An authoritative index of all governing documents published under the CIAO Standard, for governance, assurance, and oversight practitioners.
1. Registry Overview
The CIAO Standard Document Registry is a structured, version-controlled index of all governing documents published under the CIAO Standard. Each entry is assigned a unique document reference—for example, C-AO/POL/ISP/001:2026—encoding the document type, tier, and year of issue to ensure consistent traceability. All documents are web-native and accessible without download, with each record displaying the current version, ACTIVE status, classification, and Review Date for full transparency.
Organised across six membership tiers—Commons, Core, Essential, Professional, Enterprise, and Conglomerate—the registry reflects the progressive scope of the standard. The foundational document set is active at Version 1.0, providing a complete baseline for governance, policy, and compliance frameworks. Whether establishing a new programme or auditing an existing one, this registry offers a clear, authoritative view of the controls and supporting materials that constitute the CIAO Standard, maintained with version integrity to support governance continuity and regulatory alignment.
2. Document Registry Table
| # | Document Title | Doc Ref | Type | Tier | Ver | Status | Review Date | MVE | Licence |
|---|---|---|---|---|---|---|---|---|---|
| 1 | CIAO | — | — | 1.0 | ACTIVE | — | CC BY-SA 4.0 | ||
| 2 | Practitioner Submission | Standard | — | 1.0 | ACTIVE | 1 January 2027 | — | CC BY-SA 4.0 | |
| 3 | Change Pipeline | Standard | — | 1.0 | ACTIVE | 1 January 2027 | — | CC BY-SA 4.0 | |
| 4 | CIAO Standard Document Registry | C-AO/STD/002:2026 | Standard | Commons | 1.0 | ACTIVE | 1 January 2027 | Registry maintained; new documents recorded within 30 days of issuance; review cadence logged. | CC BY-NC-ND 4.0 |
| 5 | CIAO Standard v1.0 | C-AO/STD/001:2026 | Standard | Commons | 1.1 | ACTIVE | 1 January 2027 | Adoption attested by accountable executive; referenced in the organisation’s compliance framework. | CC BY-SA 4.0 |
| 6 | Open Principles | C-AO/PRI/001:2026 | Standard | Commons | 1.0 | ACTIVE | 1 January 2027 | Principles acknowledged in the organisation’s code of conduct or ethics register. | CC BY-SA 4.0 |
| 7 | Governance Charter | C-AO/GOV/001:2026 | Charter | Commons | 1.0 | ACTIVE | 1 January 2027 | Internal to CIAO governance — no adopter MVE required. | CC BY-SA 4.0 |
| 8 | Code of Practice | C-AO/COP/001:2026 | Practice | Commons | 1.0 | ACTIVE | 1 January 2027 | Code acknowledged and filed with the internal ethics or compliance register. | CC BY-SA 4.0 |
| 9 | Membership Guidelines | C-AO/MEM/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Active CIAO membership on file; tier attestation recorded. | CC BY-SA 4.0 |
| 10 | Panel Advisor Guidelines | C-AO/PAG/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Internal to CIAO governance — no adopter MVE required. | CC BY-SA 4.0 |
| 11 | Partnership Guidelines | C-AO/PNG/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Signed partnership MOU on file; CIAO partner mark usage governed. | CC BY-SA 4.0 |
| 12 | Practitioners Guidelines | C-AO/PRG/001:2026 | Guidelines | Commons | 1.0 | ACTIVE | 1 January 2027 | Named Practitioners logged in capability register; evidence of current certification. | CC BY-SA 4.0 |
| 13 | Multitier Licensing | C-AO/LIC/001:2026 | Standard | Commons | 1.0 | ACTIVE | 1 January 2027 | Licence terms published per tier; member tier visible to credential check; download attempts respect tier licence. | CC BY-SA 4.0 |
| 14 | Usage Terms | C-AO/LEG/001:2026 | Legal | Commons | 1.0 | ACTIVE | 1 January 2027 | Usage Terms accepted at member onboarding; binding obligations recorded against member account. | CC BY-SA 4.0 |
| 15 | Volunteer Contribution & Compensation Disclosure | C-AO/GOV/004:2026 | Disclosure | Commons | 1.0 | ACTIVE | 25 April 2027 | Disclosure published; volunteer-only governance status visible on every governance-body page footer. | CC BY-SA 4.0 |
| 16 | Standard Architecture & Tier Content Depth | C-AO/STD/002:2026 | Architecture | Commons | 1.0 | ACTIVE | 25 April 2027 | Architecture published; CAO domain spine and tier ladder mapped to CIAO Standard v1.0. | CC BY-SA 4.0 |
