An authoritative index of all governing documents published under the CIAO Standard, for governance, assurance, and oversight practitioners.
1. Registry Overview
The CIAO Standard Document Registry is a structured, version-controlled index of all governing documents published under the CIAO Standard. Each entry is assigned a unique document reference—for example, C-AO/POL/ISP/001:2026—encoding the document type, tier, and year of issue to ensure consistent traceability. All documents are web-native and accessible without download, with each record displaying the current version, ACTIVE status, classification, and Review Date for full transparency.
Organised across six membership tiers—Commons, Core, Essential, Professional, Enterprise, and Conglomerate—the registry reflects the progressive scope of the standard. The foundational document set is active at Version 1.0, providing a complete baseline for governance, policy, and compliance frameworks. Whether establishing a new programme or auditing an existing one, this registry offers a clear, authoritative view of the controls and supporting materials that constitute the CIAO Standard, maintained with version integrity to support governance continuity and regulatory alignment.
2. Document Registry Table
| # | Document Title | Doc Ref | Type | Tier | Ver | Status | Review Date | MVE | Licence |
|---|---|---|---|---|---|---|---|---|---|
| 1 | CIAO | — | — | 1.0 | ACTIVE | — | CC BY-SA 4.0 | ||
| 2 | CIAO Standard Document Registry | C-AO/STD/002:2026 | Standard | Commons | 1.0 | ACTIVE | 1 January 2027 | Registry maintained; new documents recorded within 30 days of issuance; review cadence logged. | CC BY-NC-ND 4.0 |
| 3 | CIAO Standard v1.0 | C-AO/STD/001:2026 | Standard | Commons | 1.1 | ACTIVE | 1 January 2027 | Adoption attested by accountable executive; referenced in the organisation’s compliance framework. | CC BY-SA 4.0 |
| 4 | Open Principles | C-AO/PRI/001:2026 | Standard | Commons | 1.0 | ACTIVE | 1 January 2027 | Principles acknowledged in the organisation’s code of conduct or ethics register. | CC BY-SA 4.0 |
| 5 | Governance Charter | C-AO/GOV/001:2026 | Charter | Commons | 1.0 | ACTIVE | 1 January 2027 | Internal to CIAO governance — no adopter MVE required. | CC BY-SA 4.0 |
| 6 | Code of Practice | C-AO/COP/001:2026 | Practice | Commons | 1.0 | ACTIVE | 1 January 2027 | Code acknowledged and filed with the internal ethics or compliance register. | CC BY-SA 4.0 |
| 7 | Membership Guidelines | C-AO/MEM/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Active CIAO membership on file; tier attestation recorded. | CC BY-SA 4.0 |
| 8 | Panel Advisor Guidelines | C-AO/PAG/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Internal to CIAO governance — no adopter MVE required. | CC BY-SA 4.0 |
| 9 | Partnership Guidelines | C-AO/PNG/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Signed partnership MOU on file; CIAO partner mark usage governed. | CC BY-SA 4.0 |
| 10 | Practitioners Guidelines | C-AO/PRG/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Named Practitioners logged in capability register; evidence of current certification. | CC BY-SA 4.0 |
| 11 | Multitier Licensing | C-AO/LIC/001:2026 | Standard | Commons | 1.0 | ACTIVE | 1 January 2027 | Licence terms published per tier; member tier visible to credential check; download attempts respect tier licence. | CC BY-SA 4.0 |
| 12 | Framework Mapping | C-AO/STD/004:2026 | Mapping | Commons | 1.0 | ACTIVE | 1 January 2027 | Mapping table published; source standards register current; clause references verified per Panel review cycle. | CC BY-SA 4.0 |
| 13 | Usage Terms | C-AO/LEG/001:2026 | Legal | Commons | 1.0 | ACTIVE | 1 January 2027 | Usage Terms accepted at member onboarding; binding obligations recorded against member account. | CC BY-SA 4.0 |
| 14 | Volunteer Contribution & Compensation Disclosure | C-AO/GOV/004:2026 | Disclosure | Commons | 1.0 | ACTIVE | 25 April 2027 | Disclosure published; volunteer-only governance status visible on every governance-body page footer. | CC BY-SA 4.0 |
| 15 | Standard Architecture & Tier Content Depth | C-AO/STD/002:2026 | Architecture | Commons | 1.0 | ACTIVE | 25 April 2027 | Architecture published; CAO domain spine and tier ladder mapped to CIAO Standard v1.0. | CC BY-SA 4.0 |
