CIAO is structured through a coherent ecosystem of documents that together define its values, governance, operations, and legal obligations. At its foundation, the Open Principles articulate CIAO’s disruptive stance against spiraling compliance bureaucracy, emphasising pragmatic practices such as minimising private data collection, segregating information intelligently, protecting only what is truly sensitive, and designing policies with proper delegation.
Building on these values, the Membership Guidelines establish a tiered model that balances openness with sustainability: the Commons Tier provides free access to foundational resources, while higher tiers — Core, Essential, Professional, Enterprise, and Conglomerate — scale progressively to meet the needs of organizations from start-ups to global enterprises, ensuring compliance becomes a competitive advantage rather than a burden.
Supporting this framework, CIAO’s Privacy Policy demonstrates a strong commitment to safeguarding personal data in alignment with global regulations including GDPR, UK GDPR, POPIA, the African Union Convention, and Mauritian law, while the Usage Terms define contractual obligations, licensing conditions, membership rights, and partnership requirements.
Together with the Code of Practice, which governs member conduct, and this Governance Charter, which anchors CIAO’s authority and ethical commitments, these documents form a layered architecture: principles guide values, the Charter anchors governance, the Code of Practice governs behavior, and the membership guidelines, usage terms, and privacy policy provide practical and legal clarity.
This integrated structure ensures CIAO remains transparent, accessible, and ethically grounded while operating as a meta-framework above existing standards such as ISO, NIST, and SOC 2.
Article 1: Purpose
1.1 CIAO (Common Information Assurance Oversight) is a meta-standard designed to harmonize existing compliance standards such as ISO, NIST, SOC 2, and GDPR.
1.2 CIAO operates at a higher architectural layer, providing organizations with a unified conceptual view of how these standards interrelate.
1.3 CIAO does not replace or supersede existing standards; it integrates them into a coherent framework that reduces duplication and clarifies overlaps.
Article 2: Authority & Legitimacy
2.1 CIAO’s legitimacy derives from rigorous original research, transparent methodology, and practical adoption.
2.2 CIAO does not require formal endorsement from ISO, NIST, or other standards bodies, because it functions at a conceptual level above them, offering synthesis rather than substitution.
Article 3: Accessibility & Licensing
3.1 CIAO provides a publicly accessible knowledge base under a Creative Commons license, ensuring open access to foundational concepts, methodologies, and governance documents.
3.2 CIAO offers in-depth operational resources, advanced mappings, and partner support through paid memberships.
3.3 Membership fees fund the ongoing progression, research, and governance of CIAO.
Article 4: Neutrality
4.1 CIAO maintains independence from any single standards body or commercial interest.
4.2 CIAO provides impartial mappings across frameworks, ensuring that no one standard is privileged over another.
Article 5: Governance Structure
5.1 Establishment. The CIAO Standard is overseen by the CIAO Oversight Board (the “Board”), established under this Article as the normative governance authority for the Standard.
5.2 Purpose and Authority. The Board holds final authority over the content, integrity, and evolution of the CIAO Standard. It approves all normative publications, ratifies amendments to this Charter, and exercises the sanction authority set out in the Code of Practice (Article 7).
5.3 Composition. The Board consists of between five (5) and nine (9) voting members, maintained as an odd number. Membership shall represent, at minimum: academia or independent research; professional practice in information assurance or governance; regulatory or public-sector perspective; and at least one independent member with no sectoral affiliation.
5.4 Appointment and Term. Members are appointed by the sitting Board following open nomination. During the founding period (as defined in Constitution Section 6), where no sitting Board yet exists, members are appointed by the Founding Secretariat through open nomination, with successive appointments thereafter transitioning to the Board upon its formal seating. Each member serves a term of three (3) years, staggered to prevent full turnover in any single year, and renewable once consecutively. No member may serve more than six consecutive years on the Board.
5.5 Chairperson and Deputy Chair. The Board elects a Chairperson and a Deputy Chair from among its voting members for two-year terms, renewable once. The Chairperson sets the agenda for Board meetings, presides over proceedings, and serves as the Board’s point of external contact. The Deputy Chair assumes the Chair’s functions in their absence.
5.6 Meetings and Quorum. The Board meets not less than twice annually. Additional meetings may be convened by the Chairperson or on the written request of any three members. A simple majority of the voting members constitutes a quorum.
5.7 Decision-Making. The Board acts by consensus wherever practicable. Where consensus cannot be reached, decisions are taken by simple majority of members present, provided a quorum is met. In the event of a tied vote, the Chairperson holds a casting vote.
