CIAO Standard Document Registry

Protected Framework This framework is protected under CC BY-NC-ND 4.0patent pending. See Multitier Licensing.
CIAO COMMONS — STANDARD
C-AO/STD/002:2026 PUBLIC
CIAO Standard Document Registry
An authoritative index of all governing documents
Date Issued  1 January 2026
Review Date  1 January 2027
Cite as: CIAO Standard. (2026). CIAO Standard Document Registry. v1.1.3.7. C-AO/STD/002:2026. www.c-ao.com

An authoritative index of all governing documents published under the CIAO Standard, for governance, assurance, and oversight practitioners.

1. Registry Overview

The CIAO Standard Document Registry is a structured, version-controlled index of all governing documents published under the CIAO Standard. Each entry is assigned a unique document reference—for example, C-AO/POL/ISP/001:2026—encoding the document type, tier, and year of issue to ensure consistent traceability. All documents are web-native and accessible without download, with each record displaying the current version, ACTIVE status, classification, and Review Date for full transparency.

Organised across six membership tiers—Commons, Core, Essential, Professional, Enterprise, and Conglomerate—the registry reflects the progressive scope of the standard. The foundational document set is active at Version 1.0, providing a complete baseline for governance, policy, and compliance frameworks. Whether establishing a new programme or auditing an existing one, this registry offers a clear, authoritative view of the controls and supporting materials that constitute the CIAO Standard, maintained with version integrity to support governance continuity and regulatory alignment.