| 16 | Dynamic Selection Engine | C-AO/STD/003:2026 | Specification | Commons | 1.0 | ACTIVE | 25 April 2027 | Specification published; engine implementation scoped per Implementation Plan; live deployment Phase 1 pending. | CC BY-SA 4.0 |
| 17 | CIAO Assessment v1.0 | C-AO/AST/001:2026 | Assessment | Commons | 1.0 | ACTIVE | 1 January 2027 | Assessment tool published; tier recommendation logic current; self-assessment results saved per logged-in member. | CC BY-SA 4.0 |
| 18 | Change Management & Versioning Process | C-AO/PRC/CMV/001:2026 | Process | Commons | 1.0 | ACTIVE | 26 April 2027 | Process documented; Release Calendar to be published; change log live; quarterly errata summary scheduled. | CC BY-SA 4.0 |
| 19 | Editorial Submission Framework | C-AO/PRC/ESF/001:2026 | Process | Commons | 1.0 | ACTIVE | 26 April 2027 | Framework documented; Practitioner Submission template available; triage queue live; quarterly submission summary scheduled. | CC BY-SA 4.0 |
| 20 | Constitution | C-AO/CON/001:2026 | Constitution | Commons | 1.0 | ACTIVE | 26 April 2029 | Constitution published; amendment procedure in force; Oversight Board seating tracked; Constitutional hierarchy enforced. | CC BY-SA 4.0 |
| 21 | Release Calendar | C-AO/CAL/REL/001:2026 | Calendar | Commons | 1.0 | ACTIVE | 26 April 2027 | Calendar published; major release horizon current; pipeline categories active; release event log append-only. | CC BY-SA 4.0 |
| 22 | Quarterly Errata & Submission Summary | C-AO/SUM/QES/001:2026 | Summary | Commons | 1.0 | ACTIVE | Quarterly cadence | Summary published; quarterly cadence active; errata stream reflected; submission stream reflected. | CC BY-SA 4.0 |
| 23 | Canonical Source Standards Register | C-AO/REG/SSR/001:2026 | Register | Commons | 1.0 | ACTIVE | 26 April 2027 | Register published; 26 source standards catalogued; family taxonomy current; source-standard re-issue trigger active; Register Addition Request pathway codified. | CC BY-SA 4.0 |
| 24 | Document Quality Control | C-AO/PRC/DQC/001:2026 | Process | Commons | 1.0 | ACTIVE | 26 April 2027 | Quality gates documented; footer rendering active on all controlled documents; six gate categories defined; gate enforcement integrated into Change Management workflow. | CC BY-SA 4.0 |
| 25 | Glossary of Base Concepts | C-AO/REF/GLO/001:2026 | Glossary | Commons | 1.0 | ACTIVE | 4 May 2027 | Glossary v0.2 published; 25 base concepts catalogued across two families (source-artefact, audit-and-assurance); reference attribution to ISO/IEC Guide 2:2004, ISO/IEC 17000:2020, ISO 19011:2018, IoDSA King V 2025, AICPA TSC 2017, IAASB ISAE 3402, TFEU Article 288, Vienna Convention 1969; ontology relationship layer scheduled for v0.3. | CC BY-SA 4.0 |
| 26 | Information Security Policy | C-AO/POL/ISP/001:2026 | Policy | Core | 1.0 | ACTIVE | 1 January 2027 | Policy in force; ISMS scope documented; risk register current; named owner. | CC BY-SA 4.0 |
| 27 | Data Protection & Privacy Policy | C-AO/POL/DPP/001:2026 | Policy | Core | 1.0 | ACTIVE | 1 January 2027 | Policy in force; DPO named where required; records-of-processing current; named owner. | CC BY-SA 4.0 |
| 28 | Cybersecurity Awareness & Training Policy | C-AO/POL/CAT/001:2026 | Policy | Core | 1.0 | ACTIVE | 1 January 2027 | Policy in force; training completion records current; named owner. | CC BY-SA 4.0 |
| 29 | Acceptable Use Policy | C-AO/POL/AUP/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; employee acknowledgements on file; breach register current; named owner. | CC BY-SA 4.0 |
| 30 | Business Continuity and Disaster Recovery Policy | C-AO/POL/BCP/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; latest DR exercise outcome on file; BIA current; named owner. | CC BY-SA 4.0 |
| 31 | Cryptography and Data Encryption Policy | C-AO/POL/CDE/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; key-management records; algorithm inventory current; named owner. | CC BY-SA 4.0 |
| 32 | Human Resources Security Policy | C-AO/POL/HRS/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; onboarding/offboarding evidence collected; named owner. | CC BY-SA 4.0 |