| 17 | Dynamic Selection Engine | C-AO/STD/003:2026 | Specification | Commons | 1.0 | ACTIVE | 25 April 2027 | Specification published; engine implementation scoped per Implementation Plan; live deployment Phase 1 pending. | CC BY-SA 4.0 |
| 18 | CIAO Assessment v1.0 | C-AO/AST/001:2026 | Assessment | Commons | 1.0 | ACTIVE | 1 January 2027 | Assessment tool published; tier recommendation logic current; self-assessment results saved per logged-in member. | CC BY-SA 4.0 |
| 19 | Change Management & Versioning Process | C-AO/PRC/CMV/001:2026 | Process | Commons | 1.0 | ACTIVE | 26 April 2027 | Process documented; Release Calendar to be published; change log live; quarterly errata summary scheduled. | CC BY-SA 4.0 |
| 20 | Editorial Submission Framework | C-AO/PRC/ESF/001:2026 | Standard | Commons | 1.0 | ACTIVE | 26 April 2027 | Framework documented; Practitioner Submission template available; triage queue live; quarterly submission summary scheduled. | CC BY-SA 4.0 |
| 21 | Constitution | C-AO/CON/001:2026 | Constitution | Commons | 1.0 | ACTIVE | 26 April 2029 | Constitution published; amendment procedure in force; Oversight Board seating tracked; Constitutional hierarchy enforced. | CC BY-SA 4.0 |
| 22 | Release Calendar | C-AO/CAL/REL/001:2026 | Standard | Commons | 1.0 | ACTIVE | 26 April 2027 | Calendar published; major release horizon current; pipeline categories active; release event log append-only. | CC BY-SA 4.0 |
| 23 | Quarterly Errata & Submission Summary | C-AO/SUM/QES/001:2026 | Summary | Commons | 1.0 | ACTIVE | Quarterly cadence | Summary published; quarterly cadence active; errata stream reflected; submission stream reflected. | CC BY-SA 4.0 |
| 24 | Canonical Source Standards Register | C-AO/REG/SSR/001:2026 | Register | Commons | 1.0 | ACTIVE | 26 April 2027 | Register published; 26 source standards catalogued; family taxonomy current; source-standard re-issue trigger active; Register Addition Request pathway codified. | CC BY-SA 4.0 |
| 25 | Document Quality Control | C-AO/PRC/DQC/001:2026 | Process | Commons | 1.0 | ACTIVE | 26 April 2027 | Quality gates documented; footer rendering active on all controlled documents; six gate categories defined; gate enforcement integrated into Change Management workflow. | CC BY-SA 4.0 |
| 26 | Glossary of Base Concepts | C-AO/REF/GLO/001:2026 | Glossary | Commons | 1.0 | ACTIVE | 4 May 2027 | Glossary v0.2 published; 25 base concepts catalogued across two families (source-artefact, audit-and-assurance); reference attribution to ISO/IEC Guide 2:2004, ISO/IEC 17000:2020, ISO 19011:2018, IoDSA King V 2025, AICPA TSC 2017, IAASB ISAE 3402, TFEU Article 288, Vienna Convention 1969; ontology relationship layer scheduled for v0.3. | CC BY-SA 4.0 |
| 27 | Mapping & Derivation Methodology | C-AO/STD/MDM/001:2026 | Methodology | Commons | 1.0 | ACTIVE | 11 June 2027 | Methodology specification published; rationale tooltips and Pre-Selection Questionnaire scheduled per implementation plan. | CC BY-SA 4.0 |
| 28 | Standards Upkeep Process | C-AO/PRC/SUP/001:2026 | Process | Commons | 1.0 | ACTIVE | 19 June 2027 | Standards Upkeep Process published; four-phase lifecycle codified (monitoring, onboarding, register management, retirement); composes with the methodology, register, change, submission, and quality-control instruments; Standards Watch portfolios defined pending Panel seating. | CC BY-SA 4.0 |
| 29 | Knowledge Base Graph | C-AO/STD/KBG/001:2026 | Foundational Descriptor | Commons | 1.0 | ACTIVE | 21 June 2027 | Descriptor published; layered knowledge structure described (Layer 0 subject to Layer 3 harmonised objectives) and mirrored to content classes, tiers, and maturity. | CC BY-SA 4.0 |
| 30 | CIAO Standards Policy Register | C-AO/REG/POL/001:2026 | Register | Commons | 1.0 | ACTIVE | 21 June 2027 | Register live and deriving from the control-objective node store; inaugural Cybersecurity (CAO-400) slice populated. | CC BY-SA 4.0 |
| 31 | CIAO Control-Objectives Register | C-AO/REG/OBJ/001:2026 | Register | Commons | 1.0 | ACTIVE | 22 June 2027 | Register live and deriving from the control-objective layer. | CC BY-SA 4.0 |