2. Document Registry Table

#Document TitleDoc RefTypeTierVerStatusReview DateMVELicence
1CIAO1.0ACTIVECC BY-SA 4.0
2Practitioner SubmissionStandard1.0ACTIVE1 January 2027CC BY-SA 4.0
3Change PipelineStandard1.0ACTIVE1 January 2027CC BY-SA 4.0
4CIAO Standard Document RegistryC-AO/STD/002:2026StandardCommons1.0ACTIVE1 January 2027Registry maintained; new documents recorded within 30 days of issuance; review cadence logged.CC BY-NC-ND 4.0
5CIAO Standard v1.0C-AO/STD/001:2026StandardCommons1.1ACTIVE1 January 2027Adoption attested by accountable executive; referenced in the organisation’s compliance framework.CC BY-SA 4.0
6Open PrinciplesC-AO/PRI/001:2026StandardCommons1.0ACTIVE1 January 2027Principles acknowledged in the organisation’s code of conduct or ethics register.CC BY-SA 4.0
7Governance CharterC-AO/GOV/001:2026CharterCommons1.0ACTIVE1 January 2027Internal to CIAO governance — no adopter MVE required.CC BY-SA 4.0
8Code of PracticeC-AO/COP/001:2026PracticeCommons1.0ACTIVE1 January 2027Code acknowledged and filed with the internal ethics or compliance register.CC BY-SA 4.0
9Membership GuidelinesC-AO/MEM/001:2026GuidelinesCommons1.0ACTIVE1 January 2027Active CIAO membership on file; tier attestation recorded.CC BY-SA 4.0
10Panel Advisor GuidelinesC-AO/PAG/001:2026GuidelinesCommons1.0ACTIVE1 January 2027Internal to CIAO governance — no adopter MVE required.CC BY-SA 4.0
11Partnership GuidelinesC-AO/PNG/001:2026GuidelinesCommons1.0ACTIVE1 January 2027Signed partnership MOU on file; CIAO partner mark usage governed.CC BY-SA 4.0
12Practitioners GuidelinesC-AO/PRG/001:2026GuidelinesCommons1.0ACTIVE1 January 2027Named Practitioners logged in capability register; evidence of current certification.CC BY-SA 4.0
13Multitier LicensingC-AO/LIC/001:2026StandardCommons1.0ACTIVE1 January 2027Licence terms published per tier; member tier visible to credential check; download attempts respect tier licence.CC BY-SA 4.0
14Usage TermsC-AO/LEG/001:2026LegalCommons1.0ACTIVE1 January 2027Usage Terms accepted at member onboarding; binding obligations recorded against member account.CC BY-SA 4.0
15Volunteer Contribution & Compensation DisclosureC-AO/GOV/004:2026DisclosureCommons1.0ACTIVE25 April 2027Disclosure published; volunteer-only governance status visible on every governance-body page footer.CC BY-SA 4.0
16Standard Architecture & Tier Content DepthC-AO/STD/002:2026ArchitectureCommons1.0ACTIVE25 April 2027Architecture published; CAO domain spine and tier ladder mapped to CIAO Standard v1.0.CC BY-SA 4.0
17Dynamic Selection EngineC-AO/STD/003:2026SpecificationCommons1.0ACTIVE25 April 2027Specification published; engine implementation scoped per Implementation Plan; live deployment Phase 1 pending.CC BY-SA 4.0
18CIAO Assessment v1.0C-AO/AST/001:2026AssessmentCommons1.0ACTIVE1 January 2027Assessment tool published; tier recommendation logic current; self-assessment results saved per logged-in member.CC BY-SA 4.0
19Change Management & Versioning ProcessC-AO/PRC/CMV/001:2026ProcessCommons1.0ACTIVE26 April 2027Process documented; Release Calendar to be published; change log live; quarterly errata summary scheduled.CC BY-SA 4.0
20Editorial Submission FrameworkC-AO/PRC/ESF/001:2026StandardCommons1.0ACTIVE26 April 2027Framework documented; Practitioner Submission template available; triage queue live; quarterly submission summary scheduled.CC BY-SA 4.0
21ConstitutionC-AO/CON/001:2026ConstitutionCommons1.0ACTIVE26 April 2029Constitution published; amendment procedure in force; Oversight Board seating tracked; Constitutional hierarchy enforced.CC BY-SA 4.0
22Release CalendarC-AO/CAL/REL/001:2026StandardCommons1.0ACTIVE26 April 2027Calendar published; major release horizon current; pipeline categories active; release event log append-only.CC BY-SA 4.0
23Quarterly Errata & Submission SummaryC-AO/SUM/QES/001:2026SummaryCommons1.0ACTIVEQuarterly cadenceSummary published; quarterly cadence active; errata stream reflected; submission stream reflected.CC BY-SA 4.0
24Canonical Source Standards RegisterC-AO/REG/SSR/001:2026RegisterCommons1.0ACTIVE26 April 2027Register published; 26 source standards catalogued; family taxonomy current; source-standard re-issue trigger active; Register Addition Request pathway codified.CC BY-SA 4.0
25Document Quality ControlC-AO/PRC/DQC/001:2026ProcessCommons1.0ACTIVE26 April 2027Quality gates documented; footer rendering active on all controlled documents; six gate categories defined; gate enforcement integrated into Change Management workflow.CC BY-SA 4.0
26Glossary of Base ConceptsC-AO/REF/GLO/001:2026GlossaryCommons1.0ACTIVE4 May 2027Glossary v0.2 published; 25 base concepts catalogued across two families (source-artefact, audit-and-assurance); reference attribution to ISO/IEC Guide 2:2004, ISO/IEC 17000:2020, ISO 19011:2018, IoDSA King V 2025, AICPA TSC 2017, IAASB ISAE 3402, TFEU Article 288, Vienna Convention 1969; ontology relationship layer scheduled for v0.3.CC BY-SA 4.0
27Mapping & Derivation MethodologyC-AO/STD/MDM/001:2026MethodologyCommons1.0ACTIVE11 June 2027Methodology specification published; rationale tooltips and Pre-Selection Questionnaire scheduled per implementation plan.CC BY-SA 4.0
28Standards Upkeep ProcessC-AO/PRC/SUP/001:2026ProcessCommons1.0ACTIVE19 June 2027Standards Upkeep Process published; four-phase lifecycle codified (monitoring, onboarding, register management, retirement); composes with the methodology, register, change, submission, and quality-control instruments; Standards Watch portfolios defined pending Panel seating.CC BY-SA 4.0
29Knowledge Base GraphC-AO/STD/KBG/001:2026Foundational DescriptorCommons1.0ACTIVE21 June 2027Descriptor published; layered knowledge structure described (Layer 0 subject to Layer 3 harmonised objectives) and mirrored to content classes, tiers, and maturity.CC BY-SA 4.0
