
|
||||
f. Risk assessments and mitigation plans;
|
||||
|
||||
g. Service level agreements and performance reports; and
|
||||
|
||||
h. Incident reports and resolution documentation.
|
||||
|
||||
#### 3.2.2 - Electronic Record System Requirements
|
||||
|
||||
1. **System Architecture Requirements**:
|
||||
|
||||
a. Cloud-based primary storage with geographic redundancy across at least three separate regions;
|
||||
b. Real-time backup and disaster recovery systems with recovery time objective of less than four hours;
|
||||
|
||||
b. Real-time backup and disaster recovery systems with recovery time objective of less than four hours and recovery point objective of less than 15 minutes;
|
||||
|
||||
c. Multi-factor authentication access controls for all users;
|
||||
|
||||
d. Minimum AES-256 encryption at rest and TLS 1.3 encryption in transit;
|
||||
e. Comprehensive API integration capabilities for authorized systems; and
|
||||
f. Automated compliance monitoring and reporting.
|
||||
|
||||
e. Comprehensive API integration capabilities for authorized systems;
|
||||
|
||||
f. Automated compliance monitoring and reporting;
|
||||
|
||||
g. System availability of at least 99.9% measured monthly; and
|
||||
|
||||
h. Automated system health monitoring with real-time alerts for anomalies.
|
||||
|
||||
2. **Audit Trail Requirements**:
|
||||
|
||||
a. Immutable version control with blockchain verification;
|
||||
|
||||
b. Comprehensive change logging with user identification;
|
||||
|
||||
c. Cryptographically secured time and date stamping;
|
||||
|
||||
d. Complete document access history retention;
|
||||
e. Detailed modification tracking with before/after comparisons; and
|
||||
f. User activity logs retained for a minimum of seven years.
|
||||
|
||||
e. Detailed modification tracking with before/after comparisons;
|
||||
|
||||
f. User activity logs retained for a minimum of seven years;
|
||||
|
||||
g. Tamper-evident logging mechanisms; and
|
||||
|
||||
h. Regular audit trail verification procedures.
|
||||
|
||||
3. **Access Control Requirements**:
|
||||
|
||||
a. Role-based access management with principle of least privilege;
|
||||
|
||||
b. Granular permission settings at the document and field level;
|
||||
|
||||
c. Secure user authentication with biometric options;
|
||||
|
||||
d. Automatic session monitoring and timeout after 15 minutes of inactivity;
|
||||
e. Comprehensive remote access protocols with enhanced security; and
|
||||
f. Quarterly access rights review and certification.
|
||||
|
||||
e. Comprehensive remote access protocols with enhanced security;
|
||||
|
||||
f. Quarterly access rights review and certification;
|
||||
|
||||
g. Privileged access management with enhanced monitoring; and
|
||||
|
||||
h. Separation of duties for critical functions.
|
||||
|
||||
4. **Retention and Archiving Requirements**:
|
||||
|
||||
a. Automated retention scheduling based on document type;
|
||||
|
||||
b. Secure archiving protocols with integrity verification;
|
||||
|
||||
c. Legal hold implementation capabilities;
|
||||
|
||||
d. Defensible destruction procedures with verification;
|
||||
e. Archive access controls with separate authentication; and
|
||||
f. Retention periods compliant with all applicable regulations.
|
||||
|
||||
e. Archive access controls with separate authentication;
|
||||
|
||||
f. Retention periods compliant with all applicable regulations;
|
||||
|
||||
g. Annual retention policy reviews; and
|
||||
|
||||
h. Secure backup archives maintained in geographically separate locations.
|
||||
|
||||
#### 3.2.3 - Compliance and Security Standards
|
||||
|
||||
1. **Required Compliance Standards**: The electronic records system shall comply with:
|
||||
|
||||
a. SOC 2 Type II standards;
|
||||
|
||||
b. ISO 27001 Information Security standards;
|
||||
|
||||
c. NIST Cybersecurity Framework;
|
||||
d. Applicable industry-specific regulations; and
|
||||
e. All federal, state, and local records retention requirements.
|
||||
|
||||
d. GDPR and other applicable privacy regulations;
|
||||
|
||||
e. HIPAA requirements for any protected health information;
|
||||
|
||||
f. Applicable industry-specific regulations; and
|
||||
|
||||
g. All federal, state, and local records retention requirements.
|
||||
|
||||
2. **Security Protocols**:
|
||||
|
||||
a. Quarterly vulnerability assessments;
|
||||
|
||||
b. Annual penetration testing by independent third parties;
|
||||
|
||||
c. Continuous security monitoring;
|
||||
|
||||
d. Incident response plan with testing;
|
||||
e. Employee security awareness training; and
|
||||
f. Data loss prevention controls.
|
||||
|
||||
e. Employee security awareness training;
|
||||
|
||||
f. Data loss prevention controls;
|
||||
|
||||
g. Endpoint security management; and
|
||||
|
||||
h. Zero-trust network architecture implementation.
|
||||
|
||||
3. **System Administration**:
|
||||
|
||||
a. Centralized administration by Known Element Enterprises;
|
||||
|
||||
b. Documentation of all system configurations;
|
||||
|
||||
c. Change management processes for system modifications;
|
||||
d. Segregation of duties for administrative functions; and
|
||||
e. Backup administrator credentials securely stored with the Company Committee.
|
||||
|
||||
d. Segregation of duties for administrative functions;
|
||||
|
||||
e. Backup administrator credentials securely stored with the Company Committee;
|
||||
|
||||
f. Automated system health monitoring; and
|
||||
|
||||
g. Capacity planning and performance optimization protocols.
|
||||
|
||||
#### 3.2.4 - Implementation and Verification
|
||||
|
||||
1. **System Implementation Timeline**:
|
||||
|
||||
a. Full implementation of all electronic record requirements within 90 days of the Effective Date;
|
||||
|
||||
b. Phased migration approach with priority for critical documents;
|
||||
|
||||
c. Verification and testing of all system components before full deployment; and
|
||||
|
||||
d. Post-implementation review within 30 days of completion.
|
||||
|
||||
2. **Compliance Verification**:
|
||||
|
||||
a. Quarterly system compliance audits;
|
||||
|
||||
b. Annual third-party security assessments;
|
||||
|
||||
c. Bi-annual disaster recovery testing;
|
||||
|
||||
d. Monthly backup verification procedures; and
|
||||
|
||||
e. Continuous monitoring of compliance with regulatory requirements.
|
||||
|
||||
3. **Documentation Requirements**:
|
||||
|
||||
a. Comprehensive system documentation maintained and updated;
|
||||
|
||||
b. User manuals and training materials for all series members;
|
||||
|
||||
c. Recovery procedures clearly documented and tested; and
|
||||
|
||||
d. Compliance certifications maintained and renewed as required.
|
||||
|
||||
|
||||
|
||||
### Section 3.3 - Mandatory Capital Raising Requirements
|
||||
|
||||
|
||||
Reference in New Issue
Block a user