| 32 | Institution | C-AO/INS/001:2026 | Architectural Instrument | Commons | 1.0 | ACTIVE | 22 June 2029 | Architectural Instrument published; knowledge architecture and access framework in force. | CC BY-SA 4.0 |
| 33 | IMS LITE MANUAL | C-AO/MAN/IMS-L/001:2026 | Manual | Essential | 1.0 | ACTIVE | 1 January 2027 | IMS Manual (Lite) adopted; published internally; accountable owner named. | CC BY-NC-ND 4.0 |
| 34 | Essential Information Compliance Universe | C-AO/REF/EICU/001:2026 | Reference | Essential | 1.0 | ACTIVE | 1 January 2027 | Essential ICU mapped to organisation’s compliance stack; review cadence logged. | CC BY-NC-ND 4.0 |
| 35 | Information Compliance Universe | C-AO/REF/ICU/001:2026 | Reference | Essential | 1.0 | ACTIVE | 1 January 2027 | ICU mapped to the organisation’s compliance stack; cross-framework register maintained. | CC BY-NC-ND 4.0 |
| 36 | Access Control Policy | C-AO/POL/CAO-410:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 37 | Network Security Policy | C-AO/POL/CAO-420:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 38 | Cryptography and Data Encryption Policy | C-AO/POL/CAO-430:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 39 | Operations Security Policy | C-AO/POL/CAO-450:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 40 | Threat and Vulnerability Management Policy | C-AO/POL/CAO-460:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 41 | Incident Response Policy | C-AO/POL/CAO-470:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 42 | Secure Software Development Policy | C-AO/POL/CAO-480:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 43 | People and Physical Security Policy | C-AO/POL/CAO-490:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 44 | Consent Management Policy | C-AO/POL/CAO-310:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 45 | Data Subject Rights Policy | C-AO/POL/CAO-320:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 46 | Privacy by Design Policy | C-AO/POL/CAO-330:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 47 | Information Classification Policy | C-AO/POL/CAO-340:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 48 | Information Transfer Policy | C-AO/POL/CAO-350:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 49 | Records Management Policy | C-AO/POL/CAO-360:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 50 | Data Protection and Privacy Policy | C-AO/POL/CAO-370:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 51 | Board Charter | C-AO/POL/CAO-120:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 52 | Quality Management Policy | C-AO/POL/CAO-160:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 53 | Remuneration Policy | C-AO/POL/CAO-170:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 54 | Corporate Governance Policy | C-AO/POL/CAO-140:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 55 | Technology Governance Policy | C-AO/POL/CAO-150:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 56 | Security Governance Policy | C-AO/POL/CAO-190:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 57 | Risk Management Policy | C-AO/POL/CAO-210:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 58 | Audit and Assurance Policy | C-AO/POL/CAO-220:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 59 | AI Policy | C-AO/POL/CAO-510:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 60 | AI Risk Management Policy | C-AO/POL/CAO-520:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 61 | AI Transparency and Explainability Policy | C-AO/POL/CAO-530:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 62 | AI Data Governance Policy | C-AO/POL/CAO-540:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 63 | Operational Resilience Policy | C-AO/POL/CAO-610:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 64 | Business Continuity and Disaster Recovery Policy | C-AO/POL/CAO-620:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 65 | Configuration, Change and Asset Management Policy | C-AO/POL/CAO-630:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 66 | Service Management Policy | C-AO/POL/CAO-640:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 67 | Supplier and Supply Chain Security Policy | C-AO/POL/CAO-710:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 68 | Legal and Regulatory Compliance Policy | C-AO/POL/CAO-810:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 69 | Ethics and Responsible Citizenship Policy | C-AO/POL/CAO-910:2026 | Policy | Essential | 1.0 | ACTIVE | 22 June 2027 | Draft generated; awaiting panel review. | CC BY-SA 4.0 |