30CIAO Standards Policy RegisterC-AO/REG/POL/001:2026RegisterCommons1.0ACTIVE21 June 2027Register live and deriving from the control-objective node store; inaugural Cybersecurity (CAO-400) slice populated.CC BY-SA 4.0
31CIAO Control-Objectives RegisterC-AO/REG/OBJ/001:2026RegisterCommons1.0ACTIVE22 June 2027Register live and deriving from the control-objective layer.CC BY-SA 4.0
32InstitutionC-AO/INS/001:2026Architectural InstrumentCommons1.0ACTIVE22 June 2029Architectural Instrument published; knowledge architecture and access framework in force.CC BY-SA 4.0
33IMS LITE MANUALC-AO/MAN/IMS-L/001:2026ManualEssential1.0ACTIVE1 January 2027IMS Manual (Lite) adopted; published internally; accountable owner named.CC BY-NC-ND 4.0
34Essential Information Compliance UniverseC-AO/REF/EICU/001:2026ReferenceEssential1.0ACTIVE1 January 2027Essential ICU mapped to organisation’s compliance stack; review cadence logged.CC BY-NC-ND 4.0
35Information Compliance UniverseC-AO/REF/ICU/001:2026ReferenceEssential1.0ACTIVE1 January 2027ICU mapped to the organisation’s compliance stack; cross-framework register maintained.CC BY-NC-ND 4.0
36Access Control PolicyC-AO/POL/CAO-410:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
37Network Security PolicyC-AO/POL/CAO-420:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
38Cryptography and Data Encryption PolicyC-AO/POL/CAO-430:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
39Operations Security PolicyC-AO/POL/CAO-450:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
40Threat and Vulnerability Management PolicyC-AO/POL/CAO-460:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
41Incident Response PolicyC-AO/POL/CAO-470:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
42Secure Software Development PolicyC-AO/POL/CAO-480:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
43People and Physical Security PolicyC-AO/POL/CAO-490:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
44Consent Management PolicyC-AO/POL/CAO-310:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
45Data Subject Rights PolicyC-AO/POL/CAO-320:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
46Privacy by Design PolicyC-AO/POL/CAO-330:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
47Information Classification PolicyC-AO/POL/CAO-340:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
48Information Transfer PolicyC-AO/POL/CAO-350:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
49Records Management PolicyC-AO/POL/CAO-360:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
50Data Protection and Privacy PolicyC-AO/POL/CAO-370:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
51Board CharterC-AO/POL/CAO-120:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
52Quality Management PolicyC-AO/POL/CAO-160:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
53Remuneration PolicyC-AO/POL/CAO-170:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
54Corporate Governance PolicyC-AO/POL/CAO-140:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
55Technology Governance PolicyC-AO/POL/CAO-150:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
56Security Governance PolicyC-AO/POL/CAO-190:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
57Risk Management PolicyC-AO/POL/CAO-210:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
58Audit and Assurance PolicyC-AO/POL/CAO-220:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
59AI PolicyC-AO/POL/CAO-510:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
60AI Risk Management PolicyC-AO/POL/CAO-520:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
61AI Transparency and Explainability PolicyC-AO/POL/CAO-530:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
62AI Data Governance PolicyC-AO/POL/CAO-540:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
63Operational Resilience PolicyC-AO/POL/CAO-610:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
64Business Continuity and Disaster Recovery PolicyC-AO/POL/CAO-620:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
65Configuration, Change and Asset Management PolicyC-AO/POL/CAO-630:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
66Service Management PolicyC-AO/POL/CAO-640:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
67Supplier and Supply Chain Security PolicyC-AO/POL/CAO-710:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
68Legal and Regulatory Compliance PolicyC-AO/POL/CAO-810:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
69Ethics and Responsible Citizenship PolicyC-AO/POL/CAO-910:2026PolicyEssential1.0ACTIVE22 June 2027Draft generated; awaiting panel review.CC BY-SA 4.0
70Sustainability Reporting and Disclosure PolicyC-AO/POL/CAO-920:2026PolicyEssential1.0ACTIVE7 July 2027CC BY-SA 4.0
71Environmental Sustainability PolicyC-AO/POL/CAO-930:2026PolicyEssential1.0ACTIVE7 July 2027CC BY-SA 4.0
72Social Sustainability PolicyC-AO/POL/CAO-940:2026PolicyEssential1.0ACTIVE7 July 2027CC BY-SA 4.0
73Data Governance PolicyC-AO/POL/CAO-130:2026PolicyEssential1.0ACTIVE10 July 2027CC BY-SA 4.0
74Information Governance PolicyC-AO/POL/CAO-110:2026PolicyEssential1.0ACTIVE10 July 2027CC BY-SA 4.0
75OPF LITE FrameworkC-AO/FWK/OPF-L/001:2026FrameworkProfessional1.0ACTIVE1 January 2027OPF (Lite) deployed; policies owned and version-controlled; coverage mapped.CC BY-NC-ND 4.0
76ECF LITE FrameworkC-AO/FWK/ECF-L/001:2026FrameworkProfessional1.0ACTIVE1 January 2027ECF (Lite) deployed; mapping to organisation controls documented.CC BY-NC-ND 4.0
77IMS CORE ManualC-AO/MAN/IMS-C/001:2026ManualProfessional1.0ACTIVE1 January 2027IMS Manual (Core) adopted; operational evidence linked to each control.CC BY-NC-ND 4.0
78ECF CORE FrameworkC-AO/FWK/ECF-C/001:2026FrameworkEnterprise1.0ACTIVE1 January 2027ECF (Core) deployed; control-owner log current; evidence linked per control.Proprietary — CIAO Member Licence