5.8 Relationship to the Panel of Advisors. The Panel of Advisors advises the Board on specialist and sectoral matters. Panel opinions are non-binding on the Board but shall be recorded in meeting minutes where invoked. Panel membership, roles, and consultation procedures are set out in the Panel Advisor Guidelines.
5.9 Relationship to the Secretariat. The CIAO Standard Secretariat is responsible for the operational administration of the Standard, including publication, version control, member communications, and logistical support to the Board. The Secretariat implements decisions of the Board but does not itself hold normative authority.
5.10 Sanction Authority. Sanctions arising under the Code of Practice are imposed by the Board following the process set out in Code of Practice Article 7. Sanction decisions require a simple majority of the Board and may be appealed once to the full Board within thirty (30) days of issuance.
5.11 Conflict-of-Interest. All Board members are subject to the disclosure and recusal requirements set out in Article 6 of this Charter. A member with a material interest in any matter before the Board shall disclose that interest and recuse themselves from deliberation and vote on that matter.
Article 5A: The Secretariat
The CIAO Standard Secretariat is the operational custodian of the CIAO Standard. It maintains the normative content of the Standard, administers the tier architecture, coordinates the Panel of Advisors, and serves as the point of contact for members, prospective adopters, and partners.
The Secretariat operates under this Governance Charter and the oversight of the Oversight Board. Its activities are directed by documented terms of reference. The Secretariat does not hold voting power over the normative content of the Standard; material changes are approved by the Oversight Board in accordance with Article 5.
Members and external stakeholders may contact the Secretariat at sr@c-ao.com for matters of membership, partnership, advisory nomination, and general inquiry concerning the CIAO Standard.
Article 6: Conflict-of-Interest Policy
6.1 All contributors, reviewers, and partners must disclose financial ties, affiliations, or incentives.
6.2 Disclosures are maintained in an open-access registry.
6.3 Members with conflicts must abstain from related decisions.
Article 7: Methodology
7.1 CIAO identifies overlaps, gaps, and synergies between compliance standards using a transparent, reproducible methodology.
7.2 Each mapping is documented with clear rationale and references to source standards.
7.3 CIAO operates at a meta-level above individual standards, showing how they can be applied together without altering their original definitions.
Article 8: Validation
8.1 CIAO mappings undergo peer review and independent validation to ensure accuracy, reproducibility, and neutrality.
8.2 External audits may be commissioned periodically, with results published openly.
Article 9: Ethics
9.1 CIAO adheres to principles of integrity, neutrality, transparency, accountability, inclusivity, and public benefit.
9.2 Violations of ethics are subject to sanctions as defined in the Code of Practice.
Contact Us
If you have questions or concerns about this Governance Charter or our governance practices, please contact us at: sr@c-ao.com with Subject noting specifically the subscribed sub-domain member organisation name that you are querying this policy for, else we would respond from a CIAO Standard perspective i.e. C-AO.com.
Email: sr@c-ao.com
Article 10: Volunteer Contribution
All CIAO Standard governance bodies — the Secretariat, the Oversight Board, the Panel of Advisors, and the Regional Partners — operate under a volunteer-expert contribution model. No individual holding a governance position receives salary, fees, incentives, or commercial compensation from the CIAO Standard or from c-ao.com in return for their governance role.
This principle aligns the CIAO Standard with the established volunteer-expert tradition of international standards bodies including ISO, W3C, IETF, and IEEE. It is the single most important integrity anchor of the Standard: the people who shape, review, and oversee the CIAO Standard do so on the authority of their expertise and reputation, not on the basis of financial interest in its publication.
Revenue generated from paid membership tiers, training, certification, and related services funds platform infrastructure, editorial operations, and programme activities. It does not flow to individuals holding governance positions. Governance bodies, their structural separation from commercial revenue, and the per-seat conflict-of-interest recusal protocol are disclosed in full at Volunteer Contribution & Compensation Disclosure.
© 2026 [C-AO.com].
This policy is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License
.
You are free to share and adapt this material for any purpose, even commercially, provided that you give appropriate credit, provide a link to the license, and indicate if changes were made. If you remix, transform, or build upon this material, you must distribute your contributions under the same license as the original.
Enterprise and Conglomerate implementation content will be added here.
Foundational Authority
This Charter operates under the CIAO Constitution, which sits as Class A in the Constitutional hierarchy declared in Section 7 of that document. The Charter is Class B foundational governance: it codifies the day-to-day operating rules of the bodies — Panel, Secretariat, Membership, and (on its seating) the Oversight Board — that the Constitution names. Where this Charter conflicts with the Constitution, the Constitution prevails; the Charter is amended through the Change Management & Versioning Process at Material or Structural category to resolve any such conflict.