| 33 | Incident Response Policy | C-AO/POL/IRP/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; incident log maintained; latest tabletop outcome on file; named owner. | CC BY-SA 4.0 |
| 34 | Physical Security Policy | C-AO/POL/PSP/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; physical access logs reviewed; visitor register current; named owner. | CC BY-SA 4.0 |
| 35 | Vendor and Third-Party Risk Management Policy | C-AO/POL/VRM/001:2026 | Policy | Essential | 1.0 | ACTIVE | 1 January 2027 | Policy in force; vendor assessment register current; tiered risk register; named owner. | CC BY-SA 4.0 |
| 36 | IMS LITE MANUAL | C-AO/MAN/IMS-L/001:2026 | Manual | Essential | 1.0 | ACTIVE | 1 January 2027 | IMS Manual (Lite) adopted; published internally; accountable owner named. | CC BY-NC-ND 4.0 |
| 37 | Essential Information Compliance Universe | C-AO/REF/EICU/001:2026 | Reference | Essential | 1.0 | ACTIVE | 1 January 2027 | Essential ICU mapped to organisation’s compliance stack; review cadence logged. | CC BY-NC-ND 4.0 |
| 38 | Information Compliance Universe | C-AO/REF/ICU/001:2026 | Reference | Essential | 1.0 | ACTIVE | 1 January 2027 | ICU mapped to the organisation’s compliance stack; cross-framework register maintained. | CC BY-NC-ND 4.0 |
| 39 | OPF LITE Framework | C-AO/FWK/OPF-L/001:2026 | Framework | Professional | 1.0 | ACTIVE | 1 January 2027 | OPF (Lite) deployed; policies owned and version-controlled; coverage mapped. | CC BY-NC-ND 4.0 |
| 40 | ECF LITE Framework | C-AO/FWK/ECF-L/001:2026 | Framework | Professional | 1.0 | ACTIVE | 1 January 2027 | ECF (Lite) deployed; mapping to organisation controls documented. | CC BY-NC-ND 4.0 |
| 41 | IMS CORE Manual | C-AO/MAN/IMS-C/001:2026 | Manual | Professional | 1.0 | ACTIVE | 1 January 2027 | IMS Manual (Core) adopted; operational evidence linked to each control. | CC BY-NC-ND 4.0 |
| 42 | ECF CORE Framework | C-AO/FWK/ECF-C/001:2026 | Framework | Enterprise | 1.0 | ACTIVE | 1 January 2027 | ECF (Core) deployed; control-owner log current; evidence linked per control. | Proprietary — CIAO Member Licence |
3. Document Access and Use
All Commons through Professional tier documents in the CIAO Standard Document Registry are web-native and freely accessible without download, published under the Creative Commons Attribution-ShareAlike 4.0 International Licence (CC BY-SA 4.0). Enterprise and Conglomerate tier documents are issued under a proprietary licence and are accessible to credentialled members only. Each document may be cited using its unique document reference in the format C-AO/[TYPE]/[CODE]/001:YYYY. Users are encouraged to reference the registry as the single authoritative source for validated, current versions.
4. Review and Update Protocols
All CIAO Standard documents are subject to a scheduled annual review cycle. The Review Date field in the registry table indicates when each document is next due for assessment. Upon review, documents may be reissued at an incremented version number, amended in scope, or withdrawn. Any changes to document status or version are recorded in the Version History section below. The maintained-by field for all documents is www.c-ao.com.
5. Governance Context
The Document Registry sits at the centre of the CIAO Standard governance framework. All registered documents are published under the parent standard C-AO/STD/001:2026. Documents are organised across six membership tiers — Commons, Core, Essential, Professional, Enterprise, and Conglomerate — each tier building cumulatively on the one below. Commons through Professional tier documents are licensed under CC BY-SA 4.0. Enterprise and Conglomerate tier documents are issued under proprietary licence terms. Higher-tier documents reference and extend the policies and frameworks established at lower tiers, forming an integrated and interdependent governance system.
6. Version History Details
| Version | Date | Change Summary | Status |
|---|---|---|---|
| 1.0 | 1 January 2026 | Inaugural edition — foundational document set published across Commons, Core, Essential, Professional, and Enterprise tiers. Commons through Professional documents issued under CC BY-SA 4.0 licence. Enterprise and Conglomerate documents issued under proprietary licence. | ACTIVE |