3. Document Access and Use

All Commons through Professional tier documents in the CIAO Standard Document Registry are web-native and freely accessible without download, published under the Creative Commons Attribution-ShareAlike 4.0 International Licence (CC BY-SA 4.0). Enterprise and Conglomerate tier documents are issued under a proprietary licence and are accessible to credentialled members only. Each document may be cited using its unique document reference in the format C-AO/[TYPE]/[CODE]/001:YYYY. Users are encouraged to reference the registry as the single authoritative source for validated, current versions.

4. Review and Update Protocols

All CIAO Standard documents are subject to a scheduled annual review cycle. The Review Date field in the registry table indicates when each document is next due for assessment. Upon review, documents may be reissued at an incremented version number, amended in scope, or withdrawn. Any changes to document status or version are recorded in the Version History section below. The maintained-by field for all documents is www.c-ao.com.

5. Governance Context

The Document Registry sits at the centre of the CIAO Standard governance framework. All registered documents are published under the parent standard C-AO/STD/001:2026. Documents are organised across six membership tiers — Commons, Core, Essential, Professional, Enterprise, and Conglomerate — each tier building cumulatively on the one below. Commons through Professional tier documents are licensed under CC BY-SA 4.0. Enterprise and Conglomerate tier documents are issued under proprietary licence terms. Higher-tier documents reference and extend the policies and frameworks established at lower tiers, forming an integrated and interdependent governance system.

6. Version History Details

Version Date Change Summary Status
1.0 1 January 2026 Inaugural edition — foundational document set published across Commons, Core, Essential, Professional, and Enterprise tiers. Commons through Professional documents issued under CC BY-SA 4.0 licence. Enterprise and Conglomerate documents issued under proprietary licence. ACTIVE

● LIVE CONTENT  ·  Verified 11 July 2026 at 17:03 UTC  ·  Version 1.1.3.7  ·  Always current at c-ao.com  ·  © CIAO Standard Secretariat 2026

Cite this page (APA)