A complete Code of Conduct for Relying Parties might include Sections for ...A) Data Protection, B) Admin, Record Keeping and Process, C) Audit and Compliance, D) Customer Service Exit and Off Boarding E) Marketing, plus other aspects to make it comprehensive .
...
Administration, Record Keeping and data processing
Audit and ComplianceCustomer
ServiceExit and Off boarding
Marketing
...........................................
...
(a) [Payment] pay the Charges in accordance with XXXX clause in the Federation Agreement;
(b) [Co-operation] co-operate with IdP personnel in connection with its background checking/identity proofing of RP/SP responsible officers, operation and safe-guarding of the Service/s; and advise IdP promptly of any Service anomalies, suspicious or unusual usage, or complaints relating to the Services and provide reasonable assistance to IdP/AP in the investigation of such anomalies, usage or complaints;
(c) [Standards Compliance] comply with any standards or specifications issued by the XXIdPFederation/IdP/ APXX and any reporting obligations required by the IdP/AP from time to time in accordance with any relevant legislation (including those of a contracted third party to the RP/SP)
...
(f) [ transparent relationship ] ensure that the agency Service Provider/RP's website terms and conditions explain the inter-relationship of the Services and the Client’s systems in terms agreed with Federation/IdP;
(g) [ Promotion ] use its best endeavours to promote the Services and instructions for use, to its customer base to encourage service uptake and use;
(h) [ Maintenance and notification ] use and maintain the Service Interface including the security between the Client’s systems and the Service System; register/modify/remove/retrieve meta-data, maintain PKI certificates as defined in the XX Federation Documentation XX; notify IdP of any network changes or certification renewals that may impact on any part of the Service, use the Admin interface to register and update details relating to the Service , and the officers charged with administering the service
Text below informed by the paper, 'Adding and removing Credential Service Providers under the Credential Broker Service' TBS Canada, CIO Branch, Feb 2015, Version 4.0
Customer Service and Assistance Code of Conduct
(a) [Exit and off boarding]: RP must have an explicit written policy to address and mitigate impacts to existing users (e.g portability of accounts if feasible, re-enrollment, credential switching) in the event that the RP terminates or is terminated from its role.
(b) Exit and off boarding: Updating Helpdesk, call handling procedures and documentation, website information, test scripts and system flows to reflect the terminated state of the RP
...