Trust Triangle Publications
To streamline due diligence for councils, regulators, and partners, we publish the three cornerstone artefacts that demonstrate legal, algorithmic, and ethical compliance. These live records can be cited directly in ATRS submissions, procurement packs, and security questionnaires.
Algorithmic Transparency Record
Covers inputs, models, safeguards, and human-in-loop controls for the Promise Tracker in line with the Central Digital & Data Office ATRS standard.
View Algorithmic Transparency Record → (Also available as PDF)
Social Value Statement (PPN 06/20)
Demonstrates how the CIC mandate, Fair Work Cartridge, and National Transparency Fund deliver the mandatory 10% social value score in every tender.
View Social Value Statement → (Also available as PDF)
Deployment Compliance Workbook
Tracks progress against Cyber Essentials Plus, DTAC, Generative AI safeguards, and G-Cloud listings with an action log for audit teams.
View Compliance Workbook → (Also available as PDF)
Data Room Availability
Signed copies of the Trust Triangle artefacts, pen-test letters, and DPIAs are mirrored inside the secure investor data room. Access can be granted on request.
Software Supply Chain & License Audit
Victory #139 completed a full supply-chain inspection using license-checker. The report below
summarises all transitive dependencies across the monorepo. No GPL or copyleft encumbrances were detected
(the audit was executed with --failOn "GPL").
License Summary
- MIT 1128 packages
- ISC 72 packages
- Apache-2.0 41 packages
- BSD-3-Clause 38 packages
- BSD-2-Clause 30 packages
Governance Notes
- Dual-licensed entries (e.g.
(BSD-3-Clause OR GPL-2.0)) are recorded for ongoing monitoring. - “Custom” license artefacts are inspected and documented in the internal supply-chain tracker.
- The full machine-readable report is stored in
LICENSE-AUDIT.mdat the repository root.
Data Protection Impact Assessment (DPIA) Summary
The Master Jurist processes parliamentary, procurement, and FOI data. A Data Protection Impact Assessment (DPIA) is conducted to ensure compliance with UK GDPR and the Data Protection Act 2018.
Purpose & Processing
- Lawful basis: Public Task – ensuring transparent governance of public expenditure.
- Data categories: Ministerial statements, public procurement records, FOI responses, metadata on public officials.
- No special category personal data is intentionally processed; automated filters redact incidental personal data.
Risk Mitigation Controls
- PIA redaction pipeline removes personal identifiers prior to persistence.
- All data ingress points are encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to raw FOI responses is restricted to the National Transparency Operations Centre.
- Daily privacy audits ensure FOI publications respect statutory exemptions.
Full DPIA documentation is maintained internally and can be shared with regulators or partners under NDA.
FOI Compliance Checklist
TallySticks UK operates in concert with the UK Freedom of Information Act 2000. The checklist below captures the operational guardrails that guarantee lawful handling of FOI requests and responses.
- ☑ FOI request provenance logged with WhatDoTheyKnow references for audit.
- ☑ Response caching ensures previously disclosed information is surfaced before new requests are filed.
- ☑ Statutory response deadlines (< 20 working days) monitored via the Master Jurist escalation engine.
- ☑ Section 40 (personal data) and Section 43 (commercial interests) exemptions enforced by redaction pipeline.
- ☑ Appeals workflow routes to the Information Governance team with full evidence trails.
The FOI Compliance memo underpinning this checklist is version-controlled in docs/governance/foi.
Daily Constitutional Validation Reports
The National Transparency Operations Centre publishes a daily digest of Master Jurist validation runs. The live feed below will surface the most recent reports once the production pipeline is activated.
Coming Soon
The validation feed API is in staging. Widgets here will render the 24-hour summary of validated contracts, promise divergence alerts, and ministerial compliance heatmaps. Subscribe to the RSS/JSON endpoints (launching with Phase I public release) for machine-readable access.
For early access or integration requests, contact the National Transparency Operations Centre at ntoc@tallysticks.uk.
Case Law & Precedent Library
The Master Jurist references judicial reviews and ombudsman decisions that clarify procurement and transparency obligations. Current curated cases include:
- CASE-001 / CASE-002 – R (Good Law Project) v Secretary of State for Health and Social Care (2021, 2022). Procurement transparency and conflict of interest safeguards.
- CASE-003 – Local Government Ombudsman (Birmingham Highways Contract, 2024). Oversight and resident accountability in contract delivery.
The curated dataset is stored in caseLawGoldenDataset.json and is ingested via
case-law:ingest. Future releases will expand this library automatically as Phase II connectors are
deployed.