| 70 | Sustainability Reporting and Disclosure Policy | C-AO/POL/CAO-920:2026 | Policy | Essential | 1.0 | ACTIVE | 7 July 2027 | — | CC BY-SA 4.0 |
| 71 | Environmental Sustainability Policy | C-AO/POL/CAO-930:2026 | Policy | Essential | 1.0 | ACTIVE | 7 July 2027 | — | CC BY-SA 4.0 |
| 72 | Social Sustainability Policy | C-AO/POL/CAO-940:2026 | Policy | Essential | 1.0 | ACTIVE | 7 July 2027 | — | CC BY-SA 4.0 |
| 73 | Data Governance Policy | C-AO/POL/CAO-130:2026 | Policy | Essential | 1.0 | ACTIVE | 10 July 2027 | — | CC BY-SA 4.0 |
| 74 | Information Governance Policy | C-AO/POL/CAO-110:2026 | Policy | Essential | 1.0 | ACTIVE | 10 July 2027 | — | CC BY-SA 4.0 |
| 75 | OPF LITE Framework | C-AO/FWK/OPF-L/001:2026 | Framework | Professional | 1.0 | ACTIVE | 1 January 2027 | OPF (Lite) deployed; policies owned and version-controlled; coverage mapped. | CC BY-NC-ND 4.0 |
| 76 | ECF LITE Framework | C-AO/FWK/ECF-L/001:2026 | Framework | Professional | 1.0 | ACTIVE | 1 January 2027 | ECF (Lite) deployed; mapping to organisation controls documented. | CC BY-NC-ND 4.0 |
| 77 | IMS CORE Manual | C-AO/MAN/IMS-C/001:2026 | Manual | Professional | 1.0 | ACTIVE | 1 January 2027 | IMS Manual (Core) adopted; operational evidence linked to each control. | CC BY-NC-ND 4.0 |
| 78 | ECF CORE Framework | C-AO/FWK/ECF-C/001:2026 | Framework | Enterprise | 1.0 | ACTIVE | 1 January 2027 | ECF (Core) deployed; control-owner log current; evidence linked per control. | Proprietary — CIAO Member Licence |
3. Document Access and Use
All Commons through Professional tier documents in the CIAO Standard Document Registry are web-native and freely accessible without download, published under the Creative Commons Attribution-ShareAlike 4.0 International Licence (CC BY-SA 4.0). Enterprise and Conglomerate tier documents are issued under a proprietary licence and are accessible to credentialled members only. Each document may be cited using its unique document reference in the format C-AO/[TYPE]/[CODE]/001:YYYY. Users are encouraged to reference the registry as the single authoritative source for validated, current versions.
4. Review and Update Protocols
All CIAO Standard documents are subject to a scheduled annual review cycle. The Review Date field in the registry table indicates when each document is next due for assessment. Upon review, documents may be reissued at an incremented version number, amended in scope, or withdrawn. Any changes to document status or version are recorded in the Version History section below. The maintained-by field for all documents is www.c-ao.com.
5. Governance Context
The Document Registry sits at the centre of the CIAO Standard governance framework. All registered documents are published under the parent standard C-AO/STD/001:2026. Documents are organised across six membership tiers — Commons, Core, Essential, Professional, Enterprise, and Conglomerate — each tier building cumulatively on the one below. Commons through Professional tier documents are licensed under CC BY-SA 4.0. Enterprise and Conglomerate tier documents are issued under proprietary licence terms. Higher-tier documents reference and extend the policies and frameworks established at lower tiers, forming an integrated and interdependent governance system.
6. Version History Details
| Version | Date | Change Summary | Status |
|---|---|---|---|
| 1.0 | 1 January 2026 | Inaugural edition — foundational document set published across Commons, Core, Essential, Professional, and Enterprise tiers. Commons through Professional documents issued under CC BY-SA 4.0 licence. Enterprise and Conglomerate documents issued under proprietary licence. | ACTIVE |
